Data Warriors Units:

NetApp and Varonis’s Epic

Battle Against Ransomware ?
r team of experts provide world-class IT solutions.
Join us and take your business to the next level!

2024 Mar
01 Welcome Speech
Company Background

02 Netapp’s new levels of

ransomware protection

03 Break

04 Automated Data Security

with Varonis

05 Q&A & Luck draw

About Microware
Hong Kong Top IT Infrastructure Solutions Provider
01
About Microware

WHO WE ARE
Microware (Stock Code: 1985), is a Hong Kong based IT infrastructure
solutions provider with over 35 years of experience in providing IT
solution services for Hong Kong Government, educational institutions,
public bodies and commercial organizations.

From deploying basic infrastructure blocks and provisioning services

via the cloud to enabling enterprise mobility and empowering
innovation, Microware offers a one-stop destination for tailor-made
solutions that are backed by strong partnerships, a wide breadth of
value-added services and certified processes.

MORE
 About Microware

38 1985 16 450+
YEARS OF MICROWARE YEARS OF AWARDS &
EXPERIENCES STOCK CODE CARING COMPANY RECOGNITION

On of the largest IT Listed on the Main Board Recognized as a “Caring We ll-r e c o g niz e d b y
Infrastructure solution services Company” for the 16th w o r ld ’s t o p IT p a r t ne r s
o f T he S t o c k Ex c ha ng e o f
providers in Hong Kong consecutive year by the
Ho ng Ko ng Limit e d s inc e a nd a ut ho r it ie s
since 1985 Hong Kong Council of
8 Ma r c h 2017 Social Services
 Our Business Partners

Cloud Solution Provider (CSP)

Licensing Solution Partners (LSP) Platinum 360 Partner Gold Partner
Solution Partner – Modern Work
Authorized Device Reseller

Platinum Partner Gold Partner Cisco Premier Integrator

 Our Business Partners

Platinum Value-Added Reseller Advanced Partner Advanced Business Partner

3 Stars Partner Platinum Partner Silver Partner

04 Services & Solutions
World Class IT Solutions
 Our Core Solutions

Hybrid IT Smart Cyber Managed

Infrastructure Workplace Security Service

Combining the agility and Creating a smooth and A total security solution Ensuring well
economics of public cloud convenient environment that protects company connectivity between
with the security and for accessing data and data in all aspects humanity and technology
performance of application in time
on-premises IT
Our Customers
99% industry in Hong Kong Covered
05
Commercial Company & Public Body
Government
Education Institution
NGO
CONTACT US

www.microware.com.hk

[email protected]

(852) 2856 5678

1/F Century Centre, 44-46 Hung To Road,

Kwun Tong, Kowloon, Hong Kong

Follow us on
NETAPP’S NEW LEVELS
OF RANSOMWARE
PROTECTION:
GUARANTEED, PROTECT,
DETECT & RECOVER
Steven CHENG
Senior Solutions Engineer
[email protected]
March 2024

© 2024 NetApp, Inc. All rights reserved. NETAPP CONFIDENTIAL

Agenda

• NetApp Overview
• NetApp’s Innovation Priorities
• Ransomware Protection
• Ransomware Recovery Guarantee
• Q&A

© 2024 NetApp, Inc. All rights reserved. NETAPP CONFIDENTIAL

 NETAPP OVERVIEW

© 2024 NetApp, Inc. All rights reserved. NETAPP CONFIDENTIAL

 NetApp
> Founded in 1992 by David Hitz, James Lau and
Michael Malcolm

> George Kurian, CEO

> $18.44B market cap; $6.36B revenue in FY23

> 11,000+ employees (>50% Engineers)

> $~1B investment in R&D

How will You Change James

Michael
the World with Data? David
 NetApp is a recognized market leader and innovator

