Jump to content

Solutions for Exchange

Microsoft Exchange mailboxes and public folders present significant challenges to Exchange administrators. Sharing and mailbox permissions management, access auditing, mailbox and public folder owner identification, all now require automation—there are simply too many mailboxes, public folders, and groups in Active Directory to continue managing them manually.

Overview

The Challenge

Microsoft Exchange installations containing huge amounts of semi-structured data can present immense protection and management challenges:

  • Permissions: Determining who has access to Exchange mailboxes and public folders, including shared and delegated mailbox permissions.
  • Access Auditing: IT can't answer pressing questions like, "Who accessed my email or calendar?" or "Who sent email on my behalf?"
  • Data Ownership: IT can't reliably identify business owners of public folder data, and even some mailboxes.
  • Operational: Manual permissions and group changes are untested and unreliable.
  • High Risk: Stale, excess permissions are rarely revoked. Data open to the Anonymous account can be difficult to identify and remediate. Critical data is exposed.

The Varonis Solution

Varonis® DatAdvantage® for Exchange addresses these challenges by aggregating Active Directory user and group details, mailbox and public folder permissions, and auditing Exchange activity to build a complete picture of who can and who is accessing email and other Exchange data, and who should have their access revoked. It also leads IT to rightful data owners, so the right people can ensure appropriate access and usage.

Exchange Challenges

Questions

Permissions Challenges

  • Who changed permissions?
  • Which mailbox or folder does a user or group have access to?
  • Which executive mailboxes are shared?

Access Auditing Challenges

  • Who deleted a message or a folder?
  • Who sent a message on behalf of someone else?
  • Who changed the content of an email and forwarded it as or on behalf of the original sender?
  • Who is reading the CEO’s mail?

Operational Challenges

  • What mailboxes and folders are open to anonymous?
  • How do I fix those mailboxes and folders without disrupting my users?

Data Ownership Challenges

  • Who owns this data?
  • How can I help them make effective data protection and management decisions?

High Risks

  • Where do my users have excessive permissions?
  • How do I revoke permissions without disrupting my users?
  • Who has been accessing an unusual amount of data?

Why is this challenging?

Exchange: Permissions

On any given day, determining who has access to a mailbox or public folder isn't exactly easy, especially if groups on the ACL contain one or more nested groups. Determining which mailboxes or public folders a given group provides access to is downright difficult—without a program or script, an administrator has to check every folder just to begin the investigation. Determining who should and should not have access to any given folder is simply impossible without automation.

Exchange: Auditing Challenges

Most email activity is not audited by IT. Why? Because native Exchange Journaling & Diagnostics are limited and difficult to decipher—there are very few event types tracked on those versions of Exchange that support journaling and diagnostics, and public folder activity is not tracked at all. The result is that IT cannot answer fundamental questions like, "Who deleted or moved a message or a folder? Who changed permissions? Who accessed an inbox, read emails and then marked them as unread?"

Exchange: Operational Challenges

Most permissions and group membership changes are performed manually and are untested prior to execution. Cleaning up global access groups (anonymous, everyone, domain users, authenticated users, etc.) is especially difficult. Without access auditing, IT needs to make a guess as to who accesses a data set, manually effect the changes, and hope they don't get a call from an end user who can no longer access data they require to do their job.

Exchange: Data Ownership Challenges

Organizational data owners should be making decisions about who gets access to their mailboxes and public folders—not IT. Yet, 91% of organizations lack processes for determining who owns a given data set. Without a data owner that understands the sensitivity, importance, and organizational context, data cannot be managed and protected by the right people.

Exchange: High Risk

It is difficult to identify excessive permissions; remediating excessive permissions without disrupting organizational processes is even more difficult. As a result, access to data is rarely revoked. Excessive permissions and the lack of an audit trail leave data at risk for loss, theft, tampering and misuse—with no way to determine what happened after the fact.

Why Varonis

Data protection is necessary to safeguard an organization's customers, employees, business partners, and investors. It is fundamental in securing an organization's intellectual property and competitive edge, and for maintaining the organizational trust required for it to properly function. Ongoing, scalable data protection and management require technology designed to handle an ever-increasing volume and complexity—a metadata framework.

The Varonis Metadata Framework non-intrusively collects this critical metadata, generates metadata where existing metadata is lacking (e.g. its file system filters and content inspection technologies), pre-processes it, normalizes it, analyzes it, stores it, and presents it to IT administrators in an interactive, dynamic interface. Once data owners are identified, they are empowered to make informed authorization and permissions maintenance decisions through a configurable web-based interface—that are then executed—with no IT overhead or manual backend processes.

30-Day Trial

Our 30-Day Free Trial provides a full audit of your file system or your Exchange environment. Audit permissions, auditing access, usage statistics, recommendations, impact analysis, and identification of business owners.

Within hours of installation

You can instantly conduct a permissions audit: Mailbox and public folder permissions and how those map to specific users and groups. You can even generate reports.

Within a day of installation

Varonis® DatAdvantage® will begin to show you which users are accessing the data, and how.

Within 3 weeks of installation

Varonis® DatAdvantage® will actually make highly reliable recommendations about how to limit access to files and folders to just those users who need it for their jobs.

Get the Varonis View. Sign up for the 30-Day Free Trial.