How MTA prevails in their compliance and audits

PDF download

The Customer

Location: Palmer, Alaska

Industry: Communications

Products: DatAdvantage

Matanuska Telephone Association (MTA) is a co-operative telecommunications service provider that offers its members local telephone services, high-speed Internet access, wireless phone service, digital television and managed business services.

The company’s mission is to provide state-ofthe- art, reliable and competitively-priced communications, superior customer service, a voice in governance, capital credit allocations/distributions, and support for local, community, and economic development. Originally formed in 1953 to serve residents in Palmer, Alaska, MTA’s service area now extends across nearly 10,000 square miles. Its retail stores are located in Palmer, Eagle River, and Wasilla, Alaska.

DatAdvantage gives me insight into our day-to-day operations.

– Finn RyeInformation Security Officer, MTA

The Challenge

Finn Rye is MTA’s information security officer — his department oversees the company’s information security initiatives for MTA’s 400+ full-time employees. MTA relies on Varonis DatAdvantage primarily for compliance and auditing purposes. Like many organizations, there were occasions when MTA’s employees would inadvertently move, rename, or accidentally delete files, requiring Rye’s team to try and locate or recover the information. The hours spent tracking down data like this are significant when done manually, which means that Rye’s team was often unable to attend to other, more pressing matters.

Further, for internal compliance requirements, MTA’s Performance Integrity office mandated that Rye’s team be able to verify who has access to which data and what files those individuals actually access. “

It was virtually impossible before Varonis,” he said. “We just didn’t have the logging capacity or a way to search in an efficient manner.”

The same questions were being asked over and over again: Who has been accessing this folder? What data has this user been accessing? Who deleted these files? Where did those files go? The situation was very much like looking for information on the Internet without a sophisticated search engine.

Data auditing, classification, ownership identification and access control are now in the same place that search was 10 years ago. For MTA, looking to manage access for more than 3 terabytes of data, there was simply too much electronic information to manage manually. “Without DatAdvantage, we simply weren’t able to do the investigation or incident responses we can now,” Rye said.

Evaluation Parameters

Rye discovered Varonis in 2008 when he was searching for a bestof- breed solution for monitoring CIFS shares on MTA’s NetApp NAS devices (filers). “It was quite a challenge to find anyone who did that, and did it well,” he said. “We quickly narrowed it down to Varonis, since they were the only ones doing it really well.”

The Solution

Varonis DatAdvantage automates access and permission management for unstructured and semi-structured data on file systems, NAS devices, SharePoint sites and Exchange mailboxes, providing visibility into data usage and recommendations for changes based on data access, usage and group membership.

By combining the permissions data, the access events, and sophisticated bi-directional cluster analysis, Varonis determines where users may have excessive permissions, and makes recommendations on how access can be restricted without effecting normal business activity—which groups a user can be removed from/ who can be removed from which groups.

Varonis DatAdvantage provides a complete audit trail of file and folder “delete” events in its Log Area. All events can be searched and sorted to pinpoint exactly who deleted a file on any monitored server, and when. DatAdvantage for Windows captures every file access event (open, create, delete, modify, move, etc.) by every person accessing the monitored infrastructure and calculates each individuals daily average number of access events, and their standard deviation for a configurable threshold of days. If, on a given day, a user exceeds their daily average by more than three times their standard deviation, Varonis generates an alert. Rye has set up automated alerts and reports within DatAdvantage that identify both the sensitive files, folders and/or directories within the organization as well as the employees who should — and should not — have access to them.

“On a regular basis, DatAdvantage gives me insight into our day-to-day operations,” he said. In terms of customer support, Rye notes that Varonis is generally very good, compared with other vendors he has dealt with. The upgrade process for DatAdvantage has also been very reliable — MTA has undergone approximately six upgrades and Rye has seen “not a single problem.”

Business Benefits

Access Auditing and Analysis

DatAdvantage generates detailed statistics and a searchable log of every file-touch, enabling MTA information security personnel to rapidly identify excessive file opens, deletes or other such anomalous behaviors.

Actionable Data Intelligence

Varonis captures every file access event (open, create, delete, modify, move, etc.) by every person accessing the monitored data, allowing MTA to manage and monitor event anomalies around their sensitive data.

Visibility of MTA Data Permissions

DatAdvantage gives MTA visibility into potential data risks by uncovering overly permissive access.