“The need for a unified management

system is especially critical for a storage Leader
A Leader in Primary Storage for
vendor such as NetApp, which has one • File-Based Primary Storage
11 years in a row
of the most comprehensive hybrid Ransomware Protection
multicloud product portfolios in the • Data Security Storage Posture -
industry.” Infrastructure
IDC, BlueXP Strengthens NetApp’s Hybrid Multicloud Portfolio with • Unstructured Data Management
Unified Management of Storage and Data Services, #US50786123,
June 2023 • Cloud FinOps
• Cloud Resource Optimization
• Cloud Observability
• Primary Storage for Midsize Businesses
Ranked highest in Two Use Cases in
• Primary Storage for Large Enterprises
2023 Critical Capabilities for
Primary Storage Winner • High-Performance Scale-Out File
Systems
in the Global CloudOps Industry

Gartner, Critical Capabilities for Primary Storage, Jeff Vogel | Joseph Unsworth | Chandra Mukhyala, September 18, 2023
Gartner, Magic Quadrant for Primary Storage, Jeff Vogel | Joseph Unsworth | Chandra Mukhyala, September 18, 2023
A 5-year Leader in Magic Quadrant for Primary Storage (2019-2023)
A 3-year Leader in Magic Quadrant for Solid-State Arrays (2016-2018)
A 6-year Leader in Magic Quadrant for General-Purpose Disk Arrays (2013-2018)
GARTNER is a registered trademark and service mark, and MAGIC QUADRANT is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s
research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
 NetApp is the intelligent data infrastructure company

Unified Data Storage Integrated Data Services CloudOps Solutions

Single storage OS Built-in security Infrastructure

without silos & protection optimization
Power any data type, Backup data while detecting AI-powered optimization, on-
and thwarting threats Anti-Ransomware
workload, and application premises and in the cloud
Protection

Natively embedded Policy-based Operations

in the world’s data governance automation
largest clouds Classify your data for greater Intelligent automation to
Manage data as a first-party compliance and integrity Cloud Data Sense boost productivity
service in the public cloud

Unified control Comprehensive Build and scale

Use a single NetApp BlueXP sustainability modern apps
management console and/or Make it easier to access your
Energy-saving storage,
each public cloud console most valuable data
resource optimization, and
visibility into your efficiency

6 © 2023 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —

 NETAPP’S INNOVATION
PRIORITIES

© 2024 NetApp, Inc. All rights reserved. NETAPP CONFIDENTIAL

NetApp’s innovation priorities are aligned to address macro trends (4S trend)
Driving data storage ready for the modern world, with proven technologies and innovations

Simplicity Security Savings Sustainability

Unified, consistent operations; Complete integrated cyber Continuous optimization: cost Services to monitor, manage,
same experience everywhere; resilience; unified and integrated visibility and savings; storage as and optimize carbon footprint
run apps anywhere data protection, security, a service anywhere across hybrid multicloud
governance, and compliance

8 © 2023 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —

Accelerate all-flash transformation for data protection
C-Series brings FAS value to Flash performance

MetroCluster
Optimal DP products to SM-BC
champion SnapMirror Synchronous
SnapMirror asynchronous
Hybrid Capacity flash Performance flash
All-flash benefits: FAS2820 FAS9500 AFF-C250 AFF-C800 AFF-A150 AFF-A900

• Lower energy
consumption
AFF A-Series
• Higher performance active
archives FAS AFF C-Series
• Faster volume recovery ASA
25–30ms latency 2–4ms latency <1ms latency
$ $$ $$$$

Increasing I/O performance

Decreasing latency impact

9 © 2023 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —

 RANSOMWARE
PROTECTION

© 2024 NetApp, Inc. All rights reserved. NETAPP CONFIDENTIAL

 Third-party independent
Perimeter
software vendor (ISV)
security
integration

User access
control
Secure data
retention and
recovery

A data-centric
Data
Zero Trust model
NetApp® technology secures and protects
your data, where it’s stored.

Storage behavior
analytics and
encryption User behavior analytics
and permission
optimization

11 2023 NetApp, Inc. All rights reserved.

