Presentation is loading. Please wait.

Presentation is loading. Please wait.

ELIMINATING DATA SECURITY THREATS Presented by: Michael Hartman Varonis Systems. Proprietary and confidential.

Published byThomasine Kennedy Modified over 8 years ago

Similar presentations

Presentation on theme: "ELIMINATING DATA SECURITY THREATS Presented by: Michael Hartman Varonis Systems. Proprietary and confidential."— Presentation transcript:

1 ELIMINATING DATA SECURITY THREATS Presented by: Michael Hartman Varonis Systems. Proprietary and confidential.

2 ABOUT VARONIS Founded in 2004, started operations in 2005 Over 1800 Customers Over 4500 installations Offices on 6 continents Based on patented technology and a highly accurate analytics engine, Varonis solutions give organizations total visibility and control over their unstructured data, ensuring that only the right users have access to the right data at all times from all devices, all use is monitored, and abuse is flagged. VARONIS SYSTEMS. PROPRIETARY AND CONFIDENTIAL.

3 Data? What data? Varonis Systems. Proprietary and confidential.

4 650% growth in the next 5 years! UNSTRUCTURED DATA Varonis Systems. Proprietary and confidential. PERCENTAGE OF THE DIGITAL UNIVERSE Security-IntenseCompliance- Intense Preservation- Intense 0% 10% 20% 30% 40% 50% 20072011 Source: IDC

5 Can IT answer? Who has access to this folder? Which folders does this user or group have access to? Who has been accessing this folder? Which data is sensitive? Who is the data owner? Where is my sensitive data overexposed? How do I fix it? Where do I begin? DATA EXPLOSION – ARE WE READY? 91% Lack processes for determining data ownership 76% Unable to determine who can access unstructured data Varonis Systems. Proprietary and confidential. + Data + Collaboration + Cross-Functional Teams + Security Requirements = MORE Containers MORE ACLs MORE Management SOURCE: PONEMON INSTITUTE MORE

6 SURVEY: 22% REPORTED A DATA BREACH Varonis Systems. Proprietary and confidential.

7 $7.2 MILLION PER BREACH Varonis Systems. Proprietary and confidential.

8 43% OF BREACHES BY “TRUSTED” INSIDERS Varonis Systems. Proprietary and confidential.

9 SECURE COLLABORATION MAXIMIZES VALUE Varonis Systems. Proprietary and confidential. Too much access Uncontrolled Collaboration No Access No Collaboration Maximum Value Negative Value (Damage) Correct Access Correct Auditing No Value

10 So, how do we protect our data? Varonis Systems. Proprietary and confidential.

11 DATA PROTECTION FLOW Authentication Users are who they say they are Authorization Users have access to only what they need Auditing Monitor actual access Alert On unusual activity Varonis Systems. Proprietary and confidential. Authenticati on Authorizatio n Auditing ALERT!

12 IF WE DO THAT… Access is controlled No one gets access to data who shouldn’t No data is exposed to people that shouldn’t see it Access is monitored No one can access data without it being logged Logs are inspected (with automation) Unusual activity is flagged Humans can investigate the right things Varonis Systems. Proprietary and confidential.

13 What might this look like? Varonis Systems. Proprietary and confidential.

14 PERMISSIONS - BI-DIRECTIONAL VISIBILITY Varonis Systems. Proprietary and confidential.

15 AUDIT TRAIL Varonis Systems. Proprietary and confidential.

16 QUOTE FROM A CSO ON DLP “Yesterday I had one problem: where’s my sensitive data? Today I have 193,000 problems.” Varonis Systems. Proprietary and confidential.

17 ACTIONABLE DATA Varonis Systems. Proprietary and confidential. Sensitive Data Exposed Data Prioritized list of folders that should be addressed Top folders that contain a large percentage of sensitive data -AND- Have excessive/loose permissions Prioritized list of folders that should be addressed Top folders that contain a large percentage of sensitive data -AND- Have excessive/loose permissions

18 ACTIVITY ANALYSIS Varonis Systems. Proprietary and confidential. Most/Least Active Users Most/Least Active Directories Anomalous Behavior Most/Least Active Users Most/Least Active Directories Anomalous Behavior

