Veza Product Update - June'23

Search and Insights

• Segregation of Duty (SoD) Analysis (Early Access): The Access Intelligence > Analysis page now includes an additional section for creating queries with complex "and"/"or" statements and condition groupings. This query mode can identify users that can assume different roles (such as conflicting roles that violate business rules for separation of duties). This query mode can also identify users that can have conflicting effective permissions to more than one type of resource (such as SaaS apps, data systems, cloud services, infra services, or IAM systems).

• Query Builder: Show or Hide Nested Relationships (Early Access): It is now possible to hide results that are indirectly accessible due to hierarchical relationships, such as AWS IAM Roles assumed by another role, or Microsoft Azure AD Groups belonging to a parent group. The toggle to show or hide indirect access appears under Advanced Options > Relationship Options > Show Assumed. This option only appears when the source or destination entity type can be nested.

• Edit report owners: Report creators can now share reports and enable other Veza users (such as app, data, identity, and security teams) to edit them by adding or removing owners in Edit Mode. Owners are now listed next to report titles on the Reports page. Private reports are only visible to the creator, and any users added as owners.

• Rules for Saved Queries: The Saved Queries page now includes a tab for creating and managing Rules based on their underlying saved queries. You can use this view to see whether a query has rules associated with it, create new rules, and review the condition and severity of any active rules.

• New filter operators: Attribute filters can now specify Exists and Not Exists operators, allowing searches to only return results based on the presence or absence of a value for a specified property.

• Saved Query Improvements: When saving a query, you are now able to apply an existing assessment label or create a new one. When saving a query and adding it to a report, you can now choose a specific report section for the query.

Integrations

• AWS Secrets Manager: Veza now supports User and Role permissions on secrets contained within AWS Secrets Manager. New entity types Secrets Manager Service and Secrets Manager Secret are now discovered for any integrated AWS account. Veza also discovers Secret attributes such as last rotated and last accessed dates.

  • Note that the integration trust policy now includes the secretsmanager:ListSecrets action. You should update your policy within AWS to avoid warnings, or edit the integration and choose Limit AWS Services > Secrets Manager.

• Confluence Cloud: A new connector is available for discovering user and group access to Spaces in Confluence. Veza can show when Spaces allow unlicensed access or anonymous access, and when users are external collaborators.

• Windows Servers: A new connector is available for discovering local users and groups, scheduled tasks, and services running on Windows servers.

• Configurations v2 (Early Access): The Veza Configuration pages have been completely overhauled for more streamlined integration management and improved visibility into the status of your integrations. Please contact the Veza support team to preview the new user experience before it becomes generally available for all users.

• All our latest Veza integrations can be found here. If you don't see an integration that meets your needs, please reach out - we are building new integrations as fast as we can and would love to hear about your priorities.

Veza Workflows

• Approve and Sign-Off (Early Access): Reviewers on mobile devices can now use the Approve and Sign-Off action to quickly make final decisions for Certification results.

• Reviewers accessing Certifications on mobile devices can now Re-assign Reviewers for a result.

• The grace period for marking Certification results as Fixed after the Certification is expired (default 7 days) is now configurable by the Veza support team.

• Certifications now indicate the total number of result rows even when a filter is applied, or results appear across multiple pages.

• Improved performance when creating certifications and loading certification results with auto-assignment and self-review prevention enabled.

• Improved performance when creating 100+ certifications in parallel.

• Improved performance at scale for certification reviews with millions of certification rows, thousands of access reviewers, and hundreds of concurrent access reviewers.

• Improved performance when sorting certification results.

Veza Product Design and Usability

• Permissions filters for Workflows, Graph, and Query Builder: Filtering by permissions is improved to offer a more uniform experience for all Veza search interfaces. You can now simply pick an effective or system level permission to filter, and no longer need to sometimes add an attribute filter on a "permission"-type entity

• Improved Graph visualization for "deny" relationships: Paths between entities that represent a policy that prevents access are now highlighted in red in Graph search results. Before, these relationships were only color-coded in Explain Effective Permissions mode.

• Risks usability: When using the Manage Exceptions action to add or remove several exceptions at a time for a query with a risk level, a type column now indicates whether each result is currently an exception or a risk

• Collapsible search sidebar: You can now click to show or hide the left sidebar in Graph Search, Query Builder, and when creating a Workflow.