Borneo Documentation

Borneo for AWS Data Stores 1.7

Release Notes: Borneo for AWS Data Stores version 1.7.0

🚀 Key-highlights in v1.7.0 include:

New data classifiers to help you quickly detect Blockchain Public Keys, Personal Information and more in your data footprint

Borneo supports new data classifiers (infotypes) to detect sensitive data in your AWS data footprint. New data classifiers for Advertising ID’s (Apple, Android), PII’s ( Sexual Orientation, Nationality), and Blockchain Public Keys ( Bitcoin Public Address, Ethereum Public Address) are available with this release.
You can use these new data classifiers in association with your existing rules to further improve your team’s understanding of overall risk across your data footprint.
We are continuously adding new classifiers based on customer feedback, and new regulations to help businesses future-proof their privacy compliance efforts.
The screenshot below shows how to configure and enable new data classifiers:
Could not load image
Screenshot showing the Incidents page where you can investigate the compliance violations and pin down the classifiers found.
Could not load image

Flexible incident notification policies to save time by filtering out noise, and piping alerts directly to the right channels.

Borneo’s Notification Policy saves security engineers precious time by allowing them to pipe notifications from incidents to specific channels, so they can act on high-priority incidents. Instead of having to spend time choosing alerts to pick and work on, they can act on the high-risk incidents right away.
Security teams will now be able to set up a predefined rule engine that will allow them to stay notified about incidents on different channels when specific conditions are met. The trigger criteria can either be the source where the incident originated like RDS, Presto, and S3, etc, or it could also be the infotypes detected by Borneo in a specific source.
This makes it super convenient to channelize alerts to different streams like Slack and Jira, so you know which ones to act on immediately. This can save you plenty of working hours that would have otherwise been spent in analyzing the right alerts to pick and work on.
For example, you can set up a rule that will allow you to receive notifications on Slack, when there is a sensitive data risk in your RDS buckets, and specifically, this deals with the credit card number infotype.
Create and tweak as many workflows as you find the need for, and ensure that you’re not only able to identify high-priority alerts but also remediate them easily.
Could not load image

Quick and easy IAM-based authentication for RDS MySQL and PostgreSQL instances, as well as Aurora MySQL and PostgreSQL clusters

Remove significant friction while improving security when managing Borneo’s access to a large number of RDS and/or Aurora instances. We’ve tweaked the way Borneo accesses your database so you can use a more secure and less cumbersome way to detect sensitive data risks.
Instead of specifying long-lived username/password credentials to allow Borneo access to your database, security engineers can now enable IAM-based authentication.
When activating a database for inspection on the Borneo dashboard, you now have the option to enable IAM-based authentication, provided this feature is enabled for the database. (Please refer to the Amazon RDS and Amazon Aurora documentation for details.)
When connecting to the database, Borneo will use a short-lived authentication token issued by AWS IAM to authenticate. Permission to connect to any database or database cluster is granted via Borneo’s IAM data access role, just like access to S3 buckets, DynamoDB tables, or other cloud-native data stores. This is especially useful when you are managing Borneo’s access to large numbers of RDS and/or Aurora instances.
Could not load image

One-click control for pausing/resuming Borneo’s Continuous Scan capability to avoid any impact to your production workloads.

Customers can now pause and resume Continuous Scans without fear of having to restart inspection should there be concerns about impacting existing production workloads for your data sources. You now have the flexibility to trigger scans during non-peak hours.
This is useful when you have to save resources for key production requirements, or you’re running migrations, or making changes to your database. You can also resume with a single click and Borneo will continue the scan from where it was paused.
Borneo supports customization options for scan jobs at 3 distinct levels:
  1. 1.
    At the connector level: For example, disabling the RDS connector will stop Borneo from scanning any RDS database in all connected AWS accounts.
  2. 2.
    At the connector/account level: For example, disabling the S3 connector for a specific AWS account will stop Borneo from scanning any S3 buckets only in that specific AWS account. It will continue scanning S3 buckets in other connected AWS accounts.
  3. 3.
    At the individual source level: For example, disabling scanning for a specific S3 bucket, a specific RDS database instance, or a specific Presto instance, etc.
The screenshot below shows how to enable the pause/resume switch at connector level.
Could not load image
The screenshot below shows how to enable pause/resume switch at source level.
Could not load image

Data owners can quickly pin-point the exact location of sensitive data (infotypes) found in scans, leading to quicker remediation

Security analysts, incident responders, and developers can further their understanding of the masked infotype strings (tokens) that are pulled up during Continuous and Full Scans. Borneo will now include the name of the column in which the match occurred.. This can help them quickly decide on the correct remedial actions.
In order to help engineers gain a better understanding about the masked infotype data that is found and choose a remedial measure, Borneo enriches the identified data with this supporting information, which can vary depending on the source of the data.
If the source of data is an unstructured document, the context may be a neighbor word, typically a keyword found near the matching token.
Engineers can further download the log of masked records, which were identified during the scans.
Could not load image