Data resident within enterprise-enabled SaaS applications is not visible to an organization’s network perimeter. Aperture adds the ability to connect directly to sanctioned SaaS applications to provide data classification, sharing and permission visibility, and threat detection within the application. This yields unparalleled visibility, allowing organizations to inspect content for data risk violations and control access to shared data via a contextual policy.
Aperture builds upon the existing SaaS visibility and granular control capabilities of the next-generation security platform provided through App-ID™ with detailed SaaS-based reporting and granular control of SaaS usage. Adding visibility and control within SaaS applications with Aperture provides a full end-to-end security solution without any additional hardware, software or network changes required.
Advanced Document Classification
Aperture inspects documents for common sensitive data strings, such as credit card numbers, SSH keys, and Social Security numbers, flagging them as risks, if improperly shared. Unique to Aperture is the ability to identify documents by type through advanced document classification, regardless of the data contained in the document itself.
Aperture has been pretrained to identify sensitive documents, including financial and legal ones, automatically. The document classification engine supports not only predefined document type classification but also the uploading of custom documents for classification to enable customer-specific data risk control.
Aperture has a unique approach to policy that is not dependent on time. A typical network security policy is only effective for data seen after the policy is set because it only sees in-line data and applies the policy from that point forward. This doesn’t work for SaaS data exposure security, however, since the data that is shared today may have been originally shared years ago.
Instead, policies created in Aperture will apply to all users and data from the beginning of the account’s creation to identify any violations. There is no need to wait for someone to try to access the data to resolve it; the violation is proactively found for resolution, no matter how old the data or share may be.
No User or Network Impact
Aperture is a completely cloud-based solution, without the need for any proxies or agents to work. Because Aperture communicates directly with the SaaS applications themselves, it looks at data from any source, regardless of the device or location the data came from. Because Aperture isn’t in-line, it doesn’t impact latency or the bandwidth of applications, and has no impact on the end-user experience.
Native applications on mobile devices are also unaffected, so your users aren’t limited to only using Web-based access. With no network changes needed or proxies to set up, there is no impact on network configurations. Plus, no new software or hardware needs to be installed to use Aperture. It just works.