SlideShare a Scribd company logo

Turtles, Trust and The Future of Cybersecurity

D
Digital Transformation EXPO Event Series

Turtles, Trust and The Future of Cybersecurity Faith in our institutions is collapsing, and GDPR is at the door. What would cybersecurity look like if we started from scratch, right now, in our hybrid, interdependent world? It would focus relentlessly on data. Learn how a data-centric security approach can reduce risk, increase efficiency and re-engineer trust in a society where faith has been shaken by unstoppable breaches.

Technology
1 of 31
Download to read offline
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. Our mission is to protect data from insider threats and cyberattacks. Turtles, Trust, and the Future of Cybersecurity April, 2018
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.2 What can we learn from sea turtles?
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.3 Journey to safety
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.4 …unless it’s not the way.
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.5 Where is the light we trust?
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. Where are we shining the light? Workstations Applications Active Directory Mobile Devices Perimeter Network
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. “Certain files”
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. 21.5 million background investigation files… “In 2014, the adversary was utilizing a Visual Basic script to scan all of our unstructured data... All the data that is listed here, all came out of personal file shares that were stored in the domain storage network.” - OPM’s Director of IT Security Operations
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. …and every ransomware attack WannaCry NotPetya Cryptolocker Locky etc…
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. Why do these keep happening?
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.11 Data is in the Dark There are many questions IT and the business can’t answer: What data isn’t being used? Who has access to files, folders, mailboxes? Who is accessing, modifying, moving, deleting files and email? Which files contain critical information? Which data is exposed to too many people? Who owns data and how do I get them involved?
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. How do I know when something’s gone wrong?
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.13 Where are we shining the light? DATA
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. Why should we change now?
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.15 Secular Trends DATA GROWTH HYBRID CLOUD CYBER THREATS The amount of data created in the world will grow to 163 Zettabytes (or 151 trillion gigabytes) in 2025, representing a nearly tenfold increase from the amount created in 2016. (1) Through 2020, more than 85% of enterprises adopting a cloud-first strategy will continue to host business- critical applications in traditional data center environments.(2) By 2025, almost 90% of all data will require a meaningful level of security, but less than half will be secured. (1) (1) IDC Research — Data Age 2025: The Evolution of Data to Life-Critical (2) Gartner Research - Deliver Data Center Modernizing Using Three-Cloud Complementary Approaches
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.16 Industry Changes BOARD AWARENESS ADOPTION AND STANDARDIZATION REGULATION Board of Directors are now required to address cyber risks and demonstrate appropriate awareness and action. A data-centric approach to security is becoming a standard. Almost every breach involves data assets in the form of files, emails and video that are stored in growing on- premises and cloud file systems. The confluence of notable attacks, media attention, and public outcry has led to new data-centric regulations.
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.17 What if we could start over?
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.18 Treat data like dollars
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. DETECT PREVENT SUSTAIN insider threats by analyzing data, account activity, and user behavior. disaster by locking down sensitive and stale data, reducing broad access, and simplifying permissions. a secure state by automating authorizations, migrations, & disposition.
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. IMAGINE Cyber threats are detected and stopped Only the right people have access We know where our sensitive data lives Sustain a secure state without manual effort
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.21 User and Group Information Permission Information User Activity Content Information
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.22 Cyber Threat Detection Active Directory Monitoring Data Access Governance Automatic Quarantining Data Classification Least Privilege Enforcement File & Email Monitoring User Behavior Analytics Data Security Platform
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.23 Steps Map your environment Begin monitoring user/account/data behavior Start automated discovery/classification Detect: Prepare Benefits Prioritize scope by sensitivity, staleness, department criticality, etc. Review Incident Response Procedure, SOC capabilities and toolsets
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.24 Detect: Operationalize Steps Prioritize and create incident response plan for alerts, including automated responses Train staff on day to day management, including reports, permissions and AD management, finding lost files, etc. Identify known data owners demarcation points Identify known data retention and disposition policies Benefits Incident response plans and automation reduce risk of data theft and loss Staff becomes more operationally efficient with day to day tasks
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.25 Prevent: Fix Steps Fix inconsistent/broken ACL’s Eliminate global access groups around sensitive data Eliminate remaining global access groups Address AD artifacts (empty, unused security groups, non-expiring passwords, etc.) Address retention/disposition by quarantining, archiving, and deleting stale data Benefits Significant risk reduction Defensible position with respect to compliance More efficient usage of storage Reduced complexity increases operational efficiency
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.26 Prevent: Transform Steps Identify folders that need owners (demarcation points) Identify and confirm data owners Simplify permission structure - (read/write), consistent inheritance Initiate entitlement reviews to prune residual access Prune residual unnecessary access Benefits Dramatic increase in operational efficiencies Better service for end users (faster access to data) Reduced complexity and risk
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.27 Benefits Reduced risk as policy deviations are corrected automatically and least privilege model is maintained Increased operational efficiency Evidence of process adherence for compliance Sustain: Automate Steps Automate authorization workflow via data owners Automate disposition, quarantining, policy enforcement Automate periodic entitlement reviews
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.28 Sustain: Improve Steps Regularly review risks, alerts and processes to ensure continuous improvement Benefits Ongoing improvements in risk reduction and operational efficiency
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.29 DETECT: 2. Operationalize Create incident response plan based on alerts, including automation Train staff on the basics - managing perms and finding lost files DETECT: 1. Prepare Deploy Tech Prioritize and assess risks PREVENT: 3. Fix Fix broken ACL’s Eliminate global access to sensitive data Eliminate remaining global access groups Eliminate unnecessary AD artifacts (unused security groups, non- expiring passwords, etc. Quarantine/archive/dele te stale data PREVENT: 4. Transformation Identify folders that need owners Identify data owners Simplify permissions structure Provide owners reports about their data SUSTAIN: 5. Automation Automate authorization workflow via Data Owners Automate periodic entitlement reviews Automate disposition, quarantining, policy enforcement SUSTAIN: 6. Improve Regularly review risks, alerts and processes to ensure continuous improvement Risk Reduction Efficiency GainsOperationalizing Data Security
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.30 Journey to safety
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. Thank You

Recommended

Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recoverySameeu Imad
 
Security 24 - Seclore
Security 24 - SecloreSecurity 24 - Seclore
Security 24 - SecloreSeclore
 
Protect customer's personal information eng 191018
Protect customer's personal information eng 191018Protect customer's personal information eng 191018
Protect customer's personal information eng 191018sang yoo
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreSeclore
 
Windstream Cloud Security Presentation
Windstream Cloud Security PresentationWindstream Cloud Security Presentation
Windstream Cloud Security PresentationIdeba
 
IntelAdapt
IntelAdaptIntelAdapt
IntelAdaptMaggie Albrecht
 

Recommended

Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recoverySameeu Imad
 
Security 24 - Seclore
Security 24 - SecloreSecurity 24 - Seclore
Security 24 - SecloreSeclore
 
Protect customer's personal information eng 191018
Protect customer's personal information eng 191018Protect customer's personal information eng 191018
Protect customer's personal information eng 191018sang yoo
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreSeclore
 
Windstream Cloud Security Presentation
Windstream Cloud Security PresentationWindstream Cloud Security Presentation
Windstream Cloud Security PresentationIdeba
 
IntelAdapt
IntelAdaptIntelAdapt
IntelAdaptMaggie Albrecht
 
Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | SecloreSeclore
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Ulf Mattsson
 
Windstream Managed Network Security Presentation
Windstream Managed Network Security PresentationWindstream Managed Network Security Presentation
Windstream Managed Network Security PresentationIdeba
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Ulf Mattsson
 
Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Databoldonjames
 
Cloud Security is not equal to Cloud Data Security
Cloud Security is not equal to Cloud Data SecurityCloud Security is not equal to Cloud Data Security
Cloud Security is not equal to Cloud Data SecuritySeclore
 
Unlock the full potential of IoT
Unlock the full potential of IoT Unlock the full potential of IoT
Unlock the full potential of IoT Happiest Minds Technologies
 
Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreSeclore
 
Seclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore
 
Security and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperSecurity and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperDavid J Rosenthal
 
2015 AUG 24-Oracle EBS
2015 AUG 24-Oracle EBS2015 AUG 24-Oracle EBS
2015 AUG 24-Oracle EBSHarriet Schneider
 
Hipaa Compliance With IT
Hipaa Compliance With ITHipaa Compliance With IT
Hipaa Compliance With ITNainil Chheda
 
