Archive for: May, 2012

Enterprise Transformation

I attended EMC World last week.  It was my first time at the conference, and I must say, to call the event grandiose would be a gross understatement.  The overall theme was “transform.”  Transform your business, transform IT, transform yourself.  The tagline struck me as somewhat vague as it wasn’t clear to me who was transforming what, but the show got me thinking about the massive sea change the tech industry as a whole has undergone over the past few decades and made me yearn that much more for the next big thing.

Has the Enterprise Fallen Behind?

It used to be that innovation would happen in the enterprise and eventually trickle down to consumers.  The reverse is true now—this is the reason why you keep hearing about BYOD (bring your own device) and BYOS (bring your own software). If the consumer stuff is better (e.g., iPhone, Evernote), workers will demand it because, after all, if the goal is getting things done, why not use the best tool for the job?

Speaking of User Experience

Previously, users had nothing to compare.  I was happy with any technology I could get my hands on at the office.  Whatever it was, it would be better than manual work.  Now, I suspect entering the workforce involves taking a step backwards into prehistoric times for some grads (“What is this Windows XP you speak of?”).

The end user expectations in functionality and ease of use have been raised dramatically by companies like Apple, Google, and Facebook.  You can start a small company and collaborate easily with a few laptops, Gmail, Google docs, and Dropbox.   The onus is now on the enterprise to provide an equal or better user experience.

The Next Big Thing

When I think about transformation, the innovation that sticks out in my mind as the last big thing to transform the enterprise is virtualization. I can’t imagine trying to do my job without it.  Any IT pro worth his/her weight in salt has figured out a way to use virtualization to make their lives better.  One could argue for cloud computing (last year’s EMC World theme) but the cloud hasn’t become a standard part of the enterprise yet.

Try this: ask your CTO whether she’d rather give up the cloud or VMWare.

So what is next?  I’m not one for predictions, but I would be hard pressed to bet against big data.  It’s still very early but we’re starting to see some really amazing applications emerge (Varonis being one of them).

The challenge for enterprises is to avoid being crushed by the weight of the data and the complexity of the problems they’re hoping to solve.  I fear that too many will opt to home-grow big data analytics platforms.  Contrary to popular belief, when you pipe data into Hadoop it doesn’t spit out gold coins.  There are many highly nuanced and difficult decisions to make; one false move and you’re in deep trouble.

I believe we will see a multitude of full-stack, purpose-built big data analytics products come to market and dominate.  Instead of employing an army of developers, DBAs, and data scientists, businesses will leave the heavy-lifting to the experts.  In other words, the magic will not happen during the first iteration of big data (i.e., the Hadoop era).  When big data becomes widely productized, that is when the real transformation will happen.


Is Big Data IT’s Secret Weapon for Information Security?

When I talk to IT security pros today about how they manage and protect data, most describe grueling manual processes and makeshift solutions comprised of countless off-the-shelf products and fragile homegrown scripts.

Fortunately, most of us understand the importance of using automation to help fight our battles, but the rapidly changing landscape of new technologies, security threats, and paradigm shifts makes it difficult to stay ahead of the curve.  Choosing to specialize in the wrong technology can be career limiting, recommending the wrong technology to your boss can be career ending.

When a new buzzword like big data starts to take off, we have the right to be skeptical. Is there something really new and important, or is it just hype? Is this going to change the how we do things for years to come, or is it just a distraction? How do we really use it?

At Infosecurity Europe 2012, we conducted a survey to determine what IT security professionals were thinking about big data.  Over 180 attendees responded, answering questions about whether they thought the definition of big data itself was clear, whether it is or will be a priority for their organizations, and how they might like to use it.

Download the research report to see the results.

Big Data Security - Infographic

Embed this infographic on your own site

Copy and paste the code below into your blog post or web page:

<a href=""><img title="Big Data Security - Infographic" src="" alt="Big Data Security" width="600" height="469" /></a>
<p><small>Like this infographic? Get more <a href="">big data</a> tips from <a href="">Varonis</a>.</small></p>

Data Classification Tips: Finding Credit Card Numbers

4 Useful Regular Expressions and Algorithm Combinations for Finding Credit Card Numbers

Data classification is a critical piece of the data governance puzzle.  In order to be successful at governing data, you have to know—at all times—where your sensitive data is concentrated, unencrypted, and potentially overexposed.

