Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full...
Transcript of Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full...
![Page 1: Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and](https://reader034.fdocument.pub/reader034/viewer/2022042921/5f67fa410f35c02c275a3eb2/html5/thumbnails/1.jpg)
VARONIS SYSTEMS. RECHTLICH GESCHÜTZT UND VERTRAULICH.
Wir kämpfen an anderer Front als die
herkömmlichen Cybersicherheitsanbieter.
MBUF Jahreskongress 2019Matthias Schmauch
![Page 2: Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and](https://reader034.fdocument.pub/reader034/viewer/2022042921/5f67fa410f35c02c275a3eb2/html5/thumbnails/2.jpg)
VARONIS SYSTEMS. RECHTLICH GESCHÜTZT UND VERTRAULICH.
Wir kämpfen an anderer Front als die
herkömmlichen Cybersicherheitsanbieter.
7 bewährte Vorgehensweisen
für Datensicherheit in hybriden Umgebungen.
Matthias Schmauch, Dipl. Inf. FH
Varonis Systems (Deutschland) GmbH
![Page 3: Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and](https://reader034.fdocument.pub/reader034/viewer/2022042921/5f67fa410f35c02c275a3eb2/html5/thumbnails/3.jpg)
VARONIS SYSTEMS. RECHTLICH GESCHÜTZT UND VERTRAULICH.3
PermissionsUsers & Groups
ContentClassification
Access Activity
PerimeterTelemetry
Data Security Platform
COLLECTION AND
ANALYTICS
AUTOMATION
PERIMETER DEVICES
Windows Exchange
SharePoint
Office 365
NASUnix/Linux
Directory
Services
Remediation
Access Management
Migration
Disposition
Alert Response
ENTERPRISE DATA STORES AND INFRASTRUCTURE
USE CASES
Threat Detection
Data Classification
Access Governance
Risk Reduction
Regulatory Compliance
Commit changes back to data stores and directory services
VPNProxy DNS
![Page 4: Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and](https://reader034.fdocument.pub/reader034/viewer/2022042921/5f67fa410f35c02c275a3eb2/html5/thumbnails/4.jpg)
VARONIS SYSTEMS. RECHTLICH GESCHÜTZT UND VERTRAULICH.4
VollständigeTransparenz und Verwaltung von Berechtigungen
EinheitlicheKontrolle über lokal gespeicherte Daten und Office 365-Daten
Erkennen sensibler Daten
UmfassendeAudit- und Überwachungs-prozesse
ErweiterteBedrohungs-erkennung (UEBA)
Automatisierungvon Risikoabwehr und Begrenzung auf die minimalste Berechtigung
Verwaltung der Zugriffsberechtigung durch Daten-Eigentümer
1 2 3 4
5 6 7
![Page 5: Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and](https://reader034.fdocument.pub/reader034/viewer/2022042921/5f67fa410f35c02c275a3eb2/html5/thumbnails/5.jpg)
VARONIS SYSTEMS. RECHTLICH GESCHÜTZT UND VERTRAULICH.5
Office 365
File Server
Win/NAS/*nix
SharePoint
Exchange/
Varonis Collectors
Active Dir./
LDAP/NIS
Varonis Collectors
Varonis
Data Security Platform
Server (IDU)
Varonis Probe/
Aggregator
FireWall
MSSQL
1. Einheitlich, weil 85% der Unternehmen hybrid bleiben.
![Page 6: Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and](https://reader034.fdocument.pub/reader034/viewer/2022042921/5f67fa410f35c02c275a3eb2/html5/thumbnails/6.jpg)
VARONIS SYSTEMS. RECHTLICH GESCHÜTZT UND VERTRAULICH.6
2. Vollständige Transparenz und Verwaltung von Berechtigungen
![Page 7: Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and](https://reader034.fdocument.pub/reader034/viewer/2022042921/5f67fa410f35c02c275a3eb2/html5/thumbnails/7.jpg)
VARONIS SYSTEMS. RECHTLICH GESCHÜTZT UND VERTRAULICH.7
3. Erkennen sensibler Daten
![Page 8: Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and](https://reader034.fdocument.pub/reader034/viewer/2022042921/5f67fa410f35c02c275a3eb2/html5/thumbnails/8.jpg)
VARONIS SYSTEMS. RECHTLICH GESCHÜTZT UND VERTRAULICH.8
4. Umfassende Audit- und Überwachungsprozesse
![Page 9: Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and](https://reader034.fdocument.pub/reader034/viewer/2022042921/5f67fa410f35c02c275a3eb2/html5/thumbnails/9.jpg)
VARONIS SYSTEMS. RECHTLICH GESCHÜTZT UND VERTRAULICH.9
5. Erweiterte Bedrohungserkennung (UEBA)
![Page 10: Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and](https://reader034.fdocument.pub/reader034/viewer/2022042921/5f67fa410f35c02c275a3eb2/html5/thumbnails/10.jpg)
VARONIS SYSTEMS. RECHTLICH GESCHÜTZT UND VERTRAULICH.10
6. Risikoabwehr und Konzept der minimalsten Berechtigung
![Page 11: Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and](https://reader034.fdocument.pub/reader034/viewer/2022042921/5f67fa410f35c02c275a3eb2/html5/thumbnails/11.jpg)
VARONIS SYSTEMS. RECHTLICH GESCHÜTZT UND VERTRAULICH.11
7. Verwaltung der Zugriffsberechtigung durch Daten-Eigentümer
![Page 12: Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and](https://reader034.fdocument.pub/reader034/viewer/2022042921/5f67fa410f35c02c275a3eb2/html5/thumbnails/12.jpg)
VARONIS SYSTEMS. RECHTLICH GESCHÜTZT UND VERTRAULICH.12
Archiviert Ereignisverlauf
Varonis vs. Microsoft EMS
Permanent
(Effektive) Berechtigungstransparenz
Benutzerdefinierte Datenklassifizierungsregeln in Office 365
Erweiterte Berichtsmöglichkeiten
Löschempfehlungen (unterstützt Prinzip der notwendigsten Berechtigung)
Verwaltung von Dateneigentümern