Office 365 data loss prevention
Office 365 data loss preventionOffice 365 data loss prevention
Office 365 data loss preventionssuser1eca7d
 
Seclore for Titus
Seclore for TitusSeclore for Titus
Seclore for TitusSeclore
 
Seclore: Information Rights Management
Seclore: Information Rights ManagementSeclore: Information Rights Management
Seclore: Information Rights ManagementRahul Neel Mani
 
Mindtree distributed agile journey and guiding principles
Mindtree distributed agile journey and guiding principlesMindtree distributed agile journey and guiding principles
Mindtree distributed agile journey and guiding principlesMindtree Ltd.
 
Seclore For Microsoft’s Sensitivity Labels
Seclore For Microsoft’s Sensitivity LabelsSeclore For Microsoft’s Sensitivity Labels
Seclore For Microsoft’s Sensitivity LabelsSeclore
 
Cloud Data Security
Cloud Data Security Cloud Data Security
Cloud Data Security Seclore
 
Rbi compliance and Data Centric Security
Rbi compliance and Data Centric Security Rbi compliance and Data Centric Security
Rbi compliance and Data Centric Security Seclore
 
Data Classification Protection | Seclore
Data Classification Protection | SecloreData Classification Protection | Seclore
Data Classification Protection | SecloreSeclore
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation pptvaishalshah01
 
Information security group presentation
Information security group presentationInformation security group presentation
Information security group presentationvaishalshah01
 

More Related Content

What's hot

Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | SecloreSeclore
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Ulf Mattsson
 
Windstream Managed Network Security Presentation
Windstream Managed Network Security PresentationWindstream Managed Network Security Presentation
Windstream Managed Network Security PresentationIdeba
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Ulf Mattsson
 
Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Databoldonjames
 
Cloud Security is not equal to Cloud Data Security
Cloud Security is not equal to Cloud Data SecurityCloud Security is not equal to Cloud Data Security
Cloud Security is not equal to Cloud Data SecuritySeclore
 
Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreSeclore
 
Seclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore
 
Security and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperSecurity and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperDavid J Rosenthal
 
Hipaa Compliance With IT
Hipaa Compliance With ITHipaa Compliance With IT
Hipaa Compliance With ITNainil Chheda
 
Office 365 data loss prevention
Office 365 data loss preventionOffice 365 data loss prevention
Office 365 data loss preventionssuser1eca7d
 
Seclore for Titus
Seclore for TitusSeclore for Titus
Seclore for TitusSeclore
 
Seclore: Information Rights Management
Seclore: Information Rights ManagementSeclore: Information Rights Management
Seclore: Information Rights ManagementRahul Neel Mani
 
Mindtree distributed agile journey and guiding principles
Mindtree distributed agile journey and guiding principlesMindtree distributed agile journey and guiding principles
Mindtree distributed agile journey and guiding principlesMindtree Ltd.
 
Seclore For Microsoft’s Sensitivity Labels
Seclore For Microsoft’s Sensitivity LabelsSeclore For Microsoft’s Sensitivity Labels
Seclore For Microsoft’s Sensitivity LabelsSeclore
 
Cloud Data Security
Cloud Data Security Cloud Data Security
Cloud Data Security Seclore
 
Rbi compliance and Data Centric Security
Rbi compliance and Data Centric Security Rbi compliance and Data Centric Security
Rbi compliance and Data Centric Security Seclore
 
Data Classification Protection | Seclore
Data Classification Protection | SecloreData Classification Protection | Seclore
Data Classification Protection | SecloreSeclore
 

What's hot (20)

Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | Seclore
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...
 