NetApp product security certifications
Check out security.netapp.com/certs/ for all the latest certification information

Certification Level Comments

Common criteria (ISO / IEC 15408)
NetApp® ONTAP® v9.10.1P7 FDEccPP See Certification Report
NetApp StorageGRID® 11.5 EAL 2+ See Certification Report
NetApp E-Series and EF-Series with NetApp SANtricity® OS 11.70 EAL 2+ See Certification Report
NetApp Element® software 12.2 EAL 2+ See Certification Report

FIPS 140-2
NetApp CryptoMod Level 1 See FIPS 140-2 Certificate # 4144
NetApp cryptographic security module (NCSM) Level 1 See FIPS 140-2 Certificate # 4297
NetApp storage encryption (NSE) and SANtricity full disk encryption, Level 2 Used in ONTAP and SANtricity
NetApp SolidFire® full-disk encryption See NetApp disk drive and firmware matrix
DoDIN APL
ONTAP 9.11 N/A See Certification Report
ONTAP 9.8 N/A See Certification Report
ONTAP 9.7 N/A See Certification Report

Commercial solutions for classifieds validated component list

ONTAP 9.10.1P7 N/A See Certification Report
security.netapp.com/certs/
© 2023 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —
NetApp ransomware protection
Protect your data against ransomware attacks

Protect Detect Recover

Automatically block Scan for viruses Prevent data Detect and respond to Restore data in minutes
known malicious file upon file access destruction with file system and user to minimize downtime
types immutable and behavior anomalies
indelible copies

Block rogue admins Secure data access, Increase visibility Automatically create Apply advanced
and malicious users end to end and optimize data recovery points and forensics and analytics
access permissions block compromised user with NetApp or leading
accounts SIEM tools
© 2023 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —
 Easy FPolicy configuration for ransomware defense System Manager
Block common ransomware file types with a simple wizard

• NetApp® FPolicy is included with every NetApp ONTAP® system

and offers defense against common ransomware attacks

• Known malicious files can be blocked from ONTAP NAS exports

• ONTAP System Manager and NetApp BlueXP now offer simple

enablement of this feature that blocks a predefined list of 3,000
common ransomware file extensions

BlueXP

14 © 2023 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —

SnapLock: Immutable Backup
Prevent compromised Snapshot deletion ▪ Write-once, Read-many (WORM) File Locking
▪ Immutable

▪ Certified Data Compliance

▪ SEC 17a-4 FINRA, and CFTC—as well as national
requirements for the German-speaking countries (DACH).

▪ Integrated Backup
▪ SnapLock integrates with SnapMirror® technology.

▪ Retention is at the file level.

▪ Support for NFS and SMB/CIFS

▪ A license-based feature on NetApp® ONTAP® 9

that works with application software
Dec 12th
2030
Dec 12th
2030
▪ Single license supports two types of administrative
models
▪ NetApp SnapLock® Compliance (SLC)
▪ NetApp SnapLock Enterprise (SLE)

15 © 2021 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —

Immutable Snapshot copies using
Snapshot copy locking
Rapidly create tamperproof recovery points

• By leveraging NetApp® SnapLock® technology,

NetApp Snapshot copies are now protected
from deletion by compromised administrator
credentials or an internal rogue administrator
attack

• Snapshot copies can’t be deleted or changed,

even by NetApp support

• Enables rapid recovery in the event of data

damage by providing an immutable recovery
point on the primary data source
Tamperproof Snapshot copies
• Protection applies to Snapshot copies on both
protect against
the primary and secondary systems
cybersecurity threats
• Volumes or local tiers with tamperproof
Snapshot copies can’t be deleted

16 © 2023 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —

Multi Admin Verify – Tackling Insider Threats
Require N-number of approvals for all or a set of commands before allowing the command to take

• Administrators have the ability to bring down entire

organizations

• Goal: prevent (make as difficult as possible) a disgruntled or

incompetent employee causing irreparable harm

1 2 • Feature: require additional admin to approve extremely

sensitive or disruptive commands
• Guardrail rules to require approval for “security multi-admin-verify"
• Configurable rules:
3 •
•
volume snapshot delete
volume delete
• cluster peer delete
• vserver peer delete
• security login create
• security login modify
• security login delete
• security login password
• security login unlock
• system node run
• system node systemshell

© 2023 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —

Data-at-Rest Encryption
For toxic and non-toxic data

Mitigates storage-system risks and infrastructure

gaps when an organization is:
NSE NVE/NAE • Repurposing drives
• Returning defective drives
• Upgrading to different drives
• Moving equipment across data centers

