Varonis

Varonis DatAnywhere gives IT the ability to provide an alternative to cloud- based file sharing solutions that is secure, easy to use, and a fraction of the cost of shipping your data to the cloud.

You already have terabytes of enterprise-class storage to serve files. Your corporate infrastructure is managed and protected according to your corporate policies and fits your data governance workflow. DatAnywhere lets you instantly transform your corporate infrastructure into a secure cloud-like file synchronization platform.

DatAnywhere lets you :

•  Create a secure private cloud experience using your existing file sharing infrastructure
•  Keep the data on your file servers
• Keep your existing permissions (e.g., NTFS and Active Directory)
• Provide secure, enterprise-capable file synchronization and mobile device access
• Definitive copies are always stored on corporate storage
•  Control speed, availability, and security

How does DatAnywhere work?

Varonis DatAnywhere translates legacy LAN protocols (CIFS/SMB) into a secure, web-optimized protocol (HTTPS) via a dynamic, scalable data-routing infrastructure that facilitates https access and block-level syncing with remote devices. All DatAnywhere components reside within your corporate network and run on standard servers — DatAnywhere components can be installed on a single virtual node for small environments, or be distributed to scale to an enterprise with many file servers/NAS devices in many locations.

Varonis provides a complete metadata framework and integrated product suite for governing unstructured data on file servers, NAS devices and (semi-structured) SharePoint and Exchange servers.

Varonis benefits:

• Actionable intelligence about your data.
• Workflow that directly involves business users and data owners.
• Automation that reduces the burden on your organization's IT resources.

Varonis DatAdvantage, DataPrivilege, and the IDU Classification Framework provide organizations the ability to effectively manage business data through actionable intelligence, automation of complex IT tasks, and sophisticated workflow management.

• Varonis DatAdvantage for Windows
• Varonis DatAdvantage for UNIX/Linux
• Varonis DatAdvantage for SharePoint
• Varonis DatAdvantage for Exchange
• Varonis DatAdvantage for Directory Services
• Varonis DataPrivilege
• Varonis IDU Classification Framework
• Varonis DatAlert

Varonis DatAdvantage for Windows provides:

Visibility into permissions: 

• By combining user and group information taken directly from Active Directory, LDAP, NIS, or other directory services with a complete picture of the file system, DatAdvantage gives organizations a complete picture of their permissions structures. Both logical and physical permissions are displayed and organized highlighting and optionally aggregating NTFS and share permissions. Flag, tag and annotate your files and folders to track, analyze and report on users, groups and data. Varonis DatAdvantage also shows you every user and group that can access data as well as every folder that can be accessed by any user or group.

Complete Audit Trail:

• DatAdvantage monitors every touch of every file on the file system, normalizes, processes, and stores them in a normalized database so that they are quickly sortable and searchable. Detailed information for every file event is provided; all data can be reported on and provided to data owners. Data collection does not require native object success auditing on Windows.

Recommendations and Modeling:

• By combining the information on who can access the data, the audit trail detailing who is accessing the data, and sophisticated bi-directional cluster analysis, Varonis DatAdvantage provides actionable intelligence on where excess file permissions and group memberships can be safely removed without affecting normal business processes. DatAdvantage also provides the ability to model and simulate permissions changes in its sandbox so they can be tested without affecting the production environment.

Data Ownership Identification:

• Because there is an audit of every file access event, DatAdvantage can perform analysis of user activity to effectively identify business owners of data. Organizations are also able to upload lists of data owners to assign owners to large numbers of folders. Reports concerning data access, activity, changes to their folders and groups, and stale data can be provided automatically to data owners to involve them directly in the data governance process. As owners change, they may be cloned or replaced so that ongoing data ownership maintenance is simplified.

Varonis DatAdvantage for Sharepoint  provides:

Visibility into permissions: 

• By combining user and group information taken directly from Active Directory, DatAdvantage for SharePoint gives organizations a complete picture of the permissions structure of their SharePoint infrastructure. Varonis DatAdvantage shows you every user and group (including both SharePoint and Active Directory groups) that can access data. In addition, every SharePoint site that can be accessed by any user or group is displayed, along with the effective combined access for multiple permission levels.
• SharePoint sites are often exposed by end users to global access groups- e.g. authenticated users or everyone—often with the feared “add all authenticated users” button. Flag, tag and annotate your sites to better track, analyze and report on users, groups and data. DatAdvantage for SharePoint quickly identifies and helps remediate those sites with overpermissive access.

