Saturday, June 12, 2021

Varonis Commit Engine Tip

If you schedule changes to be applied by the Varonis Commit Engine, you should schedule them to take place outside of the time window that the FileWalk runs for that server.  If you rare making changes while the FileWalk is running you can end up with inconsistent permissions being displayed in the work area the next day, even though there is nothing wrong with the permissions.

If you want documentation on the Commit Engine you can go to your Varonis support login to get the documentation.

Thursday, June 3, 2021

Time Saving Tip for adding flags in Varonis DatAdvantage

 

In Varonis DatAdvantage, I make a lot of use of flags.  I use them to mark folders that are “allowed” to contain sensitive data, mark folders that should be excluded from data classification rules to reduce false positive, and I use them to organize unique sets of data.  For example, I was working on a project to review the permissions on about 50 related to a SOX audit.  So I was marking all of the folders that were in scope for the audit.  In addition, most of these directories needed security groups that were folder-specific added to the Access Control Lists.  I decided to use flags to track and report on my work.  In many cases I had to add two or more flags to each folder.  If you had to add them one at a time, you would have to click your way through 3 or 4 menus multiple times. 

Instead, if you click on the Move Button, you can select more than one flag at once.  Over the course of 50 folders, you save yourself time and over 100 clicks.

  

Secure On! 


 

 

Tuesday, May 7, 2019

Why Humans Matter


Security vendors are in the business of making money and they want to be compensated based on the value that they provide.  They face challenges in calculating that value.  Should they charge based on volume of data processed?  How about the number of security analysts that use the product?  There is no simple answer to this question, and you see this in the back and forth in licensing models over time within a single organization.



One approach that software vendors use is the number of accounts that are in Active Directory.  Larger organizations should pay more, and they will typically have more accounts.  However, if vendors try this approach, they discourage best practices.



Within the system administrators in your organization, they will typically each have between two and four accounts.  They have their regular user account.  Then they will have an administrative account.  Some organizations separate the accounts so that they have one account to manage Active Directory (their Domain Admin account), one account to administer file servers and applications, and one to manage workstations.  This is would be following a Tier Model of administrative access that is recommended by Microsoft in MitigatingPass-the-Hash (PtH) Attacks and Other Credential Theft, Version 1 and 2.



If a security vendor wants to practice what it preaches, then it cannot penalize companies for improving their security.  If a customer moves to the Tier Model for Administrator access and add tens of new accounts, they should be penalized by being charged more money.



Vendors, please forget accounts and count the humans in the organization in calculating a fair price for your solution.