What is Dasera?

Dasera is a data security posture management (DSPM) platform that automates data security and governance controls, on-prem and in your cloud, to protect your data throughout its entire journey. We provide visibility, control, and remediation for structured, semi-structured, and unstructured data across cloud and on-prem databases, data lakes, and data warehouses. With Dasera, you get robust Data Security Posture Management (DSPM), Data Access Governance (DAG), Data Detection and Response (DDR), enhancing compliance and audit readiness.

What problems can Dasera solve?

1. Little to no visibility into data sprawl, increasing the likelihood of data breaches.
   1. Dasera continuously discovers data stores for complete visibility across cloud, on-prem, and hybrid environments, helping improve the organization's data security posture.
2. Manual data classification and tagging are time-consuming and error-prone.
   1. Dasera continuously classifies sensitive data, then programmatically assigns sensitivity levels and business purpose tags and maps them to known regulations.
3. Sensitive data exposure due to misconfigurations.
   1. Dasera performs configuration analysis to identify data stores with issues and prevent data exposure.
4. Challenges in implementing least-privilege access for hundreds of users.
   1. Dasera performs privilege analysis to detect excess privilege to sensitive data automatically.
5. Inability to detect risky and privacy-violating data interactions.
   1. Dasera profiles user behavior based on query analysis to help mitigate risky data interactions at scale and ensure regulatory compliance.
6. Overwhelming management of many complex data security issues.
   1. Dasera’s risk scores and advanced policy engine provide workflows to help prioritize and automate remediation.

What makes Dasera unique?

Context-Aware Data Security: Understand the context surrounding data interactions, such as who is accessing data, from where, and how they use it. Context-aware security solutions help detect and mitigate data security risks in real time by monitoring user behavior and data interactions. Dasera offers correlated and contextualized visibility to all data interactions across the data lifecycle, providing a deep understanding of the four data variables: infrastructure, data, users, and usage.

Continuous Data Risk Monitoring: Monitors an organization's data environment to identify and mitigate risks to sensitive data. It involves continuous scanning and monitoring of all data sources, including databases, file shares, and cloud storage, to detect any unauthorized access, misuse, or suspicious activity related to sensitive data. Enables security teams to assess the effectiveness of their security controls and policies and make adjustments as necessary to maintain a secure data environment. 

Core-Data Security Automation: Protect your sensitive data, rather than just the systems or infrastructure it resides in. Machine learning-powered solutions focus on implementing security controls that protect data at rest, in transit, and in use, regardless of location. This approach involves classifying data based on its sensitivity and applying appropriate security controls based on that classification. The platform provides 50 out-of-the-box, built-in Custom Sensitive Data Types across the following categories: direct identifiers, indirect identifiers, financial information, health information, and credentials. Dasera's data-in-use monitoring tells data owners how their sensitive data is being used, which can help minimize insider threats.

On-Prem & Cloud Coverage: Dasera's platform covers all major structured and unstructured data stores, including on-prem, IaaS, Paas, and SaaS environments. Leveraging advanced workflow creation and automation features, Dasera empowers security teams to efficiently identify misconfigurations, optimize operational processes, and allocate resources toward strategic initiatives.

Real-Time Compliance Monitoring & Data Breach Detection: Continuous data usage and access monitoring enable organizations to identify potential compliance violations in real time. Dasera can immediately detect suspicious or unauthorized activities by analyzing data usage patterns and user activity, quickly alerting security teams. This enables organizations to take timely corrective action, preventing potential security breaches and avoiding costly regulatory penalties. Dasera's real-time compliance monitoring ensures that organizations remain compliant with industry regulations such as GDPR, CCPA, and HIPAA. 

