Cybersecurity Trends for 2024: What You Need to Know | Varonis

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

after the top of the hour again appreciate you joining uh my name is Scott schaer I am a technical evangelist here at veronis I've been with veronis for about two and a half years now and uh came to veronis as a client used to head up a governance risk and compliance program for a payments organization and spent about 20 years in the field of both it and security and I happy to to kind of look especially at this time of year right we're looking backwards at you know what have we learned what have we experienced as well as how that's going to help us you know really focus and and go forward and on the phone with me I also have Brian vety who is our field CTO he's having some internet issues I'll give you a second here to see if you can introduce yourself otherwise I'll I'll take it on for you there Brian yeah again hi everybody my name is Brian I've been a bronis for about 13 years uh but as Scott mentioned I am currently traveling and having some connectivity issues so we're going to let Scott lead the show today I'll be here for support and answer any questions fantastic all right so as you all signed up for right we're talking about cyber security trends for 2024 and a good place that I'd like for us to start is a pull you know what we're going to be talking about is very distinct four Trends but you know as there's obviously so many different things that are out there there could be something that falls in that outlier that could fall into a post webinar presentation and discussion but at the very least let us know what um what are things that you're considering challenges that you see for your 2024 year give everyone a second here I certainly know that I would likely be in the position of wanting to select every single one of course but that could be biased at the very least while everybody's answering I'll say that all four of these are certainly something that we're talking to cesos about on a regular basis in our meetings um I do think and Scott curious about your perspective gen and gen and large language models seems to be at the the first and last thing people are asking about these days yeah exactly you know it's they're calling it the next digital re Revolution you know it's uh it's on top of everyone's mind certainly a function of gaining a lot of productivity but as a security practitioner the concerns around risk are certainly very present as well but it's been in almost every single conversation I would say Brian what over the last three months at least yeah all right well we have a pretty good it sounds like our our planning at the very least is uh is right in line we're almost split uh from large measure equally across four categories that we're talking today uh about gen obviously uh was surprised it's it's not leading the pack but almost to our benefit here is we talk about data security data security is gaining a lot of momentum you know 31% of the voters in in the poll here chose data security thread protection response right in line and uh compliance and privacy uh one vote out of the 95 that came in was for other so it's very interesting would certainly like to hear what that's about uh but nonetheless that really leads us into the next topic you know data security is most certainly a a topic that is and should have been for the length of time right there's so many things that we're doing as in organizations and even in my own past you know where we focus on putting so many different controls in place right and and ultimately it's to protect data we know that data is the most valuable asset it's also the most vulnerable we're we're seeing it even more so today in this year I mean watch television and you're seeing commercials now talking about you know oil or data being the new gold the data being the new oil right we've got a lot of focus that's being put on data and largely because of that is due to the fact that no matter what attack or or you know bad actor Insider threat no matter what the SC the scenario is we have so many different attack vectors that are out there and data is always the target you know it's a it's a common saying here in veronis that uh the the robber doesn't uh break into the bank to steal the pens and it's very very honest right and it's it's a good analogy that we can take and on top of that go ahead right I was gonna say If you think about data security data protection and privacy is an onion um that you have layers from your endpoints your firewalls various types of controls data is at the center of it because that's what we're trying to protect yeah precisely and and not to mention it's very hard to protect because it continues to grow you know that's one thing that we can maintain across any organization I think there's been plenty of stats out there that said roughly you know 90% of the data that's been created has been created over the last two years but that's one of those elements that's been true since 2012 and there's so many different ways to provide access to that data and you know you take that person out of their seat and identify what they have access to and it's generally too much you know it's it's easy to provide access but it's hard to take that away and ultimately that's where you know a lot of organizations are focusing and it's only going to be like kerosene on a fire right because there's going to be generative AI productivity based AI you've got self-trained you know llms and things that are going to surface a lot of data they're going to make us more productive but I really think that a lot of these percentages and trends that we've seen to date are going to significantly grow over time and two this is just something that we see everywhere right so just as the as the backdrop here veronis is a data security provider we're a software company and we are advocates in the data security space as you've seen potentially with these webinars and our blogs and what have you and we do see you know Overexposed data essentially every time we look whether it's Overexposed links or people accessing data in mysterious or or harmful ways you've got shared security models for cloud applications that you know they'll cover your infrastructure they'll cover their patching they've got the security functions on the back end but you as an organization and us as as data owners we are responsible for managing that data and that data access and now you add on top of the fact that a lot of the cloud repositories are making it very easy for third parties to be integrated or added into the ecosystem and there's just this big you know mysterious cloud of what do they have access to and how are they using it and so it's really important you know as we start to look at where we've been of course as we're doing some some bit of a a year in review as we look at where we're heading from a trend basis but how we're going to start to really focus on that so it's really good to see the the large majority of our participants here really focusing on data security in the next year and we're we're largely seeing that as well in most of the conversations that we're having so as we get into the first Trend the first thing that I want to ask here's another poll we're going to get you very involved here for for the conversation today is from an AI perspective gen AI you know is obviously a fairly wide field when it's talked about you know whether it's the co-pilots whether it's you know building and training your own llm or it's just the functionality of our users being able to interact with things like chat GPT or Google Bart or what what the case may be I'd love to know what your focus or priority from an AI perspective if there is any uh obviously to tell us where where your heads at what are you focusing on uh certainly seeing an opportunity here probably all the above again that's a very common theme but at the very least we're going to try to Target this in at uh at here yeah we're seeing a lot of organizations that are gearing up and thinking about how they're going to deploy co-pilot which might be the greatest productivity tool ever created for the Enterprise um and of course every conversation about ji involve chat GPT in some way we're concerned about our employees putting data in there uh and potentially exposing the organization to risk and and third party tools I'm really curious what people are most concerned about co-pilot 50% top of the list yeah right at the top of the list that makes a lot of sense and and you know the the external tools being at 27% but none of the above it's it's interesting to hear that you know too at 15% but nonetheless you know it's it's an area and I think this goes right in line with what we're going to be talking about which is the risk and rewards of AI and and co-pilot specifically right I think it's for large measure a lot of the interactions with AI that we may have on our phones or our personal laptops or what have you you know we're we're identifying opportunities to just test the waters but from a Microsoft and co-pilot perspective they're the dominant you know provider in the market they're going to be adding a lot of productivity gains I'm personally looking forward to them as a as a you know former practitioner and someone that is in the Microsoft ecosystem all the time there's a lot of these tasks that can be made much easier offload into something else that I could focus more strategically than tactically and I know a lot of people are are likely thinking the same thing but with that there's a lot of risks and so let's let's dive into what this looks like and we're just going to use one example and here's one for Microsoft co-pilot in teams so you know interacting with generative AI again productivity gains you're going to be able to work faster smarter more intelligently and here's a case where you know a person is interacting with co-pilot and teams they're asking you know can I get a summary of what is taking place with this fraber account and essentially what co-pilot's going to do is go out and identify okay where does this account live what kind of documents are we going to be able to surface for this user and the way that it does it is it's going to say okay I'll use myself as an example Scott has access to all of these locations let's search let's index all the data is present and now let's start making some recommendations for us and the issue that largely comes into play here is that the co-pilot doesn't necessarily know or care for that matter if I'm authorized to see that data so I may have access to it and that could be my mistake but this surfac is if you start to to consider that it's going to surface anything I have access to or you have access to or any person in your organization has access to there's a lot of self-inflicted risk that could really drive from that and and Brian I know that you've been involved in a lot of you know investor based meetings and and something that you heard that you brought to the to the company here is uh pretty telling yeah so there's an investor at uh not sure I can cite him yet we're talking to him to see if we can actually name him but he was at ignite and he talked to of basically every Microsoft partner uh and I've had some similar conversations ations with Microsoft Partners who are working with companies gearing up for the uh the roll out and the deployment of co-pilot um which a lot of organizations as you know a lot of you are thinking about um and the number one reason that's holding up all of these deployment projects the number one reason companies won't turn on co-pilot is that they're worried about the security and the privacy concerns co-pilot might be The Insider threat's greatest tool ever created uh because it Services data to you that you have access to whether you're supposed to or not and Scott as you said right up front everywhere we look we find data that's in places that's not supposed to be accessible by people who aren't supposed to have it and co-pilot me using co-pilot and other productivity tools like it uh Salesforce Einstein for example means that you could expose yourself to a massive amount of risk if your data isn't secure first and companies really struggle with this yeah absolutely I mean especially when you're looking at at the AI being rooted in your business context as well you know if you're interacting with that any of these productivity based AI tools are going to essentially surface what most organizations cesos compliance officers are concerned about is that who has access to what data what data do we even have where does it live Etc and so that you know that security C concern is extremely real you know this is what we see typical exposure levels across SharePoint online in one drive where data is exposed to everyone in the company external users guest users you know the dreaded anyone on the internet if you haven't turned that off yet there there may be some use cases for you to keep it on but it's certainly something to be aware of because when you have this type of data that is exposed it this way that concern is extremely real for you to be able to pragmatically turn AI on while the productivity gains are certainly there the risk is is absolutely there and and Brian again I would if you don't mind I'm going to turn the floor over to you is that you know Microsoft is giving some guidelines at the very least on how organization should start yeah uh so they Microsoft if you if you read this is on they preparing for co-pilot page uh they they acknowledge that for many organizations content oversharing and data governance can be a challenge which might be the understatement of the century um or the Millennia as it might be um and they their their advice is to use uh Microsoft purview which is a set of great perimeter controls but a lot of organizations really struggle to leverage those that technology because it requires that all the files have an accurate label on it um they also say you should go and you know check the access controls of your data the problem of course is that because of the way 365 works you have to check the shared links and SharePoint groups and entra ID or Azure ad groups for every single file every single folder every single SharePoint site every one drive share every team site every private Channel and every team and that's a whole lot of work to do if you don't have a very very big team with a lot of time on their hands that's exactly right I mean it's just just the element of identifying a single file exposure or a site exposure is for large measure science project and and as organizations depending on size you know certainly if we could throw everyone at the uh the project it could potentially be you know something that could be achievable but let's be realistic right this is a lot of a lot of that focus is going to go to the security teams or the it teams that are data agnostic for large measure and that really does bring up the element of what those challenges are right when you consider where your risk sits with AI the things that we do know is employees and people and organizations have far too much access to data if you're utilizing something like a labeling to protect that data whether it's you know offering it through encryption or DLP project uh or program itself you know are these documents that we're identifying are they labeled correctly and Brian as you said right this is the best tool for an Insider threat think about the Jack taras and the the community around him that's been recently surfest is let's just go and search let what's the salary date I want to find out what what my uh peer is making let's Identify some of the finances why am I not getting this raised let's get some of the the intellectual property and see what this is worth on the dark web so you know for large measure as we talked about shared links are are most certainly exposing a lot of data you have to rightsize that access it is not a simple process and doing it manually often leads to failure you're going to miss something it's just the volume is far too large and when you consider that data growth rate of generative AI is going to not only surface data for you make you work more intelligently but create data and that data is going to be created at a much faster scale than any person can uh create that so when you start to wrap your eyes around and mind around your programs around gen regardless of the mination that they come from it's going to be pretty important to understand what these challenges are and how we could start to resolve or mitigate these risks and lower lower the risk of how do we increase productivity while not dealing with a security threat and you know one of the things again another poll here so data security was the The Lion Share of of our first poll as we kicked off I'd really like to know the types of data that you are and not just so much of the types on you know is a Phi or PCI or P you know pii data whatever the case may be right but where that data exist where are you most concerned today give everyone a second here to answer and you know data is everywhere you know identities are certainly uh your access later in but it's it's all part of the ecosystem of where does the focus need to go and and again it's we're we're keeping you from selecting all here uh but for large measure you know it's it's a function that we need to focus on where the most prized data resides and how are we going to protect it all right file platforms traditional file shares in 365 not really a surprise where we yeah it's not a surprise it's where we see people have the most data and they know the least about it that's exactly right and and as uh cloud data stores and object stores are gaining a lot of uh you know Focus but you know both structured unstructured data in those locations and in the SAS applications again two two on the other if you don't mind putting that into chat and just letting us know what you think here it certainly helps helps us and helps the community here as well just to identify where our areas at we should be paying attention to or you should be paying attention to and you know with that being the case this year and and going back you know some time the element of identifying data protection or data security platforms was generally you know something that you would have to go and search for but Gartner didn't come out with a specific magic quadrant or a c category and now we have the emergence of data security posture management and data security posture management of course is surfacing a lot of what you know organizations or software platforms are doing today in managing your data security being able to look in a lot of different places but you know for large measure there's been you know such as ourselves have been in this field for a very very long time and you know when you think about what and how data security posture management is find it's you know identifying what sensitive data you have identifying who has access to that data identifying how that data is being used and then in some mechan or some way at the very least depending on where and who you're looking at how they're providing that posture management is being able to provide you some general sense of what risk to your data is and you know this is a a position that I would say this year at the very least and having talked to a number of cesos across the the globe is data security is having its day you know it's it's having its year it's becoming more of a focus and I think we're seeing that through a lot of our you know the news coverage and for anyone that's reading the security periodicals it's the the function of data loss and issues are not going away and you know when you start to consider you know where data security posture management sits not everything is equal to a category you know and so when when you see how Enterprises have usually attempted to solve data security problems they're using things like the native controls within an application whether it's perview within 365 or you're using you know some elements of Salesforce Shield within Salesforce itself or within Google drive or box regardless of what it is you know now you've got several different tools that you're trying to synthesize down to how am I going to take this information and report this up to management C levels the board Auditors Etc just to show how are we protecting this data you know another element of that of course too is is point Solutions you know we have this one use case we need to find sensitive data but that's not really solving anything if we're just able to find it and I think I've heard I've heard someone uh say before is uh they've had one problem they need to find Social Security number data in their environment and then they find and they get the point solution they uncover all this information and now they've got 275,000 problems because they have 275,000 instances of Social Security number so very important understand you know what and how you're going to work with the data that you have and also identify the goals you know what are the goals or the outcomes that you're really trying to drive to and and Legacy DLP the most commonly failed project that has been in the history of of security uh again you know calling on some of the the things or interesting ways that people have talked about it in the past is DLP should almost be called DW data loss watching right let's turn it on let's put on manual labeling let's see it not work let's add friction to the business and ultimately this is a project that unfortunately fails or just doesn't really meet the term of prevention that it should and you know so large measure what we're trying to talk about here is data and data security lot of focus this year you know lots of different uh legislation and compliance components that that go into this a lot of the threats the outputs of the the attacks that are taking place most certainly rising and bringing data to more highle conversations sitting at the board uh sitting in your C Level as well and so it's important to understand when you're focused on solving this especially with there being a lot of Market hype as well is understand the solutions that you're looking at the platforms that you're looking at marry that to the outcomes that you'd really like to achieve at the end of the day and that brings us into you know compliance so another trend for this year that we're going to to you know dive into compliance generally and I know that this was a lower-end element of our poll to start off with of where a lot of the focus has been or going uh compliance generally is going to drive some type of activity whether it's you know you have to have the certification you have to meet this specific regulatory requirement if you're meeting like I did in my space before meeting with a uh a routine examination from the government or something along those lines you know you need to make sure that you are meeting the compliance obligations and now compliance and security can sometimes be weighted very differently uh checking the box versus being really secure or different but at the very least it drives a lot of conversation and so I'd really like to understand you know across the community here is are there anything from a compliance standpoint that you're really concerned about we did give you an all the above this time all right perfect and that that fits that that would largely be probably the winner in every single poll that we ask but at the very least you know SEC out of out of the individual regulations is certainly top of mind right it's coming live or Came live I believe it's today or sometime this week and uh of course the existing regulations they they stay uh present for us but we also need to be you know concerned about any type of gaps or or elements that will fade into the compliance space because it's much better to self-identify that risk than have an auditor and external regulator come in and tell you where your risk is so I appreciate everyone answering that question and that does take us into Trend number three so compliance requirements like I've talked about don't need to beat this dead horse but they drive activity they drive awareness they drive new implementation of security controls whether it be detective corrective protective uh you know administrative level controls regardless of what the the function is you know we have a tremendous amount of of new stes coming online I think we're still in the bottom threshold of all countries in the world of not having a Countrywide uh privacy program but these are things that we have to stay on top of and we need to understand the data we have eliminate what we don't have what we don't need and protect it if we do have it and the SEC is really ratcheting this element up right so even in their their their history where they were you know hack themselves back in 2017 they certainly didn't come to the table in four in four days uh but nonetheless now you have a very short window to identify material materiality of a breach and be able to report that in your AK which is essentially is going to be reporting that publicly and not only that but the the best part that I would at least suggest on on this is awareness again across the board across your sea levels across all management understanding the data owner element of what their role and responsibility is being good data stewards are uh but also really taxing or putting the onus on the organizations now to report what their cyber security strategy is and Brian you know we've we've traveled the uh the country here this year and and I do know that uh this has come up quite a bit we've had a few sessions where where lawyers have been involved to guide organizations but you know how do you see the SEC ruling here really have an impact on organizations I think this is the the sign of the times I think the the the idea that um organizations both public and private that have data that's material to others are going to increasingly need to make sure that they have the right controls in place I think what the new SEC diclosure requirements are doing is putting these kinds of issues directly in front of a CFO um who now absolutely needs to be concerned with data privacy and cyber security yeah absolutely absolutely and and even on the investor end too you know there's been a lot of debate around how this is going to drive market and stock and and one of the investors that uh you know has at the very least publicly you know goes out and talks about these types of things you know he was signaling the fact that just plan don't don't not invest in a company plan on that company being breached and just you know uh diversify yourself approp uh excuse me appropriately so you know when you get into preparing for these rules it's it is fortunately fairly simple to evangelize it right could be extremely hard or there's some risk in engaged in really applying it and implementing these but of course incident response procedures and plans you know it's it's no longer a function of you know tabletop exercises and let's see how we would operate those are extremely important but you need distress test that are you covering all of the threats or at least a good position on the likelihood of threats that could impact your organization and the Board needs to be involved right the the communication the corporate courtesy all of those elements need to you know really start to elevate because you need to have everyone in at the very least your board your Executive Suite legal Finance you know everyone is impacted based on these types of activities today and those executive capabilities right need to be enhanced and they need to be involved it can no longer be you know let's security we need to have it of course but you know we need to focus on productivity first is this going to change that Dynamic just a little bit and and for large measure the primary goal is you need to minimize your disclosure risk and especially when you start to consider and I'm not sure how many of you in the in the room here saw this but you know with this new SEC requirement even though it hasn't gone into effect yet it's kind of a sign of the times as Brian as you said right it's there was a ransomware gang that hit an organization we're not going to name names I'm sure if anybody has looked in the in the uh public uh domain here you'll see that but for large measure they put a they they were able to successfully attack an organization ransomware was impacted they put the ransom and demands to the organization and when they failed to respond they were number one threatened that this was going to happen and then when they failed to respond they actually executed on it so a whistleblower type of approach from the attacker group went in and and told the SEC this organization has had a material breach and we know that this would you know this type of data was taken etc etc etc and so that really kind of you know adds another quiver to the to the you know arsenal of the attackers you know no longer can you sit there and try to negotiate it's not just your data anymore but we're going to take your data we're also going to publicly shame you and it's going to happen very quickly so it's you know it's again it's uh it's an un it's an really a bad fact that we're up against here uh the way that the attackers can hold this hostage it's not just for our money but now it's public disclosure which could generally take place later in in time but now that time to act is now and it's quick so certainly certainly a concern and and things of uh things to come for next year so as we get into our last poll topic you know and threat specifically right we talked about ransomware we see the the SEC rule itself being used against organizations and and for the likes of the attackers but you know there are different types of threats and you know I saw someone had had stated supply chain attacks most certainly top of mind you know for us in Globe because it it impacts so many different organizations but nonetheless you know what are the types of threats that you're worried about today and and going into next year uh other of course being an option here we took that all of the above away from you again but nonetheless you know if you do have other please do comment in the chat here for us so we can you know have that as a takeaway or or have for Drive discussion within the chat itself and the results are in ransomware leading the charge at 60% not surprising especially not surprising if somebody can get access to your environment um ransomware is one of the easiest way to monetize that access um right if you're not if you're if you're not worried about ransomware I'd curious I'd be curious uh why not Insider threats too I mean especially with the rise of of Genai and and where we're sitting today that that person that's in the room is uh generally the most lethal because they have the access they're in the organization they're on the network they've got access that they probably shouldn't have so it's most certainly uh a concern there the other from from John appreciate you typing this in here is overexposure of cloud data and vulnerabilities in customer applications that is a very uh strong position I would say especially when you get into the the customer applications or third party risk that's available it's a a pretty common theme you know so as we get into our last Trend that we'll be covering here today you know threat detection response most certainly is important it's it's something that the signal to noise needs to be in the right spot any type of attack or alert that you're getting that you're not seeing at the time that it's been you know delivered or ignoring is ultimately useless right and as we've seen you know on top of everything else is that this year shockingly we were kind of flat for a couple years but we have seen a global ransomware uh increase n0 up to more than 95% over last year Klo had and the move it breach had a ton to do with this you know there's there's these Trends around ransomware that that kind of come e and flow around downtimes and you know over the summer we'll we'll generally have some quiet time and then q1 Q4 are generally much higher but nonetheless it's it's just it really is amazing to see the success rate of this type of attack and how year over-ear it is only increasing and if you go back to I believe it was 1989 there was a a first case of ransomware someone was handing out floppy discs that had something to do with a you know would say a uh advocacy type of approach and here put this in your your computer you know for those of you that remember floppy discs right and all of a sudden your computer and the data on your computer was held Ransom I think you can get out of jail with that one for about $180 but then you know around 2005 this started again and now when we start to consider the element of you know we talk about the productivity basis for ourselves in an Enterprise which is going to be fantastic we're going to be able to get our meeting uh minutes taken and task items taken and we're going to surface data very quickly that are going to help us achieve our goals and and do our jobs but on the other end of that we're not the only users of AI you know Brian have you had any experience or or seen anything in the wild yet around how AI is helping attackers yeah AI is a great tool for helping you helping coders including people that are coding malware uh and the perimeter controls kind of the The Last Mile controls that the uh the AI providers uh put in place aren't always uh aren't always sufficient and as we mentioned up front um Microsoft copilot and other productivity tools are also a hacker and Insider threat's greatest tool as well um making it easy to get to um get and analyze uh any data that a user has access to becomes incredibly powerful when users have access to far too much yeah that's that's the truth you know for so long you know there these very organized groups and the nation state actors and the the upper echelon of your technologists that understand how you know networks and computer systems and data stores and all these things work but you know we used to talk about the script kitties right the let's go online we're going to find this we're going to see how far this could go we're just going to put this in a batch file or whatever the case may be send a fishing email and simulation and uh it was pretty simple for them just on the copy paste now with AI you know just think about the El of how effective even the uneducated you know or or novice in this field can be just with the element of AI ask a few things and next thing you know you've got a pretty Advanced malware uh threat or ransomware fishing email social engineering you know things are going to certainly rise with the with the help of AI and for large measure if you see this note it's too late you know and this is the the the attack kill chain you know identifying and being able to see you know the the stages of reconnaissance and uh you know escalation and lateral movement you know all of the functions that take place within attacks it's very important to really identify do some threat investigation have a tool from a behavioral analytics position start to surface this information out and on top of it you know of course as as Brian had mentioned as well is you know attempt to limit that risk or reduce the likely of the the massive impact by really right sizing access controls because it really doesn't matter when when you really think about attacks right nobody can you know look at have a crystal ball and if they could that'd be awesome but you know large measure we don't know what the next zero day is going to be we don't know what the next at is going to be we have no idea how AI is going to really start to transform the malware impact and fishing and different attempts that they could take and while those means change the end result is always the data you know so so when you start to consider that onion approach right we've got the perimeter controls we have the endpoint controls we have you know so many different areas in the security taxonomy that we could really start to enforce our perimeter security our internal security you know it really comes down to and this goes with our our second Trend here on you know focusing on data security and again really want to call out and and and applaud the community there that that said that that's their biggest Focus for next year um but large measure is the end results always the data you know and so if we protect the data where it resides we have a much better position on being able to lower that impact and ultimately protecting the organization you know so the things that you really want to when you're when you're looking back at your total security stack and how you're protecting data I would suggest that you know these are the the questions that you should ask right and and with some consensus acoss Ross your security practitioners and peers in in your groups as well as the you know Executives and everyone else right it's just can we detect any sophisticated attack as it sits today you know and okay fantastic we can identify those things but can you investigate and recover quickly so if we need to get business back online we need to focus on that level of productivity we have a mission in a bottom line and a top line that we try to maintain as organizations we're in business and businesses are in business to make money and you know effectively promote their promote and provide their services to their customers so you know investigating and recovering quickly very important to be able to have that forensic ability to put the pieces all back together and you know two when you think about data security you know I know that there's been a lot of focus on that traditional file structure business operation and collaboration functions of on-prem file shares in Microsoft 365 but you know as others have have commented as well data is a lot of different places you've got data in object stores you have data in SATs applications you've got structured unstructured data you've got you know the flows between them are extremely complicated and as the cloud itself you know the the traditional model of I go insert a ticket I need access to X it provides access to X that's largely been flipped upside down because now within Cloud uh repositories and any of the collaboration tools users could feasibly and likely are responsible for for providing access to that data so and when you're looking at your threat investigation response capabilities certainly these three questions are very important very you know top of Mind in regard to how are we going to recover how are we going to minimize the impact to our organization do we have the right set processes tools and Technologies to you know really achieve that goal and so those are the four risks or the four trends that I would say that we're looking at within 20 24 there's certainly a lot of them but these are the highest volume and I think your your poll responses have certainly uh you know emboldened that but this is from a Verona's perspective this is exactly what we do this is exactly what we are here to protect and so when we start to consider you know data protection you know what you need to have is that hybrid data Discovery classification identifying what's important what's sensitive what's intellectual property things not just your Phi and pi data but what about passwords what about certificates and those types of of context where that data is where are we finding it should it be where we're finding it and that also gets you into the element of just a consistent risk analysis right data is growing every single day every single minute while we've been on this phone call and in this webinar itself rather you know it's that that blast radius has grown blast radi is just being again the person if we take them out of the seat put an attacker in there what would they have access to and so to be able to identify exposures the entitlements the permissions the configurations how are users getting access to data and we know you know for large measure is that most of the access that's provided to people aren't even being utilized it's just a you know role-based access control or mover process that that comes into play and understanding how that data is being utilized very important if we know how that data is being utilized you have you know the ability to identify those threats investigate the threats you know looking at the forensics but also the element of if we need to remove access you know how is that going to look if we don't know who's using it so very important piece there to the full puzzle as is you look at the Triad of identifying sensitivity to data the permissions to that data and the activity around that data itself and that's again when I really would like to focus and and double down on this it's where all of your critical data is not just in these silos you need to be able to expand you know across your entire organization and when you get to that level of visibility you know and this is where veronis really sets itself apart from any other platform from a data security perspective and it's really focused on outcomes you know it's identifying what's important where it's at who has access to it identifying who and how it's being used whether it's people or machines or now in this in the landscape of AI you know you really need to understand those three pieces because with them in concert together you can essentially reduce the blast radius and you could do so in an automated way understanding all of those elements of the metadata being able to identify if this person is not utilizing it if this access is stale if you have a scenario where you know applications have been offboard people have left the organization moved to different groups no matter what the case may be access is Overexposed data is over exposed so reducing that blast radius in an automated fashion setting your policies and being able to to achieve the risk mitigation and goals that you have for your data is extremely important and on top of that too is the faster threat detection response right understanding how that data is being used leveraging the behavioral analytics that are behind it as well it's not just the event aggregation right fonus is not an event aggregator what we're identifying is data events that are taking place we're mapping that against what we know who the person is what is the role that they have what is the type of data that they typically ask access where are they typically working from when you marry all those things together and you can learn how this user typically operates within the organization now all of a sudden you could start to point out the abnormalities right there's certainly not a position that you want to find out that your Finance person is working with Finance data of course they are but if they are operating very differently in Mass scale now you have a position here to really quickly respond to your detect the threats and quickly respond to them and on top of that with proactive incident response forus is a SAS application we have eyes on glass 24x7 by 365 all we need is someone to pick up the phone at the organization uh that we're protecting and we'll be able to work with you on identifying those threats minimizing some of the noise as well as working with you on any of the recovery program that you have and when you do all of those things you know compliance becomes a a you know very easy uh outcome that you're going to achieve you're self-identifying risks you have controls and policies and automated functions you've got threat detection now when you start to consider all the compliance mechanisms and rules and regulations that are out there you can show the picture here's where we're at here's how we're doing this here's the risks that we've resolved here is where we're making gains on our Security Programs and a lot of that comes down to you know the results that we see you know from a veronis customer we're talking about massive data stores all over the you know in their ecosystem you know disparate brick and mortar data centers Cloud applications SAS applications uh you know infrastructure as a service with object stores uh both structured and unstructured data you know it's it's very important to protect data where it lives wherever it's at and when you consider classifying all of that data labeling it if you're utilizing labels for any Downstream impact from DLP remedi any any overexposure whether it's external or org wide exposure and then having the element of proactive incident response again this is a story from a new veronis client you know roughly in the last year here and were're able to identify ransomware you know impacts ahead of time we're able to see that there was some abnormal access and we're also looking at things like Insider threats as well right data regardless of the actor regardless of the mechanism regardless of the path there the data is always going to be you know subject and and the target of any of these attacks so being able to wrap all of these things together you know there's plenty of of very good success stories that we have as an organization working with data and protecting data for organizations really minimizing the impact of a breach if it were to occur but also giving you a lot of Intelligence on on identifying what is your risk and that brings us into you know how we work with organizations and we'll be pulling up a poll here uh again you know just something for you to to be able to respond you know risk assessment this is how I started I was a veron's client uh free risk assessment you know something that that was able to show the light to all of the stakeholders in the organization that I was working with and we see this you know we run thousands of these a year ultimately you know really quick we're in we install the system because it's a sass is very quick we talking about a couple hours of your time you know we're mapping all the data stores that you're pointing at that you want to surface risk around we're looking at what data is important you know what is sensitive data what data is regulated you tell us we work with you on that element of of surfacing that information we're looking at all the permissions the entitlements the configurations how users are getting access the shared links you know how is data being exposed and once we discover all of that information now we can start to look at you know risk prioritization so roughly three weeks into a free data risk assessment you have a really good ident identification of risk in your environment to your data as well as a series of automations and element from a a detective and protective and corrective control you know environment to be able to focus on the identity stores and your data and how that data is moving and any types of you know usage characteristics or things that are taking place in your organization that may not be what you expected you know and many times and unfortunately you know the Bad actors are in your network potentially already so being able to identify what their target is looking at how that's being utilized and surface that up is is something that you would have access to and you also have access to our incident response team this is no different than being a Verona's client you get a dedicated uh response and a risk assessment and again it's all for free and certainly if you are interested in that please do let us know we'll leave this up uh for a little while just to to definitely let us know and uh that's part of just the general feedback around you know the webinar that we held today as well as you know any any after effect here that uh that you'd like to see uh so that being said that is the conclusion of the webinar the presentation portion I do want to open this up for any Q&A if you do have them feel free to uh put them into the Q&A or in the chat and we'd be happy to answer any of the questions that you may have if we can of course definitely folks don't be shy if you have any questions otherwise you know certainly uh we'll keep this open here for a couple more minutes but I do want to appreciate uh you know your time here for joining us today uh very much appreciate the the time that you do give us and providing some insight to us within the chats uh as well you know giving us some other things to think about and working among the the larger Community here hope everyone is going to have a wonderful end of the year as we focus on all of the accomplishments and the things that we achieve I know that there's never a downtime or a holiday break from being a security practitioner uh but nonetheless as you start to look forward to the year ahead you know most certainly it's it's a uh uh security is not going to decrease in its importance and its Effectiveness and how we're going to you know achieve goals to be a much safer for Community uh but nonetheless I do want to again thank you and hope you all have a great end of the year and a great holiday and a lovely start to the New Year think about how AI operates is you know it's going to interact as either a person accessing data so think about the 365 Arena co-pilot I'm going to put in a prompt I'm going to get some data back so any of that access is going to be generated by me if you look at how from a veronis perspective you know when when you're looking at AI any identity any data touch we're going to be able to identify and surface and be able to to add risk to it now it's still very early in Inception right A lot of people are in private preview modes or you know just getting started with co-pilots and you know the the whole element of self uh trained llms as well you know that's no different than data science and data engineering and machine learning and things that have been along for a very long time and we do see that activity today you know depending on the data store that we connect into so you know that is most certainly a uh you know an element here that that yes we do uh it's going to continue to grow and it's got a lot of our Focus all right well I think we've got seven minutes left I'm happy to give you a few minutes uh back in your year and day uh but again thank you so much for joining today really appreciate all the time all the questions and we will most certainly uh you know be here if you need anything else in the future so thank you very much and have a great day

Info

Channel: Varonis

Views: 4,347

Rating: undefined out of 5

Keywords: Varonis, Data Security, Threat Detection, Compliance, Trends, 2024, Cybersecurity, DSPM, Generative AI, Artificial Intelligence, SEC, Rules, Regulations, Point solution, DLP, DSP, Data security platform, CISO, CIO, CTO, Security Analyst, Sharing links, Over permissions

Id: qubFa9SsI4Y

Channel Id: undefined

Length: 51min 34sec (3094 seconds)

Published: Wed Dec 27 2023