Tuesday, February 28, 2012

Varonis's new DatAdvantage for Directory Services

The job of securing information continues to get harder. The technology that we are managing is becoming more complicated, the threat vectors are increasing through new channel such as mobile devices, and the adversaries are getting more sophisticated.

One of the most difficult areas to protect is the unstructured data on file servers. I like to use the analogy of bank vaults to describe the file server world. We buy these very expensive bank vaults to store all of our confidential data and we deploy safe deposit boxes (think folders) to allow users to organize and protect that data. The Active Directory groups and passwords are the keys we hand to users to give them access to the safe deposit boxes.

However, with the current technology from the storage vendors the analogy breaks down. Here are some of the challenges:

  • We have no log of who goes in and out of the bank vault or safe deposit boxes.

  • If someone adds an additional keyhole to a safe deposit box, we rarely know who else is holding keys that will let them in.

  • We have no idea how big the boxes are and what is stored in inside of them.

  • Companies continue to buy new vaults because there is no easy way to manage the data in the existing vaults.

  • And every once in a while, IT people take a door off the safe deposit box to give someone access and because the vault is in the dark, we have no idea that this has taken place.

The Varonis DatAdvantage solution gives us the visibility into who access to the safe deposit boxes, audits what they do with the data stored in them, and provides the tools to increase the security of the vault.

What Varonis is bringing to the table with its new DatAdvantage for Directory Services product is the ability to monitor the people who build and assign the keys to the boxes in the bank vaults. When a new key holder (a user) is created we know that. When a user is assigned keys we have a record of who gave them to him. Varonis has provided the IT professional with a comprehensive set of tools to protect and manage their organization’s unstructured data.