Leveraging Varonis with Splunk to
Create a Holistic Data Security State

Author: Grace Maher

Introduction

In these unprecedented times, many of our IT departments are having to respond rapidly to the quickly changing business needs and the sudden increase in remote working. Whilst many businesses have focussed on increasing perimeter security, such as VPNs, remote working environments and SSO, there is a massive gap when it comes to data security and a lesser focus on possible insider threats. This leaves a massive attack surface for potential threats, both internal and external, as targeted attacks on remote workers have increased exponentially since the advent of the Coronavirus.

Deploying Splunk & Varonis together

It is well known by now that Splunk can ingest any human readable data, and in doing so can give you a full understanding of the different actions occurring inside of your infrastructure, such as logins, what has been accessed, and when. However, it is unable to show you if, say, for example, Bob in HR has access to the Legal folders, and although you can review events that show him accessing a legal document, it does not show you whether that access is correct for a project or similar, or if there has been some rogue access and Bob is just having a good old nosy around in files he should never have had access to.

--

--

Specialist in innovative disruptive technologies with business focused consultants.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Somerford Associates Limited

Specialist in innovative disruptive technologies with business focused consultants.