Skip to content

Securing All your Data with Satori

The Satori Data Security Platform is designed for organizations that store customer data in the cloud. Satori discovers and classifies data, monitors security posture and applies security policies in real-time to protect sensitive data across a variety of cloud environments and data stores.

Simplifying Security and Compliance

Satori enables you to proactively prevent any unauthorized access to your organization's data and achieve compliance with security standards such as ISO27001, SOC2, SOX and privacy regulations such as GDPR, CCPA or HIPAA in just a few weeks.

Satori was created by a dedicated team of engineers with over a decade of experience addressing some of the most challenging security issues of the internet era.

Unlike traditional data security solutions that take years to implement, depend on manual effort, and focus solely on data discovery and classification, Satori is built for simplicity and seamless integration. Designed with both admins and users in mind, it easily fits into your existing processes and systems.

Learn More About Satori or Schedule a Demo

Continue reading to discover more about how Satori works, or schedule a demo meeting where one of our experts will walk you through the platform and answer any questions you may have. Schedule a Demo.

How Satori Works

Satori is centered around data stores. A data store is any system where sensitive data is stored and must be protected. These can include PostgreSQL or MongoDB databases in your production environment, Snowflake or Databricks lakehouses used by BI, analytics, or data science teams, or even AI services supported by an LLM that you use to deliver exciting product experience to your customers.

For a full list of all supported data stores click here.

The Three Simple Steps

Satori is straightforward to set up and operate, requiring only three simple steps:

Screenshot

  1. Discover your data stores to understand what data you have and where.
  2. Monitor your data stores to become aware of any security posture or suspicious activity.
  3. Secure your data stores by enforcing policies on access to your sensitive data.

When you login to the Satori Management Console each data store in the system will always be in one of these three statuses:

Data Store Risk Score

In addition to the data store status, Satori calculates a risk score for each data store, to quickly focus your attention on the high priority issues.

Screenshot

Screenshot

The first step is to connect Satori to your cloud accounts and scan your environment to automatically discover and classify all data stores. Satori continuously discovers data stores in AWS, Snowflake, Databricks and MongoDB, and will alert when new data stores are created, to ensure nothing gets missed.

Screenshot

Connecting Satori to a Cloud Account

Select the cloud account you want Satori to connect to and provide a descriptive name, such as AWS Prod.

Choose how you want Satori to connect to your cloud account. By default, you would want to choose a Satori Data Access Controller (DAC) in a cloud and region close to where your data stores are located. Satori provides multiple deployment options for DACs, including customer-hosted.

Learn more about deploying Satori here.

Depending on the cloud account you selected, you will need to provide Satori with credentials and permissions to discover, monitor and secure your data stores.

Satori lets you organize your cloud accounts and data stores into environments, such as Production, Staging or Development, which later on can be helpful when you want to analyze your risk or prioritize your efforts.

Screenshot

Once your cloud accounts are connected, Satori will run an initial scan to discover and present all available data stores in the dashboard.

Screenshot

Once you have completed the initial scan of your cloud environment you will begin to see new data stores appear in the dashboard. Most of them will still be in the Discovered status, and your goal in this step is to move your data stores to the Monitored status.

Integrating your Data Store with Satori

You set a data store to be monitored by integrating it with a DAC. Depending on the data store type, Satori integrates with data stores in two main ways: proxy or API-based integration.

Proxy-Based Integration - the DAC acts as a transparent proxy between your users and the data store. All you have to do is point your users to a new hostname to connect to the data store, and Satori will monitor their data activity and enforce security policies on their access. The benefits of this integration is that you don’t have to change anything on your data stores or add any risk of interfering with your existing services or applications.

API-Based Integration - the DAC acts as an administrator on the data store, configuring roles, managing grants and applying the native security features of the data store. The benefits of this integration is that the security logic is embedded into the data store itself, covering all users who connect to the data stores.

For a full list of all supported data stores, click here.

The Dashboard

The Satori dashboard aggregates all the information about your connected data stores, their connection status, data classifications, risk score and alerts.

Screenshot

The Dashboard KPIs

The dashboard KPIs represent the data stores by their status and risk level. Clicking on the tiles lists all of the data stores as per the selected KPI.

Screenshot

Data Stores Table

The data store table lists all of the detected data stores by Satori. Clicking on the data store name takes you to the specific data summary tab. This tab details the basic configuration details, the security and risk status, and the included data classification categories. It also lists the datasets that contain objects such as tables or schemas derived from this data store.

Screenshot

Data Store Status

The data stores are relegated into three main status types:

Screenshot

Discovered Data Store - Refers to a newly identified data store within a cloud account. During the onboarding process, it is assigned a baseline risk score of 20 points, with additional points added based on the number of data assets, such as tables, views or files stored in the data store.

Monitored Data Store - Refers to a data store that is integrated with a DAC Satori continuously collects audit logs of usage activity for the data store, discovers data assets and classifies the data they contain. A monitored data store is a data store where most queries are “ungoverned”

Secured Data Store - Refers to a data store where most queries are actively “governed.” For a query to be governed, an admin in Satori must define explicit access rules that grant users permission to access specific objects they are querying. This governance ensures that the organization maintains full control over the data, and users access it only with a legitimate purpose and proper justification. Satori offers a comprehensive suite of tools to streamline and manage data access workflows, enhancing both security and compliance while simplifying administrative oversight.

Alerts Table

The alerts table provides a comprehensive view of all data store and environment alerts. There are three types of alerts: security alerts, operational alerts and system alerts.

Security Alerts - A notification about a potential threat or vulnerability that could impact the security of a system.

Operational Alerts - A notification about a potential issue that could impact the normal functioning of a system.

System Alerts - A notification about a potential issue with Satori.

Screenshot

Screenshot

Secure your data by applying the appropriate security controls on your data as well as control who has access to the data directly in Satori.

Creating Data Access Rules

The Access Manager view helps you to keep track of all your access rules. It shows the logical access rule path of a user or a group, as well as the level of access and permissions the user or group has to a specific dataset.

Go to the Access Managers view and click the plus button located in the top left corner of the toolbar to create a new data access rule.

Screenshot

Adding a User and Define Privileges

  1. Enter or select a User or Group
  2. Select the required Access Type
  3. Set the Time Limit from the available options
  4. Choose the Access Level
  5. Configure the revocation of the access rule if it is not used

Selecting the Data

  1. Select an existing dataset or create a new dataset.
  2. If you have created a new dataset, then you must select a data store and a location.

Satori automatically creates the dataset with default configurations. To learn how to change or update these configuration settings go to the Dataset view, click here.

Protecting the Data

Once you have created or selected a dataset either select the Default Security Policy, select a preconfigured security policy or create a new security policy.

To create a new security policy perform the following steps:

  1. Enter a Security Policy Name
  2. Select a Masking Profile from the list provided
  3. Choose the relevant Data Filter and select a location
  4. Click Save

Running a Query & Viewing the Results

Now it's time to check out the power of Satori, perform a few quick steps to achieve optimal results.

  1. Run a query on your data store.
  2. Go to the Dashboard in the Satori Management Console.
  3. Click the Refresh button and view the results in the Dashboard.
  4. Go to the Audit Log and expand the row in the table to view all of the query audit data.
  5. Go to the Data Inventory view and see how Satori displays and classifies your data. Toggle between the Taxonomy Tree and the Location Tree and view the classifications and data access patterns.

Love your Life