Varonis: Who Is Using Your Data Right Now (Part 2)

Varonis:  Who Is Using Your Data Right Now (Part 2)

Varonis: Who Is Using Your Data Right Now (Part 2)

Insider threats. Cyberattacks. Data breaches. With protection better than cure, our spotlight on data security continues…

Last month we explored the cool data loss prevention features of the Varonis platform. With the appropriate measures in place to control and monitor your data, the next step is to make sure you are immediately switched on the moment anyone tries to get their hands on it.

In this next chapter, we take a deep dive into the sophisticated statistical analytics Varonis deploys that makes real time data alerting a reality for Options and our clients.

How We Keep An Eye On The Suspects
DatAlert provides comprehensive user behaviour & analysis across NAS devices and File Servers including Windows and Unix. Firstly, the application establishes a baseline of normal activity for user accounts, (‘the new normal’ according to Varonis), from which it can then sniff out suspicious activity and alert on statistic deviations or spikes in file or folder access which may be indicative of data thefts.

Here are some of the features that stand out for us.

1. Predefined Alerts – Advanced Algorithms
DatAlert offers a variety of predefined alerts as standard, ranked by severity level. On top of this, we can create custom alert rules as defined by our internal security team and based on parameters requested by our clients. This flexibility to build out a client’s profile allows us to better understand what is happening within their NAS environments and prioritize areas which may be at-risk.

2. Crypto Activity – Caught in the Act
An example of an emergency alert that we utilize is ‘Crypto activity detected’. This alerts if a file was created, opened or renamed to one of the known crypto tool or ransom note files, thereby flagging that ransomware has intruded the system. We can easily configure our Crypto files dictionary to ensure the latest crypto tool names are added as they become available.

3. Real Time Alerting – See What’s Happening
Having all the data intelligence is one thing, but being bombarded with alerts can be a distraction. We have the flexibility to tailor real time alerts for our clients based on a subsection of filters, meaning they can decide how to be updated when any type of event occurs within their environment.

4. Trigger Custom Actions – Take Immediate Action
Varonis has introduced the ability to trigger a custom script when an alert occurs using Varonis open sources PowerShell module. This allows us to take immediate action based on a real time alert, such as disabling a user account, changing group permissions, move files and much more. The ability to potentially identify and prevent a threat in real time through automation is the epitome of threat detection and prevention.

5. Web UI – Identify Compromises At A Glance
We love DatAlert’s new web UI. When it comes to identifying suspicious behaviour and determining where action is required, the traffic light visuals make it much easier than reading a 4000 lined spreadsheet.

The alert investigation page enables quick triage on individual alerts to further drill down on suspicious activity by a single user for further investigation. The actionable approach from identifying suspicious user activity is that real time alerting can be set up on an individual user basis or applied to a group of users. For example, by alerting real time on mass file copies, moves or deletes it helps prevent lost files and possible theft.

6. Building Behaviour Profiles – Data Talks
The DatAlert web dashboard also provides us with an insight into user activity. It builds user behavioural profiles which incorporates all aspects of a user’s interaction with data, including their working hours, device insight, data access and much more. Alerts can be easily set up to monitor any abnormal user behaviour on data usage.

7. Take Control – Know your Environment
Varonis DatAlert provides our clients with a better insight into what’s happening throughout their environment based on an employee’s use of data. One of the most interesting aspects of this product is that clients can flag suspicious users or users on extended leave periods, meaning that they can be added to a watch list for tracking their activity across all monitoring platforms. Through real time monitoring and alerting it allows our security team to act fast on any data breaches.

Next
The next instalment of this blog will explore how we use Varonis to identify classified & sensitive files for our clients.

David, Options Data Analyst

Leave a Reply

Your email address will not be published. Required fields are marked *