These days, working in data security can feel like surviving a zombie apocalypse – mindless hordes of bots and keyloggers are endlessly attempting to find something to consume. Just like in “The Walking Dead,” these zombies are an ancillary threat to other humans. The bots and keyloggers are pretty easy to defeat: it’s the human hackers that are the real threat.
How prepared are you to deal with the real threats out there?
Get the Free Pen Testing Active Directory Environments EBook
Get Global Access Groups Under Control
Are you still using global access groups? That’s the dystopian equivalent of leaving your walls unmanned! Giving the default “everyone” group access to anything is a hacker’s dream scenario. They get a free pass to move from share to share, looking for anything and everything, and you’ll never know they were there.
Removing all permissions from the default global access groups is an easy way to improve data security. Varonis DatAdvantage highlights folders with Global Access Groups so that you can see who’s got access to what at-a-glance – and then you can use the Automation Engine to quickly remove those global permissions from your shares. All you need to do is set the Automation Engine to remove Global Access Groups and it will move users out of those generic groups and into a new group that you can then modify. The important thing is to stop using Global Access Groups, and keep your walls manned at all times!
Identify (and Lock Down) Your Sensitive Data
Effective survivors hide their resources and food stores from the prying eyes of outsiders. The most organized groups stash backup caches and keep records of their stores. Do you do the same with your PII and intellectual property data? Can you, right now, tell me where every social security number or credit card string is stored on your file shares? If you can’t, then who knows what kind of treasures potential thieves will find as they poke around?
Knowing where your sensitive data is stored is vital to surviving the data security apocalypse – our Data Classification Framework quickly and easily identifies PII and intellectual property data in your unstructured files, so you know where your sensitive data is – and where you can lock it down.
Track Your Dangerous Data
Imagine that the guard on the North wall got eaten – and now the map with the weapons caches for the entire region is MIA. Can another group of survivors find that map and steal your stuff? You might be leaving the same breadcrumbs on your network by leaving behind old files that have valuable information a hacker could use for profit.
Identifying and deleting or archiving this data is just as important as moving that cache of weapons to the safety of your base camp. DatAdvantage can report on stale data and give you visibility into what might be leaving you vulnerable to hackers. Managing stale data is an excellent strategy to limit exposure, and keeps you one step ahead.
Practice Good Password and Account Policy
Say you use a certain whistle to communicate with your group – and you’ve used that same whistle for the past 8 months. What are the chances that a rival group will ambush you by using that whistle?
It’s the same if you have passwords that never change, or accounts that are no longer active, which should have been removed or deactivated. Hackers can use those accounts to try to access resources over and over again without setting off any alarms.
It’s always best to change the “whistle,” or password, on a consistent basis – and have a policy in place to revoke access privileges when people leave the group. Perhaps something less drastic than chopping their head off before they go full zombie. With DatAdvantage, you can report on these kinds of accounts in your Active Directory so that you can take action and remove this threat without using an axe.
Fix Inconsistent Permissions
Once you have redundancies and processes to keep everything running smoothly, what happens when that one guy in your survivor group just can’t follow simple instructions? What if they’re an important part of the plan, but can never quite complete their part? You might say that part of the plan is broken, like when you have a share that is set to inherit permissions from the parent – but for some reason isn’t. In data security terms, you have inconsistent permissions, which can cause confusion as to exactly how the permissions on these folders are set.
Fixing all of these broken links in the fence will help keep the outsiders from getting into your data stores. You can automate the process of repairing inconsistent permissions with the Automation Engine – so that you’re maintaining a least privilege model and only the right people can access that data. Or get through that fence.
Identify Data Owners
If your survival group is going to be a self-sustaining society, you’ll need leaders to support your growth. You wouldn’t want the horticulturist in charge of weapons, and you probably wouldn’t want the weapons master in charge of your vegetables. The same holds true for your data and the data owners.
You need to be able to identify the owners of your data so that you know who’s responsible for managing permissions and access to those shares. When there’s one person in the Legal department who can grant access to the legal shares, you’re in a much better situation than if the IT department handles that for every department.
The first step is to identify data owners – and DatAdvantage provides reports and statistics to help you do just that. You can automate the process with DataPrivilege, and enable those data owners to approve and revoke permissions from their shares and audit permissions on their shares on a regular basis. Now that the data owners are in charge of who gets access to their data, things are starting to make a lot more sense – not to mention run much more smoothly.
Monitor File Activity and User Behavior
As your society of survivors grows into a full-fledged community, you want to make sure that everyone is contributing and utilizing the resources of the community correctly. So you put in some monitoring systems. Assign chain of commands and reporting structures and even make some rules.
And so, you need to do the same thing by monitoring your file and email servers. DatAdvantage gives you visibility on the file and email servers – even user behavior – which is paramount to data security: outsiders can sometimes get in, and once they get in they might look like they belong. But when they start stealing extra bread or copying gigs of data to an external drive, we need to know.
Set Up Alerts and Defend Your Data
Alerts can warn you about a herd tripping a bell on the perimeter or that Jeff from marketing has started encrypting the file server with ransomware. The faster and more that you know about potential threats, the better you can respond. Conversely, the longer the outsiders have to do bad things, the worse it will be for us every time.
You can set those tripwires to automatically respond to specific types of threats with DatAlert, so that your security team can lessen the impact and get straight to the investigation phase. DatAlert establishes behavioral baselines for every user – so that you know when somebody’s acting out of the ordinary, or if their account has been hijacked. With DatAlert, you can monitor your sensitive data for unusual activity and flag suspicious user behavior so that you know when you’re under attack.
Want to check your own preparedness level for the data security apocalypse? Get a risk assessment to see how you measure up. We’ll check your environment for all of these potential threats and provide a plan of action to get you up to true survivor status.