Varonis DatAdvantage For Windows

49
Introduction to DatAdvantage for Windows © 2010 Varonis Systems.
  • date post

    14-Sep-2014
  • Category

    Technology

  • view

    7.868
  • download

    9

description

Varonis® DatAdvantage® delivers the visibility and auditing you need to determine who can access your unstructured data, who is accessing it and who should have access. Continuously updated information drawn directly from your environment shows you the individual users and the groups they are part of, every folder on your file systems, and each data access - open, delete, rename, etc. - for every user.Click on a folder to see exactly who has access to it, what type of access they have - read, write, execute, etc., and where their permissions came from. Varonis DatAdvantage shows you detailed data access behavior and makes recommendations about whose access can be safely revoked.

Transcript of Varonis DatAdvantage For Windows

Introduction to DatAdvantage for Windows

© 2010 Varonis Systems.

Unstructured Data Quantities – Present and Future

© 2008 Varonis Systems. Proprietary and confidential.

Unstructured and semi-structured data is exploding...

Source: Gartner Jan 2010

650% growth over the next 5 years

80% of all data is unstructured or semi-structured

Data Explosion – Are We Ready?

91%

lack processes for determining data

ownership

76% unable to determine

who can access unstructured data

© 2010 Varonis Systems. Proprietary and confidential.

Page 3

DataCollaboration

Cross-Functional Teams+ Security Requirements

More ContainersMore ACLs

More Management

Source: Ponemon Institute

Can IT answer: Who has access to this

folder? Which folders does this

user or group have access to?

Who has been accessing this folder?

Which data is sensitive? Who is the data owner? Where is my sensitive

data overexposed? How do I fix it? Where do I begin?

---------More---------

Varonis IDU Framework – Foundation for Data Governance

• Four types of metadata are collected, synthesized, processed, and presented:

Permissions information

User and Group Information

Access Activity

Sensitive Content Indicators

• Actionable data governance information is presented:

Who has access to a data set?

Who has been accessing it?

Which data is sensitive?

Who is the data owner?

Where is my sensitive data overexposed, and how do I fix it?

• Allows data owners to participate in data governance:

Automated Entitlement reviews

Authorization workflows

© 2010 Varonis Systems. Proprietary and confidential.

Page 4

Varonis Data Governance Framework Components

© 2010 Varonis Systems. Proprietary and confidential.

Retention/Storage

Analysis & Modeling

Aggregation & Normalization

File System Meta Data Collection

User Data Collection

Commit Changes to

File Systems and

Directory Services

DatAdvantage DataPrivilege

Windows File

Systems

UNIX/Linux

SharePointMS Active Directory

LDAP NISLocal

Accounts

Data Content Classification

The Varonis IDU Framework creates and manages a meta-data layer that enables IT and the business to work together to protect unstructured data

Presentation

NAS

Access Activity

IDUIDU

Future

FUTURE

IDU Multi-tiered Architecture

© 2010 Varonis Systems. Proprietary and confidential.

Page 6

• Metadata and folder location don’t reveal ownership

• Time consuming and manual process to find owners

• Significant amounts “orphan” data–unknown business context or relevance, wasted storage

Unstructured Data – Operational Challenges

© 2010 Varonis Systems. Proprietary and confidential.

• As employee needs change, authorizations grow & grow

• Permissions are seldom revoked

• Tools are mostly manual: time consuming and error prone

Ensuring authorizations are based on business need

Identifying data business owners

• Native auditing impairs server performance, generates large volumes of difficult to decipher data

• Audit trail often enabled only after incident has occurred

• Most lack any audit information

Understanding who accessed data & how

• Searching through so much data takes a lot of time

• Data constantly changes – hard to keep current

• Results provide only the first step in the data’s protection

Finding/classifying sensitive content

Risks, Controls & Regulations

• High Risk LevelsFile System data is at great risk for loss, theft, and misuse

Access configuration changes are untested

• File System Controls GapsMany access controls are “loose,” even broken

No audit trail exists

>50% of data has no known business owner

• Regulatory RequirementsHIPAA

CMS

Sarbanes Oxley

© 2010 Varonis Systems. Proprietary and confidential.

Page 8

Varonis Solution

• Technological BreakthroughAutomatically Identify and Remediate Access Control Gaps

Provide a Usable Audit Trail of Data Usage

Identify Data Owners, Inactive Data, Sensitive Content

Automate and Enforce Access Control Processes

• Efficient, Effective Risk Reduction

• IT Data Protection Jumpstart

• Proven Operational Execution>600 customers

All Verticals

© 2010 Varonis Systems. Proprietary and confidential.

DatAdvantage Functionality

© 2010 Varonis Systems. Proprietary and confidential.

Permissions - Bi-Directional Visibility

© 2010 Varonis Systems. Proprietary and confidential.

Permissions - Bi-Directional Visibility

Double-click any folder…Double-click any folder…

© 2010 Varonis Systems. Proprietary and confidential.

Permissions - Bi-Directional Visibility

…to see all of the users and groups which have access

…to see all of the users and groups which have access

© 2010 Varonis Systems. Proprietary and confidential.

Permissions - Bi-Directional Visibility

Including users within nested groupsIncluding users within nested groups

© 2010 Varonis Systems. Proprietary and confidential.

Permissions - Bi-Directional Visibility

Double-click any user or group…Double-click any user or group…

© 2010 Varonis Systems. Proprietary and confidential.

Permissions - Bi-Directional Visibility

…and see every folder where that user or group has access

…and see every folder where that user or group has access

© 2010 Varonis Systems. Proprietary and confidential.

