Database Security & AI Risks with Varonis DAM

Name: Database Security & AI Risks with Varonis DAM
Uploaded: 2026-06-20T07:05:35-04:00
Duration: 3 min 43 s
Description: TL;DR Modern compliance auditing has evolved from asking 'do you know where your data is' to 'could your sensitive data be anywhere you don't expect it to be,' requiring comprehensive visibility across all repositories. Legacy database activity mo...

Varonis

06/20/2026

0 (0%)

Report Like Favorite

Transcript

I'm the Vice President of Product Strategy for Really Everything Database Activity Monitoring. Damn. Honestly, compliance doesn't change that often or that frequently, but what does change is the impression or the way people interpret compliance. Take an auditor. An auditor years ago would say, do you know where your private data is? Today, a good auditor would say, I know that you know where your private data is. My question is, is it possible that any of your private data is anywhere you don't expect it to be? Legacy DAM technologies tend to create islands without bringing everything together into one platform. The alternative is as an organization, you're using one, two, three or more technologies to solve what really should be a simple problem. And that's identifying who is accessing the data, where you have sensitive data, and who has access to it. It should be really easy to do across all your data. And the reality is, is one platform gives you the ability to do that in one place. The alternative is it's many places, many products and many gaps. Regulations, like I mentioned earlier, don't change too much. 10 years ago, we didn't have GDPR. Today, we do have GDPR. And that really made a massive change to the industry. So typically, regulations all tend to ask about the same question. So bringing automation into all of that is important because it means that I can use one piece of automation and answer the same question, even if that question is posed just a little bit differently. They tend to all be copies of each other in most cases. The thing that worries me most about the way organizations are leveraging AI right now is the AI itself doesn't have the appropriate guardrails in many cases. So many organizations still lack basic, fundamental visibility into any user going into the database. If there are no controls around Terry, Ann, and John accessing a database, what makes an organization think there are going to be controls about the AI that they're giving that same access to? AI knows everywhere that you have access to and will access all of it. To me, the crazy ones are the ones you don't really think about. There's a public story about a judicial system in a particular country in the Caribbean. They recognized that they had privileged users, DBAs, that were changing one number in a database. And they were getting paid a quarter of a million dollars to change one number in a database. That number was the prison sentence years that prisoners were expected to serve in prison. Stealing a million records, people can see that really well. But if you're not watching someone who's fully authorized to make a change and be able to identify that that's not normal, that's a crazy attack. I don't call those really cyber attacks, but those happen far more frequently where people violate the trust that they have with an organization and use the data that is private for their own personal gain. The reality is, is there is no CISO that has an army of data security experts. Automation is that ability for a CISO to acknowledge, I don't have the expertise or the people to do this well. Technology can help me do it. And this is what technology has been about for years, about simplifying something that you can't do or that you can't do easily. And that's what automation is. That's what automation is.

TL;DR

Modern compliance auditing has evolved from asking 'do you know where your data is' to 'could your sensitive data be anywhere you don't expect it to be,' requiring comprehensive visibility across all repositories.
Legacy database activity monitoring creates security islands that force organizations to use multiple disconnected technologies, creating gaps in visibility and control over who accesses sensitive data.
AI systems inherit the same inadequate access controls as human users, making it critical to establish proper database access guardrails before deploying AI that can access all available data repositories simultaneously.

Summary

Terry Ray, Vice President of Product Strategy at Varonis, discusses the evolution of database activity monitoring (DAM) and the critical importance of unified data security platforms. He explains how modern compliance requirements have shifted from simply knowing where sensitive data resides to ensuring no unexpected data exposure exists across the organization. Ray emphasizes that legacy DAM solutions create fragmented security islands, forcing organizations to manage multiple technologies to answer fundamental questions about data access and exposure. He highlights emerging risks from AI systems that inherit the same inadequate access controls as human users, and shares real-world examples of insider threats that exploit privileged access. The discussion underscores how automation enables security teams to overcome resource constraints and implement consistent controls across all data repositories, addressing both traditional compliance requirements and modern AI-driven security challenges.

Chapters

0:00 - Evolution of Compliance Auditing
0:37 - Legacy DAM Limitations
1:15 - Automation for Regulatory Compliance
1:46 - AI Security Risks
2:21 - Insider Threat Examples
3:16 - Automation as Force Multiplier

Key Quotes

0:25 "Today, a good auditor would say, I know that you know where your private data is. My question is, is it possible that any of your private data is anywhere you don't expect it to be? ..."
1:05 "It should be really easy to do across all your data. And the reality is, is one platform gives you the ability to do that in one place. The alternative is it's many places, many products and many gaps."
2:11 "If there are no controls around Terry, Ann, and John accessing a database, what makes an organization think there are going to be controls about the AI that they're giving that same access to? ..."

