Malware, Security Analytics, and Cybersecurity in 2019...Malware, Security Analytics, and...

VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.

Fighting a different battle than

conventional cybersecurity companies

3rd April / IP Expo Manchester

Malware, Security Analytics, and

Cybersecurity in 2019

Your data. Our mission.

VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.2

Category creator

6,350 customers globally (Sep 2018)

NASDAQ: VRNS

Built by world-class cybersecurity

experts (not through acquisitions)

About Varonis


Security Analytics Compliance &

ClassificationData Protection

Data Security Platform


The Modern State

of Insecurity

“Forensic investigators hired to assess the breach retraced the route of

the truck to determine whether they could locate the drives along this

route, but were unable to find any trace of them.”

Hacked: 2012Leaked: 2016





“

”Using SIEM for Targeted Attack Detection

Oliver Rochford & Kelly M. Kavanagh

Organizations are failing at early breach detection, with fewer than

20% of breaches detected internally.


34%

21%

had at least 1,000

sensitive files opened to

every employee

have over 100,000

sensitive folders opened

to every employee

of folders contain

stale data

Statistics from

over 130

organizations

41%

58%

76%

of folders are opened to

global group access

of user accounts are

enabled but inactive

of companies have over

1,000 stale, sensitive files74%

The state of unstructured data

The 2018 Global Data Risk Report captures findings of Data Risk Assessments performed on 130 organisations—a representative sample from many industry segments and sizes.

TheData Security

Money Pit

cyber

innovation

enablement

matrix

cyber


Billions spent on data security products, and yet…

62% have no idea where their most sensitive data resides.

do not audit all use of customer data and analyze it for abuse.

60% do not restrict data access using a least privilege model.

64%


Who’s watching the data?


“

”

When was the last time your million dollar SIEM told you about

an attack in progress?


3 Common Pitfalls


1. There are a lot of logs.


“Throw it all into the SIEM. We’ll make sense of it later!”


2. Even after the logs are

adequately parsed, they

lack context.


“

”Gartner, Summer of SIEM 2017 Coming…, Anton Chuvakin

During research, the majority of SIEM providers told Gartner that the mass of

their installed base (approximately 85%) is not using advanced threat detection or

analytics features today.


3. Can’t answer: “Is our data

safe?”


What if we start with the data?


Who is accessing, modifying, moving,

deleting files and emails?

Which data is exposed to too many people?

Who has access to files, folders, mailboxes?

Which files contain critical information?

Which data isn’t being used?

Who owns data and how do I get them

involved?

Am I alerted when data is lost, stolen, or

misused?

How “dark” is the data?

Windows Sharepoint

NAS

Exchange Unix/Linux

Office 365

Directory Services

Azure AD


Context about users, systems, and data – together

Permissions

Users & Groups

ContentClassification Access Activity

PerimeterTelemetry

METADATA COLLECTION

Proxy VPN DNS

Windows Sharepoint

NAS

Exchange Unix/Linux

Office 365

Directory Services

Azure AD


PermissionsUsers & Groups

ContentClassification

Access Activity

PerimeterTelemetry

Data Security Platform

COLLECTION AND

ANALYTICS

AUTOMATION

PERIMETER DEVICES

Windows Exchange

SharePoint

Office 365

NASUnix/Linux

Directory

Services

Remediation

Access Management

Migration

Alert Response

Disposition

ENTERPRISE DATA STORES AND INFRASTRUCTURE

USE CASES

Threat Detection

Data Classification

Access Governance

Risk Reduction

Regulatory Compliance

Commit changes back to data stores and directory services

VPNProxy DNS


Real World Example


Anatomy of the Modern

Breach


Infiltration & Privilege

Escalation


Here’s an attacker trying to guess user names and passwords, going low and slow to evade detection.

Eventually, the attacker guesses the right password, and we see a successful login after an unusual sequence of failures


We see the attacker start to map the network with DNS, looking for data stores


We see the compromised account access devices not associated with that account, and an unusual amount of devices being accessed


The attacker performs a pass-the-ticket attack


What’s the target?


34%

21%

had at least 1,000

sensitive files opened to

every employee

have over 100,000

sensitive folders opened

to every employee

of folders contain

stale data

Statistics from

over 130

organizations

41%

58%

76%

of folders are opened to

global group access

of user accounts are

enabled but inactive

of companies have over

1,000 stale, sensitive files74%

Remember me?

The 2018 Global Data Risk Report captures findings of Data Risk Assessments performed on 130 organisations—a representative sample from many industry segments and sizes.


He uses a service account to access sensitive data and other people’s mailboxes


Last, the attacker uploads the data or tunnels it out via DNS


Get a Free Data Risk Assessment

No obligation

Zero impact on your systems

Extremely actionable

Concrete steps to prioritize and fix

major security and compliance

risks

Getting started is as easy as

having a conversation


Thank You

Name

Position

Malware, Security Analytics, and Cybersecurity in 2019...Malware, Security Analytics, and...

Documents

Transcript of Malware, Security Analytics, and Cybersecurity in 2019...Malware, Security Analytics, and...