By Ivani Aviles, Customer Success Engineer
Data security relates to the process of protecting your data from unauthorized access. As far as Prisma Cloud is concerned, our Data Security solution will enable you to discover and classify sensitive data stored in AWS S3 buckets and Azure Blob storage. You can also use this module to scan for malware and protect against accidental public data exposure. You can choose to only scan for public exposure, malware, and sensitive data, or a comprehensive scan can look for all three.
At a high level, you can break down the Data Security solution into the following different components:
By default, there are five out-of-the-box Data Policies. Four of the five policies are of the “Data Classification” type. The fifth policy is the subtype “Malware,” which will alert you to potential malware within your storage objects. Each “Data Classification” policy will have a corresponding Data Profile (Financial Information, Healthcare, Intellectual Property, and PII) comprising various Data Patterns. For example, the PII (Personally Identifiable Information) Data Profile will include Drivers Licenses, Tax ID numbers, and Passports patterns.
Fig. 1: A screenshot of the policy subtypes and names_palo-alto-networks
While over a thousand predefined Data Patterns can be scanned against your data, you can always create custom patterns using Regular Expressions, or “regex” for short. Further yet, you can enhance Data Patterns with Proximity Keywords, which help reduce the number of false positives. An example of a Proximity Keyword is “VISA,” used alongside a Data Pattern for credit card numbers. If the word “VISA” is found within 200 characters of a 16-digit number, it is more likely that said 16-digit number is a credit card number.
However, if a 16-digit number is found on the first page of a 20-page document, and the word “VISA” is found on the last page, it becomes more challenging to determine whether or not the 16-digit number is a credit card number. You can find a description of each Data Pattern and any associated Proximity Keyword in the “Data Patterns” tab of the Data Settings ( Settings > Data ).
Fig. 2: A screenshot of the options (data pattern name, description, regular expressions, & proximity keywords) to create a data pattern_palo-alto-networks
Once you have determined the type of data you want to scan for, you can leverage the Data Policies and Profiles. If you tie them to an active Alert Rule, the policies will generate meaningful, viewable alerts within the console's Alerts Overview ( Alerts > Overview ) section.
Remember that Data Profiles do not necessarily have to be associated with a Data Policy to generate results; they simply have to be enabled in the Data Settings. Prisma Cloud will determine a verdict on the Data Inventory ( Inventory > Data ) page. With that said, if you are scanning your storage resources for credit card numbers and do not have a Data Profile with a pattern for Credit Card numbers enabled, your objects will be marked as “Not Sensitive” since no patterns were detected in your objects.
When results populate the Data Inventory page, you can begin to dig deeper into the objects themselves. You will find a rundown of potential malware and any sensitive information that may be exposed to the public. If you go even deeper into the object level, a list of individual files will be categorized based on whether or not they contain sensitive data.
Fig. 3 - A screenshot of the Data Inventory dashboard overview that shows total resources, public resources, total objects, public objects, sensitive objects, and malware objects_palo-alto-networks
If supported, snippets will also be available to glimpse the data producing the alerts. If necessary, you can alter the level of Snippet Masking in the “Snippet Masking” tab of the Data Settings. There are varying stages of masking to regulate your team members' access to sensitive data. For example, a “Partial Mask” will limit a user to only view the last four digits of a potential credit card number, whereas a “Full Mask” will completely hide all numbers from the user performing the investigation.
All in all, while there are tools to aid in finding misconfigurations of your running resources, you can leverage Data Security to gain an even more thorough understanding of the information hidden within said running resources. You will have peace of mind knowing that your data is safe, whether public or private.
About the Author
... View more
Hello, are you referring to our Prisma Cloud (https://www.paloaltonetworks.com/prisma/cloud) or Prisma Access (https://www.paloaltonetworks.com/sase/access) product? Keep in mind that these are different products, and you are currently in the Prisma Cloud discussions board. If you are looking for discussions on Prisma Access, you can refer to the following page: https://live.paloaltonetworks.com/t5/prisma-access/ct-p/PrismaAccess
... View more