Data Detection and Response

Automate attack detection and response using existing workflows. Open Raven provides hands-free monitoring of critical data by combining real-time events with sophisticated machine-learning algorithms to analyze and understand normal data activity and determine anomalous activities. Set your notifications and receive near real-time alerts. 
Open Raven connected to four assets. Above the assets are DDR alerts including Activity Spike, Delete Bucket Encryption, Failed Create User, and Activity from Unknown IP.

Monitor data events, detect abnormal behavior, and quickly respond to potential attacks.

Hands-free critical data event monitoring

With large volumes of sensitive cloud data and a continuously changing threat landscape, data monitoring mustn’t require human intervention. Open Raven enables hands-free operations by establishing activity baselines and automating alerts and workflows that save time and accelerate response.
New login IP showing after a few known login attempts.

Prevent data-focused attacks

Open Raven helps to quickly contain attacks by monitoring events associated with data-focused attacks including high risk configuration changes, exfiltration actions such as mass downloads of databases or unstructured data stores, and ransomware attack indicators.
Activity from unknown IP and delete bucket encryption on assets.

Identify anomalous access events 

Open Raven combines access permissions from assets with sensitive data and near real-time data access events to rapidly detect indicators of attack. These include unusual access events by remote and local users, logins, and backup executions.
Graph showing activity monitoring and two spices of suspicious event sequences.

Detect potential data sovereignty violations

Without proper guardrails, data typically flows into unintended regions and services resulting in potentially expensive data residency or sovereignty violations. Open Raven detects when region-specific sensitive data moves outside of its designated location and actively alerts security teams to take action to address the risk.
Data flowing from one region to an outside region