Complete Audit Trail:

• DatAdvantage monitors every touch of every file on the SharePoint site, and stores them in a normalized database that is sortable and searchable. Detailed information on every file event is provided, and all this data can be reported on and provided to data owners.

Recommendations and Modeling:

• By combining the information on who can access the data, the audit trail detailing who is accessing the data, and sophisticated bi-directional cluster analysis, Varonis DatAdvantage provides actionable intelligence on
  where excess SharePoint permissions and group memberships can be safely removed without affecting normal
  business process. DatAdvantage also provides the ability to model permission changes in its sandbox so changes can be simulated without affecting a production environment.

Data Ownership Identification:

• Because there is an audit of every file event, DatAdvantage can perform statistical analysis of user activity to effectively identify business owners of data. Reports concerning data access, activity, changes to their sites and groups, and stale data can be provided automatically to data owners to involve them directly in the data governance process. As owners change, they may be cloned or replaced so that ongoing data ownership maintenance is simplified.

Varonis DatAdvantage for Exchange provides:

Visibility into permissions: 

• By combining user and group information taken directly from Active Directory with a complete picture of the mailboxes, public folders, and distribution lists in the Exchange environment, DatAdvantage gives organizations a complete picture of their permissions structures. Varonis DatAdvantage shows you every user and group that can access data as well as every mailbox and public folder that can be accessed by any user or group, as well as the effective permissions, even when multiple permissions levels are applied.
• Exchange data is often exposed by end users to global access groups like the Everyone and Anonymous groups. DatAdvantage for Exchange quickly identifies and helps remediate those resources with over-permissive access. Flag, tag and annotate your folders and mailboxes to add your own metadata to better track, analyze and report on users, groups and data.

Complete Audit Trail:

• DatAdvantage monitors every email event and permissions change in the Exchange environment, normalizes, processes, and stores them in a database so that they are quickly sortable and searchable. Detailed information for every event is provided; all this data can be reported on and provided to data owners. Data collection is performed with minimal impact to the monitored servers. Email activity is automatically analyzed to look for anomalous activity, such as email worms, viruses, and spam.

Recommendations and Modeling:

• By combining the information on who can access the data, the audit trail detailing who is accessing the data, and sophisticated bi-directional cluster analysis, Varonis DatAdvantage provides actionable intelligence on where excess group memberships can be safely removed without affecting normal business processes. DatAdvantage also provides the ability to model and simulate permissions changes in its sandbox so they can be tested without affecting the production environment. Changes can then be committed to the Exchange environment, bypassing cumbersome impersonation requirements.

Data Ownership Identification:

• Because there is an audit of every file access event, DatAdvantage can perform analysis of user activity to effectively identify business owners of data. Reports concerning data access, activity, changes to their folders and groups, and stale data can be provided automatically to data owners to involve them directly in the data governance process. As owners change, they may be cloned or replaced so that ongoing data ownership maintenance is simplified. With Varonis DatAdvantage for Exchange, organizations achieve enterprise-wide data governance in a productive approach, through effective and efficient automated data controls. Varonis DatAdvantage ensures proper data use, proper permissions, and helps organizations meet legal, financial, intellectual property and data privacy requirements for Exchange.

Varonis DatAdvantage for Directory Services provides:

Visual Representation of your domain: 

• Active Directory hierarchies can get extremely complex even in small organizations. In large organizations, sometimes the MMC snap-in for AD doesn’t even load. DatAdvantage is built to display, filter, and analyze large, complex hierarchical structures, and extends those capabilities to Active Directory domains and Forests.

Complete Audit Trail:

• Right click on any OU, group, or AD object and jump to the log to view a complete audit trail of all changes and activity on that object over any time period. Correlate these events with file system activity and other changes.

