Release 4.2: Compliance + Security + Privacy"We can rebuild him. We have the technology." In 4.2 we're continuing our journey in building the future of modern database security and making it smarter, better, faster with agent-less multi-cloud security for over 60 databases, AI-driven sensitive data management and database threat prevention in one simple platform.
Six years in the making, this customer-driven release enables users to do even more with raw data from disparate database environments: faster, cheaper, and more accurately than ever before. This release is guaranteed to put a key component into your database security program: security.
There are literally dozens of new pieces of functionality and usability improvements in this release, but in the interest of space (and probably a reasonable attention span), we’re going to use this post to describe just a few of the most important and useful improvements in this release. If you are currently using the jSonar platform and love it, you’ll love it even more. If you are still looking at how to improve your database security program or create one from scratch, now is a great time to learn what the jSonar can do for you. In any case, the improvements about which you will soon learn are a direct result of the amazing relationship we have with our customers (including dozens of Fortune 500 enterprises and 5 of the 10 biggest global banks) who are in the database security trenches every day.
AI-driven Sensitive Data Management (SDM)
In the era of GDPR, CCPA, and various other emerging privacy laws, companies are more accountable for maintaining security of sensitive consumer data. However, most enterprises struggle to establish appropriate security controls because they don’t know where sensitive data resides. This release applies jSonar analytics engines to sensitive data, providing an automated lifecycle management approach to classifying, labeling, and mapping sensitive data across an enterprise.
The patent-pending “Learn from Me” system utilizes AI to build an institutional knowledge base that continuously reduces the work required for labeling, tagging, and communicating where your sensitive data lives by automatically incorporating historical actions into the decision process. This enables organizations to significantly reduce manual efforts associated with recurring scans.
- Scan any database in the cloud or on-premise, including smart scanning of metadata as well as ingestion from any other scanners.
- Complex scan and lookup expressions and integration with external sources to support compliance requirements.
- Integration with jSonar’s orchestration and automation facilities so you can action findings from sensitive data scans to other teams and tools.
Database Security Playbooks
jSonar customers have asked for built-in ways to detect and respond to outliers, anomalies and threats, automate communication about these events to stakeholders, and for the tools to automatically respond to threat events.
The pre-built database security playbooks are collections of procedures that users can run in response to various events, either as part of an automated process or when human operations can trigger orchestrated processes. They enable users to respond to outliers, anomalies and threats, as well as automate communication about these events to the proper team members. Pre-built playbooks drastically reduce the time required to write code into tools for new detection and response procedures. Unlike traditional SOAR solutions, the jSonar approach is specifically focused on integrations and actions critical to database risk management.
Users may customize playbooks to automatically respond to threat events which are specific to their environments. Without jSonar assistance, users can easily create customized playbooks to integrate with security and non-security tooling. jSonar now has over 2,000 integrations with everything from cloud APIs to WAF, vulnerability scanners, endpoint tools and other tooling can be easily added to the library. Database security best practices can easily be encapsulated into structured procedures within the jSonar platform to solve the challenges associated with the shortage of personnel with database security skills.
- Playbooks offer a mature approach to prevention that’s an alternative to risky agent and inline-based methods.
- Activate over 30 customizable playbooks out-of-the-box, or create your own, to lock users, change security groups, call other playbooks and more.
- Includes a catalog of over 2,000 pre-built integrations including cross-SOAR orchestration.
jSonar pre-processing reduces Splunk indexing costs by 95%
Security teams love Splunk tools, but over time, the ineffectiveness of native logging and data activity monitoring tools has forced Splunk to act as the primary repository of raw data and driven up indexing costs. jSonar customers that use Splunk need a way to capture and retain all raw data but publish only the intelligent, actionable data that has value to Splunk.
jSonar now serves as a pre-processor that reduces Splunk indexing costs by 95%, extracts intelligence from the raw data, and pushes the enriched data to the SOC team. jSonar presents security alerts to the SOC team in an easy to understand format and if users need to dig deeper, they still have seamless access to all the raw data in the system. Security analysts can then triage the issue and run jSonar workflows and playbooks, all without leaving the Splunk UI.
- Dramatically reduce Splunk licensing costs by using jSonar to analytically pre-process the raw data.
- Eliminate overwhelming the SOC by isolating and pushing only the critical intelligence to Splunk, enriching the data before it is sent to Splunk so there is greater context.
- Security analysts can triage an issue and run a jSonar workflow or playbook, all without leaving the Splunk UI.
These are just a few of the exciting new features in jSonar release 4.2. In addition, we’ve extended the platform for database security to cover more than 60 on-premise and cloud-based data sources with native interfacing. We have improved self-service functionality for security teams so they may easily use their tool of choice for analysis, enhanced support for what users can do with SQL, and much more.