NetApp® Storage Encryption (NSE), NetApp

Volume Encryption (NVE) and NetApp Aggregate
Encryption (NAE) offer options to solve the
challenge of making sure that all your data at rest
is encrypted all the time
• FIPS-140-2 validated
• Onboard or external key manager
• The industry’s first CSfC-validated enterprise-class storage
solution, using NSE and NVE to store secret and top secret
data.
• NSA CSfC Component List
• NIAP Compliance Product Listing – NVE
• NIAP Compliance Product Listing - NSE
© 2023 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —
NetApp ransomware protection
Protect your data against ransomware attacks

Protect Detect Recover

Automatically block Scan for viruses Prevent data Detect and respond to Restore data in minutes
known malicious file upon file access destruction with file system and user to minimize downtime
types immutable and behavior anomalies
indelible copies

Block rogue admins Secure data access, Increase visibility Automatically create Apply advanced
and malicious users end to end and optimize data recovery points and forensics and analytics
access permissions block compromised user with NetApp or leading
accounts SIEM tools
© 2023 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —
NetApp ONTAP Autonomous
Ransomware Protection (ARP)
NetApp Onbox automatic ransomware detection
Available in NetApp® ONTAP® 9.10.1+ for NAS

Licensed feature

NetApp Onbox ML analytics engine leverages volume file

activity and data entropy
• FlexGroup support in 9.13.1

Learning mode (min. 7 days, recommended 30 days)

• Optionally automatic in 9.13.1

Alerts admin via EMS, SysMgr, NetApp Active IQ®

Unified Manager, CLI
• Does not disrupt I/O-only alerts on suspect activity

Automatically takes NetApp Snapshot copy

• Admin can determine if it’s a false positive

Additional layer of detection and ransomware protection

• Better together with NetApp Cloud Insights, Cloud Secure, and FPolicy
MAV support for turning off ARP, pausing ARP, performing clear-
suspect in 9.13.1
Learn more in this blog

© 2023 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —

How NetApp Cloud Insights detects
anomalies in user behavior
UEBA leveraging Storage Workload Security

Detects abnormal change in user activity

Analyzes abnormal behavior patterns to
determine type of threat

• Detects ransomware
• Now displays alerts for NetApp® ONTAP® ARP
• Provides insights on potential attacks
• Takes automatic actions
• NetApp Snapshot copies
• Blocks the user

Identifies and reduces false-positive noise

Audit trail for data breach investigation
and remediation

© 2023 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —

NetApp ransomware protection
Protect your data against ransomware attacks

Protect Detect Recover

Automatically block Scan for viruses Prevent data Detect and respond to Restore data in minutes
known malicious file upon file access destruction with file system and user to minimize downtime
types immutable and behavior anomalies
indelible copies

Block rogue admins Secure data access, Increase visibility Automatically create Apply advanced
and malicious users end to end and optimize data recovery points and forensics and analytics
access permissions block compromised user with NetApp or leading
accounts SIEM tools
© 2023 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —
Snapshots

• Instant point-in-time copies of FlexVol volumes

• Read-Only snapshots to prevent corruption, with schedule policy

• Pointers to inodes only; no data copy

• Little to no performance impact

• Snapshots take up no space until data blocks change in the active

file system
• Deletions, overwrites

• Up to 1,023 snapshots per volume and 2M snapshots per array

• SnapRestore for a whole volume within a minute

23 © 2020 NetApp, Inc. All rights reserved. — NETAPP CONFIDENTIAL —

 RANSOMWARE
RECOVERY
GUARANTEE

© 2024 NetApp, Inc. All rights reserved. NETAPP CONFIDENTIAL

NetApp Ransomware Recovery
Guarantee
Restore your data on NetApp. Guaranteed.

NetApp will warrant NetApp® Snapshot data

recovery if a ransomware attack occurs.

Deploy NetApp AFF, ASA, or FAS storage

according to NetApp ransomware protection best
practices, with support from NetApp Professional
Services.

If you can’t recover your Snapshot data with help

from NetApp, we will compensate you.

Warranty includes both technology deployment and Professional Services

engagement. Terms and conditions apply.

