How Varonis Helps with Data Loss Prevention (DLP) for Microsoft 365
Author: Beth Laws
Release Date: 06/02/2023
Why Choose Microsoft 365?
Microsoft 365 aims to make collaboration easy for many organisations and has really accelerated many businesses adopting remote working as the new normal. Moving data to the cloud has helped many businesses to thrive, however securing this data has not become any easier. Microsoft offers their own native security tools to help protect data, but often these are difficult to operationalise and harder to obtain value from. Varonis can support protecting data in 365 by offering greater visibility of who has access to your data, which of this data is sensitive, and provide meaningful alerts for suspicious activity.
You Might Also Like:
The Challenge of Permissions in 365
SharePoint can be extremely difficult to secure on a large scale, with customisable permissions levels, multiple sites and subsites understanding who has access can become a perplexing problem. On top of this, things can become even more complicated if an organisation relies on Teams for sharing documents regularly. It often goes unknown that Teams utilises SharePoint Online under the hood to store the data being shared via Teams. This means, everytime a new ‘Team’ is created, a corresponding Microsoft 365 group in Azure AD, mailbox in Exchange Online and SharePoint Online site are created along with this.
Users are able to set the permissions on their files without involving IT in the process in M365, making it more difficult to keep an eye on sensitive data and limit its exposure. Users can share files and grant access to internal and external users and create new channels within Teams which frequently leads to sensitive data being unknowingly exposed if preventative actions are not put in place.
How can Varonis assist with 365 Security?
Access Monitoring and Permission Remediation
The Varonis interface has a clear bi-directional view which easily allows you to see users and groups mapped against your data, allowing you to know who has access to exactly what and whether any of this data is sensitive. If you were to do this using Azure AD, a lot of time would have to be spent sifting through multiple pages to check permissions lists on Teams, Azure AD and Sharepoint to really understand a user’s exact level of access. User activity for Sharepoint Online, Exchange Online, One Drive and even Azure AD is also monitored helping to ensure compliance with any relevant rules and regulations.
It’s also possible to model permission changes within Varonis before making the changes in the live environment, all within the DatAdvantage interface. Ultimately, this assists to lock down and secure data by enforcing a least privilege model.
Data Classification and Labelling
Many companies rely on Microsoft Azure Information Protection (MAIP) to protect sensitive data. MIAP allows a user to apply a label, such as ‘Sensitive’ or ‘Highly Confidential’, to sensitive documents in M365. Once an appropriate label has been added, the access to this file can then be limited or the file can be encrypted, depending on the label added. This process relies on the end-user correctly identifying the content of the file, but what happens when a file is missing a label or has been labelled incorrectly?
Varonis can interact with Microsoft Azure Information Protection to correct any human errors and enhance the reliability of your MIAP labels. Varonis uses the Data Classification Engine to identify sensitive information across your data stores. Sophisticated rules, patterns and dictionaries are used to detect what type of sensitive data resides in your environment, allowing Varonis to classify what type of data resides in the file, for example this could be GDPR, PCI or PII data. If Varonis detects data as sensitive, and this data has not already been labelled, Varonis works with MIAP to automatically add an appropriate label based on your settings and type of data detected by Varonis. In the case where a document has been mislabelled, this label can be automatically replaced and overwritten with a correct label based on the Varonis Classification Engines results.
Dashboards
The dashboards show a high level summary of information about data in your environment. Varonis provides specific dashboards for Sharepoint Online and OneDrive to give insight to the level of risk surrounding your data in M365. Varonis helps to prioritise areas of concern by highlighting things such as number of sensitive files shared publicly or with external users or how many Sharepoint sites are exposed to anyone and many other useful statistics.
Threat Detection
Varonis employs User Behaviour Analytics to build profiles on users to get to know what would be considered as normal behaviour for these accounts. Varonis is then able to alert on any behaviour which is seen as abnormal and out of the ordinary for these accounts. Predefined and customisable alert rules are also provided to flag common suspicious activity in Azure AD, SharePoint Online and OneDrive to help detect threats from attackers and malware. The alerts tie together information from on-prem data stores, access logs and perimeter telemetry, allowing the security team to understand login behaviour, on-prem data access and email activity to try and provide more context, and as a result security analysts are able to understand more rapidly if the alert requires further action and reduce investigation times.
