– David Gibson, director of strategy at Varonis (www.varonis.com) says:
Telecommunications service provider Matanuska Telephone Association (MTA) is one of many organizations benefiting from the insight we provide into day-to-day operations and data governance, compliance and auditing obligations. When trying to manage unstructured data, rather than manually searching for answers to common data management questions, the MTA team has found that Varonis saves them significant time and resources by instantly determining who has been accessing which folders, what data they have been accessing, who deleted a file and the location of missing files.
Employees would inadvertently move, rename, or accidentally delete files, and the team would have to try and locate or recover them. Having to do this manually meant too many hours were spent tracking things down and they couldn’t attend to other, more pressing matters.
MTA has now set up automated alerts and reports within Varonis DatAdvantage that identify both the sensitive files, folders and/or directories within the organization as well as the employees who should – and should not – have access to them. Using DatAdvantage provides MTA with invaluable insights into day-to-day operations that were virtually impossible before when they didn’t have the logging capacity or a way to search in an efficient manner. To satisfy internal compliance requirements, their team is able to verify who has access to which data and what files those individuals actually access.
How It Works
Varonis DatAdvantage automates access and permission management for unstructured and semi-structured data on file systems, NAS devices, SharePoint sites and Exchange mailboxes, providing visibility into data usage and recommendations for changes based on data access, usage and group membership.
By combining the permissions data, access activity, and sophisticated bi-directional cluster analysis, Varonis determines where users may have excessive permissions and makes recommendations on how access can be restricted without effecting normal business activity—which groups a user can be removed from/who can be removed from which groups. Varonis DatAdvantage also provides a complete audit trail of all file and folder access events (including “delete” events) in its Log Area. All events can be searched and sorted to pinpoint exactly who accessed, moved, modified, or deleted a file on any monitored server, and when.
DatAdvantage for Windows captures every file access event (open, create, delete, modify, move, etc.) by every person accessing the monitored infrastructure and calculates each individuals daily average number of access events, and their standard deviation for a configurable threshold of days. If, on a given day, a user exceeds their daily average by more than three times their standard deviation, Varonis generates an alert.
Finn Rye, information security officer for MTA told us, “Before DatAdvantage, the situation was very much like looking for information on the Internet without a sophisticated search engine. We simply weren’t able to do the investigation or incident responses we can now. We can generate detailed statistics and a searchable log of every file-touch, so we can rapidly identify excessive file opens, deletes or other such anomalous behaviors. As Varonis captures every file access event by every person accessing the monitored data, we can manage and monitor event anomalies around our sensitive data. And importantly, DatAdvantage gives us visibility into potential data risks by uncovering overly permissive access.”
