The Twelve Joys of Aperture

1. Gmail (Beta)

You can now add Gmail for business to the Aperture service. The service applies policy and performs deep content inspection of Gmail messages and attachments to detect zero-day attacks, malware, and data exfiltration so you can view more information about the incident and decide if the activity poses a risk to your network.

2. Gmail Settings Enhancement

You can now identify vulnerable Gmail settings and activities to guard against impersonation, exposures and privacy violations using the Aperture service. The security control settings for Gmail have been enhanced to identify risks associated with inappropriate email forwarding such as emails forwarded from a private domain using a corporate "alias" and exposures, such as the public exposure of a private Gmail group. The Aperture service scans and analyzes email and assets and applies rules to identify exposures, risky user behavior and the potential risks association with each asset. As the service identifies risks, you can assess them and define actions to eliminate or dismiss the risk.

3. Risk Remediation for Citrix ShareFile 

You can now create policy rules to quarantine compromised ShareFile assets< and automatically notify owners of incidents, risky user activity, and when an asset is vulnerable.

4. Risk Remediation for Confluence

You can now remediate Confluence assets and apply policy rules to automatically change sharing, notify file owners of exposures and vulnerabilities, and quarantine compromised assets.

5. Enhanced Support for Sensitive Healthcare Documents

The Aperture service now categorizes asset exposures for healthcare documents using machine learning algorithms to classify and detect sensitive information and identify exposures with the most risks for further inspection. To improve detection rates for healthcare documents in your organization, use Modify Policy Rules to scan for both keywords and regular expressions in the healthcare information stored on your sanctioned cloud applications.

6. Workplace by Facebook (Beta)

You can now secure Workplace by Facebook using the Aperture service. The service analyzes data in your Workplace by Facebook app and performs policy-driven risk analysis so that you can proactively discover risks. The service also provides malware scanning, machine learning, and Data Loss Prevention (DLP) for Workplace by Facebook News Feed, Work Chat, and Private, User and Group messaging. Due to administrative requirements, Aperture supports Workplace premium only.

7. Enhanced Support for Exchange

8. Identification and Control SaaS Applications Risks

Automatically control high-risk SaaS applications using the powerful predefined data pattern service provided by Aperture.  The service performs deep content inspection of your sanctioned cloud applications and identifies violations without requiring you to create any new policies. As the service identifies incidents, you can assess them and define automated actions to eliminate or dismiss the risk.

With the streamlined scanning service, you can now configure the scan settings to specific SaaS apps, with options for rescan to allow you to scan for risks and avoid unnecessary scans.

By leveraging these new services for identifying high-risk SaaS applications, you gain visibility, control, and the information you need to determine which apps you allow on your network, and create policy to prevent future violations.

9. Flexible Policy Enhancement

Apply precise actions to find and fix security risks with flexible mix and match criteria available in Aperture policy rules.  You can now configure automatic policy, remediation, and actions by exploring the available attributes and objects to mix and match, set exceptions, and take actions such as sending an email to a file owner without creating a risk. With flexible mix and match criteria, you can configure a specific policy, create rules without a data pattern, and take precise actions to remediate risks, instead of applying broad remediation actions that may leave data exposed or disrupt legitimate sharing. 

To quickly view and filter all the top data pattern and policy match violations, you can use the improved Aperture dashboard to assess Assets, Policy Violations, Incidents, Users, External Domains, and more with content category filtering capabilities, enabling you to precisely define the actions or remediation for the incidents that are most important to you.   With this snapshot view, you are armed with the information you need to make informed decisions and decide if the activity poses a risk to your network and define actions to eliminate the risk or prevent future violations.

10. Operational Improvements

Quickly view and update incidents using the at-a-glance Incident Management in Aperture.  With a comprehensive and detailed view of the incident violation, you can fully assess the incident, view past incidents, or collaborate with other administrators to assign the required actions. After you understand the incidents and the context around them, you can update the status or close the incidents for your cloud apps, and then define actions to eliminate or close the violation, all from one convenient workflow location in Aperture.

11. Regular Expression Enhancements

Regular expression in Aperture has been enhanced to support weighted regular expressions that make content matching easy to configure, filter, and assess. Regular expressions provide an easy mechanism for configuring basic and weighted regular expressions to identify strings of text, such as particular characters, words, or patterns of characters and make it possible to find all instances of text that match a certain pattern, or return a value if the pattern is not found.

With weighted regular expressions, each entry is assigned a score, and when the score threshold is exceeded, such as enough expressions from a pattern match an asset, the asset will be indicated as a match for the pattern. You can use the regular expression to construct a basic or weighted data pattern expression, view matches, filter occurrences and weight thresholds, and assess match results to determine if the content poses a risk to your organization.

12. New Predefined Data Pattern Identifiers

Predefined data pattern identifiers in Aperture have been extended to include international and global data pattern identifiers through regular expression and machine learning to identify keywords and make it possible to find all instances of text that match, or return a value if a match is not found. You can now leverage the Aperture service to identify these sensitive assets in your cloud apps and protect them from data loss and exposure: