Varonis DatAdvantage for SharePoint
Upcoming SlideShare
Loading in...5
×
 

Varonis DatAdvantage for SharePoint

on

  • 2,891 views

Varonis® DatAdvantage® for SharePoint provides the visibility, auditing and recommendations necessary to properly control access to data in your SharePoint environment. DatAdvantage for SharePoint ...

Varonis® DatAdvantage® for SharePoint provides the visibility, auditing and recommendations necessary to properly control access to data in your SharePoint environment. DatAdvantage for SharePoint helps identify data owners, shows you who currently has access to information, tracks who is accessing data, and indicates who should have their access revoked.

Statistics

Views

Total Views
2,891
Views on SlideShare
2,562
Embed Views
329

Actions

Likes
0
Downloads
73
Comments
0

7 Embeds 329

http://www.varonis.com 310
http://varonis.com 8
http://www.slideshare.net 5
http://wwwprod.varonis.com 3
https://varonisdev.atre.net 1
http://wwwstage.varonis.com 1
http://translate.googleusercontent.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • User and Group Information from Active Directory, LDAP, NIS, SharePoint, etc. Permissions information knowing who can access what data in which containers Access Activity knowing which users do access what data, when and what they’ve done Sensitive Content Indicators knowing which files contain items of sensitivity and importance, and where they reside
  • Sophisticated Data Structures Critical Pre-processing Core Varonis Intellectual Property
  • Here are some of the operational challenges in dealing with unstructured data. For each box, note the point on the left, and discuss the detailed supporting items on the right
  • Varonis DatAdvantage helps solve these problems by providing: 1. A bi-directional view into access permissions, meaning you can easily determine who has access to a given folder, or which folders a given user or group has access to. 2. A sortable, searchable audit trail for every access of unstructured data that does not impair system performance or require an unmanageable amount of storage. 3. By analyzing file system permissions and access history, Varonis identifies excessive permissions, and provides a method to test permissions changes outside of the production environment. 4. DatAdvantage also provides a method to systematically identify data owners through summarizing access the access activity.
  • This is one section of the Varonis DatAdvantage Graphical User interface, known as the work area. On the left are users and groups gathered automatically from Active Directory, LDAP, NIS, and/or local files. On the right is the directory structure of a file server (or servers). By double-clicking on a folder, we see a list of users and groups that have access to that folder and their associated NTFS permissions. Conversely, we can double click on any user or group-- all the folders that turn green are folders that the user or group has access to; all the folders that remain yellow are those that the user or group does not have access to. In addition, you can see the level of permissions the user or group has on any given folder, as well as an explanation of how they are getting access-- whether it is through a global group, such as everyone or domain users, or through the finance group, as displayed here. (optional) Consider the native functionality for viewing permissions in windows– in order to view permissions on a folder, you must right-click on it in windows explorer and navigate to properties>security. This displays the groups and any explicitly named users that have access to the folder. In to see the users in each group, you must refer to active directory for each group listed. In order to determine all folders a user or group has access to, you must right click on every folder, record every group, and determine if the user or group is contained with each group.
  • This is one section of the Varonis DatAdvantage Graphical User interface, known as the work area. On the left are users and groups gathered automatically from Active Directory, LDAP, NIS, and/or local files. On the right is the directory structure of a file server (or servers). By double-clicking on a folder, we see a list of users and groups that have access to that folder and their associated NTFS permissions. Conversely, we can double click on any user or group-- all the folders that turn green are folders that the user or group has access to; all the folders that remain yellow are those that the user or group does not have access to. In addition, you can see the level of permissions the user or group has on any given folder, as well as an explanation of how they are getting access-- whether it is through a global group, such as everyone or domain users, or through the finance group, as displayed here. (optional) Consider the native functionality for viewing permissions in windows– in order to view permissions on a folder, you must right-click on it in windows explorer and navigate to properties>security. This displays the groups and any explicitly named users that have access to the folder. In to see the users in each group, you must refer to active directory for each group listed. In order to determine all folders a user or group has access to, you must right click on every folder, record every group, and determine if the user or group is contained with each group.
