Inside Out Security Blog   /  

Varonis 8.6: Control Collaboration Chaos in Microsoft 365

Varonis 8.6: Control Collaboration Chaos in Microsoft 365 | Varonis

Microsoft 365 makes it easier than ever to collaborate and share data internally and externally. But this increased sharing has created a complex web of permissions behind the scenes that makes protecting sensitive data very challenging.

It’s nearly impossible to visualize, much less fix, exposed sensitive data in M365 using native security features alone, especially data that’s exposed by sharing links.

That’s why we’re excited to announce Varonis Data Security Platform 8.6, with enhanced data security for Microsoft 365 to help find and fix collaboration risks.

This release features:

  • New dashboard widgets to visualize data exposure from sharing links
  • Expanded remediation capabilities for SharePoint Online and OneDrive sites that allow admins to easily remove risky collaboration links that expose sensitive data
  • Automatic labeling and data protection that apply Microsoft Information Protection (MIP) labels to data in SharePoint and OneDrive based on Varonis’ highly accurate classification policies.
  • New and updated threat models to help defend against ransomware in M365.

Reign in risks from sharing links

Quantify data exposure from sharing links

Four new widgets have been added to the SharePoint Online and OneDrive dashboards to visualize and understand how data is shared—whether with specific people, organization-wide, or with external users, guests, or the entire internet.

Sharing risk dashboards-2

(New SharePoint Online & OneDrive dashboard widgets indicating site, folder, and file exposures)

Easily drill down into these widgets to see exactly what files, folders, or sites are shared with whom and what kind of sensitive data they contain.

Exposure drill down-1

(The drill-down view that displays the individual sites that have been exposed through sharing)

Admins can also utilize new out-of-the-box reports to generate and export a detailed report of this collaboration data to assist with remediation efforts.

Our “Specific Users Link Exposure” widget enables you to identify how many user-generated collaboration links have granted permissions to external users, guests, and internal users.

Specific users widget

(New widget shows how many collaboration links have been shared with specific users)

Monitor external users

Enhanced search capabilities and new out-of-the-box reports enable admins to gain insight into user activity based on their affiliation (internal, guest, external). Now with a simple search, admins can pull a list of all guest and external users on their domains and drill down into their activity, view any related alerts, and export a detailed report of these users’ activity.

affiliation

(Search users based on affiliation in the WebUI)

This new search filter also makes it fast and simple to view the total number of accounts based on affiliation within your domains, so you can identify how exposed your environment is to potential external threats.

affiliation 2(Display total number of external users on domains in the WebUI)

Discover where users share sensitive and stale data

Quickly see how many sensitive, stale, or sensitive stale files you have in your SharePoint and OneDrive environments with the new “Files Overview” widget.

files overview

(Displays the total number of sensitive, stale, and stale sensitive files in SharePoint Online and OneDrive)

Easily drill down to the exact files with a few clicks and see where your data has been exposed through sharing.

files overview drilldown-1

(View individual sensitive, stale, and stale sensitive files in SharePoint Online and OneDrive)

Fix data exposure in Microsoft 365

With Version 8.6, the Varonis commit engine now supports M365 and enables you to make access changes directly to SharePoint Online and OneDrive Sites to remove data exposure without needing to be the owner of each site.

Access changes include, but are not limited to:

  • Removing shared with ‘organization-wide’ links
  • Removing shared with ‘specific users’ links
  • Removing a user from ‘specific users’ links
  • Adding/removing direct permissions to SharePoint Online/OneDrive sites, folders, and files
  • Removing a member from Azure Active Directory/SharePoint Online groups
  • Adding a member to Azure Active Directory/SharePoint Online group 

Customers can view the full list of M365 commit commands at help.varonis.com.

Label and protect data in Microsoft 365

Enforce data protection policies with automated labels

Varonis 8.6 extends our labeling capabilities to SharePoint Online and OneDrive, providing the ability to accurately label sensitive and regulated data in Microsoft 365 automatically.

Microsoft 365’s native Sensitivity Labels only allow for manual, and very limited automatic labeling which can often lead to mislabeled or completely missed sensitive data.

Varonis Data Classification Labels relies on Varonis’ automated and highly accurate classification results and integrates with Microsoft Information Protection labels (MIP) to eliminate the manual work of labeling your files for encryption and obfuscation. Varonis not only labels your cloud files for you, but it also automatically re-labels or removes labels from files when policy changes, if the content of the file no longer matches the policy, or if files were manually mislabeled.

Use Data Classification Labels’ out-of-the-box policies – or build your own – to ensure your M365 data stays safe and adheres to your organization’s security policies and any relevant governmental regulations.

Classification labels for 365 2

(Data Classification Labels can automatically label files based on classification results)

Detect sophisticated cyberthreats

Protect your M365 environments from external threats like brute-force attacks and ransomware with new and updated threat models. Use these new threat models to help detect mass file downloads by users from SharePoint Online and OneDrive that may indicate an active ransomware attack or insider threat.

