New Capability: Data Access Security - Activity Alerting

Announcements Product News
, ,
1

Description

:bangbang: SailPoint® is excited to announce a new activity alerting feature in Data Access Security (DAS). This update helps you stay on top of sensitive data access with real-time alerts, making it easier to spot and respond to unauthorized activities!

Organizations are facing an increase in attacks, breach attempts and incidents targeting there most sensitive data, and are looking for a single tool to help govern, access, monitor and secure identities access to sensitive data in real time.

DAS Alerting and Threat Detection capabilities deliver a policy-based framework that enables organizations to identify inappropriate access to sensitive content that violation organizational policies and/or indicative of a risk to the organization. ​​

Leverage the full range of the Atlas platform to evaluate data access with rich identity context and data analytics to highlight access violations, and leverage SailPoint Workflows to take remediation actions.

New Capabilities

  • Activity Alerts: A policy-based alerting engine and framework, enabling highly customizable rule-based alerts to identify inappropriate access to sensitive content that violates organizational policies, and security best practices, and highlight data access risk. ​Leverage rich data insights and identity context from Identity Security Cloud to identify external and internal threats, as well as actions affecting security posture. Evaluate behavior by any action property, enriched with identity details such as location, lifecycle, or manager, and resource sensitivity information like data classification policies, rules, and categories.
  • Severity Levels: Alerts are categorized by severity, allowing one to focus on what matters most, assess the impact according to severity, and prioritize alerts requiring immediate attention.
  • Email Notifications: Receive immediate email alerts for specified behaviors. Emails can be sent to any identities within DAS.
  • Remediation Workflow Automation: Leverage DAS Activity Alert Event Triggers to automate remediation workflows and immediate execute preventive and restorative governance processes when threats or suspicious access activity is detected.
  • Alert Management: Easily create, edit, duplicate, activate, deactivate, and delete alert rules. Manage alerts and view their context from the alert management screen, enhancing usability.
  • Improved Investigation Experience: Search for alerted activity by alert rule or severity, and identify new alerts across multiple applications in a single forensic activity screen.
  • Alert Reports: Generate alert logs by scheduling alert reports, and ease the documentation for future audits. Analyze past alerts, and ensure your controls align with organizational policies or update alert policies.

Problem

Organizations are facing an increase in attacks, breach attempts, and incidents targeting there most sensitive data. In addition, most regulations impose requirements for monitoring and audit access to sensitive regulated content and alert on unauthorized access and remediate it.

There’s a dire need to detect and alert on unauthorized or anomalous access that may indicate risk and the ability to quickly remediate its impacts. Inability to do so may inflict significant financial loss from fines fees and reputation damage.

Administrators and business data owners struggle to oversee day-to-day access to sensitive organizational data. They face challenges in detecting potential data breaches and ensuring access compliance, due to the vast volume of access activity across diverse applications, the use of multiple monitoring tools, and limited budgets, and personnel. Those challenges cause a lack of focus in activity monitoring and hinder effective real-time access control and threat detection.

Solution

DAS Alerting and Threat Detection capabilities deliver a policy-based framework that enables organizations to identify inappropriate access to sensitive content that violation organizational policies and/or indicative of a risk to the organization. ​​

Leverage the full range of the Atlas platform to evaluate data access with rich identity context and data analytics to highlight access violations, and leverage SailPoint Workflows to take remediation actions.

DAS continuously monitors data access and leverages enriched identity context coming from ISC as well as deep insights into data content and actions perform to ensure data access actions conform with organizational policies and security best practices. ​

Admins can define rules and policies to identify external and internal threats, as well as unauthorized access changes. ​Enriched activity information such as Identities Life-Cycle States, Identity Profiles, and other Identity Cube attributes can be evaluated as part of Alerts to provide a richer identity context​ when evaluating access and detecting threats.

Workflows can be triggers to enable notifications, external security tools integrations and remediation actions such as certifications or revocations. Every DAS Alert will evoke a DAS Activity Alert event trigger – that can be leverage in Workflows to automate responses and remediation.​

Alerts will also be visible on Activity Forensics views and specialized reports.

2492×1190 174 KB

2540×1213 177 KB

737×1300 29.4 KB

2554×1329 118 KB

2523×1187 100 KB

2456×1342 101 KB

2544×1342 97 KB

2547×1345 107 KB

Who is affected?

  • All Existing DAS customers.

  • All ISC customers looking to be able to monitor identity behavior and access to sensitive data, detection.

  • FAM customers waiting for alert capabilities to migrate to DAS.

Action Required

Enable activity monitoring through the application wizard.

Important Dates

Launch Date - September 30th, 2024.

Documentation

Managing Alert Rules