One of the standard ways to find sensitive data is to use Regular Expressions (RegEx) to match patterns. Used by themselves, regular expressions often identify too much—some of the numbers they find are not really credit numbers, even though they match the pattern you’re looking for.  These “false positives” can be reduced by using algorithmic verification, such as Luhn, or IBAN.  If you don’t know what Regular Expressions are, or you are a bit rusty on the syntax, there are some excellent tutorials on the web (start here or here). If you’d like some help validating your results with Luhn, a good article can be found here (The Varonis IDU Classification Framework has algorithmic validation built-in).

What’s considered sensitive?

Well, that really depends on who you’re asking.  Many organizations have idiosyncratic data such as customer or patient IDs, payroll codes, etc. that they want to keep confidential.  But some things are universally considered sensitive – like credit card numbers.

Thus, we figured credit card numbers would be a perfect place to start our RegEx compendium.  Enjoy!

Mastercard – validate with Luhn

\b(?<![:$._'-])3[47](?:\d{13}|\d{2}[ -]\d{6}[ -]\d{5})\b

AMEX – validate with Luhn

\b(?<![:$._'-])3[47](?:\d{13}|\d{2}[ -]\d{6}[ -]\d{5})\b

Discover – validate with Luhn

\b(?<![:$._'-])6(?:011|5\d{2})(?:\d{12}|[ -]\d{4}[ -]\d{4}[ -]\d{4})\b

Visa – validate with Luhn

\b(?<![:$._'-])(4\d{3}[ -]\d{4}[ -]\d{4}[ -]\d{4}\b|4\d{12}(?:\d{3})?)\b

Special thanks to the Varonis Systems Engineering team for their contributions! In future posts, we’ll share tips for finding other sensitive data using regular expressions, algorithmic verification, and other metadata like permissions and access activity.

Photo credit: Shawn Rossi –

Fixing Access Control without Inciting a Riot

In a previous post, Fixing the Open Shares Problem, we talked about some of the challenges we face when trying to remediate access to open shares. One of the main problems is minimizing the impact these clean-up activities can have on the day to day activities of business users.

Think about it: if a global access group is removed from an ACL, the odds are very high that someone who has been using that data will now be restricted.  We find ourselves in a catch 22 between remediating global access and weeks of business disruption as they try and respond to the problems caused by the “fix.”

IT: “I’m sorry that you’re unable access your data.  We’re working on fixing it now.  I assure you, the only reason this happened is because we were trying to make things better.

Business user: “I totally understand.  Thank you!  You should get a raise!”

(We all know this is not how the conversation goes).

There’s a better way.

Varonis DatAdvantage provides the ability to simulate permission changes and see theGlobal Group Access Report probable outcome before you commit those changes to production. How? DatAdvantage correlates every audit event with the permissions on an ACL and then analyzes the impact of each simulated ACL  and/or group change. Through this sandbox, IT can identify the users who would have been affected by that change had it already been made—those users who would have called up the help desk screaming that they couldn’t access data they needed.

Once you’ve verified that those users really need access, you can continue to configure the ACL and group members within DatAdvantage to provide them access, and keep simulating until you’re confident that your permissions changes will not disturb people’s work. If you have the credentials to be able to make changes, DatAdvantage lets you commit all permissions and group changes right through the interface (over all platforms), either immediately or scheduled to hit a change management window later.

These simulation capabilities eliminate the risks of manually cleaning up open shares, since IT is able to fix the problem without ever impacting legitimate use.  Most IT departments have seen the results of trying to solve this problem manually: lots of broken ACLs and annoyed users. It’s a lot of fun to show them a better way.

You can request a free 1:1 demo of the Varonis suite here or watch our next live demo on the web.

Simulating Cleanup in a Sandbox


Varonis Data Governance Awards 2012

Varonis Data Governance Awards 2012Varonis is pleased to announce the Varonis Data Governance Awards 2012. The awards are designed to reward the innovation, determination and dedication that our customers apply, every day, to protecting and managing their data with our products. We want to showcase top-class performance and reward achievement, whatever its form.

The awards are free to enter, and are open to all of our customers, regardless of size, location, business type or product deployed. Winning an award will be a sign of excellence, and a distinction that shows that our customers have achieved something to be proud of.

