Egnyte Secure & Govern now provides the ability to auto-remediate detected issues. Administrators can configure multi-condition rules to automatically remediate any issues detected. Auto-remediation reduces the burden on IT Administrators by reducing the number of issues that need to be reviewed and manually remediated.
Auto-remediation rules can be customized and configured separately for each issue type.
Issue Types Supported
- Public Links
- Probable Ransomware
- Suspicious Login
- External Sharing
- Individual Permission
- Unusual Access
- Open Access
- Empty Group
- Unused Group
Currently auto-remediation is only supported for the issue types listed above. Auto-remediation will be supported for all issue types in the future.
How Auto-Remediation Works
Administrators must configure an auto-remediation rule for the desired issue type. These rules can be configured using multiple rule conditions such as issue severity, detection confidence and many more. The rule conditions can be combined or used individually to control whether a specific issue should be auto-remediated or bypassed for manual review.
Once the rule conditions have been configured, the Administrator will need to configure the auto-remediation rule action. Currently, all the auto-remediation actions mentioned below are available for selection.
After all the rule conditions and actions have been defined, the rule can be saved. Once saved, the rule will analyze all future detections for the defined issue type to determine whether the issue should be auto-remediated.
By default, auto-remediation is disabled for all issue types
Supported Auto-remediation Actions
- Immediate Remediation - Take corrective action on the detected issue. For example, delete the detected public link.
- Immediate Dismiss - Take no action on the detected issue, but close the issue. For example, ignore the detected public link.
- Automatic Delegation to Specific Recipient - Automatically assign issues to a Secure & Govern Admin. Once assigned, the Admin becomes the owner of the issue and can take any remediation action on the issue.
-
Automatic Delegation to Issue Initiator - Automatically assign issues to the issue initiator (user that generated the detection) or a specific Secure & Govern Admin. Once assigned, the issue initiator can remediate the issue by taking corrective action or providing an explanation to justify the action. The issue initiator can not dismiss the issue.
For instance, if a user creates a public link, the issue is assigned to the issue initiator. The issue initiator can either delete the link (remediate the issue) or provide justification as to why the link is needed. -
Delayed/Scheduled Auto-remediation - Delayed auto-remediation provides a customizable time frame before issues are remediated versus being remediated immediately. Egnyte recommends delayed auto-remediation be used in conjunction with automated issue delegation, but this is not required. Combining these actions provides issue initiators time to justify or take action themselves while also ensuring issues are closed in a timely manner.
For example, if a user creates a public link, the issue is assigned to the issue initiator and auto-remediation action has been delayed for 7 days. The issue initiator can either delete the link (remediate the issue) or provide justification as to why the link is needed within 7 days. If no action is taken by the issue initiator, the issue will be automatically remediated after 7 days.
- Currently, automatic delegation to the issue initiator is only supported for Egnyte sources. It will be supported for Microsoft and Google Drive sources in future releases. Automatic delegation can still be configured using the “Specific Recipient” option for Microsoft and Google Drive sources.
- If the issue initiator doesn’t have access to Secure & Govern, the user will be automatically added to the Basic Viewer role within Secure & Govern as part of the delegation process. Users assigned to the Basic Viewer role can only see and take action on issues that are directly assigned to them.
- Issue delegation is not currently supported for external users, including Egnyte Collaborate Standard users. If the issue initiator is an external user, the issue will not be delegated to any user. However, any pending auto-remediation action will still be processed based on the configured auto-remediation rule.
Benefits of the Auto-Remediation Actions
There are several benefits of leveraging the new auto-remediation actions within Secure & Govern. Here are some of the most important benefits.
- Delegation of Responsibility: Improving the security posture of an organization by making all users aware and responsible for securely sharing customer information.
- Tightened Security: Issue Initiators will be more aware of their behavior, the overall security posture of Secure & Govern is strengthened, minimizing the risk of unauthorized access or data breaches.
- Increased Productivity: Reduction in issues that need to be manually remediated within Secure & Govern, reducing the burden on Administrators and Data Owners.
- Streamlined Data Governance: Policy driven Data Governance and automated controls providing consistent remediation actions while allowing Administrators and Data Owners to focus on higher priority items.
Additional Resources
- Modify Existing Auto-Remediation Rules
- Auto-Remediation - Empty Group
- Auto-Remediation - External Sharing
- Auto-Remediation - Individual Permission
- Auto-Remediation - Open Access
- Auto-Remediation - Probable Ransomware
- Auto-Remediation - Public Links
- Auto-Remediation - Suspicious Login
- Auto-Remediation - Unused Group
- Auto-Remediation - Unusual Access