  • This is one section of the Varonis DatAdvantage Graphical User interface, known as the work area. On the left are users and groups gathered automatically from Active Directory, LDAP, NIS, and/or local files. On the right is the directory structure of a file server (or servers). By double-clicking on a folder, we see a list of users and groups that have access to that folder and their associated NTFS permissions. Conversely, we can double click on any user or group-- all the folders that turn green are folders that the user or group has access to; all the folders that remain yellow are those that the user or group does not have access to. In addition, you can see the level of permissions the user or group has on any given folder, as well as an explanation of how they are getting access-- whether it is through a global group, such as everyone or domain users, or through the finance group, as displayed here. (optional) Consider the native functionality for viewing permissions in windows– in order to view permissions on a folder, you must right-click on it in windows explorer and navigate to properties>security. This displays the groups and any explicitly named users that have access to the folder. In to see the users in each group, you must refer to active directory for each group listed. In order to determine all folders a user or group has access to, you must right click on every folder, record every group, and determine if the user or group is contained with each group.
  • This is one section of the Varonis DatAdvantage Graphical User interface, known as the work area. On the left are users and groups gathered automatically from Active Directory, LDAP, NIS, and/or local files. On the right is the directory structure of a file server (or servers). By double-clicking on a folder, we see a list of users and groups that have access to that folder and their associated NTFS permissions. Conversely, we can double click on any user or group-- all the folders that turn green are folders that the user or group has access to; all the folders that remain yellow are those that the user or group does not have access to. In addition, you can see the level of permissions the user or group has on any given folder, as well as an explanation of how they are getting access-- whether it is through a global group, such as everyone or domain users, or through the finance group, as displayed here. (optional) Consider the native functionality for viewing permissions in windows– in order to view permissions on a folder, you must right-click on it in windows explorer and navigate to properties>security. This displays the groups and any explicitly named users that have access to the folder. In to see the users in each group, you must refer to active directory for each group listed. In order to determine all folders a user or group has access to, you must right click on every folder, record every group, and determine if the user or group is contained with each group.
  • This is one section of the Varonis DatAdvantage Graphical User interface, known as the work area. On the left are users and groups gathered automatically from Active Directory, LDAP, NIS, and/or local files. On the right is the directory structure of a file server (or servers). By double-clicking on a folder, we see a list of users and groups that have access to that folder and their associated NTFS permissions. Conversely, we can double click on any user or group-- all the folders that turn green are folders that the user or group has access to; all the folders that remain yellow are those that the user or group does not have access to. In addition, you can see the level of permissions the user or group has on any given folder, as well as an explanation of how they are getting access-- whether it is through a global group, such as everyone or domain users, or through the finance group, as displayed here. (optional) Consider the native functionality for viewing permissions in windows– in order to view permissions on a folder, you must right-click on it in windows explorer and navigate to properties>security. This displays the groups and any explicitly named users that have access to the folder. In to see the users in each group, you must refer to active directory for each group listed. In order to determine all folders a user or group has access to, you must right click on every folder, record every group, and determine if the user or group is contained with each group.