For a complete list of new and updated threat models, existing customers can view the full list at help.varonis.com.

Get updated threat models, automatically

Additions to Live Updates now allow customers to deploy new threat models in real-time and send updates to individual M365 tenants in different geolocations. If you don’t already have Live Updates enabled, follow these instructions.

Monitor multiple Azure Active Directory tenants with a single Varonis instance

Varonis 8.6 introduces multi-tenancy support for Azure AD. Now admins can monitor multiple Azure AD tenants, including those hosted across multiple geolocations, with a single Varonis Data Security Platform instance.

Whether you have multiple Azure AD tenants that you need to secure due to mergers and acquisitions or because they are spread out across different data centers to comply with regulations, you can monitor them all from a single Varonis instance.

Secure Federal Microsoft 365 tenants from cyberthreats

GCC, GCC High, and Department of Defense Microsoft 365 tenant support

In Version 8.6, the Varonis Data Security Platform is certified to support integration with Microsoft’s GCC High and DoD M365 tenants.

This certification means the Varonis Data Security Platform is compliant with NIST 800-171 and other federal regulations allowing the U.S. federal government, the DoD, and their contractors to utilize Varonis without worrying about breaking any standards or putting their data at risk.

With Varonis, government agencies can further secure their unstructured data with our ability to map out permission structures, discover and label sensitive, classified, regulated, and CUI data.

Our best-in-class threat detection and response capabilities will assist the federal government and its contractors in uncovering potential vulnerabilities and indicators of compromise in their secured environment.

This update made Varonis eligible to be selected for inclusion within the joint DoD Zero Trust Testbed at DreamPort. The Varonis Data Security Platform will be utilized to test and validate new Zero Trust strategies and technologies inside a Zero Trust cloud environment, part of a joint effort between the U.S. National Security Agency (NSA), USCC, and Defense Information Systems Agency (DISA).

Apply a risk-based approach to implementing third-party software with DoD Risk Management Framework (RMF) Reports

As a part of the DreamPort Zero Trust project, Varonis will be used to test and validate the DoD’s Zero Trust efforts. Varonis 8.6 further enhances DoD security efforts through the addition of the DoD Risk Management Framework reports.

The DoD RMF takes a risk-based approach to the implementation of cybersecurity protocols. It lays out the process in which the DoD identifies, assesses, authorizes, implements, and manages the use of new information systems and other technologies.2

The Varonis RMF reports support the DoD’s risk-based methods for analyzing, implementing, and using technologies for classified purposes.

This new set of reports includes:

  • Access Control report - Least privilege
  • Audit and Accountability report - Audit review, analysis, and reporting
  • Incident Response report - Information spillage response
  • GCC High Risk Assessments report

RMF reports

(Out-of-the-box Risk Management Framework reports in DatAdvantage reports list)

These reports can also prove helpful for any organization, federal or otherwise, by enabling a risk-based approach to the implementation and use of third-party software.

Additional updates in Varonis 8.6:

DataPrivilege:

  • Prevent authorizers from putting users in groups where an automatic rule would otherwise remove them
  • The addition of a new button to calculate users matching an automatic rule

DatAdvantage:

  • Ability to set security groups as folder owners and apply ownership limitation by the direct members of these groups

DatAlert

  • Identify organization’s known IP addresses to reduce noise originating from external connections

Edge

  • New dashboard widget displays watchlist accounts with active VPN connections within the last week
  • New VPN support
    • Cisco Firepower
    • Netscaler
    • F5 Big-IP (updated version)
    • Checkpoint R80 (updated version)

Expanded NAS integrations

Varonis 8.6 introduces support for three new NAS devices and updated support for existing devices.

Nutanix

The Nutanix integration supports:

  • DatAdvantage
  • DatAlert
  • Data Classification Engine
  • DataPrivilege
  • Automation Engine
  • Data Transport Engine
  • DatAnswers
  • SMB (CIFS)
  • NFS

Cohesity

The Cohesity integration supports:

  • DatAdvantage
  • DatAlert
  • Data Classification Engine
  • DataPrivilege
  • Automation Engine
  • Data Transport Engine
  • DatAnswers
  • SMB (CIFS)

CTERA

The CTERA integration supports:

  • DatAdvantage
  • DatAlert
  • Data Classification Engine

Updated Support for existing integrations

DatAnswers support for:

  • HitachiNAS 13.6
  • NetApp ONTAP 9.7
  • Panzura filer
  • CIFS events support
    • Panzura

Visit our integration page to learn more about these new supported technologies.

For a deeper dive into Varonis Version 8.6, schedule a 1:1 meeting with your Varonis team. The full release notes and other product documentation are available in our customer community.

We're Varonis.

We've been keeping the world's most valuable data out of enemy hands since 2005 with our market-leading data security platform.

How it works