How to comply with the GCHQ Cyber Security Recommendations

Varonis and the Government Communications Headquarters(GCHQ) 10 Steps to Cyber Security

Background

Government Communications Headquarters (GCHQ) is a security and intelligence organisation, one of the three UK Intelligence and Security Agencies. Tasked by the UK government to protect the nation from threats, they’re responsible for publishing the “The 10 Steps to Cyber Security”. These steps offer a practical guide that organisations can take to secure their network as well as their data.

An extremely popular guide, the 2014 Cyber Governance Health Check of FTSE 350 Boards shows that 58% of companies have assessed themselves against the 10 Steps guidance since it was first launched in 2012. This is up from 40% in 2013.

Feature-Requirement Map

To see how Varonis can assist in your assessment, where applicable is an explanation describing how Varonis solutions can help keep your data secure.

Requirement Description Varonis Product/Feature
1. Home & Mobile Working Develop a mobile working policy & train staff to adhere to it. Apply the secure baseline build to all devices. Protect data both in transit & at rest. Mobile WorkingDatAnywhere instantly enables secure mobile access, file synchronization, and secure 3rd party sharing for your existing file shares. Files can stay exactly where they are—on existing SMB file servers or NAS. Private cloud benefits: Definitive copies of files are always stored on corporate storage No one gets permissions to shared data unless they already have it Users authenticate to Active Directory or LDAP and there is no need to reconfigure or replicate permissions IT controls speed, availability, and security
2. User Education & Awareness Produce user security policies covering acceptable & secure use of the organisation’s systems. Establish a staff training program. Maintain user awareness of the cyber risks. Professional Services: ensures our customers can effectively use the product to fulfill all their use cases and to use our products. Varonis Blog: 3-4 blog posts per week Office Hours: 1 free hour one-on-one live web session with your local Engineer to discuss operational questions.
3. Incident Management Establish an incident response & disaster recovery capabilities. Produce & test incident management plans. Provide specialist training to the incident management team. Report criminal incidents to law enforcement. Incident Response Varonis DatAdvantage collects a rich audit trail of access activity from file servers, Exchange servers, user repositories such as Active Directory, LDAP, NIS and more, and SharePoint. It baselines every user’s normal access behavior and can generate on-demand alerts or when behavior becomes abnormal.
4. Information Risk Management Regime Establish an effective governance structure and determine your risk appetite – just like you would for any other risk. Maintain the Board’s engagement with the cyber risk. Produce supporting information risk management policies. GovernanceThe IDU Classification Framework and DatAdvantage help identify data containing personal information, determine who has access to it, who is using it, and who should be responsible (data owners). DataPrivilege helps organisations to not only define policies that govern who can access, and who can grant access to unstructured data, but it also enforces workflows and desired actions to be taken.
5. Managing User Privileges Establish account management processes & limit the number of privileged accounts. Limit user privileges & monitor user activity. Control access to activity & audit logs. User Privileges Varonis DatAdvantage recommends the revocation of permissions to data for those users who do not have the business need to the data – this ensures that user access to data is always warranted and driven by least privilege. DatAdvantage generates reports showing the history of permission revocations and the percentages by which overly permissive access was reduced. Varonis DataPrivilege provides a mechanism via a web-based application by which to monitor, administer (allow/deny) all access requests to unstructured data. Activity and Audit LogsVaronis DatAdvantage monitors every user’s file touch and stores in a searchable format, all aspects of data use for information stored on file servers and Network Attached Storage (NAS) devices.
6. Removable Media Controls Produce a policy to control all access to removable media. Limit media types & use. Scan all media for malware before importing onto corporate system. n/a
7. Monitoring Establish a monitoring strategy & produce supporting policies. Continuously monitor all ICT systems & networks. Analyse logs for unusual activity that could indicate an attack. Varonis DatAlert provides real-time alerting based on file activity, Active Directory changes, permissions changes, and other events detected by Varonis DatAdvantage. Alert criteria and output are easily configurable so that the right people and systems can be notified about the right things, at the right times in the right ways. DatAlert improves your ability to detect possible security breaches and misconfigurations, and the audit trail in DatAdvantage provides necessary information during the incident response process.
8. Secure Configuration Apply security patches & ensure that the secure configuration of all ICT systems is maintained. Create a system inventory & define a baseline build for all ICT devices. n/a
9. Malware Protection Produce relevant policy & establish anti-malware defences that are applicable & relevant to all business areas. Scan for malware across the organisation. DatAdvantage’s audit trail and behavioral alerts can help detect when malware or viruses are accessing files, mailboxes, or SharePoint sites. A Varonis customer used DatAdvantage to quickly isolate and successfully halt the spread of the Cryptolocker virus in their environment. This was how our customer described the situation: “Within DatAdvantage I ran a query on that specific user and realized that there were over 400,000 access events that had been generated from that user’s account. It was at that point that we knew it was a virus… Once we had identified the second user, we went back to DatAdvantage to identify the files they had accessed. There were over 200,000 access events generated from this user’s account.” DatAdvantage enabled our customer to quickly identify corrupt files and helped the organisation reduce the impact of the virus on the environment and user downtime. In addition, it allowed them to maximize their time and resources by only having to restore the data that was affected. Read more
10. Network Security Protect your networks against external and internal attack. Manage the network perimeter. Filter out unauthorised access & malicious content. Monitor & test security controls. n/a

Request a demo

Interested in finding out how Varonis can help with your compliance initiatives?

Request a demo

Or contact sales at 877-292-8767