Permissions - Bi-Directional Visibility

Folder in green indicated some type of access, those in yellow do not

Folder in green indicated some type of access, those in yellow do not

© 2010 Varonis Systems. Proprietary and confidential.

Permissions - Bi-Directional Visibility

Also see explicit Windows permission levels and where they were inherited from

Also see explicit Windows permission levels and where they were inherited from

Audit Trail

© 2010 Varonis Systems. Proprietary and confidential.

Page 19

Audit Trail

© 2010 Varonis Systems. Proprietary and confidential.

Page 20

Complete audit trail of file eventsComplete audit trail of file events

Audit Trail

© 2010 Varonis Systems. Proprietary and confidential.

Page 21

Every open, create, move, modify and delete on the file system is recorded

Every open, create, move, modify and delete on the file system is recorded

Audit Trail

© 2010 Varonis Systems. Proprietary and confidential.

Page 22

Who accessed the fileWho accessed the file

Audit Trail

© 2010 Varonis Systems. Proprietary and confidential.

Page 23

When they did…When they did…

Audit Trail

© 2010 Varonis Systems. Proprietary and confidential.

Page 24

When…When…

Audit Trail

© 2010 Varonis Systems. Proprietary and confidential.

Page 25

Where…Where…

Audit Trail

© 2010 Varonis Systems. Proprietary and confidential.

Page 26

Search…Search…

Audit Trail

© 2010 Varonis Systems. Proprietary and confidential.

Page 27

Sort…Sort…

Audit Trail

© 2010 Varonis Systems. Proprietary and confidential.

Page 28

And groupAnd group

Audit Trail

© 2010 Varonis Systems. Proprietary and confidential.

Page 29

…to find exactly what you’re looking for…to find exactly what you’re looking for

Recommendations

© 2010 Varonis Systems. Proprietary and confidential.

Page 30

Recommendations

© 2010 Varonis Systems. Proprietary and confidential.

Page 31

By combining permissions and audit data with sophisticated analysis, Varonis makes recommendations on where excess access can be removed

By combining permissions and audit data with sophisticated analysis, Varonis makes recommendations on where excess access can be removed

Recommendations

© 2010 Varonis Systems. Proprietary and confidential.

Page 32

List of users with red X’s next to their names can be removed from this group

List of users with red X’s next to their names can be removed from this group

Recommendations

© 2010 Varonis Systems. Proprietary and confidential.

Page 33

What if?What if?

Recommendations

© 2010 Varonis Systems. Proprietary and confidential.

Page 34

Double-click the red X…Double-click the red X…

Recommendations

© 2010 Varonis Systems. Proprietary and confidential.

Page 35

…and see the effects of making that change…and see the effects of making that change

Recommendations

© 2010 Varonis Systems. Proprietary and confidential.

Page 36

Varonis also makes recommendations by user

Varonis also makes recommendations by user

Simulate Changes

© 2010 Varonis Systems. Proprietary and confidential.

Page 37

Simulate Changes

© 2010 Varonis Systems. Proprietary and confidential.

Page 38

With Varonis you can simulate permissions changes to your environment without affecting production

With Varonis you can simulate permissions changes to your environment without affecting production

Simulate Changes

© 2010 Varonis Systems. Proprietary and confidential.

Page 39

By removing the Everyone group from a folder, you can see what the results would have been

By removing the Everyone group from a folder, you can see what the results would have been

Simulate Changes

© 2010 Varonis Systems. Proprietary and confidential.

Page 40

These users would have been affected by the changeThese users would have been affected by the change

Simulate Changes

© 2010 Varonis Systems. Proprietary and confidential.

Page 41

They can be added back to the ACL to avoid any interruption of service while reducing unneeded access

They can be added back to the ACL to avoid any interruption of service while reducing unneeded access

© 2010 Varonis Systems. Proprietary and confidential.

Finding Data Owners

© 2010 Varonis Systems. Proprietary and confidential.

Finding Data Owners

By analyzing audit activity, Varonis can help identify business data owners

By analyzing audit activity, Varonis can help identify business data owners

© 2010 Varonis Systems. Proprietary and confidential.

Finding Data Owners

Double-click a folder…Double-click a folder…

© 2010 Varonis Systems. Proprietary and confidential.

Finding Data Owners

View most active users…View most active users…

© 2010 Varonis Systems. Proprietary and confidential.

Finding Data Owners

The data owner is likely in this listThe data owner is likely in this list

© 2010 Varonis Systems. Proprietary and confidential.

Finding Data Owners

…or you’re one phone call away…or you’re one phone call away

© 2008 Varonis Systems. Proprietary and confidential.

Common Use Cases for Varonis

• Access Control Cleanup – Identify & Remediate:“Global” Groups -(everyone, authenticated users, etc)

Redundant, Excessive Group Memberships

Orphaned SID’s, Individual User SIDS on ACL’s

• Find Lost & Deleted Files

• Identify Anomalous Behavior

• Track Permissions & Group Changes

• Ongoing Entitlement Reviews

• Automate Access Authorization & Revocation

• Identify Inappropriate File Activity (mp3’s, etc.)

• Enhance Other Data Protection Projects

© 2008 Varonis Systems. Proprietary and confidential.

Common Use Cases for Varonis (cont’d)

• Efficient audit compliance - provide evidence of:

Effective permissions (preventive controls)

Usable audit trail (detective controls)

Authorization processes

Compliance with authorization processes

• SharePoint Migration

Stale Data Identification

Data Owner Identification