varonis datadvantage for sharepoint

Introduction to DatAdvantage for SharePoint

Unstructured Data Quantities – Present and Future

Unstructured and semi-structured data is exploding...

Source: Gartner Jan 2010

650% growth over the next 5 years

80% of all data is unstructured or semi-structured

Data Explosion – Are We Ready?

lack processes for determining data

ownership

76% unable to determine

who can access unstructured data

DataCollaboration

Cross-Functional Teams+ Security Requirements

More ContainersMore ACLs

More Management

Source: Ponemon Institute

Can IT answer: Who has access to this

folder? Which folders does this

user or group have access to?

Who has been accessing this folder?

Which data is sensitive? Who is the data owner? Where is my sensitive

data overexposed? How do I fix it? Where do I begin?

---------More---------

Varonis IDU Framework – Foundation for Data Governance

• Four types of metadata are collected, synthesized, processed, and presented:

Permissions information

User and Group Information

Access Activity

Sensitive Content Indicators

• Actionable data governance information is presented:

Who has access to a data set?

Who has been accessing it?

Which data is sensitive?

Who is the data owner?

Where is my sensitive data overexposed, and how do I fix it?

• Allows data owners to participate in data governance:

Automated Entitlement reviews

Authorization workflows

Varonis Data Governance Framework Components

Retention/Storage

Analysis & Modeling

Aggregation & Normalization

File System Meta Data Collection

User Data Collection

Commit Changes to

File Systems and

Directory Services

DatAdvantage DataPrivilege

Windows File

Systems

UNIX/Linux

SharePointMS Active Directory

LDAP NISLocal

Accounts

Data Content Classification

The Varonis IDU Framework creates and manages a meta-data layer that enables IT and the business to work together to protect unstructured data

Presentation

Access Activity

IDUIDU

Future

FUTURE

IDU Multi-tiered Architecture

• Metadata and folder location don’t reveal ownership

• Time consuming and manual process to find owners

• Significant amounts “orphan” data–unknown business context or relevance, wasted storage

Unstructured Data – Operational Challenges

• As employee needs change, authorizations grow & grow

• Permissions are seldom revoked

• Tools are mostly manual: time consuming and error prone

Ensuring authorizations are based on business need

Identifying data business owners

• Native auditing impairs server performance, generates large volumes of difficult to decipher data

• Audit trail often enabled only after incident has occurred

• Most lack any audit information

Understanding who accessed data & how

• Searching through so much data takes a lot of time

• Data constantly changes – hard to keep current

• Results provide only the first step in the data’s protection

Finding/classifying sensitive content

Risks, Controls & Regulations

• High Risk LevelsFile System data is at great risk for loss, theft, and misuse

Access configuration changes are untested

• File System Controls GapsMany access controls are “loose,” even broken

No audit trail exists

>50% of data has no known business owner

• Regulatory RequirementsHIPAA

Sarbanes Oxley

Varonis Solution

• Technological BreakthroughAutomatically Identify and Remediate Access Control Gaps

Provide a Usable Audit Trail of Data Usage

Identify Data Owners, Inactive Data, Sensitive Content

Automate and Enforce Access Control Processes

• Efficient, Effective Risk Reduction

• IT Data Protection Jumpstart

• Proven Operational Execution>600 customers

All Verticals

DatAdvantage Functionality

Permissions - Bi-Directional Visibility

Double-click any site…Double-click any site…

…to see all of the users and groups which have access

Including SharePoint groups, which may contain AD groups

Double-click any user or group…Double-click any user or group…

…and see all accessible SharePoint sites and sub-sites

Including what permission levels the user or group has

And where the permissions are inherited fromAnd where the permissions are inherited from

Right-click a site to see actual permissionsRight-click a site to see actual permissions

See the effective permissions of combined levels

Audit Trail

Complete audit trail of file eventsComplete audit trail of file events

Audit Trail

Every open, create, move, modify and delete on the SharePoint system is recorded

Audit Trail

Record all SharePoint permissions changesRecord all SharePoint permissions changes

Recommendations

By combining permissions and audit data with sophisticated analysis, Varonis makes recommendations on where excess access can be removed

Recommendations

List of users with red X’s next to their names can be removed from this group

Simulate Changes

With Varonis you can simulate permissions changes to your environment without affecting production

Simulate Changes

See what the results would have been if you’d made the changeSee what the results would have been if you’d made the change

Simulate Changes

These users would have been affected by the changeThese users would have been affected by the change

Simulate Changes

They can be added back to the ACL to avoid any interruption of service while reducing unneeded access

Finding Data Owners

By analyzing audit activity, Varonis can help identify business data owners

Finding Data Owners

Double-click a folder…Double-click a folder…

Finding Data Owners

View most active users…View most active users…

Finding Data Owners

The data owner is likely in this listThe data owner is likely in this list

Finding Data Owners

…or you’re one phone call away…or you’re one phone call away

Common Use Cases for Varonis

• Access Control Cleanup – Identify & Remediate:“Global” Groups -(everyone, authenticated users, etc)

Redundant, Excessive Group Memberships

Orphaned SID’s, Individual User SIDS on ACL’s

• Find Lost & Deleted Files

• Identify Anomalous Behavior

• Track Permissions & Group Changes

• Ongoing Entitlement Reviews

• Automate Access Authorization & Revocation

• Identify Inappropriate File Activity (mp3’s, etc.)

• Enhance Other Data Protection Projects

Common Use Cases for Varonis (cont’d)

• Efficient audit compliance - provide evidence of:

Effective permissions (preventive controls)

Usable audit trail (detective controls)

Authorization processes

Compliance with authorization processes

• SharePoint Migration

Stale Data Identification

Data Owner Identification

varonis datadvantage for sharepoint

employees

usable audit

automated

statistically

explicitly

groups gathered

users normal

sensitive

Technology

varonis - promark...

varonis product screenshots

система управления правами...

fpolicy solution guide for clustered data ontap: varonis...

managing access permissions to unstructured...

varonis storage solutions

fighting a different battle than conventional ... ›...

varonis app for splunk · varonis app for splunk® user...

fighting a different battle than conventional cybersecurity...

varonis whitepaper: 3 ways varonis helps you fight...

file system auditing with emc isilon and emc common … ·...

varonis case study

datasheet varonis solutions overview - c24

varonis - dss @vilnius 2010

varonis case studyvaronis datadvantage for windows ensures...

how to - configure varonis to forward logs to...

varonis whitepaper - pspinfo.us · this is just one...

varonis overview

varonis · varonis datalert suite ... • unusual file...

varonis case...