Varonis Objection Handling Flashcards
Why do other solutions fail to protect data?
They simply cannot provide outcomes like Varonis can
- Lack the ability to get their arms around data
- If they cant get their arms around data then they cant give complete understanding and solution to a problem
- They cant automate remediation and fix problems they cant see or dont find
They don’t have the 3 Cs / Can’t Scale to all data types
Complete
- Some solutions are just cloud, not on prem and cloud from one view
- Databases: Not unstructured, which is more complicated and obviously where the more sensitive data is
- Scanning: has to be comprehensive and current. not partial either. others provide only samples. they cant scale
Current
- Not real time
- scans take too long and are out of date
- everything down stream is late and incorrect
Context
- User and Group Information - who has access to what resources
- Permission Information - across file systems, data stores, and cloud environments
- Access Activity and Audit Data - monitors and collects data on every file touch across the monitored environment
Why do Classification Solutions fail?
their scanning takes too long and wont be real time because of their frequency
3 Cs
Complete
- We can and monitor all data
- Everywhere it resides on prem or in the cloud
- Unstructured or structured
Current
- Scans take too long
- We are real time - incremental and delta scans
- Competition only does period or massive scans - takes forever, not current, policies are don’t work
Context
- Complete audit trail over every file touch, modify, and delete
Why do DLP Solutions Fail?
Part 1 - their scanning of data at rest takes too long
Part 2 - DLP is victim to the policy enforced. Bad actor? What if someone has been granted access they shouldn’t have, and they’re compromised
Why do DSPMs fail?
- No cyber expertise
- No remediation
- Weak Visibility
Why is Varonis able to solve the data security problem?
- Complete real-time visibility
- We solve mission critical issue allowing for direct outcomes via automation
- Threat detection in real-time
3 Cs
Three reasons
The 3 Cs
- Complete – we scan and monitor all of your data – everywhere it resides, on prem, in cloud, structured, unstructured
- Current – we are doing this in real time & doing incremental and delta scans; everyone else pretty much does period, massive scans – takes forever, never current, policies don’t work
- Context – complete audit trail over every file touch, modify, add, delete
Focus on Outcomes
- Actually addressing and fixing the problems we find in an automated fashion
Threat Detection
- We detect threats in real time and stop them with our Managed Detection Response team
Why is our Visibility Better / What are the 3 Cs?
Complete and Current Context
- Full scans on data stores, zero blind spots
- No one else can scale like Varonis
- Map permissions and config data (allowing us to see all activity - unmatched context)
- Scans are always current
Complete and Current Conntext
3 Cs
- Complete: we go out and look for sensitive data and label it everywhere (no one else can)
- Current: Our scans are in real time delta scans, we scan for changes, everyone else does slow scans - this undermines the ability to see and act now
- Context: not just total context of the data type, but c omplete audit trail of every file touch, create, add, modify, move, or delete
Why are we able to remediate / fix problems with automation
What are 5 examples of Remediation via Automation?
Context
- Because of the complete context we provide about data it allows us to go out and remediate open access via automation.
- That context into the data gives the peace of mind that problems are solved and data is safe
Are you confident in that data protection?
Automation Examples
1. Eliminate Open Access to sensitive data - via automation (VA OIG finding)
2. Global Access Remediation - revoke board permissions to Everyone or Domain User Groups
3. Broken ACL Repair (Access Control List) - Uncheck opens risk to unauthorizeed access
4. Shared Link Remediation - Teams (NIH needs this)
5. Automated Policy Enforcements - Customizable based on context from your environment on all your data types on prem or in the cloud
6. Automate data movement, revoke stale data access
Why are we able to Alert and Respond?