  • This is one section of the Varonis DatAdvantage Graphical User interface, known as the work area. On the left are users and groups gathered automatically from Active Directory, LDAP, NIS, and/or local files. On the right is the directory structure of a file server (or servers). By double-clicking on a folder, we see a list of users and groups that have access to that folder and their associated NTFS permissions. Conversely, we can double click on any user or group-- all the folders that turn green are folders that the user or group has access to; all the folders that remain yellow are those that the user or group does not have access to. In addition, you can see the level of permissions the user or group has on any given folder, as well as an explanation of how they are getting access-- whether it is through a global group, such as everyone or domain users, or through the finance group, as displayed here. (optional) Consider the native functionality for viewing permissions in windows– in order to view permissions on a folder, you must right-click on it in windows explorer and navigate to properties>security. This displays the groups and any explicitly named users that have access to the folder. In to see the users in each group, you must refer to active directory for each group listed. In order to determine all folders a user or group has access to, you must right click on every folder, record every group, and determine if the user or group is contained with each group.
  • This is one section of the Varonis DatAdvantage Graphical User interface, known as the work area. On the left are users and groups gathered automatically from Active Directory, LDAP, NIS, and/or local files. On the right is the directory structure of a file server (or servers). By double-clicking on a folder, we see a list of users and groups that have access to that folder and their associated NTFS permissions. Conversely, we can double click on any user or group-- all the folders that turn green are folders that the user or group has access to; all the folders that remain yellow are those that the user or group does not have access to. In addition, you can see the level of permissions the user or group has on any given folder, as well as an explanation of how they are getting access-- whether it is through a global group, such as everyone or domain users, or through the finance group, as displayed here. (optional) Consider the native functionality for viewing permissions in windows– in order to view permissions on a folder, you must right-click on it in windows explorer and navigate to properties>security. This displays the groups and any explicitly named users that have access to the folder. In to see the users in each group, you must refer to active directory for each group listed. In order to determine all folders a user or group has access to, you must right click on every folder, record every group, and determine if the user or group is contained with each group.
  • This is one section of the Varonis DatAdvantage Graphical User interface, known as the work area. On the left are users and groups gathered automatically from Active Directory, LDAP, NIS, and/or local files. On the right is the directory structure of a file server (or servers). By double-clicking on a folder, we see a list of users and groups that have access to that folder and their associated NTFS permissions. Conversely, we can double click on any user or group-- all the folders that turn green are folders that the user or group has access to; all the folders that remain yellow are those that the user or group does not have access to. In addition, you can see the level of permissions the user or group has on any given folder, as well as an explanation of how they are getting access-- whether it is through a global group, such as everyone or domain users, or through the finance group, as displayed here. (optional) Consider the native functionality for viewing permissions in windows– in order to view permissions on a folder, you must right-click on it in windows explorer and navigate to properties>security. This displays the groups and any explicitly named users that have access to the folder. In to see the users in each group, you must refer to active directory for each group listed. In order to determine all folders a user or group has access to, you must right click on every folder, record every group, and determine if the user or group is contained with each group.
  • This is one section of the Varonis DatAdvantage Graphical User interface, known as the work area. On the left are users and groups gathered automatically from Active Directory, LDAP, NIS, and/or local files. On the right is the directory structure of a file server (or servers). By double-clicking on a folder, we see a list of users and groups that have access to that folder and their associated NTFS permissions. Conversely, we can double click on any user or group-- all the folders that turn green are folders that the user or group has access to; all the folders that remain yellow are those that the user or group does not have access to. In addition, you can see the level of permissions the user or group has on any given folder, as well as an explanation of how they are getting access-- whether it is through a global group, such as everyone or domain users, or through the finance group, as displayed here. (optional) Consider the native functionality for viewing permissions in windows– in order to view permissions on a folder, you must right-click on it in windows explorer and navigate to properties>security. This displays the groups and any explicitly named users that have access to the folder. In to see the users in each group, you must refer to active directory for each group listed. In order to determine all folders a user or group has access to, you must right click on every folder, record every group, and determine if the user or group is contained with each group.
