Block browser uploads and take control with Ava Reveal

Cyber    Carlo Tarantini, July 27 2021

Block exfiltrations via browser uploads and manage deployments more effectively with Reveal’s latest updates.

2 mins

New browser extension-enabled blocking

Ava Reveal now includes a new browser upload blocking functionality that further uplifts its smart content inspection and investigation capabilities. This new module allows security managers to protect sensitive data from exfiltration via suspicious websites and web applications. And combined with Reveal’s investigation tools, browser upload blocking provides essential information in building the storyline of an incident.

Automated enforcement

To take a proactive approach to DLP, being able to block exfiltration events is of the essence. The Reveal agent can now intercept uploads and block threats, taking input from Reveal’s policy engine and leveraging built-in smart inspection patterns – including personally identifiable information and MIP-labeled data.

This feature is supported on Windows and macOS for Chromium-based browsers. Reveal Agent 7.7.4 or later is required. Browser upload blocking is part of the Reveal Configurable Policy Templates V3.0.9 (login required).

Entities dashboards for easy management and fast investigations

Reveal’s new Nodes and Users dashboards allow administrators to classify and audit users and nodes across any deployment. Both of these smart inventories include advanced search and filtering functionalities, leveraging node and user attributes for quick classification, tagging, and navigation.

Blog_RevealDashboard_Post3

The Nodes dashboard allows stateful archiving or unarchiving nodes, manually or automatically. Through the Nodes interface, operators can audit their Reveal deployment and control the visibility of active and redundant nodes by changing their state.

Using quick navigation buttons, operators can also apply and release actions like isolating or locking machines in a heartbeat.

The new Nodes interface simplifies the tracking of different types of endpoints (virtual and physical), and it allows scaling and managing configurations more easily. So it is now easier to manage complex Reveal deployments. For instance, the Nodes dashboard allows monitoring of elastic deployments where Reveal agents are enrolled or deleted dynamically on virtual instances.

Blog_RevealDashboard_Post2

The new Users dashboard is now the main place for search, audit, management, and tracking of user profiles on Reveal.

Its quick search and advanced navigation features allow searching users by their LDAP attributes as well as their machine properties, so now managers can tailor policies to different user groups and adapt them to specific business functions or behaviors.

With the new Nodes and Users dashboards, operators can now manage Reveal deployments of any size more effectively. These new interfaces make investigations seamless with better visualization and activity tracking, connecting entity and user attributes to forensics data displayed in Reveal’s investigation tools.

Configurable policy templates v3.0.10

Reveal Configurable Policy Templates V3.0.10 (login required) are now available.

These enhanced templates allow operators to customize and fine-tune security policies by expanding the set of customizable policy features and parameters to reduce false positives.

For instance, the new policies allow accounting for sanctioned system account file activity when users attempt to open sensitive files. Also, when Reveal detects users installing new applications, these new policies take into account authorized software publishers. Finally, you can now fine-tune those policies detecting authorized use of advanced system tools like Powershell.

For full details, refer to the Reveal Configurable Policy Templates Reference Guide (login required).