© 2023 NetApp, Inc. All rights reserved.

 • Qualified systems and minimum NetApp® ONTAP®
Ransomware Recovery Guarantee version:
• NetApp® AFF A-Series – 9.12.1
Supported configurations, requirements, and terms
• NetApp AFF C-Series – 9.12.1
• NetApp ASA A-Series – 9.13.1
Primary Secondary • NetApp ASA C-Series – 9.14.1
• NetApp FAS – 9.12.1

• Services requirement:
• Ransomware Recovery Assurance Service or Ransomware Protection
and Recovery Service to configure or validate that NetApp SnapLock®
Compliance is properly configured
1 • NetApp ActiveIQ® remote monitoring

• Compensation:
• If NetApp Snapshot data isn’t recoverable from a SnapLock volume,
Use cases

you will be compensated with payouts of up to $5 million based on

tiered capacity that was on qualified systems at the beginning of the
2 term

• Program availability:
• 12 months from the date of notice by NetApp Managed Services and
Professional Services that the configuration is complete OR 15
months after the earliest shipment date of any component of the
eligible array
3
• Yearly guarantee term extensions are available

• Products excluded:
© 2023 NetApp, Inc. All rights reserved.
• NetApp ONTAP Select, NetApp Cloud Volumes ONTAP, NetApp
Keystone®, or first-party cloud storage
Ransomware Protection and Recovery Service
High-touch, white-glove service providing extra help to protect against ransomware

Assess Configure and manage Recover

Assesses current environment Implements and configures Delivers high-touch managed Speeds ransomware data recovery
• Reviews NetApp® SnapLock® NetApp ransomware services Maintains business continuity and speeds
Compliance policy definitions tools/automated response system • Administers software tools recovery times:
• Reviews customer recovery time
• NetApp SnapMirror®, NetApp SnapVault® • Creates and manages replication • Recovers data through SnapMirror restore
objective (RTO) and recovery point
• NetApp SnapLock Compliance, WORM policies process or SnapCenter
objective (RPO) requirements
• Ensures that customer recovery goals (write once, ready many) • Modifies FPolicy configurations • Assists in confirming that data is in place to
are aligned with data protection • NetApp SnapCenter® • Performs NetApp ONTAP® upgrades as meet customer recovery needs
policies • NetApp FPolicy allow/deny lists required • Assists with data recovery testing
• Evaluates ability to recover • Sets service-level objectives for • Rolls back NetApp Snapshot copies
• Reports on SnapLock Compliance response where necessary
configuration details
• Consults on isolate/patch/restore process
(customer responsibility)

Subscription-based service

© 2023 NetApp, Inc. All rights reserved.

 Learn more about
NetApp® ransomware
protection solutions

28 © 2023 NetApp, Inc. All rights reserved. NETAPP CONFIDENTIAL

THANK YOU
Autom a te d Da ta Se c urity

Varonis SaaS

22 March, 2024
 Da ta is out of
c ontrol. First, they don’t know what data they
have, where it lives, or where it came
from and so unsurprisingly, they can’t
protect it.

That leads to the second problem:

e m ploye e s ne e d to ha ve too m uc h
a c c e s s to too m uc h data on too
m a ny s ys te m s .

Pe ite r “Mudge” Za tko

Former Twitter CISO

VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.

We s e e it e ve rywhe re…
Va ronis de live rs e ffortle s s
da ta s e c urity outc om e s
powe re d by a utom a tion.
Traditional data security products surface
countless issues but ca n't fix a thing.
Varonis continuously classifies your data,
remediates exposure, and stops cyberattacks
while you s le e p.
Va ronis is the Ra te d #1 in thre e m a rke ts .
le a de r in da ta
s e c urit y.
○ Founded in 2005
○ IPO in 2014 (Nasdaq: VRNS)
○ More than 7,000 customers
Da ta Se c urity Pos ture Ma na ge m e nt
○ >90% customer renewal rate
4.7 rating across 81+ reviews
 Va ronis prote c ts your da ta whe re ve r it live s .

