DSS ITSEC Conference 2012 - Varonis Eliminating Data Security Threats
-
Upload
andris-soroka -
Category
Technology
-
view
256 -
download
2
description
Transcript of DSS ITSEC Conference 2012 - Varonis Eliminating Data Security Threats
Eliminating Data Security Threats
Daniel Gutman, Varonis Systems
© 2012 Varonis Systems. Proprietary and confidential.
© 2012 Varonis Systems. Proprietary and confidential.
Data? What data?
650% growth
in the next 5
years!
Unstructured & Semi Structured Data
© 2012 Varonis Systems. Proprietary and confidential.
PERCENTAGE OF THE DIGITAL UNIVERSE
Security-Intense Compliance- Intense
Preservation- Intense
0%
10%
20%
30%
40%
50% 2007 2011
Source: IDC
Can IT answer?
Who has access to this folder?
Which folders does this user or
group have access to?
Who has been accessing this
folder?
Which data is sensitive?
Who is the data owner?
Where is my sensitive data
overexposed?
How do I fix it?
Where do I begin?
Data Explosion – Are We Ready?
91% Lack processes for
determining data
ownership
76% Unable to determine
who can access
unstructured data
© 2012 Varonis Systems. Proprietary and confidential.
Page 4
+ Data
+ Collaboration
+ Cross-Functional Teams
+ Security Requirements
=
MORE Containers
MORE ACLs
MORE Management
SOURCE:
PONEMON INSTITUTE
MORE
Functional Relationships in 10TB, 1000 Users
© 2010 Varonis Systems. Proprietary and confidential.
Page 5
Secure Collaboration Maximizes Value
Too much access
Uncontrolled
Collaboration
No Access
No Collaboration
Maximum
Value
Negative Value
(Damage)
Correct Access
Correct Auditng No Value
© 2012 Varonis Systems. Proprietary and confidential.
Survey: 22% reported a data breach
Breached 22%
Not Breached 78%
Data Breaches
© 2012 Varonis Systems. Proprietary and confidential.
Breach has cost
© 2012 Varonis Systems. Proprietary and confidential.
43% of Breaches by “Trusted” Insiders
© 2012 Varonis Systems. Proprietary and confidential.
© 2012 Varonis Systems. Proprietary and confidential.
So, how do we
protect our data?
Data Protection Flow
• Authentication Users are who they say they are
• Authorization Users have access to only what they need
• Auditing Monitor actual access
• Alert On unusual activity
© 2012 Varonis Systems. Proprietary and confidential.
Page 11
Authentication Authorization Auditing
If we do that…
• Access is controlled
No one gets access to data who shouldn’t
No data is exposed to people that shouldn’t see it
• Access is monitored
No one can access data without it being logged
Logs are inspected (with automation)
• Unusual activity is flagged
Humans can investigate the right things
Page 12
© 2012 Varonis Systems. Proprietary and confidential.
© 2012 Varonis Systems. Proprietary and confidential.
What might this
look like?
Varonis Metadata Framework
• Four types of metadata are collected, synthesized, processed, and presented:
File System & Permissions Information
User and Group Information
Access Activity
Sensitive Content Indicators
• Actionable data governance information:
WHO has access to a data set?
WHO should have access to data set?
WHO has been accessing it?
WHICH data is sensitive?
WHO is the data owner?
WHERE is my sensitive data overexposed, and how do I fix it?
• Allows data owners to participate in data governance:
Automated Entitlement reviews
Authorization workflows
Page 14
Foundation for Secure Collaboration
Varonis Data Governance Life Cycle
© 2011 Varonis Systems. Proprietary and confidential.
Identify Sensitive
Folders & Files
Profile Data Use
•All file activity will be monitored by Varonis
Prioritize Based on Content &
Exposure
Data to Business Alignment
•Identify Demarcation Containers
•Identify Data Owners
Remediate Excessive Permissions
•Global Group Access
•Stale Group Memberships
Data Owner Participation
•Review Access
•Examine Activity
•Review Stale Data
© 2012 Varonis Systems. Proprietary and confidential.
Permissions - Bi-Directional Visibility
Data…
Users/Groups…
to Users/Groups to Data
© 2012 Varonis Systems. Proprietary and confidential.
Audit Trail
Search, Sort, and Group
Actionable Data
© 2012 Varonis Systems. Proprietary and confidential.
Page 18
Sensitive Data Exposed Data • Prioritized list of folders that should be
addressed Top folders that contain a large percentage of sensitive data
-AND-
Have excessive/loose permissions
© 2012 Varonis Systems. Proprietary and confidential.
Activity Analysis
• Most/Least Active Users
• Most/Least Active Directories
• Anomalous Behavior
© 2012 Varonis Systems. Proprietary and confidential.
Data Ownership Identification
Active Users
Reports – Automatic for Owners
© 2011 Varonis Systems. Proprietary and confidential.
Permissions
Activity
Data Owner Involvement
• Entitlement Reviews
• Authorization Workflow
• Self Service Portal
• Automated Rules
© 2011 Varonis Systems. Proprietary and confidential.
Page 22
Improving Today’s Environments with Automation
• Data is accessible to many users
• Access is rarely reviewed
91% of organizations don’t have a process to identify data owners
76% of organizations can’t produce a permissions report (Source: Ponemon Institute)
• User access is rarely audited
• User access is rarely analyzed
• Unused data is left at-risk
© 2012 Varonis Systems. Proprietary and confidential.
Page 23
• Data is accessible to only the right users
• Access is reviewed regularly
Owners will be identified based on metadata, assigned, tracked & involved
Permissions reports will be created and sent automatically
• User access is audited continuously
• User access is analyzed automatically
• Unused data is automatically moved or deleted
Varonis: Immediate Operational and
Financial Benefits
Ensuring appropriate access & permissions
Finding lost, moved, copied files
Audit & Analyze Data Use Activity
Permissions Analysis & Testing
Data ownership identification
Storage cost savings
Significant, quantifiable return on investment
© 2008 Varonis Systems. Proprietary and confidential.
Page 24
Thank You!
Daniel Gutman
[email protected] Page 25
© 2012 Varonis Systems. Proprietary and confidential.
IDU Multi-tiered Architecture
© 2011 Varonis Systems. Proprietary and confidential.
Page 26
Архитектура Varonis IDU
© 2008 Varonis Systems. Proprietary and confidential.
Page 27