Varonis Objection Handling Flashcards
Why do other solutions fail to protect data?
They simply cannot provide outcomes like Varonis can
- Lack the ability to get their arms around data
- If they cant get their arms around data then they cant give complete understanding and solution to a problem
- They cant automate remediation and fix problems they cant see or dont find
They don’t have the 3 Cs / Can’t Scale to all data types
Complete
- Some solutions are just cloud, not on prem and cloud from one view
- Databases: Not unstructured, which is more complicated and obviously where the more sensitive data is
- Scanning: has to be comprehensive and current. not partial either. others provide only samples. they cant scale
Current
- Not real time
- scans take too long and are out of date
- everything down stream is late and incorrect
Context
- User and Group Information - who has access to what resources
- Permission Information - across file systems, data stores, and cloud environments
- Access Activity and Audit Data - monitors and collects data on every file touch across the monitored environment
Why do Classification Solutions fail?
their scanning takes too long and wont be real time because of their frequency
3 Cs
Complete
- We can and monitor all data
- Everywhere it resides on prem or in the cloud
- Unstructured or structured
Current
- Scans take too long
- We are real time - incremental and delta scans
- Competition only does period or massive scans - takes forever, not current, policies are don’t work
Context
- Complete audit trail over every file touch, modify, and delete
Why do DLP Solutions Fail?
Part 1 - their scanning of data at rest takes too long
Part 2 - DLP is victim to the policy enforced. Bad actor? What if someone has been granted access they shouldn’t have, and they’re compromised
Why do DSPMs fail?
- No cyber expertise
- No remediation
- Weak Visibility
Why is Varonis able to solve the data security problem?
- Complete real-time visibility
- We solve mission critical issue allowing for direct outcomes via automation
- Threat detection in real-time
3 Cs
Three reasons
The 3 Cs
- Complete – we scan and monitor all of your data – everywhere it resides, on prem, in cloud, structured, unstructured
- Current – we are doing this in real time & doing incremental and delta scans; everyone else pretty much does period, massive scans – takes forever, never current, policies don’t work
- Context – complete audit trail over every file touch, modify, add, delete
Focus on Outcomes
- Actually addressing and fixing the problems we find in an automated fashion
Threat Detection
- We detect threats in real time and stop them with our Managed Detection Response team
Why is our Visibility Better / What are the 3 Cs?
Complete and Current Context
- Full scans on data stores, zero blind spots
- No one else can scale like Varonis
- Map permissions and config data (allowing us to see all activity - unmatched context)
- Scans are always current
Complete and Current Conntext
3 Cs
- Complete: we go out and look for sensitive data and label it everywhere (no one else can)
- Current: Our scans are in real time delta scans, we scan for changes, everyone else does slow scans - this undermines the ability to see and act now
- Context: not just total context of the data type, but c omplete audit trail of every file touch, create, add, modify, move, or delete
Why are we able to remediate / fix problems with automation
What are 5 examples of Remediation via Automation?
Context
- Because of the complete context we provide about data it allows us to go out and remediate open access via automation.
- That context into the data gives the peace of mind that problems are solved and data is safe
Are you confident in that data protection?
Automation Examples
1. Eliminate Open Access to sensitive data - via automation (VA OIG finding)
2. Global Access Remediation - revoke board permissions to Everyone or Domain User Groups
3. Broken ACL Repair (Access Control List) - Uncheck opens risk to unauthorizeed access
4. Shared Link Remediation - Teams (NIH needs this)
5. Automated Policy Enforcements - Customizable based on context from your environment on all your data types on prem or in the cloud
6. Automate data movement, revoke stale data access
Why are we able to Alert and Respond?
Provide 5 examples vs competition (the bitches)
Proactive Detection and MDDR
We see events everywhere - Bank Analogy
- Complete and Current Context
Alerts on Access to Sensitive Data
- 3 Cs will give you full visibilty into every unauthorized access to sensitive data
Excessive Access to sensitive data
- The VA
Identify service accounts authentication to privilged devices
- Solarwinds
Insider Threat Alerts
- Detect data exfiltration - OIG Finding
- Detect downloads of data from cloud
Custom Alerts
Explain the Banking Analogy
Fraud Incident on your credit card
Bank had visibility into abnormal behavior
Data perspective
- Who is accessing, using, moving, or deleting data?