Sa a S Priva te cloud / on-pre m Struc ture d da ta ba s e s

Ide ntity Ia a S/ Pa a S Ne twork Edge

Va ronis s upport on Ne tApp

○ NetApp ONTAP on-premises

○ Cloud Volumes ONTAP
○ Amazon FSx for NetApp ONTAP

Protocols: CIFS/SMB & NFS

Auditing: FPolicy
 How doe s Va ronis
prote c t da ta?
Se ns itivity
Real-time visibility

Pe rm is s ions Remediate risk by reducing the blast radius

Proactive threat detection & response

Ac tivity

Simplify compliance
 Real-time visibility Automated control

Da ta dis c ove ry Se ns itivity Da ta a c tivity Da ta -c e ntric Ins ide r ris k Da ta a c c e s s Le a s t privile ge Com plia nc e
DSPM/ SSPM
& c la s s ific a tion la be ling m onitoring UEBA m a na ge m e nt gove rna nc e a utom a tion m a na ge m e nt

Da ta Se c urity Pla tform

Da ta e xpos ure gra ph Autonom ous re m e dia tion Proa c tive inc ide nt re s pons e

Se ns itivity

Pe rm is s ions

Ac tivity

Unstructured data Semi-structured data Attack paths

File systems Blob storage SaaS IaaS Email Identity Network edge

VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.

How we start:
Fre e ris k a s s e s s m e nt

Ma p ke y da ta s tore s Prioritize ris ks

○ Enable full platform access ○ Exposed sensitive data,
○ Analyze permissions, shared links, rogue admins
identities, configurations ○ Active Directory & SaaS
○ Discover & classify data configuration risks
○ Compliance gaps

Monitor da ta us a ge As s ign IR te a m
○ Enable activity ○ Introduce dedicated IR analyst
○ Enable meaningful, high- ○ Optimize alerts as-needed
fidelity alerts ○ Notify you of any suspicious
○ Accelerate Investigations activity
Give us two we e ks — we give you the vis ibility!

Day 1 Days 3–10 Day 14

Ins ta ll & Re vie w findings Exe c utive

inte gra tion* & IR s e s s ion re vie w

• Windows Server 2019/2022

* Virtual Machine for
• 16GB RAM minimum
Microsoft Resources
• 8-Core, 2GHz or better CPU
Sa a S Da ta
Se c urity Pla tform
Func tiona lity
Re a l-tim e
Vis ibility
Continuous da ta
dis c ove ry a t pe ta byte
s ca le
Varonis scans virtually any data type across cloud
and on-prem data.

We summarize discovery insights in real-time risk

dashboards that show concentrations of sensitive
data by type (PCI, IP, etc.) and prioritize based on
exposure, activity, density, metadata, size,
staleness, and more.
Autom a te d da ta
cla s s ifica tion with
hundre ds of polic ie s
Varonis contains a pre-built library of built-in rules
and more than 400 patterns for all the common
laws and standards (HIPAA, SOX, PCI, GDPR, and
more).

We use proximity matching, negative keywords, and

algorithmic verification to generate accurate
results. Easily prioritize risk by seeing where
sensitive data is concentrated and where it’s at risk.
Re a l-tim e file, one -clic k
a na lys is
File analysis lets you look inside files and see
exactly where sensitive data hits are found. With
this feature, you have unprecedented visibility at
the click of a button, enabling your security teams
to move forward with confidence.

Classification results are color-coded by category

(e.g., all PII information will be highlighted with the
same color and contact information with a different
color, etc.) for quick scanning.
Ac c ura te a nd a c tiona ble
s e ns itivity la be ls
Varonis fully integrates with Microsoft Purview
Information Protection (MPIP), so the labels we
apply will be fully compatible with your EDR, DLP,
and DRM stack.

Create granular labeling policies to fit your

organization’s data protection and privacy
requirements and Varonis will automatically label
files in Microsoft 365 and on-premises.
DSPM da s hboa rds
Varonis combines classification results, user
access activity, and permissions to give you a
comprehensive view of where your data is most at
risk so that you can remediate your riskiest data
first.

Customizable dashboards highlight critical risks

such as sensitive folders open to every employee,
privileged users with weak passwords.

