What You Get With a Varonis Data Risk Assessment
Author: Charlotte Fletcher
Release Date: 15/06/2021
All the best things in life are free: a spritz of perfume or aftershave in duty free, those delicious tasters at a food festival and a Varonis Data Risk Assessment.
With a staggering increase in cyber crime recently, it’s important to be aware of how our environments would fare if targeted by an attacker. We need to understand where to focus our efforts on remediating those weak points and vulnerabilities. The Varonis Data Risk Assessment has the ability to highlight this to you.
Every organisation will hold regulated, sensitive data so it’s imperative to ascertain, of that data, what is at risk. Risks will inevitably always exist, but let’s look at how to best lower them.
We start by classifying data; looking at what data is in an environment that is sensitive and why is it sensitive? Understanding this goes a long way to knowing what data you need to be protecting. How does Varonis classify data? A file parser, combined with a string analysis system, allows the data classification engine to read the contents of several different types of files. The string analysis system will then match the data to defined search criteria.
Of that sensitive data, the assessment will be able to highlight how much of that is configured to have open access. Through completing these assessments, Varonis has found that on average 20% of files and folders across an organisation are configured this way. If an attacker is able to establish a presence, this is what they are going to have access to without the need to escalate their privileges. This is your attack surface.
The assessment will also be looking at vulnerabilities within your active directory and what exposures lie in there.
So what will we get from the assessment? User accounts without a password requirement. Don’t we just love the users who make it from Password1 all the way up to Password48.
Admin accounts with Service Principal Names. Attackers can request tickets or accounts with SPN. Tickets encrypted with RC4 are highly susceptible to password cracking. If those passwords are weak, then a password spraying attack is going to be highly successful.
O365 risks will also be assessed, looking at the risks within your suite; SharePoint Online, OneDrive and Teams.
With the recent changes to working practices, it has become apparent that these platforms assist many organisations well in working collaboratively. A downside to this is the visibility within O365 over what has been shared across these platforms and who has access to sensitive data is blurred.
Varonis can provide a single pane of glass view into exactly what has been shared, with who and whether it’s been accessed. The assessment will look at how many links have been shared publicly, how many shared links have been accessed, as well as sensitive data accessible to ‘anyone’.
As the assessment is run over a 30 day period, Varonis will be able to learn the behaviour of your users, accounts and devices, detect threats and alert on these allowing you to respond on these. Threat models triggered, suspicious activity at the perimeter and user activity are all amongst findings in this section of the report. These are all the types of alerts we want to be investigating and ultimately automating responses for. Examples of threat models include: access to atypical files containing sensitive data, password spraying attack and permissions added or changed on an admin account.
I like to think of the Data Risk Assessment as a demonstration of Varonis on your own data. This is a great way for you to understand exactly how Varonis can work in your environment and provide you with an enhanced security posture.