Windstream Managed Network Security Presentation
Windstream Managed Network Security PresentationWindstream Managed Network Security Presentation
Windstream Managed Network Security Presentation
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
 
Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Data
 
Cloud Security is not equal to Cloud Data Security
Cloud Security is not equal to Cloud Data SecurityCloud Security is not equal to Cloud Data Security
Cloud Security is not equal to Cloud Data Security
 
Unlock the full potential of IoT
Unlock the full potential of IoT Unlock the full potential of IoT
Unlock the full potential of IoT
 
Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | Seclore
 
Seclore Advantage Channel Program
Seclore Advantage Channel ProgramSeclore Advantage Channel Program
Seclore Advantage Channel Program
 
Security and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperSecurity and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 Whitepaper
 
2015 AUG 24-Oracle EBS
2015 AUG 24-Oracle EBS2015 AUG 24-Oracle EBS
2015 AUG 24-Oracle EBS
 
Hipaa Compliance With IT
Hipaa Compliance With ITHipaa Compliance With IT
Hipaa Compliance With IT
 
Office 365 data loss prevention
Office 365 data loss preventionOffice 365 data loss prevention
Office 365 data loss prevention
 
Seclore for Titus
Seclore for TitusSeclore for Titus
Seclore for Titus
 
Seclore: Information Rights Management
Seclore: Information Rights ManagementSeclore: Information Rights Management
Seclore: Information Rights Management
 
Mindtree distributed agile journey and guiding principles
Mindtree distributed agile journey and guiding principlesMindtree distributed agile journey and guiding principles
Mindtree distributed agile journey and guiding principles
 
Seclore For Microsoft’s Sensitivity Labels
Seclore For Microsoft’s Sensitivity LabelsSeclore For Microsoft’s Sensitivity Labels
Seclore For Microsoft’s Sensitivity Labels
 
Cloud Data Security
Cloud Data Security Cloud Data Security
Cloud Data Security
 
Rbi compliance and Data Centric Security
Rbi compliance and Data Centric Security Rbi compliance and Data Centric Security
Rbi compliance and Data Centric Security
 
Data Classification Protection | Seclore
Data Classification Protection | SecloreData Classification Protection | Seclore
Data Classification Protection | Seclore
 

Similar to Turtles, Trust and The Future of Cybersecurity

Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation pptvaishalshah01
 
Information security group presentation
Information security group presentationInformation security group presentation
Information security group presentationvaishalshah01
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranGSTF
 
aOS Monaco 2019 - S3 - Présentation Varonis - Cloud Data Protection - Benjami...
aOS Monaco 2019 - S3 - Présentation Varonis - Cloud Data Protection - Benjami...aOS Monaco 2019 - S3 - Présentation Varonis - Cloud Data Protection - Benjami...
aOS Monaco 2019 - S3 - Présentation Varonis - Cloud Data Protection - Benjami...aOS Community
 
Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends,...Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends,...Marco Casassa Mont
 
EuroCACS 2016 There are giants in the sky
EuroCACS 2016 There are giants in the skyEuroCACS 2016 There are giants in the sky
EuroCACS 2016 There are giants in the skyCarlos Chalico
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...Amazon Web Services
 
Strengthen Cloud Security
Strengthen Cloud SecurityStrengthen Cloud Security
Strengthen Cloud SecurityLora O'Haver
 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big riskIBM Sverige
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
 
GDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & CyberquestGDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & CyberquestAdrian Dumitrescu
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125Gabor Bokor
 
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudNo More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudPaaSword EU Project
 
Access Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayAccess Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayDotha Keller
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxsarah david
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XPrime Infoserv
 

Similar to Turtles, Trust and The Future of Cybersecurity (20)

Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation ppt
 
Information security group presentation
Information security group presentationInformation security group presentation
Information security group presentation
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton Ravindran
 
aOS Monaco 2019 - S3 - Présentation Varonis - Cloud Data Protection - Benjami...
aOS Monaco 2019 - S3 - Présentation Varonis - Cloud Data Protection - Benjami...aOS Monaco 2019 - S3 - Présentation Varonis - Cloud Data Protection - Benjami...
aOS Monaco 2019 - S3 - Présentation Varonis - Cloud Data Protection - Benjami...
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends,...Cyber security within Organisations: A sneaky peak of current status, trends,...
Cyber security within Organisations: A sneaky peak of current status, trends,...
 
