In this week’s podcast interview with Jessica Bligh, who is a security engineer with RedZone, we discuss Varonis’ DatAdvantage and the add-on DatAlert.
In this fun discussion there is a brief bonus discovery about a cool project Jess is working on with Microsoft Archiving Services…..this is a cool technology that can be used to free up expensive SAN space and reduce third party costs.
During the installation we reviewed basics like scanning file servers and specify signatures for sensitive items to look for such as Social Security Numbers, credit card numbers, HIPPA, PCI, as well as custom search strings. You can then configure reports and alerts for actions that occur on these items, or on non-sensitive items. You can also monitor AD group membership changes.
All methods of how to access the show are below:
- Listen on iTunes (for iPhones etc.)
- Listen to it on Stitcher (This is for Android Phone Users. Download the Stitcher app here)
- Stream it on Libsyn
- Listen to it on Soundcloud (This is for listening via PC/Mac Browser)
- Please subscribe here to Bill Murphy’s Redzone Podcast on iTunes.
- Subscribe to my RSS Feed here.
- Link to LinkedIn blog post
If you enjoy the show, you can help us out by leaving a review on iTunes. Here’s How!
Stop the Noise
You can alert on fewer non-sensitive items which allows you to eliminate alerts that you probably don’t care about, and simplifies your data governance monitoring overall because there is less noise to sift through.
You can run a report on AD group membership. I found it useful to setup a report to monitor membership of privileged groups such as Domain Admins, as well as an alert when this membership is changed. In addition, you can alert on an account being enabled, disabled, locked, unlocked, or reset. All of these help to keep tabs on privileged access or normal user accounts.
File/folder permission changes:
You can alert and report on permission changes to files and folders, for sensitive items, non-sensitive items or both. This helps you monitor any unauthorized access changes.
Sensitive file/folder actions:
If you have critical or very sensitive files, you can even create a report to monitor if these files or folders are opened or deleted. This report will include the username that accessed these items.
Another useful report is the File Statistics report, which can be run either sensitive or non-sensitive files. It lists all files and whether or not they were accessed during the time period you specify. This is useful for determining if files are unused and are a good candidate for archival storage.
You can setup a report to list activity by users other than the mailbox owner, which happens when users send as another user. This can track this behavior and detect abuse of this functionality. Users such as administrative assistants can be excluded from this report.
I hope you enjoy the podcast.
To participate in discussions about these topics and others join our CIO Group on LinkedIn.
Bill is dedicated to your success as an IT Business Leader. Sign up/Subscribe for weekly podcast, CIO Mastermind and CISO Mastermind updates delivered to your inbox easily and effortlessly: Follow Bill on LinkedIn and Twitter.
Leave a podcast review here