Provide 5 examples vs competition (the bitches)
Proactive Detection and MDDR
We see events everywhere - Bank Analogy
- Complete and Current Context
Alerts on Access to Sensitive Data
- 3 Cs will give you full visibilty into every unauthorized access to sensitive data
Excessive Access to sensitive data
- The VA
Identify service accounts authentication to privilged devices
- Solarwinds
Insider Threat Alerts
- Detect data exfiltration - OIG Finding
- Detect downloads of data from cloud
Custom Alerts
Explain the Banking Analogy
Fraud Incident on your credit card
Bank had visibility into abnormal behavior
Data perspective
- Who is accessing, using, moving, or deleting data?
- No other data solutions provide this
- Resulting in the inability to alert and protect the data
- Internal misuse or exfil.. if you don’t have our capability you cant protect your data
- no other competitor can do this… OOORAH DRILL SARGENT
Why do Labeling Projects Fail?
What is Labeling
They fail because they only think about DLP aspect of the labeling program
Critical to get labeling right
- it has to be accurate and timely or DLP efforts won’t provide value
Rely on manual user labeling
- we know this doesn’t work
- not complete, inaccurate, and mistakes
- missing and misapplied labels all over the environment
They cannot automatically label like Varonis
Varonis automatically applies labels based on classification scans, automatically fixes misapplied labels based on the content of the file. We then automatically apply the mising label based on our real time scanning.
- Integration with MSFT
What Does Purview Do?
How does Varonis help?
Purview is MSFT Data Governance Platform
Goal is to classify and label data while preventing sensitive data from being shared
It can label data but its too cumbersome
- cant enable blocking
- abandon on-prem scanning
- classification is not great - leads to labeling issue. downstream problem are then caused because policies are
- paint that picture
Reality via Varonis
w/ Varonis
- Auto label data on prem and in the cloud
- Better together
- Outcomes are realistic and on time with both
Varonis plugs all holes created by Purview
- Complete accurate and up to date classification /labeling data environment that can truly enforce your policies against.
- we solve this with a unified, clear, and uncluttered user experience
- 90% of data is on-prem at the VA
Purview Objection
Purview is Enough
Let us Show You
RA
- They will see how cumbersome Purview is
- We will provide in a few days what purview cant and show the plan to success
- Outcomes
- Remediation and Automation purview cant provide
- Alerting (banking analogy)
- Not just front end
- We don’t compete on the front end
- Automated least privilege, and real-time detection
Varonis and Co-Pilot
It is an Insider Threat on Steroids
CoPilot is MSFT AI productivity aide
- it can help write an email, create a presentation, and summarize spreadsheets
- However, the insider threat issue that is created by Co-Pilot is HUGE. By leveraging existing rights to access and gather data the dangers created affect all facites of business
Access
Ignorance as a security control
Co-Pilot knows what I have access to and uses it
- Accidently pull up notes from a meeting
- People didn’t know what they had access, but now through prompting they will have access to anything anywhere on the corporate network, intentionally or not
- No distinguishing between sensitive or not - only knows what you have access to
- Least Privilege
- Court Records
- Prescription Drug Information
Microsoft Partnership
- Automated least privilege can only be done with Varonis
Varonis helps regardless of where an environment is in rolling out CoPilot
- By mapping permissions to data access and monitoring and alerting on behavior Varonis puts your organization in a least privileged model
What is a DSPM?
Where do we fit?
Data Security Posture Management
- where sensitive data is - our ability to provide complete coverage
- who has access to that data and how its been used
- security posture of the data store and applications
Visibility / Security Posture of Data / Security Controls for Risk
We are the only true vendor to hit the mark
- Current and Complete Context
- Other solutions only identify the problem - they scan, classify, and look for sensitive data - but they fall short
- Scans are only samples and predictive, not complete
- Rarely have real level of context and (most critical) they don’t see the EVENTS - so they are not current.
- They may identify sensitive data but they do not do the next thing - identify who has access to that data, cant see how the data is used. They may provide file attributes like last modified but they are not seeing all transactions - bank analogy
- We take the next step toward outcomes based on the 3 Cs
- Bank analogy
- Alerting
- #1 on Gartner
What does BigID do?
How do they fail?