You can view widgets that show exposed GDPR

data, vulnerabilities in Active Directory, and risk
from Microsoft 365 sharing links.
 Da ta a c c e s s inte llige nc e
Always know who can access sensitive data. By correlating identities with permissions and activity, we visualize and
prioritize your biggest risks so you can proactively re duc e your bla s t ra dius .
Adva nc e d vis ibility a nd
c ontrol for Mic ros oft 365
Instead of dozens of siloed admin portals that
provide partial visibility, Varonis offers
comprehensive data coverage across the Microsoft
365 suite. The unified console helps your team
easily understand data risk and how to minimize it.
Ac tive Dire c tory & Azure
AD a tta c k s urfa c e
a na lys is
Varonis helps you find and fix AD misconfigurations
that hackers commonly exploit to gain access,
move laterally, persist, and ultimately steal your
data.

By correlating AD events with data access and

network activity, Varonis can spot behavioral
anomalies like a service account accessing
sensitive data from a personal device.
Autonom ous
Re m e dia tion
Le a s t privile ge
a utom a tion for
Mic ros oft 365
Varonis makes intelligent decisions about who
needs access to data and who doesn’t —
continuously reducing your blast radius without
human intervention and without breaking the
business.
Cus tom iza ble
re m e dia tion polic ie s
Varonis comes with ready-made remediation
policies that you can personalize for your
organization. You define the guard rails and our
automation will do the rest. Customize based on
sensitivity, staleness, location, link type, and more.
 If you need to move to Microsoft 365 quickly,
you should 100% get Varonis. If you need
automation modules, you should 100% get
Varonis. The ACL a utom a tion a lone will s a ve
you pote ntia lly hundre ds of hours .

James Barraclough, IT analyst, Sheridans

We a re le s s like ly to ha ve
bre a c he s now be ca us e
a nyone a c ting m a lic ious ly
will only be a ble to a c c e s s a
s m a ll num be r of folde rs .

Within 6 m onths we did ove r

2.5 m illion folde rs . It wa s
s e a m le s s a nd ve ry quic k.

Ste ve Tyrre ll
Information Governance Officer
Zurich Insurance
Com plia nc e
Ma na ge m e nt
Com plia nc e da s hboa rds
a nd re ports
Varonis gives you the enterprise-wide visibility you
need for effective discovery, auditing, and
compliance reporting across a wide variety of
regulatory standards.

Live risk dashboards and on-demand compliance

reports give auditors and compliance teams real-
time awareness of exposure, usage, ownership, and
staleness.
 COMPLIANCE DASHBOARDS & REPORTS

Re a l-tim e vie w of re gula te d da ta expos ure a nd a c tivity

Thre a t De te c tion
a nd Re s pons e
Proa c tive inc ide nt
re s pons e te a m
We wa tc h your a le rts , s o you don’t
ha ve to.
Being connected to the Varonis SaaS Data Security
Platform means that our team of cybersecurity
experts can have eyes on your alerts.

We’ll watch your data and alert you if we see

something alarming. We’ll even help you investigate
potential incidents — it's all part of the Varonis
experience.
Continuous m onitoring
of file s , folde rs , e m a ils ,
buc ke ts , AD, a nd be yond
Varonis aggregates, normalizes, and enriches data
access events, access control and configuration
changes, authentication events, and network
events from a wide variety of systems from dozens
of different vendors.
Se a rc ha ble fore ns ics
a udit tra il of e ve nts
Varonis creates a searchable log of enriched data
activity–every create, read, update, delete, upload,
download, share action (with who, what, when,
where details) for files, folders, emails, and objects.

Customers using Varonis don’t need elite SOC

teams with platform expertise to investigate
incidents.
Enric he d e ve nts for
fa s te r inve s tiga tions
All events are normalized and enriched with helpful
context such as data sensitivity, account type,
device name, URL reputation, and geolocation.
Da ta -c e ntric UEBA with
re a l-tim e a le rting
Varonis’ behavioral-based threat models detect
abnormal data activity in real time — stopping
threats to data before they become breaches.

