Today has been a deluge of product news for RSA Archer. More features are being released in the next 6 months than in multiple years prior. Some of the interesting things are being released in the coming months include:
- Archer version 6.5 will be released in October.
- New IT Security and Vulnerability Management Use Case. Uses Javascript Transporter. Pre built integrations with Tenable, Qualys, and the National Vulnerability Database.
- Data gateway. Allows Archer to connect and use data residing in other systems. Ex: You have millions of assets with billions of scan results. The execs can now view all that data in Archer without importing millions of records to Archer. The huge use case for this is hooking into your organization’s CMDB and always having up to the second data on your organization’s structure and assets.
- They will release pre-built integrations via the RSA Exchange. They’ve already built and released over 40 for the existing DFs and APIs, and plan to do many more including integrations using the data gateway and the JS Transporter.
- They are developing prototypes for a 3rd Party Portal, which will allow distributing risk assessments to Third Parties without them having Archer user accounts.
- Changing and improving the way Archer handles cross references, and enhancing the way that hierarchical relationships are displayed in the system so a record owner can see the full relationships of their risks across the entire enterprise.
- Have created a prototype to analyze new regulatory data vs an organizations existing controls. It shows a diff of the old regulation and existing controls to the new regulations. It also uses algorithms to suggest mapping to existing controls, and give a % of confidence on the matches. Users then review each suggestion and complete the mapping. Uses Natural Language Processing and Machine Learning. Plan to release this in the first half of 2019.
- Advanced metrics. Use the existing Strategic Planning app to set a goal for privacy compliance to lower privacy incidents. A new engine will allow you to query and track data and gives a visual forecast of how you’re on track to reduce privacy incidents. It can do things like letting you know that privacy incidents often increase 3 months after on-boarding a new vendor. You could then put in an additional vendor training control and see how that impacts incidents.
- Can now embed reports within a single record, and filter using that record’s attributes, or manually filter the report.
- Various UI display changes
- A breadcrumb bar to show you the history of pages you access
- Custom menus with application actions when you right click
- Type ahead search when looking up cross-referenced records (early 2019).
- Geospatial capabilities to show various events on map based reports. (Fall 2018)
- Packaging and migration changes including the ability to package and migrate data feeds, and enhanced package reporting, like showing a diff between a package’s contents and the existing environment.
- Effective Permissions Investigation Console enhancements. The ability to compare two users and see the differences in their access between their groups, roles, and access.
- Advanced workflow enhancements. (Fall 2018) Automatically review a set of records, say quarterly. Adding advanced workflow full screen designer. A new feature called advanced workflow content assistant – enroll and un enroll large numbers of records. Adds the ability to ‘bulk advanced workflow job update”, and move large numbers of records to different nodes.
- Data Feed batch content save. Token in the DF that allows you to save a group of records at a time rather than a single record at a time. Ex: 300k record data import. Prior was getting 3.5k records/min. After setting BCS to 1000, was saving 13k+/min. Over a 4x improvement.
- Optimize Calculations. On applications or DFs. Must enable at control panel and in the feature setting. New checkbox on General tab of DFs. Will only show if enabled at the ACP level. Rather than batching huge updates into many jobs, it puts them all in one big job. Allows bulk actions to process faster without resource competition. Bulk Update 50k Records: 5 hours. With Optimize Calcs it took 21min. 14x faster. The job engine is used to jobs running for 2-3 seconds. The drawback is that this one can run a single job for 30min. to 1 hr, which can block other jobs from firing, and things like notifications wouldn’t go out.
- Scheduled calculations. Replaces manually created targeted application data feed recalculations. Can set up scheduled calculations with filters so only a subset will calculate. This is a “soft save” and doesn’t impact last updated, etc.
- XSLT 3.0. Faster, way more features. Just change 1.0 to 3.0 in the header in the transport tab.
- Javascript transporter. Substantial enhancement to the data feed manager. Can process JS files, which by nature don’t have to produce any data. DFs used to only bring data into Archer, but now you can do much more.
- Executes JS files, consumes resultant data (if any).
- Push data externally feom Archer, return nothing and exit.
- Can pull data from multiple systems simultaneously. Can pull and push data to systems in one process
- Could allow you to create a data feed “middle ware” tier on a timer based system.
- To enable, you must provide trusted certificate thumbprints (will only execute JS files signed with a trusted certificate thumbprint or disable signature verification.) This is a setting in the ACP. Then select javascript transporter on the DF transport tab. Access limits: Limited to whitelisted libraries: request, Xpath, Xmldom, Xml2js.
- Ex: Rapid7 vulnerability feed. Sends user creds, gets a session token, sends token back to get vulnerabilities list, filters list to new since last run, send token and loop through IDs, get details back, aggregate details into single JSON object, loads.
Great summary of the Archer Summit!
Thanks David, excellent summary of day 2 of a fantastic conference!