Transcript
I'm your host, Sarah Armstrong. Please welcome to the stage, Steven Nesbitt, who leads sales engineering enablement in EMEA at Varonis. An expert and leader in transitioning to the Cloud, he now helps organizations bring data security to their infrastructure. Today, we get to hear from him about Varonis' data security platform. Let's dive in with some questions. Hi, Steven. Welcome. Thank you for having me. No, it's a pleasure. We're going to have some fun today. Yes, indeed. First, we'd love to hear about Varonis and its solutions. Can you give us a brief overview? Yeah, of course. So Varonis is a data security platform. So I guess you'd probably ask, what does that mean? Well, it really means that we put data at the heart of everything we do. So we have a little sort of inside joke here that nobody breaks into a bank to steal the pens. In the same way that nobody goes into an organization to do anything other usually than to get hold of that sensitive data. And so that's what we protect. So we do that by connecting to the platforms that organizations care about, such as Microsoft 365, for example, but also file repositories, other clouds, databases, and so on and so forth. And what we do is once we have that connection, we take a look at the permissions. We map and classify data and label it accurately. We can then fix misconfigurations as well. So if organizations are exposing data to a too wide of audience, we're going to fix that automatically. And we also have a world-leading threat cybersecurity team as well. How does Varonis stay ahead of the emerging trends and threats in the cybersecurity landscape? Yeah, well, as I said, it's generally to do with our threat detection and response. So really the way that we do this is we map and build out baselines of understanding of each user and account within an organization. And because we understand the data, what it is, how people are using it, and the full activity around it, we can start to build out an understanding of what normal looks like. Once people, or if they do, deviate from that, we can then start to alert on that. And those alerts are focused around one thing, and that's the data, how it's used, how it's processed, and how it's exposed. Also this year, we've introduced the world's first managed data detection response service, which means that 24 by seven, our instant response team are looking at those alerts to make sure that our customers are protected. If there's any malicious activity around their data, we wanna be able to warn them straight away for that, and then to take action. How does your data security platform help organizations get to security outcomes faster? So everything from our perspective is all around automation. If you take, for example, Microsoft 365 as a platform, for most organizations, it's just too big to really control. There's too many people, too many files, too many permissions, it's all over the place. And the only way that you're gonna be able to deal with that is if you use automation. And so what Varonis has done is taken all that understanding that we have around the data and all the telemetry that we collect, and we've built automation policies to automatically reduce that risk. So for example, if someone places a external link on a file, which is sensitive, Varonis will go in and remove that because it's not appropriate based upon the classification of the data. Okay, really important as we come into the world of Microsoft 365 Copilot. Yeah, of course. That everyone understands their data and how to govern and manage that. Can you talk to us about how Varonis helps organizations prepare to roll out Copilot for Microsoft 365? So Copilot is absolutely brilliant for giving people additional access to information that they may not have known about or even knew that they had access to. Obviously the flip side of that is if someone say, for example, let's say a CFO has shared a file from his OneDrive, but he's accidentally shared it to everyone in the business. If that user's clicked on that link, then their Copilot as well will have access to that data. And so what Varonis is trying to do is reduce what we call the blast radius. So this is the amount of data that a user has. And we're trying to get that down to what we call these privilege as well. So that a user only has access to the files they need to do their job, while in the same way Copilot then only has the files that it needs to do their job, do his job. And so long and short of it is, is if I'm using Copilot, I wanna use that security and safety. Well, we need to go through this massive expanse of data and permissions management, remediate that down to least privilege automatically. And then we can roll out Copilot in a way that is safe, secure, and provides a real value to the business. And why is artificial intelligence so powerful for cybersecurity operations? I think in some ways it's a bit of a dual-edged sword. So AI can give attackers a lot of new tools to be able to infiltrate and expand their presence within organizations. But from the defender's side, it gives us the ability to sort of turbocharge security operations centers, provide them with AI assisted threat model analysis and other pieces. But it has to be based on the data, it has to be based on the way that users are acting within the business. And if you do that, you can provide them with tools and resources to really make their job easier. We've also baked into our product, it's called Athena AI. And what it is, is basically natural language queries. So we really want everyone, not just power users, but everyone from the legal guys, the compliance team, to be able to just go in and say, where is my sensitive data? Simple natural language queries that then are converted in the backend into the searches they need, and they can pull those reports quickly. So AI has been baked into everything that we do. And it's also something that we're very passionate about moving forward to help highly stretched and under-resourced teams across our customer base. Great. So you're empowering all our users with generative AI, but keeping them safe at the same time. So we love working with Varonis in that way. Thank you. Amazing. Shall we take the grand tour? Yeah, let's do that. Varonis helps you quickly identify where you have sensitive information living in your environment, the type of sensitive information, and of course, the exposure level around it. We take it even further by mapping out the access across all of our monitor platforms on-prem and in