Recommendations and Modeling:

• By combining the information on who can access the data, the audit trail detailing who is accessing the data, and sophisticated bi-directional cluster analysis, Varonis DatAdvantage for Windows, UNIX, Exchange, and SharePoint provide actionable intelligence on where excess group memberships can be safely removed without affecting normal business processes. DatAdvantage also provides the ability to model and simulate group changes in its sandbox so they can be tested without affecting the production environment.

Summary:

• With Varonis DatAdvantage for Directory Services, organizations achieve enterprise-wide governance of Active Directory, with complete mapping and visualization of the hierarchical structure, a complete audit trail of Active Directory changes and activity, and the ability to combine these metadata streams to simulate changes and identify excessive group membership.

Varonis DatAdvantage for UNIX/Linux provides:

Visibility :

• Complete bi-directional view into the permissions structure of UNIX servers, including both UNIX and POSIX ACLs on multiple UNIX and Linux servers.
• Displays data accessible to any user or group as well as users and groups with permissions to any folder.
• User and group information from directory services is linked directly with file and folder access control data.
• Identify folders that probably need a data owner or steward.

Complete Audit Trial :

• Usable audit trail of every file touch on monitored servers
• Detailed information on every file event in a normalized database that is searchable and sortable
• Data collection performed with minimal impact to the file server and without requiring native Unix auditing

Recommendations, Modeling, And Commit :

• Actionable intelligence on where excess file permissions and group memberships can be safely removed without affecting business process
•  Model permissions changes without affecting production environments

Data Ownership Identification And Involvement :

• Statistical analysis of user activity identifies business owners of data
• Automated and configurable reports involve data owners in the data governance process

Extensible Framework :

•  Data classification information available with IDU Classification Framework
• Windows, SharePoint, Exchange available with DatAdvantage for Windows,
• DatAdvantage for SharePoint, and DatAdvantage for Exchange

Varonis IDU Classification Framework provides:

The Varonis Metadata Framework: 

• The Intelligent Data Use (IDU) platform is at the core of the Varonis Data Governance Suite. It collects metadata about users (users and groups within the environment), permissions (who has the potential to access data), and activity (who is accessing data). The Varonis Metadata Framework non-intrusively collects this critical metadata, generates metadata where existing metadata is lacking (e.g. its file system filters and content inspection technologies), pre-processes it, normalizes it, analyzes it, stores it, and presents it to IT administrators in aninteractive, dynamic interface.

The Varonis IDU Classification Framework:

• The Varonis IDU Classification Framework extends the IDU Framework by incorporating content classification information produced by either the Varonis content classification engine or classification metadata from a third-party source, such as RSA DLP. Classification metadata indicates that the file likely contains keywords, phrases and patterns (i.e. regular expressions) that are of interest to the organization.

Actionable, Intelligent, Fast:

• Because the Varonis IDU Classification Framework is part of the larger Varonis Metadata Framework, it’s able to leverage its metadata layer to perform file classification more quickly and intelligently. The results can be inspected through the DatAdvantage interface (provided the user has adequate credentials). For example, with DatAdvantage access audit information, the IDU Classification Framework quickly classifies new and modified data to enable true incremental scanning. It also prioritizes scans based on permissions exposure, frequency of activity, and other metadata parameters that organizations can tune to their requirements. And, because DatAdvantage has identified the data owners, you can work with them to determine who specifically needs access to sensitive data based on actual usage, and DatAdvantage recommendations. The end result is actionable intelligence on where business critical data may be overexposed, and where access can be reduced without impacting business processes.

Extensible Architecture:

• The included classification engine provides a powerful and flexible method for classifying data using metadata, pattern-based content matching, and dictionary-based content matching with dynamic, autoupdating dictionaries. The Varonis IDU Classification Framework can also consume classification metadata from third-party classification products that have already been deployed, displaying files they’ve identified as sensitive alongside other Varonis metadata, enabling actionable data protection and management. Classification information can be imported into the Varonis IDU Classification Framework through csv files automatically on a scheduled basis.

Varonis DataPrivilege provides:

Automate Entitlement Reviews: 

• DataPrivilege automates the entitlement review process by providing reviews directly to data owners using intelligence generated by Varonis DatAdvantage. Data owners can review current access controls and approve or deny the recommendations made by DatAdvantage from a convenient web-based interface without any IT involvement. Reviews can be scheduled based on business policy to take place at different intervals based on the needs of the business. Users and groups outside of the data owner’s purview (e.g. administrative groups) may be hidden so that the reviews provide data owners with only actionable information.

