SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
#
Data Protection
#
Hyperscale
#
MarTech

Video: 10 Minute IT Jams - An update from Varonis

Wed, 12th Apr 2023
FYI, this story is more than a year old
Author image
By Zach Thompson, News Editor

A string of high-profile data breaches has placed the spotlight firmly on corporate cybersecurity. Many organisations are now left asking how best to secure their data, ensure compliance, and protect sensitive information from unauthorised access.

Scott Leach, Vice President for Asia Pacific and Japan at Varonis, sat down with Terminal IIT James to discuss how the company is helping businesses confront these challenges. "We help organisations protect their data," Leach began. "If you think about some of the breaches that we've seen so much up in the press over the last 12 months – the Optus's, Maddie Bank's, Latitudes, Vino, Nofos, My Deals – the reason that those breaches made the press was really because substantial amounts of data were taken."

According to Leach, a recurring issue in many cyber incidents is that businesses do not always have a clear understanding of what sensitive information they hold, who has access to it, or where it resides. "Organisations didn't have a good handle on what sensitive information they were storing. They didn't really have an understanding of who had access to that data," he said. As a result, he explained, existing security controls often fail, particularly when hackers use legitimate credentials to access sensitive information.

Leach also noted the difficulties organisations can face when required to disclose a breach. "They didn't know what data was touched or who had touched the data. It became very difficult for them to have to front the press and disclose what information had been taken," he said.

Varonis aims to address these gaps by providing a range of security tools that bring visibility and control. Leach outlined three main areas of recent innovation in the Varonis offering. "The first thing we're focused on doing is being able to support more and more repositories because we really want to protect the data where it lives," he said, noting that today's data is stored across a growing mix of environments – from on-premises file servers to cloud services and SaaS applications like Salesforce, Box, Jira, GitHub, and AWS.

The second focus is automation. "Once we've helped organisations get an understanding of where their sensitive information is and where it's at risk, the next question becomes how do we better protect it, how do we better secure it so that only the right people have access to that information," Leach explained. He highlighted that Varonis is increasingly investing in helping customers automatically secure their data.

Finally, proactive incident response is a major area of development for the company. "We're monitoring today thousands of our customers' environments, seeing how their data is being accessed, detecting unusual access patterns, and can proactively reach out and alert them when we see something suspicious occurring," said Leach. He added that a recent analyst report from Forrester had "validated" this direction, rating Varonis highest for strategy in data security platforms.

Investment in Asia Pacific has been a key part of Varonis's expansion. "Over the last 12 months, we have invested more in growing the APAC region than any other region globally," Leach said. "We've tripled the size of our team across Asia Pacific. Today, we've got presence across Japan, Hong Kong, Thailand, Philippines, Singapore, India, and Australia." He pointed out that the company had just opened its first SaaS data centre in Sydney, underscoring its commitment to regional clients.

Asked about the findings from the company's work running data risk assessments in the region, Leach urged caution. "In the hundreds of data risk assessments we do for organisations every year, we always find interesting results in these assessments," he said. Often this involves "large amounts of sensitive information or personally identifiable information (PII) being exposed to large groups of users or being shared externally."

According to Leach, it is not uncommon to discover that over 20 percent of the sensitive data scanned is open to everyone in an organisation. "That could be a backup of the CEO's laptop, confidential information related to a merger and acquisition, sensitive medical records, salary information, or contracts with suppliers," he outlined. Overexposure of sensitive data is a regular finding.

The risk assessments also frequently reveal other issues. "We also often observe large amounts of stale data – often more than 70 percent of an organisation's data will be stale, just sitting there, vulnerable for an attacker to access," Leach said. Unusual access patterns are also detected, especially when third-party IT suppliers or former employees access information that should no longer be available to them.

Examples include instances where a business has outsourced its IT function. "It might be people inside that supplier accessing information that they really shouldn't be," Leach explained. "Or there might be examples where an employee has resigned and we start to see large amounts of sensitive IP being downloaded to that employee's device."

For enterprises eager to get a clearer picture of their data exposure, Leach recommended reaching out directly to Varonis. "The best way really is to just reach us through our website," he said, describing a process that takes little time from internal staff but can yield significant insights. "We will then do all of the work around helping you to understand where your sensitive information is, where it's exposed, and how it's being accessed – and give you back a really compelling deliverable that will show you where your data is at risk and, probably more importantly, what to do about mitigating that risk."

As the cyber threat landscape continues to evolve, company leaders in the region are being urged to take action to secure their most critical information assets. "There's always findings around sensitive information that's overexposed," said Leach. "It's those sorts of things we almost always uncover through this data risk assessment process."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Barracuda boosts threat detection with multimodal AI upgrade
BlueVoyant launches tailored Microsoft Security optimisation service
Mid-market APAC firms boost cybersecurity but lag in AI use
Panaseer launches tool to automate enterprise compliance tasks
Innovation forges a secure & sustainable technology future
Top stories
New report reveals major security flaws in multimodal AI models
AI trends in video surveillance focus on ethics, hybrid models
Broadcom forces VMware clients to roll back crucial updates
Fortinet launches FortiGate 700G with AI & quantum protection
DXC launches solution with SAP & Microsoft to boost AI use