Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more

How Varonis Helps With ITAR Compliance

International Traffic in Arms Regulations (ITAR) mandates that access to physical materials or technical data related to defense and military technologies is restricted to US citizens only. According to the US...
Jesse Rosenbaum
2 min read
Published March 29, 2020
Last updated June 23, 2022

International Traffic in Arms Regulations (ITAR) mandates that access to physical materials or technical data related to defense and military technologies is restricted to US citizens only.

According to the US government, anything on the U.S. Munitions List falls under ITAR. Besides rocket launchers, torpedoes, and other military hardware, the list also restricts the plans, diagrams, photos, and other documentation used to build ITAR-controlled military gear. This is referred to by ITAR as “technical data”.

ITAR’s rules present a challenge for many US companies. A US-based company with overseas operations is prohibited from sharing ITAR technical data with employees locally hired, unless they gain State Dept. authorization. The same principle applies when US companies work with non-US subcontractors.

The US government requires having in place and implementing a documented ITAR compliance program, which should include tracking, monitoring and auditing of technical data. With technical data, it’s  also a good idea to tag each page with an ITAR notice or marker so employees don’t accidentally share controlled information with unauthorized users.

Noncompliance can result in heavy fines and significant brand and reputation damage — not to mention the potential loss of business to a compliant competitor.

Case in point: In 2014, a defense-related company was fined $10 million for unauthorized exports of defense articles, including technical data. The State Dept.’s review found that this company had poor controls for record keeping.

Varonis can be a strong part of your compliance efforts. We’ve worked with organizations to map and understand who can and has accessed ITAR relevant data in documents, spreadsheets, presentations, and other content stored across their IT infrastructure.

Below are three critical data protection questions that we help our customers subject to ITAR answer:

  1. Where is ITAR information being stored? With the Varonis Data Classification Framework and using an appropriate search pattern, we’ve been very successful in finding relevant technical data in Windows File Servers, NAS Devices, Unix/Linux servers, and SharePoint.
  2. Who has accessed it? Has an unauthorized person accessed ITAR-controlled data? Any sys admin will tell you that it’s not easy to find out within a Microsoft or Linux environment. Active Directory, for example, doesn’t provide granular access logs. But with DatAdvantage, you can see this information graphically in a clean, user friendly UI, or as an exportable report.
  3. How can you keep this from happening again? Prevention is the next question to take up. After we know where the ITAR data is located, we help them remove unauthorized access and set up real-time notifications using DatAlert to spot unauthorized attempts. Finally, we implement DataPrivilege to enforce ITAR’s controls for record keeping and file access administration.

Are you 100% sure only authorized users are accessing your ITAR data? If not, Varonis can tell you. Try it for free!

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

phishing-attacks:-types,-prevention,-and-examples
Phishing Attacks: Types, Prevention, and Examples
Phishing attacks use fraud to trick users into revealing information or opening malware. They are a popular attack technique among many types of threat actors.
penetration-testing-explained,-part-ii:-rats!
Penetration Testing Explained, Part II: RATs!
Remote Access Trojans or RATs are vintage backdoor malware. Even though they’ve been superseded by more advanced command-and-control (C2) techniques, this old, reliable malware is still in use. If you...
announcing-varonis-edge-–-to-the-perimeter-and-beyond
Announcing Varonis Edge – to the Perimeter and Beyond
Email, web, and brute force attacks are the primary ways that malware gets through your defenses.  The Yahoo hacker’s favorite technique? VPN. The Sony hack? Phishing emails.  Remote Access Trojans?...
the-federal-trade-commission-likes-the-nist-cybersecurity-framework-(and-you-should-too)
The Federal Trade Commission Likes the NIST Cybersecurity Framework (and You Should Too)
Remember the Cybersecurity Framework that was put together by the folks over at the National Institute of Standards and Technology (NIST)?  Sure you do! It came about because the US...