  • This is one section of the Varonis DatAdvantage Graphical User interface, known as the work area. On the left are users and groups gathered automatically from Active Directory, LDAP, NIS, and/or local files. On the right is the directory structure of a file server (or servers). By double-clicking on a folder, we see a list of users and groups that have access to that folder and their associated NTFS permissions. Conversely, we can double click on any user or group-- all the folders that turn green are folders that the user or group has access to; all the folders that remain yellow are those that the user or group does not have access to. In addition, you can see the level of permissions the user or group has on any given folder, as well as an explanation of how they are getting access-- whether it is through a global group, such as everyone or domain users, or through the finance group, as displayed here. (optional) Consider the native functionality for viewing permissions in windows– in order to view permissions on a folder, you must right-click on it in windows explorer and navigate to properties>security. This displays the groups and any explicitly named users that have access to the folder. In to see the users in each group, you must refer to active directory for each group listed. In order to determine all folders a user or group has access to, you must right click on every folder, record every group, and determine if the user or group is contained with each group.
  • Varonis DatAdvantage provides high-level views of user access behavior, including most/least active users, and most/least active directories. Varonis also has a built-in report to list inactive directories to facilitate disk cleanup projects. Varonis DatAdvantage also alerts on anomalous user behavior by looking for statistically significant deviations on each user’s normal day-to-day activity. Access deviations may signify a worm or automated process running under that user’s credentials, or the employee’s potential departure from the organization.
  • Varonis DatAdvantage provides high-level views of user access behavior, including most/least active users, and most/least active directories. Varonis also has a built-in report to list inactive directories to facilitate disk cleanup projects. Varonis DatAdvantage also alerts on anomalous user behavior by looking for statistically significant deviations on each user’s normal day-to-day activity. Access deviations may signify a worm or automated process running under that user’s credentials, or the employee’s potential departure from the organization.
  • Varonis DatAdvantage provides a straight-forward method to determine potential data-owners. When a folder is double-clicked in the statistics area, DatAdvantage displays a list of users that have accessed data within it. The data owner is often one of these users– if not, the data owner is likely to be one of the active user’s supervisors. At worst, the Active Users represent one degree of separation between the IT administrator and the data owner.
  • Varonis DatAdvantage provides a straight-forward method to determine potential data-owners. When a folder is double-clicked in the statistics area, DatAdvantage displays a list of users that have accessed data within it. The data owner is often one of these users– if not, the data owner is likely to be one of the active user’s supervisors. At worst, the Active Users represent one degree of separation between the IT administrator and the data owner.
  • Varonis DatAdvantage provides a straight-forward method to determine potential data-owners. When a folder is double-clicked in the statistics area, DatAdvantage displays a list of users that have accessed data within it. The data owner is often one of these users– if not, the data owner is likely to be one of the active user’s supervisors. At worst, the Active Users represent one degree of separation between the IT administrator and the data owner.
  • Varonis DatAdvantage provides a straight-forward method to determine potential data-owners. When a folder is double-clicked in the statistics area, DatAdvantage displays a list of users that have accessed data within it. The data owner is often one of these users– if not, the data owner is likely to be one of the active user’s supervisors. At worst, the Active Users represent one degree of separation between the IT administrator and the data owner.

