Archive for: February, 2012

Big Data Management On Your NAS Made Easy

Got data? Got a lot of it? Most companies with NAS devices are struggling with how to manage permissions and understand usage patterns, find data owners, and identify and lock down sensitive information. If any of that sounds familiar, we’ve got the webinar for you. As part of our new partnership with HP, Varonis is co-presenting a webinar on how we can help you master big data.

We enable customers to get control of the information stored within HP IBRIX X9000 storage systems and file shares to help you realize:

  • Visibility into your permissions (set in Active Directory, LDAP, SharePoint, and Exchange)
  • A detailed audit trail of every file and e-mail touch on your servers
  • Recommendations into where access can be reduced without affecting user activity
  • Identification of data owners so they can be directly involved in the management and protection of their data
  • Sensitive content analysis so you can assess risk to your most critical data, allowing you to focus on high-priority areas for remediation

Read the press release announcing our partnership here.

Sign up to attend the webinar here.

Thoughts on the 2011 Data Breach Investigations Report

While reading through the 2011 Data Breach Investigations Report, there were two things that caught my attention:

The first one is that approximately 83% of the data breach attacks are considered “opportunistic.” According to the report, “the victim was identified because they exhibited a weakness or vulnerability that the attacker could exploit.” In other words, the attack took place because the attacker noticed a weakness—if that weakness had not existed or had not been noticed, the attack would not have been conceived, or the attacker would have moved on to an easier target.

The second one is that the ones who are taking advantage of these weaknesses are its own employees. The report mentions that “it is regular employees and end-users – not highly trusted ones – who are behind the majority of data compromises. This is a good time to remember that users need not to be super users to make off with sensitive and/or valuable data.” Contrary to what most of us might think, in many situations we don’t always have specialized criminals attacking our organizations. Regular users are responsible for many of the attacks; employees that are tempted after discovering that they have access to valuable information.

Putting these two things together, it makes sense that a primary area of risk is where employees have access to valuable data, and where access is too permissive. Many organizations are already looking for sensitive, valuable data (e.g. with data classification technologies). More recently, organizations are starting to look for better context awareness, linking content with permissions, activity, and ownership information to identify significant exposures, and accelerate data protection and remediation efforts.

In our next post, we’ll discuss how you can use metadata framework technology to identify users that might be looking for weaknesses in your environment.

File system audit data taking up too much space? Read on…

I had the privilege of speaking about eliminating data security threats at Data Connectors in Houston a couple weeks ago, and I was asked by several people about how much space “all that audit log data” would take up, and how long you could realistically keep it while still being able to report on it.  One person that asked explained that he had a product to collect audit data on a single busy file server, but it could only hold a month or so of data before it consumed a full terabyte of space, and (worse) became almost unusable when generating reports.

If you’ve ever enabled native auditing (like audit object access success in windows or BSM in Solaris) and taken a look at the logs, you’ve certainly noticed, among other things, the astounding number of events they generate. I just enabled native auditing on my workstation while writing this to get some numbers. I then opened one (existing) file, edited one line, saved it, and closed it– this generated 130 distinct events by itself (46 4656 events, 46 4658 events, and 38 4663 events). With numbers like this, it’s no wonder that collecting and storing raw audit logs can take up so much space, and be so slow to parse through.

This is one of the areas where metadata framework technology really shines in unstructured data protection. Not only can a metadata framework replace the inefficient native operating system auditing functionalities on many platforms, it can also normalize the audit information and store it within intelligent data structures. Normalization eliminates redundant information, and the data structures are much easier to process after the computationally intensive parts of the audit trail (like the path and SID) are converted into integers.

With normalization and intelligent data structures, not only can audit information be stored more efficiently, it is also quicker to search and easier to analyze.

How to Share Your Mailbox or Calendar in Outlook: It’s Easy

It’s so easy, in fact, that just about everyone figures it out the first time. Most end users have realized by now that right-clicking on something in Windows does magical things, and it’s not a long leap from there to select properties and permissions when you want to grant access to something. (If you really need help, there’s a nice how-to here)

What is difficult, however, is reporting on exactly what has been shared in the Microsoft Exchange environment, and who is making use of that access. Who is reading your email? Who is looking at your calendar? As we’ve spoken to Exchange administrators over the past year, we’ve discovered that two things are usually true about mailbox and calendar sharing:

  • Once mailboxes and calendars are shared, they usually stay shared—indefinitely
  • The higher in the organizational hierarchy you are, the more likely it is that your mailbox or calendar is shared, and shared with more people

Exchange administrators are obviously concerned about this, as are security and compliance folks. It’s not surprising that we were asked to create two specific reports:

  • Which people’s mailboxes are shared
  • Which people’s mailboxes are being accessed, and by whom (other than the owner)

DatAdvantage for Exchange Sample Report

It’s also not surprising that we created them, and they are now available with DatAdvantage for Exchange. Take a look at all the Exchange features in our upcoming webinar on February 22nd.