EuroCACS 2016 There are giants in the sky
EuroCACS 2016 There are giants in the skyEuroCACS 2016 There are giants in the sky
EuroCACS 2016 There are giants in the sky
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
 
Strengthen Cloud Security
Strengthen Cloud SecurityStrengthen Cloud Security
Strengthen Cloud Security
 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big risk
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 
MEDS
MEDSMEDS
MEDS
 
GDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & CyberquestGDPR Part 5: Better Together Quest & Cyberquest
GDPR Part 5: Better Together Quest & Cyberquest
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125
 
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the CloudNo More Dark Clouds: A Privacy Preserving Framework for the Cloud
No More Dark Clouds: A Privacy Preserving Framework for the Cloud
 
Access Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayAccess Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance Essay
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management Act
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
 

More from Digital Transformation EXPO Event Series

Who’s afraid of GDPR: the application of Legitimate Interest in B2B marketing
Who’s afraid of GDPR: the application of Legitimate Interest in B2B marketingWho’s afraid of GDPR: the application of Legitimate Interest in B2B marketing
Who’s afraid of GDPR: the application of Legitimate Interest in B2B marketingDigital Transformation EXPO Event Series
 
Unleashing the Potential of Object Storage & Accelerating Cloud-First Initiat...
Unleashing the Potential of Object Storage & Accelerating Cloud-First Initiat...Unleashing the Potential of Object Storage & Accelerating Cloud-First Initiat...
Unleashing the Potential of Object Storage & Accelerating Cloud-First Initiat...Digital Transformation EXPO Event Series
 
Cloud in the Spotlight: How a National Institution ripped up the rule book wi...
Cloud in the Spotlight: How a National Institution ripped up the rule book wi...Cloud in the Spotlight: How a National Institution ripped up the rule book wi...
Cloud in the Spotlight: How a National Institution ripped up the rule book wi...Digital Transformation EXPO Event Series
 
Splunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learningSplunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learningDigital Transformation EXPO Event Series
 
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Digital Transformation EXPO Event Series
 
AI is moving from its academic roots to the forefront of business and industry
AI is moving from its academic roots to the forefront of business and industryAI is moving from its academic roots to the forefront of business and industry
AI is moving from its academic roots to the forefront of business and industryDigital Transformation EXPO Event Series
 
Why Your Business Can’t Ignore the Need for a Password Manager Any Longer
Why Your Business Can’t Ignore the Need for a Password Manager Any LongerWhy Your Business Can’t Ignore the Need for a Password Manager Any Longer
Why Your Business Can’t Ignore the Need for a Password Manager Any LongerDigital Transformation EXPO Event Series
 

More from Digital Transformation EXPO Event Series (20)

Who’s afraid of GDPR: the application of Legitimate Interest in B2B marketing
Who’s afraid of GDPR: the application of Legitimate Interest in B2B marketingWho’s afraid of GDPR: the application of Legitimate Interest in B2B marketing
Who’s afraid of GDPR: the application of Legitimate Interest in B2B marketing
 
Unleashing the Potential of Object Storage & Accelerating Cloud-First Initiat...
Unleashing the Potential of Object Storage & Accelerating Cloud-First Initiat...Unleashing the Potential of Object Storage & Accelerating Cloud-First Initiat...
Unleashing the Potential of Object Storage & Accelerating Cloud-First Initiat...
 
The Future of SD-WAN: WAN Transformation in the Cloud and Mobile Era
The Future of SD-WAN: WAN Transformation in the Cloud and Mobile EraThe Future of SD-WAN: WAN Transformation in the Cloud and Mobile Era
The Future of SD-WAN: WAN Transformation in the Cloud and Mobile Era
 
Cloud in the Spotlight: How a National Institution ripped up the rule book wi...
Cloud in the Spotlight: How a National Institution ripped up the rule book wi...Cloud in the Spotlight: How a National Institution ripped up the rule book wi...
Cloud in the Spotlight: How a National Institution ripped up the rule book wi...
 
What happens if you’re not ready for the GDPR?
What happens if you’re not ready for the GDPR?What happens if you’re not ready for the GDPR?
What happens if you’re not ready for the GDPR?
 
Moving Beyond the Router to a Thin-branch or Application-driven SD-WAN
Moving Beyond the Router to a Thin-branch or Application-driven SD-WANMoving Beyond the Router to a Thin-branch or Application-driven SD-WAN
Moving Beyond the Router to a Thin-branch or Application-driven SD-WAN
 
A modern approach to cloud computing
A modern approach to cloud computing A modern approach to cloud computing
A modern approach to cloud computing
 
Citrix NetScaler SD-WAN - What’s New, What’s Hot?
Citrix NetScaler SD-WAN - What’s New, What’s Hot?Citrix NetScaler SD-WAN - What’s New, What’s Hot?
Citrix NetScaler SD-WAN - What’s New, What’s Hot?
 
