VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.
Fighting a different battle than
conventional cybersecurity companies
3rd April / IP Expo Manchester
Malware, Security Analytics, and
Cybersecurity in 2019
Your data. Our mission.
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.2
Category creator
6,350 customers globally (Sep 2018)
NASDAQ: VRNS
Built by world-class cybersecurity
experts (not through acquisitions)
About Varonis
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.3
Security Analytics Compliance &
ClassificationData Protection
Data Security Platform
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.
The Modern State
of Insecurity
“Forensic investigators hired to assess the breach retraced the route of
the truck to determine whether they could locate the drives along this
route, but were unable to find any trace of them.”
Hacked: 2012Leaked: 2016
Hacked: 2012Leaked: 2016
Hacked: 2014Leaked: 2017
Hacked: 2013Leaked: 2017
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.10
“
”Using SIEM for Targeted Attack Detection
Oliver Rochford & Kelly M. Kavanagh
Organizations are failing at early breach detection, with fewer than
20% of breaches detected internally.
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.11
34%
21%
had at least 1,000
sensitive files opened to
every employee
have over 100,000
sensitive folders opened
to every employee
of folders contain
stale data
Statistics from
over 130
organizations
41%
58%
76%
of folders are opened to
global group access
of user accounts are
enabled but inactive
of companies have over
1,000 stale, sensitive files74%
The state of unstructured data
The 2018 Global Data Risk Report captures findings of Data Risk Assessments performed on 130 organisations—a representative sample from many industry segments and sizes.
TheData Security
Money Pit
cyber
innovation
enablement
matrix
cyber
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.15
Billions spent on data security products, and yet…
62% have no idea where their most sensitive data resides.
do not audit all use of customer data and analyze it for abuse.
60% do not restrict data access using a least privilege model.
64%
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.
Who’s watching the data?
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.17
“
”
When was the last time your million dollar SIEM told you about
an attack in progress?
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.
3 Common Pitfalls
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.19
1. There are a lot of logs.
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.20
“Throw it all into the SIEM. We’ll make sense of it later!”
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.21
2. Even after the logs are
adequately parsed, they
lack context.
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.22
“
”Gartner, Summer of SIEM 2017 Coming…, Anton Chuvakin
During research, the majority of SIEM providers told Gartner that the mass of
their installed base (approximately 85%) is not using advanced threat detection or
analytics features today.
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.23
3. Can’t answer: “Is our data
safe?”
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.
What if we start with the data?
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.25
Who is accessing, modifying, moving,
deleting files and emails?
Which data is exposed to too many people?
Who has access to files, folders, mailboxes?
Which files contain critical information?
Which data isn’t being used?
Who owns data and how do I get them
involved?
Am I alerted when data is lost, stolen, or
misused?
How “dark” is the data?
Windows Sharepoint
NAS
Exchange Unix/Linux
Office 365
Directory Services
Azure AD
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.26
Context about users, systems, and data – together
Permissions
Users & Groups
ContentClassification Access Activity
PerimeterTelemetry
METADATA COLLECTION
Proxy VPN DNS
Windows Sharepoint
NAS
Exchange Unix/Linux
Office 365
Directory Services
Azure AD
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.27
PermissionsUsers & Groups
ContentClassification
Access Activity
PerimeterTelemetry
Data Security Platform
COLLECTION AND
ANALYTICS
AUTOMATION
PERIMETER DEVICES
Windows Exchange
SharePoint
Office 365
NASUnix/Linux
Directory
Services
Remediation
Access Management
Migration
Alert Response
Disposition
ENTERPRISE DATA STORES AND INFRASTRUCTURE
USE CASES
Threat Detection
Data Classification
Access Governance
Risk Reduction
Regulatory Compliance
Commit changes back to data stores and directory services
VPNProxy DNS
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.28
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.29
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.30
Real World Example
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.31
Anatomy of the Modern
Breach
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.32
Infiltration & Privilege
Escalation
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.33
Here’s an attacker trying to guess user names and passwords, going low and slow to evade detection.
Eventually, the attacker guesses the right password, and we see a successful login after an unusual sequence of failures
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.34
We see the attacker start to map the network with DNS, looking for data stores
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.35
We see the compromised account access devices not associated with that account, and an unusual amount of devices being accessed
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.36
The attacker performs a pass-the-ticket attack
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.
What’s the target?
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.38
34%
21%
had at least 1,000
sensitive files opened to
every employee
have over 100,000
sensitive folders opened
to every employee
of folders contain
stale data
Statistics from
over 130
organizations
41%
58%
76%
of folders are opened to
global group access
of user accounts are
enabled but inactive
of companies have over
1,000 stale, sensitive files74%
Remember me?
The 2018 Global Data Risk Report captures findings of Data Risk Assessments performed on 130 organisations—a representative sample from many industry segments and sizes.
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.39
He uses a service account to access sensitive data and other people’s mailboxes
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.40
Last, the attacker uploads the data or tunnels it out via DNS
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.42
Get a Free Data Risk Assessment
No obligation
Zero impact on your systems
Extremely actionable
Concrete steps to prioritize and fix
major security and compliance
risks
Getting started is as easy as
having a conversation
VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.
Thank You
Name
Position