The awards are free to enter for any Varonis customer, and the deadline for entry is July 9th, 2012. More information including details of the awards, how to enter, terms and conditions and FAQ is available at

Exchange Journaling and Diagnostics: How to

Journaling and Diagnostics Logging are services to monitor and audit activity on Microsoft Exchange servers. They provide basic auditing functionality for email activity (e.g. who sent which message to whom) and, if collected and analyzed, may help organizations answer basic questions about email, as well as comply with  policies and regulations. (Note: Varonis DatAdvantage for Exchange does not require journaling or diagnostics to monitor Exchange activity.)

Journaling records email communication traffic and processes messages on the Hub Transport servers. The information collected by the journaling agent can be viewed through journaling reports, which include the original message with all the attachments.

Diagnostics writes additional activities to the event log (visible in Windows Event Viewer), such as “message sent as” and “message sent on behalf of” actions. Diagnostics can be configured through the Manage Diagnostics Logging Properties window in the Exchange Management Console.

Journaling and Diagnostics Logging collect significant amounts of events and generate a large amount of raw log data, so it is critical to plan which mailboxes and messages will be monitored and allocate additional storage before enabling.

Here are the steps to enable Journaling and Diagnostics in your Exchange Server.

Setting up Journaling in Exchange

There are two types of Journaling: standard and premium. Standard provides journaling of all the messages sent and received from mailboxes on a specified mailbox database, while premium provides the ability journal individual recipients by using journaling rules.
Setting up Journaling in Exchange
Here are the high-level steps to setup journaling on your Exchange server:

  1. First, create a journaling mailbox. This mailbox will be configured to collect all the journaling reports, and should ideally be setup with no storage limits to avoid missing any. The process to create the mailbox is:
    1. Select a different OU than the default
    2. Assign a display name
    3. Assign user logon name (user will use to login to this mailbox)
    4. Setup a password—take into account that journaling mailboxes may contain sensitive information, as a copy of the message is stored with the report.
  2. To enable standard Journaling it is necessary to modify the properties of the mailbox database. Under the Organization Configuration/Mailbox/Database Management/Maintenance tab, you will need to specify the journaling mailbox where you want the journaling reports sent.
  3. Premium Journaling requires an Exchange Enterprise Client license. To setup premium journaling, it is necessary to create journal rules, which are used to setup journaling for specific recipients. Using the EMC (Exchange Management Console) the journal rules can be created under the Hub Transport section of the Organization Configuration; on the Journal Rules tab. The fields to configure a journal rule are the following:
    1. Name
    2. Send reports to email
    3. Scope
      • Global – all messages through the Hub transport
      • Internal – messages sent and received by users in the organization
      • External – messages sent to or from recipients outside the organization
    4. Journal messages for recipient – journal messages sent to or from a specific recipient
    5. Enable rule – checkbox

Make sure the status on the completion page is “Completed” to verify that the rule was created successfully.

Setting up Diagnostics in Exchange

Diagnostics logging is configured separately for each service on each server. The steps toSetting up Diagnostics in Exchange configure diagnostics logging are:

  1. In the Exchange Management Console (EMC), click on Server Configuration.
  2. Right-click on an Exchange server  to enable Diagnostics Logging on it.
  3. Click on Manage Diagnostics Logging Properties.
  4. On the Manage Diagnostics Logging window, select the services you want to enable diagnostics for.
  5. Choose the level of diagnostics you would like on that service.
    • Lowest – log only critical events
    • Low – log only events with logging level 1 or lower
    • Medium – log events with logging level 3 or lower
    • High – log events with logging level 5 or lower
    • Expert – log events with logging level 7 or lower
  6. Click on configure. The system will provide a confirmation screen.

In a future post, we will go over the Mailbox Audit Logging in MS Exchange 2010.

InfoSecurity 2012 Highlights

Varonis at InfoSec Europe 2012Last week I was fortunate to attend InfoSecurity 2012 in London. The energy level seemed much higher than in previous years, for both attendees and exhibitors.  Just under 13000 people were there, up  24% from last year, and those that stopped by our booth seemed to have a real sense of urgency about data protection, and it seems that related projects are getting a lot of priority right now. Upcoming EU privacy legislation seemed to be on a lot of people’s minds, as well as all the recent breaches in the news.

It’s good news if more organizations are truly starting to notice and pay attention to data protection; conscious attention is a prerequisite to change. As the results of our recent data protection survey show, attention and change are certainly needed.

One of the highlights of the week was Varonis taking home SC Magazine’s Best Network Security Award. It’s gratifying to have such an esteemed group recognize the work we’re doing trying to help manage and protect data.

I’m looking forward to next year’s show, and hoping that increased attention helps improve the state of data security in the meantime.