- No other data solutions provide this
- Resulting in the inability to alert and protect the data
- Internal misuse or exfil.. if you don’t have our capability you cant protect your data
- no other competitor can do this… OOORAH DRILL SARGENT
Why do Labeling Projects Fail?
What is Labeling
They fail because they only think about DLP aspect of the labeling program
Critical to get labeling right
- it has to be accurate and timely or DLP efforts won’t provide value
Rely on manual user labeling
- we know this doesn’t work
- not complete, inaccurate, and mistakes
- missing and misapplied labels all over the environment
They cannot automatically label like Varonis
Varonis automatically applies labels based on classification scans, automatically fixes misapplied labels based on the content of the file. We then automatically apply the mising label based on our real time scanning.
- Integration with MSFT
What Does Purview Do?
How does Varonis help?
Purview is MSFT Data Governance Platform
Goal is to classify and label data while preventing sensitive data from being shared
It can label data but its too cumbersome
- cant enable blocking
- abandon on-prem scanning
- classification is not great - leads to labeling issue. downstream problem are then caused because policies are
- paint that picture
Reality via Varonis
w/ Varonis
- Auto label data on prem and in the cloud
- Better together
- Outcomes are realistic and on time with both
Varonis plugs all holes created by Purview
- Complete accurate and up to date classification /labeling data environment that can truly enforce your policies against.
- we solve this with a unified, clear, and uncluttered user experience
- 90% of data is on-prem at the VA
Purview Objection
Purview is Enough
Let us Show You
RA
- They will see how cumbersome Purview is
- We will provide in a few days what purview cant and show the plan to success
- Outcomes
- Remediation and Automation purview cant provide
- Alerting (banking analogy)
- Not just front end
- We don’t compete on the front end
- Automated least privilege, and real-time detection
Varonis and Co-Pilot
It is an Insider Threat on Steroids
CoPilot is MSFT AI productivity aide
- it can help write an email, create a presentation, and summarize spreadsheets
- However, the insider threat issue that is created by Co-Pilot is HUGE. By leveraging existing rights to access and gather data the dangers created affect all facites of business
Access
Ignorance as a security control
Co-Pilot knows what I have access to and uses it
- Accidently pull up notes from a meeting
- People didn’t know what they had access, but now through prompting they will have access to anything anywhere on the corporate network, intentionally or not
- No distinguishing between sensitive or not - only knows what you have access to
- Least Privilege
- Court Records
- Prescription Drug Information
Microsoft Partnership
- Automated least privilege can only be done with Varonis
Varonis helps regardless of where an environment is in rolling out CoPilot
- By mapping permissions to data access and monitoring and alerting on behavior Varonis puts your organization in a least privileged model
What is a DSPM?
Where do we fit?
Data Security Posture Management
- where sensitive data is - our ability to provide complete coverage
- who has access to that data and how its been used
- security posture of the data store and applications
Visibility / Security Posture of Data / Security Controls for Risk
We are the only true vendor to hit the mark
- Current and Complete Context
- Other solutions only identify the problem - they scan, classify, and look for sensitive data - but they fall short
- Scans are only samples and predictive, not complete
- Rarely have real level of context and (most critical) they don’t see the EVENTS - so they are not current.
- They may identify sensitive data but they do not do the next thing - identify who has access to that data, cant see how the data is used. They may provide file attributes like last modified but they are not seeing all transactions - bank analogy
- We take the next step toward outcomes based on the 3 Cs
- Bank analogy
- Alerting
- #1 on Gartner
What does BigID do?
How do they fail?
We have BigID or this solution
- all they provide is sending a ticket to service now
- huge difference in the outcome provided
- we deliver an outcome not a ticket
The product does not work
- Scans take forever
- Its only sampling, its not a feature
- Zero Context
- They do not fix anything, they just create the ticket
- They gravitate toward coverage, specifically databases
- they aren’t architected like us
Outcomes
- they identify all the problems but cant fix them
- we do
- they do not alert
- they create a lot of work and manual effort
- manual costs
