Sandro Huber CIO FreeDivision - CyberSecurity.CZ · © 2011 Varonis Systems. Proprietary and...
Transcript of Sandro Huber CIO FreeDivision - CyberSecurity.CZ · © 2011 Varonis Systems. Proprietary and...
© 2011 Varonis Systems. Proprietary and confidential.© 2011 Varonis Systems. Proprietary and confidential.
Sandro Huber
CIO
FreeDivision
© 2011 Varonis Systems. Proprietary and confidential.© 2011 Varonis Systems. Proprietary and confidential.
Unstructured Data Explosion
© 2011 Varonis Systems. Proprietary and confidential.
80%of all data is
unstructured or semi-structured
650%growth over
the next 5 years
Source: Gartner
Can IT answer?
Who has access to this folder?
Which folders does this user or
group have access to?
Who has been accessing this
folder?
Which data is sensitive?
Who is the data owner?
Where is my sensitive data
overexposed?
How do I fix it?
Where do I begin?
Data Explosion – Are We Ready?
91%Lack processes for
determining data
ownership
76%Unable to determine
who can access
unstructured data
© 2011 Varonis Systems. Proprietary and confidential.
Page 4
+ Data
+ Collaboration
+ Cross-Functional Teams
+ Security Requirements
=
MORE Containers
MORE ACLs
MORE Management
SOURCE:
PONEMON INSTITUTE
MORE
© 2011 Varonis Systems. Proprietary and confidential.
DatAdvantage Overview
• Permissions Visibility
• Usable Audit Trail
• Permissions Recommendations & Modeling
• Data Ownership Identification
• Data Classification Information*(with DCF)
Windows Servers
Unix Servers
NAS Devices
SharePoint
Exchange
Permissions - Bi-Directional Visibility
© 2011 Varonis Systems. Proprietary and confidential.
Data…
Users/Groups…
to Users/Groupsto Data
Exchange- Bi-Directional Visibility
© 2011 Varonis Systems. Proprietary and confidential.
Data…
Users/Groups…
to Users/Groups
to Data
Unix Visibility
© 2011 Varonis Systems. Proprietary and confidential.
POSIX ACL’s
Identify Risk – Over-exposed Sensitive Data
© 2011 Varonis Systems. Proprietary and confidential.
Audit Trail
© 2011 Varonis Systems. Proprietary and confidential.
Search, Sort, and Group
Audit Trail with Data Classification
© 2011 Varonis Systems. Proprietary and confidential.
Audit Trail with Exchange
© 2011 Varonis Systems. Proprietary and confidential.
Page 12
Recommendations
© 2011 Varonis Systems. Proprietary and confidential.
Excess Permissions?
By User
What if?
Permissions Clean-up
© 2011 Varonis Systems. Proprietary and confidential.
Simulate ChangesView Outcome
Activity Analysis
© 2011 Varonis Systems. Proprietary and confidential.
• Most/Least Active Users
• Most/Least Active Directories
• Anomalous Behavior
Data Ownership Identification
© 2011 Varonis Systems. Proprietary and confidential.
Active Users
Data Ownership Assignment
© 2011 Varonis Systems. Proprietary and confidential.
Right-click
Set Ownership
Reports – Automatic Data Owner Involvement
© 2011 Varonis Systems. Proprietary and confidential.
Permissions
Activity
Go to DataPrivilege Demo
DataPrivilege Overview
• Entitlement Reviews
• Authorization Workflow
• Self Service Portal
• Ethical Walls
© 2011 Varonis Systems. Proprietary and confidential.
Page 19
DataPrivilege – Automated Entitlement Reviews
© 2011 Varonis Systems. Proprietary and confidential.
• Approve or Overrule:
Changes
DA Recommendations
• Report
DataPrivilege – Authorization Workflow
© 2011 Varonis Systems. Proprietary and confidential.
• Expiration Date
• Audit Trail
• Report
Complete Self Service Governance Portal
© 2011 Varonis Systems. Proprietary and confidential.
Page 22
Permissions
Log
Statistics
Risks, Controls & Regulations
© 2011 Varonis Systems. Proprietary and confidential.
Page 23
• File System data is at great risk for loss, theft, and misuse
• Access configuration changes are untested
High Risk Levels
• Many access controls are “loose,” even broken
• No audit trail exists
• More than half of data has no known business owner
File System Control Gaps
• HIPAA
• PCI-DSS
• Sarbanes Oxley
Regulatory Requirements
Management Challenges
© 2011 Varonis Systems
Page 24
1 TB of Data 2500 Unique FoldersManagement
Challenges
Access Control
How do we grant
access?
Revoke it?
Data Ownership
Which folders need
owners?
How do we identify the owners?
Global Access
How many folders are
open?
How do we remediate?
Sensitive Content
Which data is sensitive?
How do we manage it?
For every unique folder…
Your Data in 5 Years
© 2011 Varonis Systems. Proprietary and confidential.
Page 25
0
5
10
15
20
25
30
1
2
3
4
5
5 811
17
TB
of D
ata
Unstructured data is growing at 50% per year…
If you have 5TB today…
…in five years you’ll have
25TB!
25
Containers and Permissions
© 2011 Varonis Systems. Proprietary and confidential.
Page 26
A single terabyte of data contains folders
terabyte
of which are unique and need to be managed
= folders = unique
Your Permissions in 5 Years
© 2011 Varonis Systems. Proprietary and confidential.
Page 27
0
20000
40000
60000
80000
1
2
3
4
5
Un
iqu
e F
old
ers
As the data grows, so
grows the complexity
If you have 15,000 folders today…
…in five years you’ll
have over
Storage Savings
© 2011 Varonis Systems
Page 28
With 10 terabytes of data, 4-6 TB is likely
stale and can be archived without
impacting business activity
Active
Stale
How much are you spending on storage?
Storage Savings
© 2011 Varonis Systems
Page 29
User ActivityStale Data
IdentificationStorage Savings
$By analyzing actual user activity, Varonis
can identify stale data which can be
archived to less-expensive storage.
Varonis Customers
© 2011 Varonis Systems. Proprietary and confidential.
Over 900 Customers & 3500 Installations…and growing!
© 2011 Varonis Systems. Proprietary and confidential.© 2011 Varonis Systems. Proprietary and confidential.
Sandro Huber
D ě k u j e m e z a p o z o r n o s t