Varonis DatAdvantage

The Challenges

Across the various platforms there are a number of critical challenges IT administrators are faced with every day.

Microsoft Windows file servers, including NAS devices like EMC Celerra and NetApp filers, Microsoft Exchange installations, SharePoint Sites and UNIX and Linux file servers all present significant data management and protection challenges. Some of the common challenges include:

  • Permissions: Determining who has access to a folder, which folders a user or group has access to, and identifying excess, unneeded permissions.
  • Access Auditing: IT can’t answer pressing questions like, “Who accessed or deleted my data?”
  • Data Ownership: IT can’t reliably identify business owners of shares and folders.
  • Operational: Manual permissions and group changes are unreliable.
  • High Risk: Stale, excess permissions are rarely revoked. The “Everyone” group is out there—a problem that is hard to find and fix. Critical files and folders are exposed.

There are also significant challenges associated with Directory Services. Directory Services are critical—every user authenticates to Active Directory or LDAP, and nearly every ACL, Mailbox, and SharePoint site and more and more applications refers to users and groups in these directories for authentication, access control, and storage of critical attributes. As critical as directory services are, changes and other activities are often difficult to audit and analyze.

The Varonis Solution

Part of the Varonis Data Governance Suite, Varonis DatAdvantage is the ideal solution to solve these challenges. Included in the range is:

  • DatAdvantage for Windows
  • DatAdvantage for SharePoint
  • DatAdvantage for UNIX/Linux
  • DatAdvantage for Exchange
  • DatAdvantage for Directory Services

Varonis DatAdvantage  for Windows, Sharepoint, and UNIX and Linux all address the challenges by aggregating Active Directory user and group details, ACL information and all data access events—without requiring native OS auditing—to build a complete picture of who can and who is accessing data, and who should have their access revoked. It also leads IT to rightful data owners, so the right people can ensure appropriate access and usage. With the Varonis Data Classification framework, IT can immediately identify folders with excessive permissions that contain quantities of sensitive data.

Varonis DatAdvantage for Exchange addresses the challenges by aggregating Active Directory user and group details, mailbox and public folder permissions, and Exchange event information to build a complete picture of who can and who is accessing email and other Exchange data, and who should have their access revoked. It also leads IT to rightful data owners, so the right people can ensure appropriate access and usage.

Varonis DatAdvantage for Directory Services uses The Varonis Metadata Framework to address these challenges by providing a complete representation of the domain hierarchy in the familiar DatAdvantage interface, right alongside other monitored infrastructure components, like Windows Servers, NAS devices, SharePoint sites, and Exchange mailboxes and public folders,* as well as an audit trail of all Active Directory activity, including changes to OU’s groups, group policy, and logon/logoff events.

Key Features and Benefits

DatAdvantage for Windows

  • Complete, bi-directional view into the permissions structure of unstructured and semi-structured file systems
  • Complete Audit Trail
  • Recommendations and Modeling
  • Data Ownership Identification
  • Extensible Framework
  • See who has permissions to shared folders – both NTFS and share permissions are displayed, organized, and aggregated
  • See which data a user or group can access
  • Audit and report on every file touch
  • See who should and should not have access, and simulate changes without affecting production environments
  • Identify data owners and involve them in management and protection through automation
  • Quickly and accurately identify files that contain sensitive information with the Varonis IDU Classification Framework
  • Accommodate new platforms and metadata streams

DatAdvantage for SharePoint

  • Complete, bi-directional view into the permissions structure of unstructured and semi-structured file systems
  • Complete Audit Trail
  • Recommendations and Modeling
  • Data Ownership Identification
  • Extensible Framework
  • See who has permissions to shared folders
  • See which data a user or group can access
  • Audit and report on every file touch
  • See who should and should not have access, and simulate changes without affecting production environments
  • Identify data owners and involve them in management and protection through automation
  • Identify files that contain sensitive information with the Varonis Data Classification Framework
  • Accommodate new platforms and metadata streams
  • Quickly and accurately identify files that contain sensitive information with the Varonis IDU Classification Framework

DatAdvantage for UNIX /Linux

  • Complete, bi-directional view into the permissions structure of unstructured and semi-structured file systems
  • Complete Audit Trail
  • Recommendations and Modeling
  • Data Ownership Identification
  • Extensible Framework
  • See who has permissions to shared folders
  • See which data a user or group can access
  • Audit and report on every file touch
  • See who should and should not have access, and simulate changes without affecting production environments
  • Identify data owners and involve them in management and protection through automation
  • Quickly and accurately identify files that contain sensitive information with the Varonis IDU Classification Framework
  • Accommodate new platforms and metadata streams

DatAdvantage for Exchange

  • Complete, bi-directional view into the permissions of Exchange
  • Complete Audit Trail
  • Recommendations and Modeling
  • Data Ownership Identification
  • Extensible Framework
  • See who has permissions to mailboxes and shared folders
  • See which data a user or group can access
  • Audit and report on every email touch
  • See who should and should not have access, and simulate changes without affecting production environments
  • Identify data owners and involve them in management and protection through automation
  • Accommodate new platforms and metadata streams
  • Manage exchange distribution groups with DataPrivilege

DatAdvantage for Directory Services

  • A visual representation of the entire forest/domain hierarchy
  • Recommendations on unused group memberships*
  • What-if/change modeling capabilities for groups and ACL’s
  • View domains, OU’s, computers, and groups and other domain objects in the DatAdvantage GUI
  • Track who made changes in Active Directory, and when
  • Model changes without affecting production environments
  • Identify data owners and involve them in management and protection through automation
  • Quickly and accurately identify files that contain sensitive information with the Varonis IDU Classification Framework
  • Accommodate new platforms and metadata streams