Overview

Dasera is a data security posture management (DSPM) platform that automates data security and governance controls, on-prem and in your cloud, to protect your data throughout its entire journey. We provide visibility, control, and remediation for structured, semi-structured, and unstructured data across cloud and on-prem databases, data lakes, and data warehouses. With Dasera, you get robust Data Security Posture Management (DSPM), Data Access Governance (DAG), and Data Detection and Response (DDR), enhancing compliance and audit readiness.

Panoptica is a Cloud-Native Application Protection Platform (CNAPP) with some Cloud Security Posture Management (CSPM) elements, offering insight into attack paths and enterprise-level risks across multi-cloud environments.

Follow these instructions to easily integrate Dasera and Panoptica, incorporating the latter’s enterprise-level risk detection insights to identify gaps in your data security program and ensure the safeguarding of your most sensitive assets.

Integration Overview and Benefits

Understanding the integration of CNAPP and DSPM in a real-world scenario highlights its immense value. Consider a typical customer using Panoptica Cloud-Native Application Protection Platform (CNAPP) to secure its cloud-native data assets and applications. Panoptica offers complete visibility into attack paths and vulnerabilities, but managing the sprawl in today’s cloud environments can be challenging for security and cloud teams.

Introducing Dasera’s DSPM solution significantly enhances the security landscape. Dasera DSPM continuously discovers and classifies data, identifying sensitive patterns and helping prioritize risks that need immediate attention. It also brings data-centric access and usage-based monitoring and alerting, complementing the broader application and infrastructure monitoring provided by CNAPP. This integration ensures both applications and the sensitive data they handle are comprehensively protected, adhering strictly to regulatory standards.

For example, this integration can reveal previously uncovered data assets containing personally identifiable information (PII) and specific data types such as names and social security numbers. This information enables security teams to adjust their priorities and fulfill their protection mandates more effectively. It ensures that data is securely handled throughout its lifecycle, maintaining data hygiene and compliance.
 

Key benefits:

• Comprehensive Security Coverage: Ensure end-to-end protection with a unified security posture view across both applications and sensitive data.
  Improved Risk Management: Helps prioritize security efforts by focusing on critical data and application vulnerabilities.
• Streamlined Compliance and Reporting: Streamlines adherence to regulatory requirements with continuous monitoring and reporting.
• Efficient Incident Response: Enables swift, coordinated responses to security breaches, minimizing damage.

Supported Services

The Dasera / Panoptica integration supports the following services:

• AWS DynamoDB
• AWS RDS
  • MariaDB
  • MySQL
  • Oracle
  • PostgreSQL
  • SQL Server
  • Aurora
• AWS Redshift
• AWS S3
• Azure Database for MariaDB
• Azure Blob Storage
• GCP BigQuery
• GCP Cloud SQL
• Google Cloud Storage

Setting Up Dasera

If you don't already have access to Dasera, please email support@dasera.com and include the following information:

• Your request for a new Dasera-hosted application
• The full name and email address for the user you wish to be application administrator

Your assigned support representative will respond with the following:

• Details on how to access your new Dasera application.  
• A link for accessing our private knowledge base.

Generate Panoptica API Key

Within your Dasera instance, click on Administration → Integrations from the left-hand navigation. A drawer will open with instructions for connecting with Panoptica. 

Follow the links to the Panoptica console to sign in and access the API Keys tab under Management→Settings→API Keys. After inputting a name and generating an API Key, copy and paste the value into the Panoptica API Key field pictured above.

Click Connect to complete the connection and start integrating with Panoptica. You can also disconnect at any time by editing the connection and clicking Disconnect from the Integrations page. Upon disconnecting, you'll see a popup to confirm Panoptica data removal.

Configuring Dasera

Once you have access, there are two main configuration activities to perform in Dasera. Once complete, information will flow between systems:

1. Onboard your Infrastructure Connections
2. Connect your data stores

Links to specific knowledge base articles are included below, or you can email support@dasera.com for assistance.

Onboard Infrastructure Connections

Amazon Web Services (AWS)

Dasera connects to AWS using IAM roles. This is necessary to provide us with the full permissions necessary to analyze your data stores fully and provide accurate classification. These roles can be created using either CloudFormation or Terraform.

Each AWS account you onboard within Panoptica must also be onboarded as a matching Dasera Infrastructure Connection. See the following articles for specific steps, depending on your preferred tool (be sure to first authenticate to our KB using the link provided by Dasera support):

• Onboarding AWS Infrastructure via CloudFormation
• Onboarding AWS Infrastructure via Terraform

Once your AWS accounts are connected, Dasera will then auto-discover your AWS data stores and ingest any associated AWS tags. 

Google Cloud Platform (GCP)

Dasera also connects to GCP using IAM roles. This is necessary to provide us with the full permissions necessary to analyze your data stores fully and provide accurate classification. These roles can be created using either manually or via Terraform.

Each GCP account you onboard within Panoptica must also be onboarded as a matching Dasera Infrastructure Connection. See the following articles for specific steps, depending on your preferred tool (be sure to first authenticate to our KB using the link provided by Dasera support):

• Onboarding GCP Projects Manually
• Onboarding GCP Infrastructure via Terraform

Microsoft Azure

Dasera also connects to Azure using IAM roles. This is necessary to provide us with the full permissions necessary to analyze your data stores fully and provide accurate classification. These roles can be created using either manually or via Terraform.

Each Azure account you onboard within Panoptica must also be onboarded as a matching Dasera Infrastructure Connection. See the following articles for specific steps, depending on your preferred tool (be sure to first authenticate to our KB using the link provided by Dasera support):

• Onboarding Azure Infrastructure Manually
• Onboarding Azure Infrastructure via Terraform

Connect Data Stores

Each data store you wish to monitor in Panoptica must also be connected as a matching Dasera data store. See the following articles for specific steps (be sure to first authenticate to our KB using the link provided by Dasera support):

• Connecting to AWS Data Stores
• Connecting to GCP Data Stores
• Connecting to Azure Data Stores

Once your data stores are connected, Dasera will analyze and classify data within them based on various signals and inputs. This activity includes automatically assigning sensitivity levels based on Sensitive Data Types within your data stores. For example, if we detect User Name data, we might assign the sensitivity level Medium to associated files and fields.

More information on how classification works is available in our Classification Management article. 

Monitoring Panoptica Insights

You can access additional insights that Dasera retrieves from Panoptica on the Data Stores → Data Store Inventory page in the Security Center. The Data Store Inventory page displays the Asset Health Score, Network Exposure Health, Identity Health, Attack Path Count, and Security Findings Count identified by Panoptica. Drill down into more details on these scores in Panoptica by clicking the hyperlink icon next to Asset Health Score and the hyperlinked Count numbers.

The Asset Inventory page shows assets also monitored by Dasera. 

Asset Details provide more specific insight into attack paths, including how to investigate and remediate them.

Security Insights also show specific posture risks and possible remediation tasks.

Troubleshooting

If you don't see Panoptica insights on Dasera's Data Store Inventory for matching assets, please open a support ticket by emailing support@dasera.com.