Evolving the WAN for the Cloud, using SD-WAN & NFV
Evolving the WAN for the Cloud, using SD-WAN & NFV Evolving the WAN for the Cloud, using SD-WAN & NFV
Evolving the WAN for the Cloud, using SD-WAN & NFV
 
Splunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learningSplunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learning
 
Lean Analytics: How to get more out of your data science team
Lean Analytics: How to get more out of your data science teamLean Analytics: How to get more out of your data science team
Lean Analytics: How to get more out of your data science team
 
Top 5 Lessons Learned in Deploying AI in the Real World
Top 5 Lessons Learned in Deploying AI in the Real WorldTop 5 Lessons Learned in Deploying AI in the Real World
Top 5 Lessons Learned in Deploying AI in the Real World
 
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
 
Data Science Is More Than Just Statistics
Data Science Is More Than Just StatisticsData Science Is More Than Just Statistics
Data Science Is More Than Just Statistics
 
Breaking down the Microsoft AI Platform
Breaking down the Microsoft AI Platform Breaking down the Microsoft AI Platform
Breaking down the Microsoft AI Platform
 
The convergence of Data Science and Software Development
The convergence of Data Science and Software DevelopmentThe convergence of Data Science and Software Development
The convergence of Data Science and Software Development
 
The future impact of AI in cybercrime
The future impact of AI in cybercrimeThe future impact of AI in cybercrime
The future impact of AI in cybercrime
 
Digital Innovation in Medical Gases
Digital Innovation in Medical GasesDigital Innovation in Medical Gases
Digital Innovation in Medical Gases
 
AI is moving from its academic roots to the forefront of business and industry
AI is moving from its academic roots to the forefront of business and industryAI is moving from its academic roots to the forefront of business and industry
AI is moving from its academic roots to the forefront of business and industry
 
Why Your Business Can’t Ignore the Need for a Password Manager Any Longer
Why Your Business Can’t Ignore the Need for a Password Manager Any LongerWhy Your Business Can’t Ignore the Need for a Password Manager Any Longer
Why Your Business Can’t Ignore the Need for a Password Manager Any Longer
 

Recently uploaded

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 

Recently uploaded (20)