Accountability and Continuous Audit:

• Because some data is extremely sensitive or may fall under strict regulations for handling, it is often necessary that data authorizations be reviewed and approved by third parties, such as legal or financial groups, compliance officers or executive staff. DataPrivilege authorization review makes it possible to establish additional sets of controls via tiers of data reviewers and authorizers, further ensuring accountability and transparency. Authorizations, entitlement reviews and other management reports provide evidence that policies are being properly adhered to.

Reduction In It Burden:

• By shifting responsibility for data entitlement management to the data business owners, IT is able to conserve resources. The result is nearly immediate return on investment to organizations deploying Varonis DataPrivilege. The cost savings are further augmented by gains in the speed and efficiency with which data access requests are fulfilled. Most importantly, organizations are able to establish an enterprise capable system of data governance by which the parties accountable for data use are directly involved in its governance. This ensures that access controls to data are accurate, timely and properly aligned with business policy. The net result is increased IT efficiency and effectiveness, and significant reduction in risk.

Configurable Interface:

• Administration of DataPrivilege is efficient and configuration is transparent. The entire DataPrivilege interface is configurable through the interface itself—everything from the look and feel of the web pages to thestructure, the content of the emails DataPrivilege sends, and advanced application permissions for different types of users.

Varonis survey, Red Alert: A Data Breach Report (www.varonis.com/research), 70% of companies reported that they find out about breaches through their customers and third parties instead of their own IT departments. Improve your ability to detect possible security breaches, misconfigurations, and other issues with Varonis DatAlert. Varonis DatAlert extends Varonis DatAdvantage products and the IDU Classification Framework with real time alerting based on file activity, Active Directory changes, permissions changes, and other events. Alert criteria and output are easily configurable so that the right people and systems can be notified about the right things, at the right times in the right ways.

Varonis DatAlert benefits:

Receive Immediate Notifications On: 

• Files accessed, modified, and/or deleted
• Group membership, group policy and other Active Directory changes
• Permissions changes

Get Alerts In The Ways You Want Them:

• syslog, Event Log, SNMP, Email
• Command line execution
• Easily integrate with SIEM and network management solutions

Use Cases:

• Monitor sensitive configuration files on Windows and UNIX/Linux servers
• Detect changes made outside of change control windows
• Alert on access to highly sensitive data
• Alert on privilege escalations

Varonis Data Transport Engine provides:

• Find data based on Metadata

• Move it or delete it automatically

• Automatically handles cross-platform and cross-domain moves

• Automatically implements simulations and recommendations if desired

With Varonis Data Transport Engine, IT needs only configure their migration criteria and intelligent automation will take care of all the scary details. Say goodbye to the weekend-shifts and all-nighters— just describe your ideal migration, simulate it to make sure it’s what you want, and automation will make it happen quickly, effectively and securely.

With a choice between manual processes and primitive utilities, migrating and archiving data has long been a time-consuming nightmare for IT. We have always been able to describe quite clearly what we want to happen during a migration, but ensuring that what we want to happen actually does happen has always required massive amounts of planning, testing, tweaking, verifying, and fingercrossing.

By harnessing file system, permissions, access activity, and content metadata across UNIX and Windows file shares, SharePoint, and Exchange Mailboxes and public folders, the Varonis Metadata Framework provides critical intelligence to make data migrations more efficient and more secure, such as which data is active or stale, which content may be sensitive or regulated, and which permissions may be excessive or broken.

Because DTE is built on top of the Varonis metadata framework, you can make sure that all data is managed and protected, where only the right people have access, all use is monitored, and abuse is flagged—before and after a move. You’ll know which users are happily using your new server or platform to collaborate with their data, and which ones haven’t read the memo.

With the Varonis Data Transport Engine, IT finally has an intelligent system that can be told what an ideal migration looks like, and it will take care of all the scary details for you. Say goodbye to the weekend shifts and all-nighters. Just describe your ideal migration, simulate it before committing, and automation will make it happen quickly and securely.