Aperture Service

Aperture service focuses on Content Security, User Activity Monitoring, Security Configuration Controls and Third-Party App Integrations.
The Aperture service connects to your sanctioned SaaS application using the SaaS application’s API. This API integration allows the service to discover and scan all assets retroactively when you first connect the SaaS application. The Aperture service scans and analyzes all your assets and applies policy to identify exposures, external collaborators, risky user behavior, and sensitive documents and identifies the potential risks associated with each asset. The service also performs deep content inspection and protects both your historical assets and new assets from malware, data exposure, and data exfiltration in near real-time. As the service identifies incidents, you can assess them and define automated actions to eliminate or close the incident. After the initial scan of your historical assets, the Aperture service continuously monitors your SaaS application and applies policy against new or modified assets for ongoing incident assessment and protection.
To provide visibility into the security challenges with data classification and governance, security gaps owing to non-compliance, sharing/permission violations and malware propagation within the sanctioned cloud applications on your network, the Aperture service focuses on the following key areas:
  • Content Security— The content you store in each cloud application is an asset. The service provides visibility in to your asset inventory to help you uncover accidental or malicious data exposure. It discovers all the assets residing in the cloud application, assesses how the data in these assets is shared or exposed within and outside your organization and it identifies the impact or risk to intellectual property and regulatory non-compliance. In addition to creating an incident and alerting the administrator, the service provides auto remediation capabilities including the option to quarantine, change sharing, or notify the owner.
  • User Activity Monitoring—The service uses a combination of tools including machine language learning, predefined and user-defined data patterns, security configuration controls, and access to event logs auditing user access and activity on each cloud application. With these tools, it builds context on sensitive data and specifically within your environment, identifies thresholds for normal and unexpected behavior, and uses this intelligence to log a violation or alert you to risky user behavior and possible data leaks from accidental or malicious user activity.
  • Security Configuration Controls—The Aperture service provides policies allowing you to manage and restrict privileged user activity, email forwarding and retention rules, and protects you from misconfigurations such as lack of storage volume encryption, lack of enforcement for securing keys, credentials, and Multi Factor Authentication. When any of these security issues occur, you can configure the service to generate an alert or log the issue as a policy violation.
  • Third-Party App Integrations—Threats from third-party apps are serious because these apps have access to all or a large part of the data in the related cloud app. To protect your users and network from misconfigurations and known and unknown malware arising from these app integrations, the service gives you the ability to approve, block or restrict third-party app installation.

Related Documentation