We have BigID or this solution
- all they provide is sending a ticket to service now
- huge difference in the outcome provided
- we deliver an outcome not a ticket
The product does not work
- Scans take forever
- Its only sampling, its not a feature
- Zero Context
- They do not fix anything, they just create the ticket
- They gravitate toward coverage, specifically databases
- they aren’t architected like us
Outcomes
- they identify all the problems but cant fix them
- we do
- they do not alert
- they create a lot of work and manual effort
- manual costs
Cyera
- They focus on IaaS and Databases
- Nothing on-prem
- No event monitoring
- They cant scale only sample
- Nothing for the 3 Cs
- Can’t Scale
- not complete so outcomes are not achievable
Customer base and the outcomes
- Project won’t suceed
- POC will fail
- No IR / MDDR / Threat Detection
- Dig
- App Omni
- Securitai
- NetWrix
- Sailpoint
- Can’t scale
- Similar talk track to Cyera
- Nothing for the 3 Cs
- Can’t fix
Bank Analogy
Appomni
- Big list of findings
- Go fix them?
- No added value
- Single pane of glass?
What is IaaS
Infrastructure as a Service
- File servers and NAS arrays turned into IaaS but they’re object storage like
- Azure Blob
- Amazon S3
- Oracle
- Google
Moving compute / backend storage
- Data location
Discuss Iaas Coverage
- No Context
- No outcomes
- How many locations?
- Only we have this
What is CSPM
Cloud Security Posture Management
- Automates Identification and Remediation of misconfigurations and security risks across an orgs cloud environment
- Identify and lock potential attack paths and vulnerabilities
- Lacks Completeness
- On prem?
- Outcomes?
Attack Path
- A lot of Native Tools
- Server Inventory
- Vulnerabilities lead to a breach
- No depth about the data like Varonis
Who are the Players in the CSPM space?
What do we do differently / better?
- Wiz
- Prisma
- Microsoft Defender
- Cloud Gaurd
- MVision
Can’t deliver the 3 Cs
What is a CASB?
What do we provide that a CASB does not?
Cloud Access Security Broker - Security Policy Enforcement Point
- It is just a crossing gaurd - once authorization is given the casb is blind
- Does not stop exfiltration
- Does not stop data abuse whether by a user or by co-pilot
- Point solution showing how you get access to info
- Software as a Service Edge
- Zero Trust Networking
Varonis monitors all activity after the log in, it has currency there, it looks for anomalies, alerts on them.
Bank Analogy
- ZTA must have full visibility and leat privlege enforcement for permissions and activity around your sensitive data - with the ability to remediate, or their just findings
- Once they’re in visibility is lost (file touches, normal vs. abnormal, misuse of data, insider threat)
- CASB does not limit the blast radius
- No cyber expertise
- No forensics trail of all transactions against your data
What is Endpoint Security?
What do we provide that they do not?
EDR
- Bought it to stop malware on their machines
- EDR was not bought to harden data or protect it from co-pilot
- Holes in your data protection strategy and EDRs do not provide what we do
- Purchase was for external threats
- 25% of breaches come fron the inside
- Inside Out approach
Not a 1 stop shop
How does Varonis Make these better?
- IAM
- PAM
- SIEM
- DLP in Motion
They all fall short in providing outcomes for proper data protection
IAM and PAM:
- Access and privilege access management solution only
- they are big and complicated
- good at granting access to people
- help control passwords
- They don’t know what they are allowing access to
- blast radius, we are complimentary
DLP:
- for dlp to work they have to have accurate labeling and in real time
- we build on one another… if labeling is not automated and missing or incorrect labels cant be identified and corrected. Long road vicious cycle
- VA story
SIEM:
- focused alerts with context, not just simple alerting but with context, enriching logs
- not overwhelmed with alerts
- Varonis enriches the logs and serves up focused and actionable results
IAM
- Big complicated solution
- They are not good at knowing what they allow access
- Varonis ensures the right people have access to the right data
