Egnyte Secure & Govern now provides the ability to auto-remediate detected issues. Administrators can configure multi-condition rules to automatically remediate any issues detected. Auto-remediation reduces the burden on IT Administrators by reducing the number of issues that need to be reviewed and manually remediated.
Auto-remediation rules can be customized and configured separately for each issue type.
Issue Types Supported
- Public Links
- Issue auto-remediation is a limited availability release and only available by request. Please contact an Egnyte sales representative to have this feature enabled.
- Currently, auto-remediation is only supported for the issue types listed above. Auto-remediation will be supported for all issue types shortly.
How Auto-remediation Works
Administrators must configure an auto-remediation rule for the desired issue type. These rules can be configured using multiple rule conditions such as issue severity, detection confidence and many more. The rule conditions can be combined or used individually to control whether a specific issue should be auto-remediated or bypassed for manual review.
Once the rule conditions have been configured, the Administrator will need to configure the auto-remediation rule action. Currently, all the auto-remediation actions mentioned below are available for selection.
After all the rule conditions and actions have been defined, the rule can be saved. Once saved, the rule will analyze all future detections for the defined issue type to determine whether the issue should be auto-remediated.
By default, auto-remediation is disabled for all issue types
Supported Auto-remediation Actions
- Immediate Remediation - Take corrective action on the detected issue. For example, delete the detected public link.
- Immediate Dismiss - Take no action on the detected issue, but close the issue. For example, ignore the detected public link.
- Automatic Delegation to Specific Recipient - Automatically assign issues to a Secure & Govern Admin. Once assigned, the Admin becomes the owner of the issue and can take any remediation action on the issue.
- Automatic Delegation to Issue Initiator - Automatically assign issues to the issue initiator (user that generated the detection) or a specific Secure & Govern Admin. Once assigned, the issue initiator can remediate the issue by taking corrective action or providing an explanation to justify the action. The issue initiator can not dismiss the issue.
For instance, if a user creates a public link, the issue is assigned to the issue initiator. The issue initiator can either delete the link (remediate the issue) or provide justification as to why the link is needed. - Delayed/Scheduled Auto-remediation - Delayed auto-remediation provides a customizable time frame before issues are remediated versus being remediated immediately. Egnyte recommends delayed auto-remediation be used in conjunction with automated issue delegation, but this is not required. Combining these actions provides issue initiators time to justify or take action themselves while also ensuring issues are closed in a timely manner.
For example, if a user creates a public link, the issue is assigned to the issue initiator and auto-remediation action has been delayed for 7 days. The issue initiator can either delete the link (remediate the issue) or provide justification as to why the link is needed within 7 days. If no action is taken by the issue initiator, the issue will be automatically remediated after 7 days.
- Currently, automatic delegation to the issue initiator is only supported for Egnyte sources. It will be supported for Microsoft and Google Drive sources in future releases. Automatic delegation can still be configured using the “Specific Recipient” option for Microsoft and Google Drive sources.
- If the issue initiator doesn’t have access to Secure & Govern, the user will be automatically added to the Basic Viewer role within Secure & Govern as part of the delegation process. Users assigned to the Basic Viewer role can only see and take action on issues that are directly assigned to them.
- Issue delegation is not currently supported for external users, including Egnyte Collaborate Standard users. If the issue initiator is an external user, the issue will not be delegated to any user. However, any pending auto-remediation action will still be processed based on the configured auto-remediation rule.
Benefits of the Auto-remediation Actions
There are several benefits of leveraging the new auto-remediation actions within Secure & Govern. Here are some of the most important benefits.
- Delegation of Responsibility: Improving the security posture of an organization by making all users aware and responsible for securely sharing customer information.
- Tightened Security: Issue Initiators will be more aware of their behavior, the overall security posture of Secure & Govern is strengthened, minimizing the risk of unauthorized access or data breaches.
- Increased Productivity: Reduction in issues that need to be manually remediated within Secure & Govern, reducing the burden on Administrators and Data Owners.
- Streamlined Data Governance: Policy driven Data Governance and automated controls providing consistent remediation actions while allowing Administrators and Data Owners to focus on higher priority items.
How To Configure & Enable an Auto-Remediation Rule
- Log into Secure and Govern.
- Go to Settings.
- Select Analysis Rules.
- Select Issue Type (example: Public Link).
- Select Create an auto-remediation rule.
- Enter the Rule Name and Description. Select Next.
- Select Match Criteria ANY or ALL.
When ALL is selected, all the rule conditions must be met for an issue to be auto-remediated. When ANY is selected, auto-remediation will occur when any of the rule conditions are met.
- Enter Rule Condition.
- OPTIONAL: Select Add Condition to enter additional Rule Conditions.
- Enter Rule Action.
- Select Next.
- Select whether or not to Apply this rule to previously detected issues that match the selected criteria.
- Select Next.
- Review the Rule Configuration. Click Create.
The Back button can be selected at any time to change the rule configuration prior to the rule being created.
- The Auto-Remediation Rule is created
Currently, only one auto-remediation rule can be created per issue type.
How To Edit an Auto-Remediation Rule
- Log into Secure and Govern.
- Go to Settings.
- Select Analysis Rules.
- Select Issue Type (example: Public Link).
- Select Edit from the menu on the right.
- Change the Rule Name and/or Description if desired. Select Next.
- Change the Match Criteria if desired.
When ALL is selected, all the rule conditions must be met for an issue to be auto-remediated. When ANY is selected, auto-remediation will occur when any of the rule conditions are met.
- Change or Delete the Rule Conditions if desired.
- Change the Rule Action if desired.
- Select Next.
- Change whether or not to Apply this rule to previously detected issues that match the selected criteria if desired.
- Select Next.
- Review the Rule Configuration. Click Edit.
The Back button can be selected at any time to change the rule configuration prior to the rule being created.
- The Auto-Remediation Rule is updated
Currently, only one auto-remediation rule can be created per issue type
How To Delete a Auto-Remediation Rule
- Log into Secure and Govern.
- Go to Settings.
- Select Analysis Rules.
- Select Issue Type (example: Public Link).
- Select Delete from the menu on the right.
- The delete Auto-remediation Rule modal appears.
- Select Delete. The Auto-remediation Rule is deleted