Solution for Security
Among the first security controls created for shared computing systems were User ID's and Access Control Lists (ACLs). Users are authenticated based on their user ID (and password), and ACLs determine whether or not they have access to a file or folder, and what actions they can perform (read, modify, etc.), enforcing the least privilege or "need to know" model. All you need to do is have the file or folder's owner dictate which users should be on the access control list. Simple, right? Well...
Flash forward some decades later, and a single terabyte of data holds tens of thousands of folders and millions of files. ACLs are usually set at the folder level; they may contain several groups, and those groups may contain from only a few to dozens of users. Still, in theory, if we make sure the folders have the right groups on their ACLs, the right people are in the right groups, and the data owners and/or group owners periodically review both, we would be in good shape, right? Well...
Unfortunately, over the years we've lost track of a few key pieces of information: we don't know the owners for many of those folders, we don't know which groups are on which ACLs, we don't know if the right people are in the right groups, and we have about as many groups as we have employees. To make matters worse, we don't know who is actually accessing file system data because native auditing is so resource intensive that it cannot be enabled.
You're not alone. According to a study by the Ponemon institute, 91% of organizations have no process to identify data owners. The same study found that 76% of organizations can't reliably determine who has permissions to access a folder—determining who is in each ACL's groups and the groups within those groups can be pretty painstaking.
In a nutshell, most organizations aren't able to verify that its ACLs are configured on a need-to-know basis, and they have no audit trail to fall back on. In audit speak, we can't tell if the preventive controls (ACLs) are properly configured to limit access to the correct people, and we have no detective control to determine if improper or unwarranted access has taken place.
Varonis addresses these security concerns by providing a software framework that enables customers with unstructured and semi-structured data residing on their Files Systems, SharePoint Sites and NAS devices to audit data access activity, fix and maintain access controls, identify sensitive data, find data owners, and involve them in access review and authorization processes.
- Immediate time-to-value – installs in hours, produces results minutes after installation
- Quantifiable risk mitigation – identifies overly accessible data and produces a comprehensive audit trail of every data access, by every user, without impacting file system performance, and stores it over time
- Accelerated classification results – finds sensitive data faster, delivering actionable classification results with a clear remediation path
- Reduce management complexity – a single console manages Windows, SharePoint, UNIX, Linux and NAS data
Today Varonis is the foremost innovator and solution provider of comprehensive, actionable data governance solutions. The company's installations span leading firms in financial services, healthcare, energy, manufacturing and technology worldwide. Based on patent-pending technology and a highly accurate analytics platform, Varonis' solutions give organizations total visibility and control over their data, ensuring that only the right users have access to the right data at all times.
- Founded in early 2005 by networking and storage experts Yaki Faitelson and Ohad Korkus
- 1600+ Installations Worldwide
- Voted one of the "Fast 50 Reader Favorites" on FastCompany.com
- Twice named a "Cool Vendor" in Risk Management and Compliance by Gartner
- See what our customers are saying
Sign-up to request a custom product demonstration – you can determine the location (online or in person and the length). During the demo we'll go over product features and functionality and cover any operational questions you have.
Sign-up today and we'll contact you to find the time that works with your schedule.