Every admin knows that global access groups are a big security risk, especially on folders that contain sensitive data. So, fixing these groups is a high priority. But fixing them isn’t quick or easy.
And before you can fix global groups, you should really make sure inheritance is functioning correctly. All the permissions set on parent folders should flow down to their children, and child folders shouldn’t have any entries on their ACL that don’t belong.
These are time-consuming, manual tasks, and you have to be careful not to break access for users with a legitimate need in the process.
The Varonis Automation Engine can automatically fix both problems – it finds and fixes folders with inconsistent ACL’s, and safely removes global access groups – all without disrupting users. Admins can secure their data through a single interface.
To fix inconsistent ACL’s, just choose a share or volume and tell the Automation Engine when you’d like it to run.
Fixing global groups is just as easy. Choose a share or volume, and the Automation Engine finds any instance where a global access group is applied to a folder. It figures out who’s actually using those folders, adds new groups so those users can keep working, removes the global access groups, and notifies you when it’s done.
¬Intelligent remediation. Proactive security defense. The Varonis Automation Engine.