Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and

VARONIS SYSTEMS. RECHTLICH GESCHÜTZT UND VERTRAULICH.

Wir kämpfen an anderer Front als die

herkömmlichen Cybersicherheitsanbieter.

MBUF Jahreskongress 2019Matthias Schmauch

VARONIS SYSTEMS. RECHTLICH GESCHÜTZT UND VERTRAULICH.

Wir kämpfen an anderer Front als die

herkömmlichen Cybersicherheitsanbieter.

7 bewährte Vorgehensweisen

für Datensicherheit in hybriden Umgebungen.

Matthias Schmauch, Dipl. Inf. FH

Varonis Systems (Deutschland) GmbH

VARONIS SYSTEMS. RECHTLICH GESCHÜTZT UND VERTRAULICH.3

PermissionsUsers & Groups

ContentClassification

Access Activity

PerimeterTelemetry

Data Security Platform

COLLECTION AND

ANALYTICS

AUTOMATION

PERIMETER DEVICES

Windows Exchange

SharePoint

Office 365

NASUnix/Linux

Directory

Services

Remediation

Access Management

Migration

Disposition

Alert Response

ENTERPRISE DATA STORES AND INFRASTRUCTURE

USE CASES

Threat Detection

Data Classification

Access Governance

Risk Reduction

Regulatory Compliance

Commit changes back to data stores and directory services

VPNProxy DNS


VollständigeTransparenz und Verwaltung von Berechtigungen

EinheitlicheKontrolle über lokal gespeicherte Daten und Office 365-Daten

Erkennen sensibler Daten

UmfassendeAudit- und Überwachungs-prozesse

ErweiterteBedrohungs-erkennung (UEBA)

Automatisierungvon Risikoabwehr und Begrenzung auf die minimalste Berechtigung

Verwaltung der Zugriffsberechtigung durch Daten-Eigentümer

1 2 3 4

5 6 7


Office 365

File Server

Win/NAS/*nix

SharePoint

Exchange/

Email

Varonis Collectors

Active Dir./

LDAP/NIS

Varonis Collectors

Varonis

Data Security Platform

Server (IDU)

Varonis Probe/

Aggregator

FireWall

MSSQL

1. Einheitlich, weil 85% der Unternehmen hybrid bleiben.


2. Vollständige Transparenz und Verwaltung von Berechtigungen


3. Erkennen sensibler Daten


4. Umfassende Audit- und Überwachungsprozesse


5. Erweiterte Bedrohungserkennung (UEBA)


6. Risikoabwehr und Konzept der minimalsten Berechtigung


7. Verwaltung der Zugriffsberechtigung durch Daten-Eigentümer


Archiviert Ereignisverlauf

Varonis vs. Microsoft EMS

Permanent

(Effektive) Berechtigungstransparenz

Benutzerdefinierte Datenklassifizierungsregeln in Office 365

Erweiterte Berichtsmöglichkeiten

Löschempfehlungen (unterstützt Prinzip der notwendigsten Berechtigung)

Verwaltung von Dateneigentümern

Erweiterte UBA-Modelle (sowohl lokales AD und Cloud-Benutzer)

90 Tage

Beschränkt

Beschränkt

Hybrider Schutz - lokale und Cloud


VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.14

Risk Visualization and Prioritization

Varonis

Collects and analyzes structure, sites and folder

trees

Shows where sensitive data is concentrated

Shows where stale data is concentrated

Shows where data is over exposed to

users inside and outside the organization

Visualizes risk to on-prem and cloud data

Microsoft

Finds individual files that contain sensitive data

Does not show concentrations of sensitive data

Does not identify stale data

Does not show where data is over exposed

Does not does illustrate overall risk to cloud data


Migration Process

Varonis

Clear visibility about what data resides on prem

Identify stale data that is not needed to migrate

Identify sensitive data to make sure it’s migrated to the

right place

Ownership – Who’s data to move

Help define what type of permissions should be set on

the cloud

Reach a secured state on both on perm and cloud

Microsoft

No visibility into on prem data


Analytics on Sensitive Data

Varonis

Quickly understand activity, permissions,

classification, and other metadata at scale.

Contextual analytics, meaningful events with rich

information about users, resources and devices.

Statistical insights that allow you to search over

millions of events.

Microsoft

Does not alert or report on activity on sensitive

data.

Event activity does not indicate

whether files accessed were sensitive.

Number of filters is limited, for example can't search

for all events by admin accounts on files that

contain GDPR data

No statistical insights on events search results, for

example can't show most active users

Search interface is not sortable nor groupable.


Data Protection

Varonis

Can secure data shared externally and internally

Full permissions visibility and management

capabilities

Accurately understand which folders and files each

user can access, which folders and files are over

exposed.

Simulate and commit permission changes and

understand the impact,

Provides a single pane of glass for all permissions

management actions on folders, users, groups.

Microsoft

No ability to protect from internal threat, can only

secure data shared externally

No ability to change permission, only remove

No ability to simulate permission changes.

Multiple interfaces for managing permissions users

and groups that is spread across

multiple applications


Threat Detection & Response

Wide threat model coverage with

richer, contextual threat models.

Contextual alerting with conclusive

evidence from various data streams

with actionable indicators based on

users, devices, data, and event timing.

Advanced reporting and dashboards

Correlation with DNS/VPN/DS streams

Limited threat models (cloud only)

No alerts on activity on sensitive data

No contextual alerts with risk indicators

– very difficult to reach a conclusion

quickly, i.e., “Is this an attack?”

Simple alerting and limited reporting

No stream correlation

Varonis Office 365


Und was jetzt?

Terminvereinbarung für kostenlose

Risikobeurteilung

1Besprechen der Ergebnisse und Empfehlungen

2

Erstellen einer operativen Planung

3

Nicht intrusiv | Individuell reservierter Techniker | Keine Verpflichtungen

Documents

Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and