Data Query and Risk Analysis: Dasera's data-in-use monitoring and risk analysis capability provides real-time monitoring and analysis of data usage to detect any potential data misuse or leaks within the organization. By continuously monitoring data interactions across the data lifecycle, from data to grave, Dasera provides a correlated and contextualized view of all data interactions, ensuring that any unauthorized access or usage can be detected and mitigated quickly. Low-touch or snapshot-based classification support for most data stores streamlines comprehensive risk analysis. 

Cross-Functional Workflows: Dasera's cross-functional workflows automate the remediation process and notify relevant teams when potential data misuse or leaks are detected, streamlining the incident response process. This reduces the time to resolution and ensures that all relevant teams are aware of the incident and can take appropriate action to mitigate the risk. 

Cross-Platform Orchestration: Enables metadata exchange for data infrastructure, SIEM, SOAR, and AD for a single pane of glass for data engineering. Supports Hybrid Clouds: Dasera empowers customers across their entire environment, whether cloud-based, on-premises, or hybrid. Deep Privilege Analysis analyzes object-level privileges for database access control. 

What can I customize within Dasera?

There are several customizable elements within the platform:

1. Customize Sensitive Data Types. Dasera continuously classifies sensitive data across your environments, then programmatically assigns sensitivity levels and business purpose tags and maps them to known regulations, such as HIPAA or GDPR. Custom tags enable data identification specific to your business needs. Custom sensitive data types enable monitoring at scale for sensitive data most important for your organization. 
2. Customize data store scanning. Specify scan frequency, scan schedule, and sample rate of data store scans, including using regex. This keeps your data store security posture insights as accurate and up-to-date as needed.
3. Customize Policies. Ensure that data is consistently protected according to organizational policies, thus reducing the likelihood of human error or oversight. This can include implementing data access controls, data retention policies, and data encryption policies to protect sensitive data from unauthorized access or disclosure. Dasera includes several built-in policies to generate alerts for data policy violation events. You can also craft new policies based on customized conditions that map to existing alert workflows.  
4. Customize Remediation Workflows. Dasera enables automated remediation and controls to effectively manage security risks, resulting in improved security, increased efficiency, and reduced human error. You can edit built-in workflows and craft new ones with customized notification settings that link to specific policies. 

How does Dasera connect to my environment?

We offer two deployment methods for connecting to your environment: Dasera-hosted SaaS and self-hosted. Dasera-hosted SaaS is recommended because it offers the most scalability, cost efficiency, enhanced performance, and security for your tenant infrastructure. Dasera is deployed as a virtual machine or container instance for self-hosted instances, running either as a shared instance or a dedicated host. For both methods, sidecars can be deployed alongside the main application, as needed. Learn more about Dasera Architecture. For further information, please contact sales@dasera.com or your account representative.

My organization has a large volume of data resources. How well does Dasera scale?

You can onboard your Cloud environment in Dasera at a Organization level. The process of onboarding the Organization is similar to that of an Account. When you onboard the Organization, Dasera can auto-detect all the child Accounts and Data stores within them, enabling quick connection and scanning across data stores at scale.

Does Dasera impact the performance of my data warehouse or databases?

No, Dasera should minimally impact data performance. When data-in-use monitoring is enabled, Dasera periodically copies queries from the data store query log to Dasera. The query copying has minimal impact on data warehouse or database performance. Dasera also samples new columns to determine if new fields contain sensitive data. If you're concerned about degrading your database or data warehouse performance, sampling can be limited to non-peak times of the day.

Does Dasera store any customer data?

Dasera only stores metadata and does not retain copies of sensitive data samples. This allows us to ensure that customer data remains secure and private. Some customers deploy via Sidecar to keep computing and sampling within their environment.

Which file types can Dasera find sensitive data in? Does it support image files?

How does Dasera classify my data? 

Dasera scans your data stores to discover and classify sensitive data. Classification is performed via machine learning with a combination of heuristic signals. Scanned data is matched against relevant heuristic signals to determine if the data store contains sensitive data, its type and sensitivity level, and the resulting confidence score. This approach is fully configurable by scan frequency, schedule, and sampling rate (for unstructured data only). Read more about Classification.