FAQ

How has compliance auditing changed in recent years?

Auditors have shifted from simply asking if organizations know where their private data is located to questioning whether sensitive data could exist in unexpected places. This reflects a more sophisticated understanding that data sprawl and shadow IT create compliance risks beyond documented repositories.

What are the main problems with legacy database activity monitoring solutions?

Legacy DAM technologies create isolated security islands rather than providing unified visibility. This forces organizations to deploy multiple products to answer basic questions about data access, who has permissions, and where sensitive information resides, resulting in coverage gaps and operational complexity.

Categories:

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

06/23/2026

01:00 PM

06/23/2026

The AI-Powered VMware Alternative

https://www.truthinit.com/index.php/channel/2009/the-ai-powered-vmware-alternative/
06/24/2026

11:00 AM

06/24/2026

LATAM: Accelerating Insights on AI Through an Engaging Webinar Series

https://www.truthinit.com/index.php/channel/2012/accelerating-insights-on-ai-through-an-engaging-webinar-series/
06/25/2026

01:00 PM

06/25/2026

Generative AI Security: Preventing AI from Becoming a Data Breach Multiplier

https://www.truthinit.com/index.php/channel/1998/generative-ai-security-preventing-ai-from-becoming-a-data-breach-multiplier/
06/30/2026

01:00 PM

06/30/2026

Mastering Active Directory Certificate Services for Long-Term Success

https://www.truthinit.com/index.php/channel/2018/mastering-active-directory-certificate-services-for-long-term-success/
07/01/2026

04:00 AM

07/01/2026

Integrating Security in AI: Automated Red Teaming Strategies for Private Models

https://www.truthinit.com/index.php/channel/1969/integrating-security-in-ai-automated-red-teaming-strategies-for-private-models/
07/01/2026

04:00 AM

07/01/2026

Schutz von KI in Anwendungen, Agenten und APIs.

https://www.truthinit.com/index.php/channel/2008/schutz-von-ki-in-anwendungen-agenten-und-apis/
07/01/2026

01:00 PM

07/01/2026

How to Prevent Your AI from Taking Control of You

https://www.truthinit.com/index.php/channel/2021/how-to-prevent-your-ai-from-taking-control-of-you/
07/02/2026

10:00 AM

07/02/2026

When the cloud goes dark: Resilience lessons from hybrid threats

https://www.truthinit.com/index.php/channel/2011/resilience-insights-from-hybrid-threats-when-the-cloud-faces-challenges/
07/07/2026

01:00 PM

07/07/2026

A Comprehensive Demonstration of DLP Solutions and Strategies

https://www.truthinit.com/index.php/channel/2030/a-comprehensive-demonstration-of-dlp-solutions-and-strategies/
07/09/2026

01:00 PM

07/09/2026

Agentic Trust in Practice: Enhancing the Human Experience

https://www.truthinit.com/index.php/channel/2026/agentic-trust-in-practice-enhancing-the-human-experience/
07/14/2026

11:00 AM

07/14/2026

Discover the Latest Innovations in Netwrix 1Secure During This Technical Session

https://www.truthinit.com/index.php/channel/2014/discover-the-latest-innovations-in-netwrix-1secure-during-this-technical-session/
07/21/2026

04:00 AM

07/21/2026

Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
07/21/2026

01:00 PM

07/21/2026

HUMAN Dialogue: Insights from Attackers Revealed at the FIFA World Cup

https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-revealed-at-the-fifa-world-cup/
07/22/2026

06:30 AM

07/22/2026

Understanding the Dynamics of Data Privacy and Protection Regulations

https://www.truthinit.com/index.php/channel/2000/understanding-the-dynamics-of-data-privacy-and-protection-regulations/
07/28/2026

01:00 PM

07/28/2026

Illumio: Zero Trust in the Age of AI Autonomy

https://www.truthinit.com/index.php/channel/2031/illumio-zero-trust-in-the-age-of-ai-autonomy/
07/29/2026

04:00 AM

07/29/2026

Real-Time Strategies for Safeguarding Against Prompt Injections

https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
09/30/2026

04:00 AM

09/30/2026

AI Command Center: Optimizing Visibility and Control in Your Operations

https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/