Turtles, Trust and The Future of Cybersecurity
Faith in our institutions is collapsing, and GDPR is at the door. What would cybersecurity look like if we started from scratch, right now, in our hybrid, interdependent world? It would focus relentlessly on data. Learn how a data-centric security approach can reduce risk, increase efficiency and re-engineer trust in a society where faith has been shaken by unstoppable breaches.
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Turtles, Trust and The Future of Cybersecurity
1. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.
Our mission is to protect data from insider
threats and cyberattacks.
Turtles, Trust, and the Future of
Cybersecurity
April, 2018
6. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.
Where are we shining the light?
Workstations
Applications
Active Directory
Mobile Devices
Perimeter
Network
8. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.
21.5 million background investigation files…
“In 2014, the adversary was utilizing a Visual Basic script to scan all of our
unstructured data... All the data that is listed here, all came out of personal
file shares that were stored in the domain storage network.” - OPM’s Director
of IT Security Operations
11. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.11
Data is in the Dark
There are many
questions IT and
the business
can’t answer:
What data isn’t being used?
Who has access to files,
folders, mailboxes?
Who is accessing, modifying, moving,
deleting files and email?
Which files contain
critical information?
Which data is exposed
to too many people?
Who owns data and how do I get them involved?
15. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.15
Secular Trends
DATA GROWTH HYBRID CLOUD CYBER THREATS
The amount of data created in the
world will grow to 163 Zettabytes (or
151 trillion gigabytes) in 2025,
representing a nearly tenfold
increase from the amount created in
2016. (1)
Through 2020, more than 85% of
enterprises adopting a cloud-first
strategy will continue to host business-
critical applications in traditional data
center environments.(2)
By 2025, almost 90% of all data will
require a meaningful level of security,
but less than half will be secured. (1)
(1) IDC Research — Data Age 2025: The Evolution of Data to Life-Critical
(2) Gartner Research - Deliver Data Center Modernizing Using Three-Cloud Complementary Approaches
16. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.16
Industry Changes
BOARD
AWARENESS
ADOPTION AND
STANDARDIZATION
REGULATION
Board of Directors are now required
to address cyber risks and
demonstrate appropriate awareness
and action.
A data-centric approach to security
is becoming a standard. Almost
every breach involves data assets in
the form of files, emails and video
that are stored in growing on-
premises and cloud file systems.
The confluence of notable attacks,
media attention, and public outcry
has led to new data-centric
regulations.
19. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.
DETECT PREVENT SUSTAIN
insider threats by analyzing
data, account activity, and
user behavior.
disaster by locking down
sensitive and stale data,
reducing broad access,
and simplifying permissions.
a secure state by
automating authorizations,
migrations, & disposition.
20. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.
IMAGINE
Cyber threats are
detected and
stopped
Only the right
people have
access
We know where
our sensitive
data lives
Sustain a secure
state without
manual effort
21. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.21
User and Group
Information
Permission
Information
User Activity
Content
Information
22. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.22
Cyber Threat
Detection
Active Directory
Monitoring
Data Access
Governance
Automatic
Quarantining
Data
Classification
Least Privilege
Enforcement
File & Email
Monitoring
User Behavior
Analytics
Data Security Platform
23. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.23
Steps
Map your environment
Begin monitoring user/account/data behavior
Start automated discovery/classification
Detect: Prepare
Benefits
Prioritize scope by sensitivity, staleness,
department criticality, etc.
Review Incident Response Procedure,
SOC capabilities and toolsets
24. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.24
Detect: Operationalize
Steps
Prioritize and create incident response plan for alerts, including automated
responses
Train staff on day to day management, including reports, permissions and AD
management, finding lost files, etc.
Identify known data owners demarcation points
Identify known data retention and disposition policies
Benefits
Incident response plans and automation reduce risk of data theft and loss
Staff becomes more operationally efficient with day to day tasks
25. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.25
Prevent: Fix Steps
Fix inconsistent/broken ACL’s
Eliminate global access groups around sensitive data
Eliminate remaining global access groups
Address AD artifacts (empty, unused security groups,
non-expiring passwords, etc.)
Address retention/disposition by quarantining, archiving,
and deleting stale data
Benefits
Significant risk reduction
Defensible position with respect to compliance
More efficient usage of storage
Reduced complexity increases operational efficiency
26. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.26
Prevent: Transform
Steps
Identify folders that need owners (demarcation points)
Identify and confirm data owners
Simplify permission structure - (read/write), consistent
inheritance
Initiate entitlement reviews to prune residual access
Prune residual unnecessary access
Benefits
Dramatic increase in operational efficiencies
Better service for end users (faster access to data)
Reduced complexity and risk
27. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.27
Benefits
Reduced risk as policy
deviations are corrected
automatically and least
privilege model is maintained
Increased operational
efficiency
Evidence of process
adherence for compliance
Sustain: Automate
Steps
Automate authorization
workflow via data owners
Automate disposition,
quarantining, policy
enforcement
Automate periodic
entitlement reviews
28. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.28
Sustain: Improve
Steps
Regularly review risks, alerts and
processes to ensure continuous
improvement
Benefits
Ongoing improvements in risk
reduction and operational
efficiency
29. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.29
DETECT:
2. Operationalize
Create incident
response plan based
on alerts, including
automation
Train staff on the
basics - managing
perms and finding lost
files
DETECT:
1. Prepare
Deploy Tech
Prioritize and assess
risks
PREVENT:
3. Fix
Fix broken ACL’s
Eliminate global access
to sensitive data
Eliminate remaining
global access groups
Eliminate unnecessary
AD artifacts (unused
security groups, non-
expiring passwords, etc.
Quarantine/archive/dele
te stale data
PREVENT:
4. Transformation
Identify folders that
need owners
Identify data owners
Simplify permissions
structure
Provide owners
reports about their
data
SUSTAIN:
5. Automation
Automate authorization
workflow via Data
Owners
Automate periodic
entitlement reviews
Automate disposition,
quarantining, policy
enforcement
SUSTAIN:
6. Improve
Regularly review
risks, alerts and
processes to ensure
continuous
improvement
Risk Reduction
Efficiency GainsOperationalizing Data Security