1. 1. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL Our mission is to help enterprises realize value from their unstructured data. 20 Feb, 2014 Dietrich Benjes VP UK, Ireland & Middle East DATA SECURITY & DATA MANAGEMENT WHAT YOU NEED TO KNOW
2. 2. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL2 Started operations in 2005 Headquartered in NYC 10 Products Over 2500 customers Solutions for Human Generated Data About Varonis
3. 3. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL3 What do you know about your organisations data?
4. 4. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL4 Where is it? Who has access to it? Who is accessing it? The most / least? How is the business using it? Whats important / sensitive / classified / internal / public? What makes it the above? Where is that data overexposed? Whats stale / past the retention period? Whats being collaborated on and how can that be done effectively and securely? Etc.. What do you know about your data?
5. 5. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL5 What is Human-Generated Data? UNSTRUCTURED HUMAN-GENERATED DATA UNSTRUCTURED MACHINE-GENERATED DATA STRUCTURED BUSINESS APPLICATIONS DATA Emails Word Files Spreadsheets Presentations PDF Files Time Series Data (No Pre-defined Schema) Generated by All IT Systems; Highly-Diverse Formats Massive Volumes Relational Databases Financial Records Math Data Multi-dimensional Data Monthly Reporting Data (Pre-Defined Schema) Image, Audio, and Video Files Generated by every employee in every organization Massive volumes Focus of Varonis solutions
6. 6. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL6 Data Growth Source: IDC Digital Universe By 2020, Data Centers Will Manage: 14x Data 10x Servers 1.5x IT Staff With
7. 7. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL7 Challenge and Opportunity Only 0.5% of the digital universe is analyzed Opportunity to extract more value through tagging and analysis Enterprises are responsible for protecting 80% of all data Source: IDC Digital Universe
8. 8. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL8 Big Metadata Content Information knowing which files contain sensitive and important information Access Activity knowing which users do access what data, when and what theyve done User and Group Information from Active Directory, LDAP, NIS, SharePoint, etc. Permissions Information knowing who can access what data users and groups users and groups users and groups permissions classification classification activity activity permissions permissions users and groups users and groups permissionsusers and groups users and groups permissions classification activity activity permissions classificationpermissions activity permissions classification classification activity users and groups [classification] [activity] Metadata
9. 9. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL9 VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL9 Intelligence: Human-Generated Big Data VISUALIZE DATA AND ACCESS ACTIVITY TRENDS & DATA GROWTH RESIGNATION, HACKER, VIRUS IDENTIFY STALE DATA UNNEEDED ACCESS DATA OWNER IDENTIFICATION EXPOSED, SENSITIVE DATA 010011 BUSINESS EXECUTIVES BUSINESS DATA OWNERS IT SECURITY COMPLIANCE IT STORAGE IT OPERATIONS CONSUMERS FILE SYSTEM & PERMISSIONS DIRECTORY SERVICE OBJECTS ACTIVITY CONTENT INPUTS: METADATA BUSINESS & IT INSIGHTS
10. 10. Why is this a Big Data Problem?
11. 11. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL11 Why Is This A Big Data Problem? 1 Terabyte: 1 million files 50,000+ folders 2500 unique access control lists 1 Access control list: Lists 4 groups 1 Group: 15 members 150,000 functional relationships in 1 TB of data! Thats before considering activity and content
12. 12. What Might a Solution Look Like?
13. 13. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL14 Who Has Access to Any Data Set?
14. 14. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL15 What Data Can a User or Group Access?
15. 15. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL16 Easy Data Classification
16. 16. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL17 What Has a User or Group Accessed?
17. 17. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL18 Who Deleted My Files?
18. 18. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL19 Get Alerted in Real Time
19. 19. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL20 Who Shouldnt Have Access?
20. 20. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL21 Simulate Changes
21. 21. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL22 Commit Changes to all Platforms
22. 22. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL23 Early Resignation Detection
23. 23. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL24 What Data is Stale?
24. 24. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL25 Automatically Move or Delete Data
25. 25. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL26 Who Owns Data?
26. 26. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL27 Automate Entitlement Reviews
27. 27. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL28 Automate Authorization Processes
28. 28. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL29 Self-Service Portal
29. 29. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL30 DatAnywhere: Your Own Private Cloud
30. 30. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL31 Case Study: Philip Morris International What we have now is unprecedented visibility into who has access to which information. Jan Billiet Dir. Security & Risk Management Philip Morris International Problem BenefitsSolution Could not visualize access to critical data No visibility into collaboration workflows Low productivity when fulfilling audit requirements Instrumented file share and SharePoint environment Automated map of data, users, groups, and access controls Automated ownership identification and involvement Global visibility of Active Directory, File server and SharePoint Quantified access control challenges Drives Active Directory and file server management best practices
31. 31. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL32 Case Study: BNP Paribas Problem BenefitsSolution The project has enabled us to ensure data is either allocated to an owner or archived so we only store what we need to store. Stuart Lincoln Vice President ITP&L Client Services BNP Paribas No uniform access control policy in place Data was potentially at risk Data use was unmonitored Instrumented windows and UNIX file shares Complete map of access, all access activity monitored Self service portal for data owners Significant risk reduction enforced least privilege model Capital expenditure savings through stale data identification Compliance inquiries answered in minutes without ITs help
32. 32. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL33 Case Study: ALSTOM Problem BenefitsSolution Needed to make sure critical data was only accessible to correct people Managing access control: most time-consuming & inaccurate activity in data center, consuming 4 full time employees Wanted to make users more productive with mobile devices/BYOD Instrumented file share environment, mapped access, assigned owners Automated access control management Extended file share capabilities with file sync and mobile device support Reallocated 4 full time employees to more productive tasks Reduced risk, increased accountability for data management Increased productivity & collaboration using existing infrastructure "Varonis positively affected end user productivity, IT operational efficiency, and our bottom line. Raphael Viard Corriveau VP IT Engineering and Security, Alstom
33. 33. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL34 Reducing Risk, Complexity, and Cost RISK 30+% of data can be archived 60+% of infrastructure is not utilized effectively COMPLEXITY COST 50+% of access is unwarranted 70+% of infrastructure is unmonitored Rationalize domain structure, access control entities, and supporting business processes Varonis DatAdvantage gave us the visibility and recommendations to limit user-to- data access by business function and need. Now, my team is able to audit the use of any data set or group for our compliance initiatives. James Nelson, IT Security Manager, Juniper Networks
34. 34. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL35 Increasing Productivity and Functionality ACCESSIBILITY Extends functionality of existing investments in infrastructure OPERATIONAL EFFICIENCY FUNCTIONALITY File synchronization and mobile access make collaboration more immediate 10-40x Efficiency gains for daily data management and protection tasks A process that previously took five or six days now takes just a few hours... were able to produce reports that werent possible previously, Thibaud Desforges, Tool and Processing Manager, GDF Suez
35. 35. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL36 Operational Overview Enable Audit Trail Inventory Permissions Profile Data Use & Authorization Structure Classify and Tag Sensitive, High Profile DataIdentify Critical Data Global Access Groups Excessive Group Membership Reduce Excess Access Perform Entitlement Reviews Formalize and Enforce Existing Processes Identify Key Users & Owners Authorization Recertification Handling Policies for Sensitive Data Define & Implement DG Policies Risk
36. 36. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL37 IMAGE, AUDIO and VIDEO FILES EMAILS PDF FILESWORDFILES PRESENTATIONSSPREADSHEETS Our mission is to help enterprises realize value from their human-generated data
37. 37. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL Thank You Dietrich Benjes dietrich@varonis.com Twitter: @dietrichbenjes