Open Raven Platform Release: Expanded Data Source Coverage, UI Enhancements, New Rules and Data Classes

For much of 2023, our releases followed a constant theme — covering more data surfaces while enhancing the visibility and actionability of sensitive data and critical events. Releases in October and November continued along that theme with expanded coverage for structured data sources, UI enhancements that provide greater visibility and control, new rules to address S3 data exposure risk when using AWS CloudFront, and more data classes for specific countries and information types. Let's dive in. 

Expanded Structured Data Source Coverage 

During October and November, we expanded our structured data source coverage to include AWS DynamoDB, and three GCP services: CloudSQL, BigQuery, and Bigtable, extending our ability to identify millions of sensitive data findings across billions of rows of data and in multiple clouds. 

UI Enhancements

During the summer months, we focused on enhancing experiences in several areas of the UI, including Data Scans, Data Catalog, and Violations. Released during October and November, these enhancements include a new scan experience that makes it even easier to classify sensitive data across multiple clouds and data source types, tools that enhance a user's ability to explore data findings within the Data Catalog, a new violations experience, and additional capabilities for customizing views by resizing or hiding columns. 

Our new Violations experience makes it easier to get answers to critical questions regarding data security risk. Users can search and browse, or group, violations from multiple perspectives, including by rule, account, and asset, and answer questions such as:

• “What are the most common, and the most risky, violations in my environment?”
• “If I were to go and change one configuration item in my environment to lower my data exposure risk, what should I change?”
• “Which of my accounts are the riskiest / have the most violations?”
• “Which of my assets have the greatest amount of data exposure risk?”

These enhancements improve a user's ability to remediate data risk by quickly prioritizing those security issues that address the greatest amount of outstanding risk. Additionally, viewing risk at the account level makes it easier to identify the business unit or account holder needed for issue resolution.

We designed our new scan experience to make it even easier to operationalize data security. Scan creation is now easier and faster, enabling security teams to tailor scanning to meet the size and scope of single or multi-cloud data environments, across structured and unstructured data. The experience also include more status details and filtering options when viewing Scan Runs.

‍

New Rules for Tracking Data Exposure Through AWS CloudFront

AWS CloudFront allows CDN access to bucket data even when that bucket is otherwise private, creating serious data security risk. We released several new rules that address this risk by including context regarding CloudFront access when assessing AWS S3 permissions.

Specifically, four categories of data classes are covered by these new rules:

• Personal data stored in S3 is exposed via CloudFront
• Financial data stored in S3 is exposed via CloudFront
• Developer secrets stored in S3 is exposed via CloudFront
• Health data stored in S3 is exposed via CloudFront

New Data Classes and Enhancements

Our library now contains more than 300 predefined data classes designed for unstructured, semi-structured, and structured data, tested with Mockingbird and assisted by AI. Updates delivered in October and November include:

New

• Composite data class for "SWIFT/BIC Code and Bank Account Number"
• US Healthcare Common Procedure Coding System (HCPCS)
• Sweden Bank Account Number
• Australia Passport Number
• Australia Phone Number
• New Zealand Passport Number
• New Zealand Phone Number
• New Zealand Driver's License Number
• New Zealand Tax ID (IRD)

Enhanced

The Developer Files Metadata data class, which indicates source code or software configuration files, now includes additional file extensions for various programming languages.