Erweiterte UBA-Modelle (sowohl lokales AD und Cloud-Benutzer)
90 Tage
Beschränkt
Beschränkt
Hybrider Schutz - lokale und Cloud
![Page 13: Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and](https://reader034.fdocument.pub/reader034/viewer/2022042921/5f67fa410f35c02c275a3eb2/html5/thumbnails/13.jpg)
VARONIS SYSTEMS. RECHTLICH GESCHÜTZT UND VERTRAULICH.13
![Page 14: Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and](https://reader034.fdocument.pub/reader034/viewer/2022042921/5f67fa410f35c02c275a3eb2/html5/thumbnails/14.jpg)
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.14
Risk Visualization and Prioritization
Varonis
Collects and analyzes structure, sites and folder
trees
Shows where sensitive data is concentrated
Shows where stale data is concentrated
Shows where data is over exposed to
users inside and outside the organization
Visualizes risk to on-prem and cloud data
Microsoft
Finds individual files that contain sensitive data
Does not show concentrations of sensitive data
Does not identify stale data
Does not show where data is over exposed
Does not does illustrate overall risk to cloud data
![Page 15: Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and](https://reader034.fdocument.pub/reader034/viewer/2022042921/5f67fa410f35c02c275a3eb2/html5/thumbnails/15.jpg)
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.15
Migration Process
Varonis
Clear visibility about what data resides on prem
Identify stale data that is not needed to migrate
Identify sensitive data to make sure it’s migrated to the
right place
Ownership – Who’s data to move
Help define what type of permissions should be set on
the cloud
Reach a secured state on both on perm and cloud
Microsoft
No visibility into on prem data
![Page 16: Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and](https://reader034.fdocument.pub/reader034/viewer/2022042921/5f67fa410f35c02c275a3eb2/html5/thumbnails/16.jpg)
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.16
Analytics on Sensitive Data
Varonis
Quickly understand activity, permissions,
classification, and other metadata at scale.
Contextual analytics, meaningful events with rich
information about users, resources and devices.
Statistical insights that allow you to search over
millions of events.
Microsoft
Does not alert or report on activity on sensitive
data.
Event activity does not indicate
whether files accessed were sensitive.
Number of filters is limited, for example can't search
for all events by admin accounts on files that
contain GDPR data
No statistical insights on events search results, for
example can't show most active users
Search interface is not sortable nor groupable.
![Page 17: Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and](https://reader034.fdocument.pub/reader034/viewer/2022042921/5f67fa410f35c02c275a3eb2/html5/thumbnails/17.jpg)
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.17
Data Protection
Varonis
Can secure data shared externally and internally
Full permissions visibility and management
capabilities
Accurately understand which folders and files each
user can access, which folders and files are over
exposed.
Simulate and commit permission changes and
understand the impact,
Provides a single pane of glass for all permissions
management actions on folders, users, groups.
Microsoft
No ability to protect from internal threat, can only
secure data shared externally
No ability to change permission, only remove
No ability to simulate permission changes.
Multiple interfaces for managing permissions users
and groups that is spread across
multiple applications
![Page 18: Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and](https://reader034.fdocument.pub/reader034/viewer/2022042921/5f67fa410f35c02c275a3eb2/html5/thumbnails/18.jpg)
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.18
Threat Detection & Response
Wide threat model coverage with
richer, contextual threat models.
Contextual alerting with conclusive
evidence from various data streams
with actionable indicators based on
users, devices, data, and event timing.
Advanced reporting and dashboards
Correlation with DNS/VPN/DS streams
Limited threat models (cloud only)
No alerts on activity on sensitive data
No contextual alerts with risk indicators
– very difficult to reach a conclusion
quickly, i.e., “Is this an attack?”
Simple alerting and limited reporting
No stream correlation
Varonis Office 365
![Page 19: Matthias Schmauch - mbuf · Varonis Can secure data shared externally and internally Full permissions visibility and management capabilities Accurately understand which folders and](https://reader034.fdocument.pub/reader034/viewer/2022042921/5f67fa410f35c02c275a3eb2/html5/thumbnails/19.jpg)
VARONIS SYSTEMS. RECHTLICH GESCHÜTZT UND VERTRAULICH.19
Und was jetzt?
Terminvereinbarung für kostenlose
Risikobeurteilung
1Besprechen der Ergebnisse und Empfehlungen
2
Erstellen einer operativen Planung
3
Nicht intrusiv | Individuell reservierter Techniker | Keine Verpflichtungen