New Capability: Data Access Security - Discard Rules

TanyaB · September 6, 2024, 6:33pm

Description

SailPoint® is excited to introduce Discard Rules in Data Access Security (DAS), empowering administrators to filter out irrelevant activities and focus on critical security threats. This feature streamlines monitoring and reporting, improving efficiency in detecting and responding to potential risks.

Administrators and data owners are often overwhelmed by irrelevant activity data, making it challenging to detect critical security threats and investigate incidents effectively.

DAS Discard Rules capability allows administrators to filter out unnecessary activities, such as redundant system events. This feature enables a more targeted focus on high-risk activities and improves efficiency in monitoring, investigating, and reporting.

Problem

Administrators struggle to oversee day-to-day access to sensitive organizational data due to the vast volume of access activity across diverse applications. The noise of irrelevant activity to their mission in detecting potential data breaches and ensuring access compliance complicates their ability to focus on genuine threats and meaningful data, making it difficult to effectively monitor, investigate, and report on access control events.

Solution

Deliver a discard rules functionality that allows administrators to configure automatic rules to exclude irrelevant activities from queries and investigations with DAS forensics activity page, and DAS activity and alerts reports. This functionality will help them focus on critical events, streamline their monitoring processes, and reduce the volume of activities they need to manage, thereby improving their ability to detect and respond to genuine security threats and non-compliance behavior.

Discard Rules Configuration and Management: Administrators could define specific events and activities that should be excluded from forensic activity pages, investigations, and reports, with highly customizable discard rules.
Easily create, edit, duplicate, activate, deactivate, and delete discard rules. Manage discard rules and view their conditions from the discard rules management screen, enhancing usability.
Improved Investigation Experience: Reduce the noise during data breach investigations by eliminating irrelevant activities with automatic discard rules, freeing up valuable time for administrators . Enable administrators to concentrate on significant access control concerns by filtering out non-essential activity, and improving visibility while querying the DAS forensic activity page.
Improved Activity and Alert Reports: Get focused activity information without the noise of irrelevant activity in your scheduled activity and alert reports. Ensure that reports are concise and focused on critical activities, facilitating easier compliance and audit processes.

Who is affected?

All DAS Customers.

Important Dates

Release - September 9th, 2024

Topic		Replies	Views
New Capability: Data Access Security - Activity Alerting Product News workflows , data-access-security , new-capability	0	620	September 3, 2024
In Discovery: DAS- Activity Monitoring of Access to Critical Data by Identities and External Users In Discovery identity-security-cloud , in-discovery , data-access-security	0	431	December 6, 2023
New Capability: Dynamic Access Roles! Product News identity-security-cloud , new-capability , access	15	1683	February 5, 2025
In Discovery: Data Access Security - Access Certification Research In Discovery identity-security-cloud , data-access-security , in-discovery-closed	3	601	November 30, 2023
New Capability: Active Directory Connector Product News saas-connector , identity-security-cloud , provisioning , connectors , data-access-security , new-capability	0	309	July 5, 2024