What types of risks can Dasera detect? How are the Risk Scores calculated?

Dasera supports the following types of risks, each with an automatically assigned risk score in the platform.

1. Misconfiguration risk: a score out of 100 describing how vulnerable data is based on a possible suboptimal security configuration.
2. Overprivileged risk: an aggregated score out of 100 assigned to data stores with multiple users and users with stale privileges.
3. Data store sensitive access risk: an aggregated score assigned to a data store with multiple users that have access to sensitive data.
4. User behavior risk rating: score assigned based on the severity of a user's policy violations, including data-in-use policy violations, in a data store over the last 30 days.
5. User sensitive data access risk: score assigned based on access to sensitive data, with higher sensitivity resulting in more points.

Risk scores allow for prioritized remediation strategies and targeted actions. They are calculated primarily based on the Last Accessed date (e.g., how long since the username has queried a data store). If a certain number of days have passed and the user has access to a large amount of sensitive data, they are flagged as OverPrivileged Risk. Focusing on the most critical issues streamlines your security approach, enhancing your organization's overall data security management posture.

Can Dasera determine which users have access to sensitive data? How?

Yes. Dasera can go beyond basic role retrieval to detect field or file-level user access, offering granular insights into what sensitive data a user can access. This helps prioritize identified access issues based on true sensitive data access.

Can Dasera detect violations in real time? What type and how?

Violation detection time depends on the scan frequency of the scanned data store, which can be customized from every hour to monthly. For query analysis-based policy violations, detection time will vary based on when a query is issued and when it can be executed upon the next scan. 

How does Dasera provide remediation?

Dasera supports remediation in a few different ways. First, our automated and customizable workflows can send notifications directly to Slack, Pager Duty, SNS, Google Pub/Sub, and email. Second, Dasera integrates natively with many SOAR (Security Orchestration, Automation, and Response) solutions, including Splunk and Sumo. Dasera can also alert ticketing systems like Jira and ServiceNow. These remediation features enable security teams to respond quickly to incidents.

How does Dasera help achieve regulatory compliance?

Dasera enables, automates, and integrates with existing tools to satisfy audits and compliance frameworks for major regulations like HIPAA, GDPR, CCPA, and others.

How can Dasera integrate with my product or systems?

You can review all current platform integrations here. In addition to standard integrations with several leading data warehouses, data lakes, BI tools, SEIM solutions, alerting systems, and SSO providers, custom workflows with many systems can be configured via open APIs, webhooks, and using lambda functions. Please contact your account representative for questions about custom integrations with a specific tool.

Which certifications does Dasera hold?

Dasera has achieved the SOC 2 Type 2 attestation and demonstrated HIPAA compliance. Read more about Dasera approach to Trust and Security.

What kind of support will I get for onboarding and long-term success?

Dasera is excited to offer our new Premium Onboarding and Long-Term Success Plan to ensure you achieve maximum value with our product through an ongoing partnership. Your personalized success team includes a dedicated Customer Success Manager, Solutions Engineer, and Account Manager who work closely with you from day one and beyond. The process begins with a kickoff to understand your unique priorities and needs. Your success team will then develop a tailored success plan focused on driving product adoption, answering questions, and achieving your desired business outcomes both in the short and long term. Key components of the plan include:

• A prioritized roadmap customized to your use cases and goals.
• Ongoing training, 1:1 coaching, and support to drive user adoption across your organization.
• Proactive account reviews at 90 days and 6 months to evaluate progress and identify new opportunities for value.
• Optimization of workflows, integrations, and custom configurations for maximum impact.
• Executive stakeholder updates to showcase ROI and progress towards objectives.

With the Premium Onboarding and Long-Term Success Plan, your success team becomes an extension of your organization. Together, we'll ensure high user adoption, continuous optimization, and sustained value to meet the evolving needs of your business.