19 RECOMMENDATIONS AND MODELING Varonis Systems. Proprietary and confidential.

20 HBR ON DATA OWNERS Varonis Systems. Proprietary and confidential. You don't manage people assets the same way you manage capital assets. Nor should you manage data assets in the same way you manage technology assets. This may be the most fundamental reason for moving responsibility for data out of IT. http://blogs.hbr.org/cs/2012/10/get_responsiblity_for_data_out.html

21 DATA OWNERSHIP IDENTIFICATION Varonis Systems. Proprietary and confidential. Active Users

22 REPORTS – AUTOMATIC FOR OWNERS Varonis Systems. Proprietary and confidential. Permissions Activity

23 IMPROVING DATA SECURITY WITH AUTOMATION Data is accessible to only the right users Access is reviewed regularly Owners will be identified based on metadata, assigned, tracked & involved Permissions reports will be created and sent automatically User access is audited continuously User access is analyzed automatically Unused data is automatically moved or deleted Varonis Systems. Proprietary and confidential.

24 REDUCED RISK, BETTER PROCESS Varonis Systems. Proprietary and confidential. Trust Access is restrictedAccess is restricted Data owners identifiedData owners identified Owners Review AccessOwners Review AccessVerify Access AuditedAccess Audited Usage analyzedUsage analyzed Less will arrive at endpointsLess will arrive at endpoints

25 Free 30 day trial! Assess your company’s data security threats. Varonis Systems. Proprietary and confidential.

Download ppt "ELIMINATING DATA SECURITY THREATS Presented by: Michael Hartman Varonis Systems. Proprietary and confidential."

Similar presentations

14 September 2011. Digital Investigations With the proliferation of devices, do organisations really know where their most sensitive data is held? Companies.

14 September Digital Investigations With the proliferation of devices, do organisations really know where their most sensitive data is held? Companies.
Bring Your Own Service The Effects of Cloud Services on Compliance and Data Protection © 2012 Varonis Systems. Proprietary and confidential.

Bring Your Own Service The Effects of Cloud Services on Compliance and Data Protection © 2012 Varonis Systems. Proprietary and confidential.
The Effects of Cloud Services on Compliance and Data Protection

The Effects of Cloud Services on Compliance and Data Protection
Copyright © 2014 STEALTHbits Technologies, Inc.. All rights reserved. | STEALTHbits Technologies, Inc. The Unstructured Data Challenge 1.

Copyright © 2014 STEALTHbits Technologies, Inc.. All rights reserved. | STEALTHbits Technologies, Inc. The Unstructured Data Challenge 1.
Managed Security Monitoring. 2 ©2015 EarthLink. All rights reserved. Today’s top IT concerns — sound familiar? Source: IT Security Risks 2014: A Business.

Managed Security Monitoring. 2 ©2015 EarthLink. All rights reserved. Today’s top IT concerns — sound familiar? Source: IT Security Risks 2014: A Business.
Solutions & Services to ‘Multiply your Business Performance’ 2013.

Solutions & Services to ‘Multiply your Business Performance’ 2013.
1 3M Privacy Filters Justification Toolkit: How to Use The following presentation is meant to provide you with the most impactful data points to help you.

1 3M Privacy Filters Justification Toolkit: How to Use The following presentation is meant to provide you with the most impactful data points to help you.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.
Information Systems Security Officer

Information Systems Security Officer
Controls for Information Security

Controls for Information Security
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
An Introduction to AlarmInsight

An Introduction to AlarmInsight
AGENDA Welcome and introductions Brief introduction to PSI Mobile Technical Overview Demonstration Q and A Next Actions.

AGENDA Welcome and introductions Brief introduction to PSI Mobile Technical Overview Demonstration Q and A Next Actions.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
VARONIS OVERVIEW DATA GOVERNANCE & SECURE FILE SHARING JUNE 5, 2013 Presented By: Dietrich Benjes VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.

VARONIS OVERVIEW DATA GOVERNANCE & SECURE FILE SHARING JUNE 5, 2013 Presented By: Dietrich Benjes VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.
12 NYCRR PART 800.16 PUBLIC EMPLOYER WORKPLACE VIOLENCE PREVENTION PROGRAMS.

12 NYCRR PART PUBLIC EMPLOYER WORKPLACE VIOLENCE PREVENTION PROGRAMS.

Similar presentations

Ads by Google