Three Ways Varonis Can Help You Combat Insider Threats

Insider Threats

What do basketball teams, government agencies, and car manufacturers have in common?

Each has been breached, had confidential, proprietary, or private information stolen and disclosed to insiders. In each case, the motivations and methods are different, but the risk remains the same: insiders have access to too much data with too little control.

Insider threats continues to prove difficult for organizations to fight because – unlike an outsider – insiders can navigate sensitive data unnoticed and often without suspicion.

Cybersecurity is not the first industry to face insider threats, however. Espionage has a long history of dealing with and defending against insiders by using the “CIA Triad” principles of confidentiality, integrity, and availability.

Varonis’ modern cybersecurity answer to insider risk is the data security triad of “sensitivity, access, and activity.” Using these three dimensions of data security, you can help reduce the risk and impact of an insider attack.

  • Sensitivity: By understanding where your sensitive data resides, you can put controls around it to prevent unauthorized access or exfiltration. Automatic classification and labeling allows you to inventory sensitive data, classify it, and apply appropriate controls to protect it. Sensitivity dictates who, what, and how things can be accessed and what activities are allowed.
  • Access: Excessive access is the root of the insider threat. Today’s businesses are built on collaboration and sharing, and often productivity and data availability trump security. Knowing exactly who can access data and limiting that access in a way that doesn’t impact productivity is key to mitigating risk.
  • Activities: Organizations must see what actions are being taken with data, detect and respond to unusual behavior, and securely eliminate excessive access without impacting business continuity.

By combining these three pillars of the data security triad, you can effectively reduce the risk and impact of an insider attack.

Let’s look at the dimensions in more detail and see how Varonis helps with each one.

Sensitivity — detection, classification, and control

Insiders often have access to corporate data, but not all data is equally sensitive or valuable. Controlling insider risk starts by understanding what data is sensitive or regulated and what data needs additional controls.

Varonis’ built-in policies automatically discover personally identifiable information (PII), payment card information (PCI), protected health information (PHI), secrets, and more in cloud apps and infrastructure, on-prem file shares, and hybrid NAS devices. By providing an extensive preconfigured rule library and easily customizable rules, Varonis helps organizations quickly uncover sensitive or regulated data, intellectual property, or other organization-specific data. .

To apply additional controls such as encryption, Varonis can label files. Using our classification results, we can find and fix files that are misclassified by end users or not labeled at all. Proper data labeling makes it difficult for insiders to exfiltrate sensitive data.

Use Varonis’ classification results to find and repair files that end users have misclassified or mislabeled. Easily enforce data protection policies, such as encryption, with labels.

Varonis not only finds where you have sensitive data but also shows you where sensitive data is concentrated and exposed so you can prioritize where to focus to reduce data exposure.

Access – normalization, least privilege automation, and stale data

The second pillar of the data security triad for controlling insider risk is access. Control access to data and you control the risk of an insider. At Varonis, we call this reduced blast radius.

This can be difficult when in a day, an average employee has access to more than 17 million files and folders, while a typical company has 40+ million unique authorization SaaS applications. How fast data is created and shared and the value of different permission structures varies between apps, it will take years for admins to understand and correct privileges.

Beyond the permissions, SaaS apps have countless configurations that, if configured incorrectly, can open data not only to many internal employees, but also to external users or even personal accounts.

The average organization has tens of millions of unique permissions that expose critical data to multiple people, across the organization, or even across the internet.

Varonis gives you a real-time view of your data security posture by integrating file sensitivity, access, and activity. From shared links to nested permissions groups, misconfiguration management, and stale data, we calculate effective permissions and prioritize remediation based on risk.

To effectively limit the insider threat, organizations must not only identify the risk, but also remediate it.

Varonis has ready-made remediation policies that you can personalize for your organization. You define the guardrails and our automation does the rest.

Varonis makes intelligent decisions about who needs data access and who doesn’t and can eliminate unnecessary access with least-privilege automation. Since we know who is accessing the data, we can remove unused access, which further reduces the blast radius of an insider attack without human intervention and without business destruction.

Varonis can also fix misconfigurations to prevent data from being inadvertently exposed.

Data activity is a key component in determining remediation changes to safely proactively limit a person’s impact. Activity data also helps catch suspicious activity in real time.

Activity – audits, UEBA, and automated response

One of the most dangerous things about insiders is that they often don’t sound the alarm. They don’t “enter” your system like an external actor would. Instead, they can quietly walk around, see what they can use – like in the case of airman Jack Teixeirawho had access to confidential military documents and allegedly shared images of those documents in a Discord thread.

Organizations need to monitor how data is accessed and shared – especially in the case of insiders – so they can detect and stop threats before damage is done.

Varonis looks at every important data action — every read, write, create, and share — and creates behavioral baselines for what is normal activity for each user or device. Our UEBA alerts detect data threats, such as a user accessing atypical sensitive files or sending large amounts of data to a personal email account, and prevent malicious actors in real time with automated responses.

Monitor data activity and identify threats in real time. Our threat models continuously learn and adapt to customers’ environments, detecting and stopping abnormal activity before data is compromised.

Our enriched, normalized record of every file, folder, and email activity in your cloud and on-prem environments means you can immediately investigate a security incident with a detailed forensics log and show what really happened.

You can also ask for help from our complimentary incident response team — a team of security architects and forensics experts available to customers and test users — to help investigate threats.

The Varonis IR team has thwarted countless insider and external APTs threats.

In conclusion

Varonis’ data-centric approach to security offers organizations an unparalleled way to proactively identify and limit the impact of insider threats.

With the data security triad of “sensitivity, access, and activity,” Varonis can limit data exposure and detect threats that other solutions miss.

  • Sensitivity: Varonis helps organizations quickly discover intellectual property or other organization-specific data, allowing your organization to implement data protection policies such as encryption, download control, and others.
  • Access: Varonis gives you a real-time view of your privileges and data security posture in cloud apps and infrastructure. Least-privileged automation continuously reduces your blast radius without human intervention and without disrupting the business.
  • Activities: Varonis creates a normalized record of every file, folder, and email activity in your cloud and on-prem environment. Our team of cybersecurity experts watches your data for threats, investigates alerts, and only shows real incidents that need your attention.

By combining these three pillars of the data security triad, you can effectively reduce the risk and respond to an insider attack.

What should you do now?

Below are two ways we can help you begin your journey to reduce your company’s data risk:

  1. Schedule a demo session with uswhere we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
Note: This article originally appeared on the Varonis blog.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment