Arraya Insights | November 13, 2017
I spend a lot of time with customers talking about network security, endpoint security, monitoring, and a whole host of other security solutions that are highly technical and point to specific risks. We get so caught up in the technologies that process the data, that we rarely look at the data itself. Specifically, I’m talking about how our users are accessing email, managing shared drives, or leveraging cloud services like Office 365, Dropbox, or Google Docs.
Most organizations don’t think of these as business driving entities, but anyone who’s been in a supporting IT role knows that if email or file shares fail, there’s chaos and panic across the organization. Most companies take these systems for granted because everyone has them but, in many cases, the security around them is a train wreck. Using a tool like Varonis DataAdvantage allows you to get the power back from systems that may have grown out of control over time.
Take Back Shared Drives and Email
We’ve all seen them before – giant corporate shared drives that everyone has access to and nobody is monitoring. Everyone talks about how critical they are but nobody is willing to take ownership for determining what’s still needed and what’s outdated. They’re expensive and time consuming to back up and they get bigger every day, with duplicate files all over the place. Is anyone actually using these files? How often are they accessed? Can anyone get to them? Do they contain sensitive data and where is that data going? These are the questions IT departments often find themselves ignoring because it’s just too difficult to figure out and nobody wants to peel back the onion.
As bad as it may be, it’s possible to get control over this data. Varonis DataAdvantage gives IT teams the ability to know all the metadata around individual files on shared drives that traditional Windows logging doesn’t capture. The software crawls file shares to identify sensitive data, and maintains a database of transactions so you can quickly and easily see exactly who accessed a file, moved it, deleted it, added it and the number of times these transactions occurred. In a single pane, DataAdvantage lets you look at the nested active directory groups that are providing access to users you never thought would be able to see sensitive data.
Then there’s email, which falls into its own category. Who’s watching the email administrators managing corporate messaging? Have they ever accessed the CEO’s email without permission? Are they looking at HR emails with salary data or other sensitive personal information? Do you have a way to prove exactly which file they opened and when? Can you alert key individuals as soon as this does happen? The answer to all of these is typically no.
DataAdvantage takes email monitoring to the next level. Leveraging real time alerts, you can see not only when an administrator gave themselves access to a sensitive email account but also identify exactly what email they read and when they did it.
Incident Response and Forensics
It’s the first question HR asks when salary data gets out … who saw that file? Most IT teams know who had access to it but can never definitively tell you if it was opened, copied, or moved. Varonis DataAdvantage provides a detailed log of those actions significantly simplifying the recovery process for security administrators. Instead of making a “best guess,” now you can know for sure exactly who saw sensitive data and what they did with it. By leveraging Varonis’ user behavioral analytics capabilities, security teams can also baseline typical behavior and identify anomalies. Is a member of the sales team thinking of leaving and all of a sudden they’re viewing or moving files they haven’t accessed in years? Varonis lets you detect and alert on these kinds of unusual behaviors. Going a step further, Varonis can detect a ransomware attack and shut it down before it’s too late. It can detect anomalous files rapidly changing and trigger immediate alerts.
Partnering with Arraya and Varonis
For companies that want more control over their data and to get into the weeds on exactly what’s happening, Arraya and Varonis can help. Our team understands the complexities of unstructured data and the importance of securing it.
Want to learn more about data security? Reach out to our Cyber Security Practice today: https://www.arrayasolutions.com/contact-us/. You can also reach us through social media: LinkedIn, Twitter, and Facebook.