Case Study

How Varonis Helps a U.S. State Agency Shield Sensitive Federal Tax Information Against Cyberthreats

68,000

exposed folders

IRS

audits & compliance

48%

of their data was stale

“Get the Data Risk Assessment. You’ll see how much you stand to benefit from having Varonis in your security stack. We thought we were covering everything, but the assessment showed us areas where we were still at risk and helped us take the steps needed to mitigate that risk.”

Information Security Analyst, IT Department, U.S. State Agency

Challenge

Seeing the rising threat of ransomware attacks, one U.S. state agency has taken steps to proactively mitigate risk.

Like many organizations, years of employee turnover and internal role changes had led to “permission creep” within their agency. A lot of their folders were overexposed, leaving sensitive data at risk.

They also needed to perform annual audits to prove compliance under IRS publication 1075. In other words, they need to demonstrate that they have safeguards in place to protect federal tax information and personal user data.

“We were trying to get a handle on all of the data in our servers. We thought we knew where it was, but a Data Risk Assessment revealed a lot of data that we didn’t know about. We didn’t realize we had so many folders with open permissions.”

Information Security Analyst, IT Department, U.S. State Agency

Solution

  • Cleaning up overexposed and stale data: Using DatAdvantage and Data Classification Engine, the state agency has a clear understanding of where sensitive information lives, and they have the ability to clean up permissions and correct overexposure.
  • Defending personal data from insider and outsider threats: DatAlert Suite helps the state agency improve their incident response and threat monitoring capabilities. With it, they’re alerted to any and all potential issues, including anomalous user behavior and early warning signs that could be indicative of potential attacks.
  • Proving compliance with data protection regulations: They used to have to create compliance reports manually. With Varonis, comprehensive compliance reports are ready within minutes, whenever they’re needed. According to the customer, “Generating reports used to be a time-consuming and labor-intensive process. Now we get the same information in 5–10 minutes. It’s wonderful.”

“We used to scan our network for NESA compliance, and that was about
it. With Varonis, we’re able to prove that we know where information lives
and that it’s protected. We can also demonstrate that we are capable of
addressing concerns quickly and limiting the impact of potential threats.”

Information Security Analyst, IT Department, U.S. State Agency

Customer Profile

  • Industry: Public Sector

Read more

Get the full case study and see how this organization uses Varonis to protect sensitive data.

Download PDF

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.