Spotlighting Unstructured Data Access

Last month, I received a note from Cornell Professor Rebecca Slayton, by way of Steve Bellovin, asking about early secure Unix projects. I offered what information I could, and in the ensuing email thread, I enjoyed some wonderful reflections by pioneers such as Steve Lipner. But the whole discussion got me thinking about operating system security, and the significant trade-offs between application-level add-ons and kernel-level protections.

In a nutshell, application-level security is easier to install and integrate, but provides only local visibility – which is fine if the goal is application security. Kernel-level protections, in contrast, require more work to design into the operating system – often via software shims. But they provide deeper, more penetrating visibility, which makes them the preferred option for teams addressing broad questions that extend across a large swath of computing activity.

I was thinking about operating system design while chatting this week with David Gibson, who runs the marketing team for cyber security company Varonis. Industry veteran, Greg Stein, now with Varonis, recommended the chat, and I’m glad he did, because the company is focused on some amazing technology to protect unstructured data. And the techniques employed involve kernel-level software right out of the old secure Unix playbook.

“Our platform exposes where sensitive data is located and who is accessing it,” explained Gibson. “We detect unauthorized behaviors such as unexpected privilege abuse or escalation in file systems, enterprise email, and shared services like Active Directory. The resulting visibility is presented to IT and security teams via detailed reports and logs that help meet security and privacy compliance requirements.”

Many companies offer data visibility, so I pushed to understand the secret behind the Varonis approach. After all, this is a publicly-traded company with over two-hundred million dollars in sales. So, I figured something significant must be going on, and Gibson did not disappoint: “Our solution started in the kernel,” he explained. “This enabled the telemetry required to build an accurate map of data access and usage that is understandable and actionable. In fact, our most valuable intellectual property is centered on this notion of making the collected data practically usable.”

The Varonis platform consists of data mapping using hierarchies and permissions, and auditing (DatAdvantage), classification (DCE), as well as behavior-based threat detection and response (DatAlert). DatAlert analyzes transactional access usage from the underlying low-level software for just about every source of unstructured enterprise data. This includes AD, Windows, SharePoint, Exchange, Office 365, Linux, Dell EMC, HPE, DNS, proxy, VPN, and on and on. It’s a collective spotlight on data access across the enterprise.

“By capturing access information from data stores, we provide detailed guidance on how sensitive data is being used and how it should be classified,” Gibson said. “Sometimes the results of this visibility can be unsettling. For example, we’ve had customers run our software, only to find that hundreds of employees have unneeded access to sensitive data. Fixing this problem and locking down the data is an effective way to reduce cyber risk.”

In addition to the security use-cases, we all agreed that this sort of powerful, kernel-level visibility into file transactions enables many non-security objectives such as file system optimization and data center configuration management. I asked Gibson if IT managers were as excited with the capability as security teams: “Our platform certainly has advantages for both security and non-security objectives,” he replied.

Varonis is led by an experienced executive team under industry veteran Yaki Faitelson, who serves as the company’s CEO and Board Chairman. With 1,400 employees serving roughly 6,600 enterprise customers from the company’s New York Headquarters and Israeli research and development facility, Varonis appears poised to continue the significant YOY revenue growth they’ve reported the last few years.

As with all cyber security companies, growth is no easy lay-up, especially with so many new entrants in this crowded data protection segment. Migration to hybrid cloud introduces additional sales risk for vendors, simply because any change must be navigated to ensure continued success. But sensitive data access visibility will continue to be super-important in virtualized, distributed enterprise, so the Varonis platform should remain highly relevant.

If you care about whether your sensitive data protection policies are being met – or if you just want better visibility into the location and usage patterns for your data, then you’d be wise to give the team at Varonis a call. I suspect you’ll find – whether you are in security or IT – that their integrated approach to data access visibility will be an important part of your present and future strategy.

As always, share with us what you’ve learned.