Open Raven Platform Release: Data Detection and Response, Expanded Coverage, Real-time Scanning, New Data Classes, and UI Enhancements
Our late Summer release is very much a continuation of the drumbeat we’ve been marching to since early this year: expanding data source coverage, making it easier to automate data security, and adding data detection and response (DDR) capabilities. Simply put, cover more data surface while making sensitive data and critical events not only plainly visible but dead easy to take action on. Let’s go.
Data Detection and Response (DDR)
The pivotal moment in any attack is when the targeted data is within the adversary’s reach. However, with large volumes of sensitive cloud data and a continuously changing threat landscape, defenders need to be notified immediately when an attack might be actively underway. Open Raven’s new Data Detection and Response capability identifies potential data-centric attacks, from irregular access patterns that deviate from the baseline, to dangerous configuration changes, to signs of ransomware. And using the new automations feature, Open Raven users can customize how they are alerted about these threats, or trigger response actions.
Expanded Data Source Coverage
Open Raven now supports Amazon Redshift, further extending our ability to identify millions of sensitive data findings across billions of rows of data in a cost-effective manner.
Data warehouses offer tremendous business benefits – and massive data security posture management challenges. With the same simple onboarding and automated discovery as our other supported cloud platforms and services, Open Raven now supports data classification in Snowflake, so that security teams have the necessary visibility and control of sensitive data inside data warehouses.
Non-Native Data Services
Running data services non-natively has several benefits, such as greater customization, support for legacy applications and systems, and hybrid deployments. Open Raven now supports the classification of non-native data services such as Postgres and MySQL running on cloud-hosted virtualized server instances. Scan results are fully integrated into the Data Catalog, providing the same visibility and control capabilities as native data services.
Automating Data Security
With Automations, security teams can trigger precise actions based on specific events, be it a new data finding, security posture violation, or DDR detection. Actions that can be triggered include sending Slack messages, creating a Jira issue, sending an email, and sending events via Webhooks or AWS EventBridge. Automations reduce manual effort, decrease time-to-response, and ensure consistent application of workflows and processes. Automations also help security teams scale and efficiently manage large volumes of events or fine-tune responses to specific incidents or threats.
Cloud security teams are on the front lines of the battle to identify the movement of sensitive data and authorize usage before it falls into the shadows or, even worse, the wrong hands. With Real-Time Scanning, security teams can automatically trigger a data scan whenever a person or service attempts to access sensitive data, and using OpenRaven APIs, they can automatically fulfill access requests in real-time and in-line with their organization’s automatic authorization or approval process. For example, you may enforce data boundaries in your organization, but allow users to move aggregate summary or data between those boundaries through predefined checkpoints where data being transferred is temporarily held while waiting for authorization.
New Default Composite Data Classes
Our Composite Data Class feature enables security teams to easily create a data class “group” to represent an organization’s definition of personal data / PII, personal health information, etc. In turn, a composite data class can then be discovered and assessed as a single entity instead of individual data classes. Earlier this summer, we added several default composite data classes based on data class pairings commonly used in scan jobs. The default composite data classes are:
- AWS Secret and Access Key
- Name and Email
- Name, Date of Birth, and Medical Record
- Name, National ID / SSN Number
- Vehicle Identification Number and Email Address
- Vehicle Identification Number and IP Address
India PII Data Classes
In response to the Digital Personal Data Protection Bill recently passed in India, we added several new data classes that support the discovery and classification of several India data types addressed by the new law. These include India National ID (Aadhaar), India Driver's License Number, India Phone Number, and India Passport Number.
Designed to reflect the key activities security teams undertake each day while using the Open Raven Data Security Platform, the Overview page displays critical information on all accounts and projects at a glance to accelerate investigations and actions. The Overview page is divided into three sections:
- Discovery: View asset-related insights, including regional locations displayed on a map, recently discovered data stores, assets with the most data findings, and accounts/projects with the most data stores.
- Data: Dive directly into critical insights with in-context links to data findings by category, data stores with recently updated findings, potentially anomalous data findings that may require investigation, and the status of recent scan runs.
- Violations: Identify what to fix first, including violations by severity, the most recent violations, data stores with the most violations, and accounts/projects with the most violations.
Data Catalog Filters
The Data Class Category filter accelerates locating assets with specific data types when browsing the Data Catalog. Filters can contain one or more data classes including composite and metadata data classes.
Enhanced Violation Information
Violations now contain the relevant Data Catalog findings for the referenced asset within the violations window. Having the data findings details next to the alert reduces navigating multiple screens to locate the information and speeds up alert dispositioning.