Fortinet Acquires Next DLP Strengthens its Top-Tier Unified SASE Solution Read the release
Updated: Oct 25, 2023   |  

What's New in Reveal

Go back

What's New in Reveal

The last year has been an exciting time for Next. New leadership, new funding, and a lot of new Reveal customers. We’re proud to bring to market an effective and easy to use Insider Risk Management and DLP solution that deploys quickly, supports Windows, macOS and Linux, and solves for DLP compliance, IP protection and Insider Risk detection and response use cases.

We believe in high product velocity; getting new, impactful data security capabilities to our customers as quickly as possible. You may have seen some of these, and some you may have missed. We thought it would be helpful to provide a roundup of a portion of the work our product and engineering teams have delivered this year (so far!).

Data Protection

Data Loss Prevention is about identifying and protecting sensitive information and ensuring employees can be guided to understand risk and make sound decisions. This requires the ability to identify and classify data as it is created or accessed by users. New to Reveal’s data exfiltration detection set are:

  • Content Classification for MacOS Outlook: Reveal now performs content inspection and classification of all outbound emails for users of MacOS across clients and Outlook on the web. 
  • Enhancing USB Drive Controls: Reveal can now prevent users from writing sensitive files including PCI, PHI, PII and IP to USB storage devices through real time content inspection and classification on the endpoint. Reveal’s expanded USB feature now includes the ability to  distinguish between authorized and unauthorized USB devices to prevent users from mounting unauthorized USB drives that may contain malware and prevent users from copying sensitive information to unauthorized devices.

Policy Templates

Reveal is designed to give you visibility into data movement and user actions before a single policy is set; the insight from this immediate visibility helps organizations build more effective policies. For teams that are ready to add policies to meet their specific needs, Reveal provides several new templates:

  • Identify and block encrypted files: Malware is often encrypted to avoid detection. Attackers will encrypt sensitive data to obfuscate it and bypass DLP controls. Reveal now allows organizations to enact policies that block users from uploading and/or downloading encrypted content.
  • Instant messaging: Reveal provides out of the box policy templates for identifying, classifying, and protecting sensitive data in instant messaging apps.
  • Updates to “unauthorized keyword typed” policies: Greater flexibility for existing policy templates, including enabling Regex patterns for keystroke monitoring and reference assets in addition to the existing keyword matching.
  • Improvements to HTTP POST policies: Browser template improvements enable inspection, classification, and control over data entered into HTTP POST forms.
  • Predefined policy groups: Reveal now provides a selection of predetermined policy groups for creating policies in bulk. Just choose a group and step through our wizard, where you can set common parameters for multiple policies at once. Some groups pre populate content inspection patterns and keywords to save you even more time. These groups  help your organization comply with information security, financial, and medical regulations.

Data and User Privacy

Respecting employee privacy is critical in today’s work environment. Unlike legacy DLP and employee monitoring solutions, we started with a “secure by design” approach to building Reveal. We continue to add capabilities that protect data and user privacy.

  • Scoped Investigations: We have always used data minimization and pseudonymization to protect user privacy. This safeguards users’ identities until circumstances and evidence warrant a deeper probe into a user’s activity. The addition of scoped investigations Improves data privacy and supports compliance with information security regulations by letting organizations choose which information is accessible and for how long to security analysts for forensic analysis. This time-bound, revocable, and auditable data access prevents unnecessary exposure or mishandling of sensitive data.

SIEM Integrations and Splunk

In most organizations, DLP is one of many solutions designed to prevent intrusions. A Security Information and Event Management (SIEM) collects and correlates event information for each of these, along with events from endpoints and servers. 

  • Event streaming to SIEM: Event streaming to Splunk is now a standard feature in Reveal or the Reveal technology add-on is available as a free download in Splunkbase. This feature allows organizations to stream detection, incident, and audit log events directly to Splunk for triage and correlation with information from other devices that may provide context to an alert. Once confirmed, users can use the Reveal console to block activity, lock out user sessions, kill processes, or isolate a device from the network.

Incident Response

Reveal is designed to reduce technology friction and simplify effective data security. Our management console delivers the insights to help analysts quickly triage and resolve issues while also giving security leaders visibility into workflow efficiency.

  • Email alerts for incident events: Reveal now provides the option of using email alerts to notify analysts and others of incident creations and resolutions to better communicate throughout the security team. 

There is More to Come

Our teams are already working on new capabilities for later this summer and beyond. Interested in seeing how these new capabilities can better serve your insider risk management and DLP needs? Book a demo and we’ll show you!

 

Demo

See how Next protects your employees and prevents data loss