Varonis DatAdvantage for SharePoint Varonis DatAdvantage for SharePoint Presentation Transcript

  • Introduction to Varonis DatAdvantage for SharePoint
    February, 2010
  • Protecting access to unstructured SharePoint data
    Unstructured data has been a challenge to protect for as long as file systems have existed
    Unstructured data: Data such as business productivity documents (e.g., Microsoft Office), media files, CAD files, etc., stored on shared SharePoint sites
    Today, every organization…
    Has a great deal of unstructured data
    Is investing CapEx & OpEx to try to protect it
    Lacks an operationally effective way to protect data
    Management processes are manual
    Permissions are rarely revoked
    Owners are not know
  • Unstructured SharePoint data:Mission critical, constantly changing and poorly protected
    80% of business data
    is unstructured
    Source: IDC 2007
    Access permissions change as user needs change, est: 30-40% annually
    Data grows 50-100% annually
    Source: Varonis & IDC 2007
    Source: Varonis
    70% of unstructured data goes
    stale 90 days after creation
    Source: Gartner 2005
  • Finding/classifying sensitive content
    • Time consuming to search through all data
    • Data constantly changing – hard to keep current
    • Not clear what to do w/results – list of file paths/names
    Unstructured data operational challenges
    As employee needs change, authorizations grow & grow
    Permission is seldom revoked
    Tools are largely manual: time consuming and error prone
    Ensuring authorizations are based on business need
    • Auditing slows down servers and generates large volume of difficult to decipher data
    • Usually audit only after incidents
    • Complete lack of audit information, or incomplete & outdated
    Understanding who accessed data & how
    • Metadata and folder location don’t reveal ownership
    • Time consuming and manual process to find owners
    • Orphan data with unknown business context or relevance, and wasted storage
    Identifying data business owners
  • Varonis provides unstructured data governance
    Varonis Solution Benefits
    Dramatically increased staff productivity
    Quantifiable risk mitigation
    Complete information accountability
    Fill critical infrastructure and operational gaps
  • User
    Directory
    Network Attached
    Storage (NAS),
    File Server or
    SharePoint
    LAN
    NAS
    Appliance
    DatAdvantage automates data governance
    Data controls are administered from one place
    • Identify owners and assign ownership
    • Visibility of users, data, use, permissions
    • Find sensitive data
    • Transparent auditing
    • Recommendations for permission revocations
  • Varonis IDU Framework & Applications
    DatAdvantage
    DataPrivilege
    IDU Data Classification Framework
    Retention/Storage
    Commit Changes to File Systems and Directory Services
    Analysis & Modeling
    Normalization
    Data Content Classification
    File System Meta Data Collection
    User Data Collection
    Windows File Systems
    UNIX/Linux
    SharePoint
    MS Active Directory
    LDAP
    NIS
    Local
    Accounts
    SharePoint
    The Varonis IDU Framework creates and manages a meta-data layer that enables IT and the business to work together to protect unstructured data
  • Varonis creates a unique layer of meta-data:Key context for managing and protecting data
    Varonis Meta-data Layer
    All Users & Groups
    Varonis
    All Data
    The Varonis IDU Framework
    creates a layer of meta-data
    about data, users & groups,
    permissions, access and
    ownership
    Actual access
    Potential access
    Revocation recommendation
    Data owner
    5
  • Varonis IDU Framework – Foundation for Data Governance
    Draws on / creates continuously updated meta data
    Permissions: who has the potential to access data
    Activity: every data access, by every user
    Users/Groups: users within the environment
    Combines this meta data to create an environment in which actionable data governance information is produced
    Identify who accessed data and who owns data
    See whose access should be revoked
    Discover stale data and inactive users
    Model data entitlement changes
    Enables data owners to take a significantly larger role in controlling access to their data
    Page 9
  • Varonis IDU Framework Benefits
    • Unique in capabilities and scope
    • Efficient, intelligent information creation, management & presentation
    • Continuously refreshed meta data
    • Comprehensive audit trail
    • Immediate time to value
    • Installs rapidly (~3 hours)
    • Produces actionable intelligence (via UI & reports) immediately
    • Enterprise scale
    • Virtually no limit on number of users, number of monitored file systems, etc.
    • Low total cost of ownership
    • Super efficient use of resources
    Page 10
  • See who has access to data
    Page 11
  • See what access users/groups have
    Page 12
  • Get a complete data access audit record
    Page 13
  • Identify the likely owners of data
    Page 14
  • Edit permissions & permissions levels
    © 2010 Varonis Systems..
    Page 15
  • See whose access should be revoked
    Page 16
  • Varonis in customer environments
    Use cases
    Audit & analyze data use activity
    Permissions analysis & testing
    Ensuring appropriate access & permissions
    Data ownership identification
    Data entitlement management
    Addressing unused data and groups
    Preparing for data migrations
    Preparing for domain consolidation
    Finding lost files
    End users
    SharePoint/Windows/Unix/Linux (File) System Administrators, Data owners, IT Operations, Storage administrators, Helpdesk, Security Compliance and audit
  • Who Needs Varonis Data Governance?All sizes of companies in all industries
    Over 600 customers globally
  • Varonis DatAdvantage for SharePoint Summary
    Delivers immediate time-to-value
    Quick to install, immediate access to information
    Addresses multiple data governance use-cases
    Virtually impossible without automation
    Enables repeatable, efficient processes
    Without DatAdvantage, you would have to hire/deploy additional experts to do this work
    Offers powerful return-on-investment
    Visit www.varonis.com to learn more, request a demo, etc.