VARONIS OVERVIEW
DATA GOVERNANCE &
SECURE FILE SHARING
JUNE 5, 2013
Presented By:
Dietrich Benjes
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL
ABOUT VARONIS
Founded end of 2004, started operations in 2005
Over 2000 Customers
Over 5000 installations world-wide
Based on patented technology and a highly accurate analytics engine,
Varonis solutions give organizations total visibility and control over their
unstructured data, ensuring that only the right users have access to the
right data at all times from all devices, all use is monitored, and abuse is
flagged.
VARONIS SOLUTIONS
ACCESS
Use your existing file shares, on your own
servers, to provide file synchronization, mobile
access, and secure 3rd party sharing.
GOVERNANCE
Ensure that only the right people have access to
the right data at all times, access is monitored
and abuse is flagged.
RETENTION
Intelligently automate data disposition,
archiving and migration process using the
intelligence of the Varonis Metadata Framework
FAMILIAR QUESTIONS
Who has access to data?
Who should and shouldn't have access to data?
Who uses the data? Is any of it stale?
Who abuses their access?
Who owns data?
What does all this data contain?
Which files contains the information I need?
Which data is sensitive and exposed to risk?
Who collaborates with whom?
Is any data redundant, duplicated, or unneeded?
How can I be sure no one is using public cloud file sync services?
VARONIS USE CASES
Identify and remediate access to sensitive data
Monitor and alert on file access activity
Identify and involve Data owners
Commit changes to production environment
Track changes to file system and directory service objects
Identify and clean-up stale data and inactive resources
Perform automated data retention and migration
operations
Provide cloud-like file synchronization/sharing with your
own infrastructure
METADATA FRAMEWORK COMPONENTS
DatAdvantage
DataPrivilege
Presentation
IDU
Analysis & Modeling
DatAnywhere
Data Routing
Network
Retention/Storage
Aggregation & Normalization
File System
Meta Data
Collection
Windows
File
Systems
UNIX/
Linux
NAS
User
Data
Collection
SharePoint
Access
Activity
Exchange
Content
Classification
MS Active
Directory
Commit
Engine
LDAP
NIS
Local
Accounts
Product
Slides
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL
DATADVANTAGE
Permissions Visibility
Usable Audit Trail
Permissions Recommendations &
Modeling
Data Ownership Identification
Data Classification Information*
(with DCF)
© 2012 Varonis Systems. Proprietary and confidential.
Windows Servers
Unix Servers
NAS Devices
SharePoint
Exchange
DATAPRIVILEGE
Entitlement Reviews
Authorization Workflow
Ethical Walls
Self-Service Portal
© 2012 Varonis Systems. Proprietary and confidential.
DATA TRANSPORT ENGINE
Find data based on metadata
Content, Permissions, Activity, File System info, etc.
Move it or delete it automatically
Scheduled, continual, incremental
Keep the permissions or make them better
Automatically handles cross platform and cross domain
moves
Automatically implements simulations and
recommendations if desired
DATANYWHERE
Provide the cloud experience…
File Synchronization
Mobile device and web access
3rd party collaboration
…without the cloud
All data kept on standard CIFS servers
All permissions enforced
Users authenticate with Active Directory
Product
Slides
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL
WHO HAS ACCESS TO ANY DATA SET?
WHAT DATA CAN A USER OR GROUP ACCESS?
WHAT HAS A USER OR GROUP ACCESSED?
WHO DELETED MY FILES?
WHO SHOULDN’T HAVE ACCESS?
COMMIT CHANGES TO ALL PLATFORMS
EARLY RESIGNATION DETECTION
SIMULATE CHANGES
WHAT DATA IS STALE?
AUTOMATICALLY MOVE OR DELETE DATA
WHO OWNS DATA?
AUTOMATE ENTITLEMENT REVIEWS
AUTOMATE AUTHORIZATION PROCESSES
SELF-SERVICE PORTAL
DatAnywhere
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL
CLOUD EXPLOSION
• Public cloud file sharing has exploded
• As of November 2012, Dropbox claimed to have
more than 100,000,000 customers
© 2012 Varonis Systems. Proprietary and confidential.
MOBILE & REMOTE ACCESS
80% of organizations don’t allow cloud based file
sync services
But…
1 in 5 employees already
use Dropbox for work!
Source: BYOS http://www.varonis.com/research
Source: Nasuni http://www6.nasuni.com/shadow-it-2012.html
WHAT’S THE DOWNSIDE?
– More risk
• For a 4 hour period in June 2011, Dropbox's
authentication allowed anyone to log in to
any account
– More complexity and confusion
• Different user database
• Different permissions
• New processes for backup, archiving, etc.
– Infrastructure is separate and redundant
• Where’s the definitive copy?
• Different employees using different file
sharing platforms
© 2008 Varonis Systems. Proprietary and confidential.
MOBILE APPS
© 2012 Varonis Systems. Proprietary and confidential.
DATA GOVERNANCE SUITE – Still works!
• Use DatAdvantage to manage permissions
• Use DataPrivilege to automate authorization
• DatAnywhere activity is recorded by
DatAdvantage
© 2012 Varonis Systems. Proprietary and confidential.
Pa
ge
Governance Suite – Real World Example:
Data owners can review DatAnywhere activity just
as they would for any normal file share.
© 2012 Varonis Systems. Proprietary and confidential.
Pa
ge
DatAnywhere Architecture
Window
s
DN Edge
server
Mac
Smart
Phone
Sync
Manag
er
Sync
Worker
CIFS/NFS
HTTPS
DN Edge
server
Sync
Manag
er
UNIX/
Linux
Sync
Worker
NAS
Tablet
DatAnywh
ere Client
Windows
File
Systems
Client
authorizati
on
MS Active
Directory
SAMPLE DEPLOYMENT
© 2012 Varonis Systems. Proprietary and confidential.
Thank you
Dietrich Benjes
dietrich@varonis.com
0781 8041186
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL