SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Varonis adds secrets discovery to data classification
Thu, 29th Sep 2022
FYI, this story is more than a year old

Varonis Systems, a firm providing data security and analytics, has announced powerful new data discovery capabilities that uncover exposed secrets that unlock access to mission-critical resources. It is part of the company’s Data Classification Cloud solution. 

Exposed secrets are increasingly responsible for devastating data breaches. With soaring cloud adoption and rapid app development, secrets can end up almost anywhere, exposing intellectual property, source code, and critical infrastructure.

Varonis can now accurately and automatically discover secrets where least expected, remediate exposure, and detect anomalous access behaviour.  

It works by continually scanning source code files and other locations where an organisation's secrets can spread, including Windows, Microsoft 365, Box, AWS, Google Drive, Salesforce, and other leading apps and services. It scans for secrets in Varonis-supported on-prem and cloud data stores. It finds secrets stored in plain-text documents, source code files, scripts, and configuration files.

Varonis discover secrets that are overexposed in plain-text files, such as Word documents, Excel spreadsheets, and Google Docs, and locates many other places where a secret might be improperly stored in plain text. And by scanning the code files such as those stored in AWS S3 buckets, Varonis can catch security issues such as hardcoded private keys or credentials or secrets stored improperly, like in a log file.

Varonis can help protect exposed secrets by classifying secrets with high accuracy. To generate high-fidelity results, it goes beyond RegExes with proximity-matching, negative keywords, and algorithmic verification. Its accurate scanning classifies and surfaces a massive range of secret types and correlates the secret with access to give a complete picture of your exposure.

Varonis reduces the risk of data exposure or attacks on the data by constantly scanning for overexposed secrets inside the organisation. It can detect a wide range of popular secrets with rules identifying secrets for hundreds of common applications/databases/services. 

With new classification rule sets, Varonis can help scan environments for rogue secrets. These rules scan exposed secrets in files and code stored on-prem and in the cloud. 

Varonis looks inside files to find sensitive information matching over 400 classification patterns and shows what's exposed to the internet or all employees.

Varonis generates highly accurate classification results by going beyond regular expressions. Instead, it uses proximity matching, negative keywords, and algorithmic verification to reduce false positives.

Varonis data classification modules can discover hundreds of unique secret patterns in a code base. It uses patterns and proximity-matching to scan the environment for hundreds of popular secret types, for apps and services such as Google OAuth2, Twitter, Atlassian, LinkedIn, elliptic curve cryptographic keys, or cloud database credentials.

Some of the categories of secrets Varonis detect include passwords, database credentials, connection strings, private keys, encryption certificates, API keys, authentication tokens, and encryption keys.