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 

Turtles, Trust and The Future of Cybersecurity

  • 1. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. Our mission is to protect data from insider threats and cyberattacks. Turtles, Trust, and the Future of Cybersecurity April, 2018
  • 2. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.2 What can we learn from sea turtles?
  • 3. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.3 Journey to safety
  • 4. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.4 …unless it’s not the way.
  • 5. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.5 Where is the light we trust?
  • 6. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. Where are we shining the light? Workstations Applications Active Directory Mobile Devices Perimeter Network
  • 7. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. “Certain files”
  • 8. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. 21.5 million background investigation files… “In 2014, the adversary was utilizing a Visual Basic script to scan all of our unstructured data... All the data that is listed here, all came out of personal file shares that were stored in the domain storage network.” - OPM’s Director of IT Security Operations
  • 9. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. …and every ransomware attack WannaCry NotPetya Cryptolocker Locky etc…
  • 10. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. Why do these keep happening?
  • 11. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.11 Data is in the Dark There are many questions IT and the business can’t answer: What data isn’t being used? Who has access to files, folders, mailboxes? Who is accessing, modifying, moving, deleting files and email? Which files contain critical information? Which data is exposed to too many people? Who owns data and how do I get them involved?
  • 12. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. How do I know when something’s gone wrong?
  • 13. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.13 Where are we shining the light? DATA
  • 14. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. Why should we change now?
  • 15. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.15 Secular Trends DATA GROWTH HYBRID CLOUD CYBER THREATS The amount of data created in the world will grow to 163 Zettabytes (or 151 trillion gigabytes) in 2025, representing a nearly tenfold increase from the amount created in 2016. (1) Through 2020, more than 85% of enterprises adopting a cloud-first strategy will continue to host business- critical applications in traditional data center environments.(2) By 2025, almost 90% of all data will require a meaningful level of security, but less than half will be secured. (1) (1) IDC Research — Data Age 2025: The Evolution of Data to Life-Critical (2) Gartner Research - Deliver Data Center Modernizing Using Three-Cloud Complementary Approaches
  • 16. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.16 Industry Changes BOARD AWARENESS ADOPTION AND STANDARDIZATION REGULATION Board of Directors are now required to address cyber risks and demonstrate appropriate awareness and action. A data-centric approach to security is becoming a standard. Almost every breach involves data assets in the form of files, emails and video that are stored in growing on- premises and cloud file systems. The confluence of notable attacks, media attention, and public outcry has led to new data-centric regulations.
  • 17. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.17 What if we could start over?
  • 18. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.18 Treat data like dollars
  • 19. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. DETECT PREVENT SUSTAIN insider threats by analyzing data, account activity, and user behavior. disaster by locking down sensitive and stale data, reducing broad access, and simplifying permissions. a secure state by automating authorizations, migrations, & disposition.
  • 20. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. IMAGINE Cyber threats are detected and stopped Only the right people have access We know where our sensitive data lives Sustain a secure state without manual effort
  • 21. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.21 User and Group Information Permission Information User Activity Content Information
  • 22. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.22 Cyber Threat Detection Active Directory Monitoring Data Access Governance Automatic Quarantining Data Classification Least Privilege Enforcement File & Email Monitoring User Behavior Analytics Data Security Platform
  • 23. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.23 Steps Map your environment Begin monitoring user/account/data behavior Start automated discovery/classification Detect: Prepare Benefits Prioritize scope by sensitivity, staleness, department criticality, etc. Review Incident Response Procedure, SOC capabilities and toolsets
  • 24. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.24 Detect: Operationalize Steps Prioritize and create incident response plan for alerts, including automated responses Train staff on day to day management, including reports, permissions and AD management, finding lost files, etc. Identify known data owners demarcation points Identify known data retention and disposition policies Benefits Incident response plans and automation reduce risk of data theft and loss Staff becomes more operationally efficient with day to day tasks
  • 25. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.25 Prevent: Fix Steps Fix inconsistent/broken ACL’s Eliminate global access groups around sensitive data Eliminate remaining global access groups Address AD artifacts (empty, unused security groups, non-expiring passwords, etc.) Address retention/disposition by quarantining, archiving, and deleting stale data Benefits Significant risk reduction Defensible position with respect to compliance More efficient usage of storage Reduced complexity increases operational efficiency
  • 26. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.26 Prevent: Transform Steps Identify folders that need owners (demarcation points) Identify and confirm data owners Simplify permission structure - (read/write), consistent inheritance Initiate entitlement reviews to prune residual access Prune residual unnecessary access Benefits Dramatic increase in operational efficiencies Better service for end users (faster access to data) Reduced complexity and risk
  • 27. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.27 Benefits Reduced risk as policy deviations are corrected automatically and least privilege model is maintained Increased operational efficiency Evidence of process adherence for compliance Sustain: Automate Steps Automate authorization workflow via data owners Automate disposition, quarantining, policy enforcement Automate periodic entitlement reviews
  • 28. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.28 Sustain: Improve Steps Regularly review risks, alerts and processes to ensure continuous improvement Benefits Ongoing improvements in risk reduction and operational efficiency
  • 29. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.29 DETECT: 2. Operationalize Create incident response plan based on alerts, including automation Train staff on the basics - managing perms and finding lost files DETECT: 1. Prepare Deploy Tech Prioritize and assess risks PREVENT: 3. Fix Fix broken ACL’s Eliminate global access to sensitive data Eliminate remaining global access groups Eliminate unnecessary AD artifacts (unused security groups, non- expiring passwords, etc. Quarantine/archive/dele te stale data PREVENT: 4. Transformation Identify folders that need owners Identify data owners Simplify permissions structure Provide owners reports about their data SUSTAIN: 5. Automation Automate authorization workflow via Data Owners Automate periodic entitlement reviews Automate disposition, quarantining, policy enforcement SUSTAIN: 6. Improve Regularly review risks, alerts and processes to ensure continuous improvement Risk Reduction Efficiency GainsOperationalizing Data Security
  • 30. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.30 Journey to safety
  • 31. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL. Thank You