the cloud, such as 365. You can see exactly the types of data that you have, where it lives, who has access to it, and how they're getting that access. You can even drive it back the other direction to see exactly where a user has access across all of the monitor resources, which becomes incredibly important with something like copilot deployment, which leverages the user context. We take it even further by showing you where this data lives, the type of sensitivity you have, and of course, if there's a label applied, and if there's not a label applied, Varonis can automatically help get that label applied through its partnership with Microsoft. What's even cooler than that is we have a natural language search that helps us build the queries to make it really easy to get the data you need as fast as possible. Backing all of this up, Varonis has a complete audit trail to show you every data touch and activity across your environment. This helps both analyze and detect threats in the environment, and helps us take action and remediate overexposures that we see in a safe manner. Speaking of remediation exposure, we have out-of-the-box automation policies that go out there, find areas of risk, and then take action to secure that without the need for human intervention. Last but certainly not least, in our alerts dashboard, we have all of the context necessary, including the users, the device information, the access activity, and the sensitivity to quickly spot an alert when things are starting to look odd or unusual. We even map this back to the MITRE ATT&CK framework, and Varonis offers a managed data detection and response service on top of this. We have a guaranteed 30-minute SLA for ransomware to help make sure that your data is protected. Thank you. Thanks, Stephen. That looks great, but I have a few more questions for you. What role does continuous innovation play in the development of Varonis's solutions for data security and analytics? Yeah, it's a really good question. And I think, you know, it's something that we've all got to really consider in the cybersecurity space. We're in a position where there's now so much change, both from a threat landscape perspective, and also in the way that platforms themselves are giving users more control over what happens to their data. So there's more data that's being shared more often, and really the entire environment in something like M365 has probably never been more complicated. So we need to be able to get on top of that. The best way for us to be able to do that is deploying Varonis into the Azure cloud. That gives us a fantastic platform for innovation. It means all of our customers are effectively using one solution. That solution's up-to-date from a threat model perspective, from a classification rules perspective. And this allows us to deliver far more efficient outcomes to our customers. And with the increasing emphasis on remote work and collaboration, how does Varonis support organizations in ensuring data security in those distributed work environments? Yeah, it's a really good question. And, you know, it's kind of become the norm now for everybody to work in different places. So what we do is with our focus around the data and understanding that, the sensitivity of it and how people are using it, we can start to build out a user behavioral model of that, which allows us to deviate if people start to move away from their sort of regular patterns. Now, remote work's pretty common, but if you're starting to work from different times of day, perhaps from another device, maybe even from a country that's an unusual location, we have to be able to pick up on that. And that can give us a really early indication that someone's moved from being, say, a normal user to being a bad actor or an insider threat. And that's really hard to do if you don't have an understanding and a baseline of what normal looks like. So what we do basically is understand access to the data. We understand the activity. We understand what's around it. We push that into our alert models. Those alert models are then tuned for each individual customer. We start to build out a picture of what's normal and what isn't. Once we do that, we can then start to alert people pretty early in the kill chain as to whether someone is acting normally or they've started to deviate. Can you tell us of a real world example of the impact that your data security platform has had for a customer? Sure, so one that always springs to mind is one of the first ones I worked on when I joined Varonis. And this was a NHS board in Scotland. And they had been hit by the WannaCry ransomware virus. And so the first thing we did was put our threat detection and response tools in to make sure that that couldn't happen again. They also had a lot of data on-premises that they wanted to move to Microsoft 365. In order to do that, we right-sized the permissions, we classify, and because we integrate with Microsoft Purview Information Protection Labeling, we were able to put those labels on the data before they moved to the cloud. So once the data is up in the cloud, it's in SharePoint Online, those permissions have been right-sized ahead of time. And that document that's sensitive is now protected by all the great tools that Microsoft deliver in E3 and E5, such as DLP and so on. So that was a really positive story for everyone concerned. The customer gets protected, both on-prem and in the cloud, they start to be able to move their data up there, and they don't have any, hopefully, have any more sleepless nights around things like WannaCry. Great, and is there anything else you want our audience to know about Varonis and your solutions? Yeah, I think that the main thing to understand is that we start every engagement the same way. We start with a data risk assessment, and this data risk assessment gives organizations an understanding of where they are from a data security perspective. And what we're hoping is, as we go to market with Microsoft around Copilot, we can do this more and more so people get an understanding of exactly what their data looks like, where it's held, where it's overexposed, before rolling that Copilot solution out. And in that way, they can roll out Copilot safely and securely, knowing that they're not gonna overexpose sensitive data in places they don't want to. And, you know, that's a win-win for everyone, I think. Great, thank you so much, Stephen. It's been a real pleasure to have you with us today. Yeah, thanks a lot for your time. Appreciate it. Wonderful.
