Finn Rye, information security officer for MTA, explained, “Employees would inadvertently move, rename, or accidentally delete files, and the team would have to try and locate or recover them. Having to do it manually meant too many hours were spent tracking it down and we couldn’t attend to other, more pressing matters.”
MTA has set up automated alerts and reports within DatAdvantage that identify both the sensitive files, folders and/or directories within the organization as well as the employees who should – and should not – have access to them. Using DatAdvantage, MTA gets invaluable insight into its day-to-day operations that was virtually impossible before as it didn’t have the logging capacity or a way to search in an efficient manner. To satisfy its internal compliance requirements, MTA’s information security team is able to verify who has access to which data and what files those individuals actually access.
“Before DatAdvantage, the situation was very much like looking for information on the Internet without a sophisticated search engine. We simply weren’t able to do the investigation or incident responses we can now,” Rye added. “Now we can generate detailed statistics and a searchable log of every file-touch, so we can rapidly identify excessive file opens, deletes or other such anomalous behaviors. As Varonis captures every file access event (open, create, delete, modify, move, etc.) by every person accessing the monitored data, we can manage and monitor event anomalies around our sensitive data. And importantly, DatAdvantage gives us visibility into potential data risks by uncovering overly permissive access.”
How It Works
Varonis DatAdvantage automates access and permission management for unstructured and semi-structured data on file systems, NAS devices, SharePoint sites and Exchange mailboxes, providing visibility into data usage and recommendations for changes based on data access, usage and group membership.
By combining the permissions data, the access events, and sophisticated bi-directional cluster analysis, Varonis determines where users may have excessive permissions and makes recommendations on how access can be restricted without effecting normal business activity—which groups a user can be removed from/who can be removed from which groups. Varonis DatAdvantage also provides a complete audit trail of all file and folder access events (including “delete” events) in its Log Area. All events can be searched and sorted to pinpoint exactly who accessed, moved, modified, or deleted a file on any monitored server, and when.
DatAdvantage for Windows captures every file access event (open, create, delete, modify, move, etc.) by every person accessing the monitored infrastructure and calculates each individuals daily average number of access events, and their standard deviation for a configurable threshold of days. If, on a given day, a user exceeds their daily average by more than three times their standard deviation, Varonis generates an alert.
Rye concluded, “On a regular basis, DatAdvantage gives me insight into our day-to-day operations, something that was virtually impossible before Varonis.”
ABOUT VARONIS SYSTEMS
Varonis is a leader in unstructured and semi-structured data governance for file systems, SharePoint and NAS devices, and Exchange servers. Named a "Cool Vendor" in Risk Management and Compliance by Gartner and voted one of the "Fast 50 Reader Favorites" on FastCompany.com, Varonis has more than 4,500 installations worldwide. Varonis is headquartered in New York, with regional offices in Europe, Asia and Latin America.
# # #
With over 4500 installations worldwide, Varonis® enables organizations to audit data access activity, fix access controls, identify sensitive data, find data owners and involve them in automated authorization processes.