We refine our models using big customer datasets

to ensure accuracy. Models improve over time as
they learn and adapt to each customer’s data.
SIEM a nd XSOAR
inte gra tions
Customers can integrate Varonis with their existing
SIEM/SOAR through any one of our connectors (Splunk,
QRadar, Palo Alto Cortex XSOAR, Google Chronicle
SOAR, etc.) or via syslog/SNMP.
Ma na ge d Da ta
De te c tion & Re s pons e
 Va ronis MDDR: s top da ta bre a c he s 24x7x365

Da ta -Ce ntric Te le m e try AI-Powe re d Thre a t De te c tion 24x7x365 MDDR

Unique, hard-to-get ingredients We understand normal and abnormal Our experts monitor and
to uncover threats to data data access for each user and device. respond to alerts so you
others miss. don’t have to.

Dedicated security expert

Da ta
a c tivity AI / MACHINE LEARNING
Industry-best SLA

Da ta Da ta 24x7 communication
e xpos ure s e ns itivity
Be ha vior-ba s e d thre a t m ode ls

Proactive hunting
Ne twork
Re a l-tim e a le rts
Incident response
Ide ntity Endpoint

Threat intelligence
Othe r Autom a te d a na lys is & re s pons e

Security posture assessments

Is this inc ide nt a m a te ria l da ta bre a c h?
MDDR helps you answer data-centric questions that get to the heart of the business problem.

MDR is MDDR is
Ac tor-Ce ntric Da ta -Ce ntric
+ Actor: Fancy Bear (APT 28) + Actor: Fancy Bear (APT 28)
+ Exploited CVE-2023-34362
1
+ Exploited CVE-2023-34362
+ Tools: Mimikatz, CredoMap + Files with PII affected: 183
+ Data impacted: Ask Varonis + Data exfiltrated: No
+ Material breach: Ask Varonis + Material breach: No
 How Va ronis MDDR works

Thre a t Autom a te d MDDR Expe rt Ac tion &

De te c te d Re s pons e Ana lys is Next Ste ps
Varonis detects Varonis’ AI analyzes the Varonis expert Varonis mitigates the
anomalous behavior alert, performs initial investigates and threat, resolves the
and triggers an alert. investigation, and responds to the alert, alert, and escalates to
triggers automated documenting findings you only when needed.
response. to keep you in the loop.

Monthly Se c urity Pos ture As s e s s m e nts

 AI pe rform s the initia l a na lys is a nd re s pons e

A ra ns om wa re a le rt trigge rs .
We immediately address several key elements in the investigation.

Wha t is the time Who is the alerting Whe re has the account Wha t are the
frame of the alert? account? operated from? impacted files?

Any historic Interactions

Outside of business What is the account Is device owned by
of account with those
Ale rt hours? classification? alerting account?
files?
Time
Account
Device
Affected object(s)
Have other accounts
How Old/New is the
Weekend? authenticated to alerted Classified?
account in the env?
device?
30 m inute s
Indus try-be s t SLA
for ra ns om wa re
Monthly s e c urity pos ture
a s s e s s m e nts
Ac tive Dire c tory
○ Disable the default admin account
○ Remove membership from ‘Schema
Admins’ group
○ Rotate ‘Altiris’ account password
○ Reduce ‘Public Group’ footprint in Azure AD
Sha re Point Online a nd One Drive
○ Review remediation policy jobs
Sa a S Arc hite c ture
Tha nk you
Va ronis Cus tom e r
Expe rie nc e
Va lue -Adde d Se rvic e s
Inc ide nt Re s pons e Ongoing Ris k As s e s s m e nts Produc t “Ops ” Se rvic e s
• Global team of analysts • 4-week advanced Cyber • Alert Ops sessions
• Most cases seen within 24-hours Resiliency Assessment • Classification Ops sessions
• Alert response, investigation, • Ransomware Readiness
• Remediation Ops sessions
containment, eradication • Pre-audit support
• Cloud Ops sessions
• Escalation to forensics team • Attack surface testing

Qua rte rly Bus ine s s Re vie ws Proa c tive Monitoring Role -ba s e d Tra ining

• Dedicated customer success • Dedicated Varonis expert • Online training for unlimited users
team • Proactive threat monitoring • Varonis Certification courses
• Review your goals
• Proactive remediation of issues • CPE credits
• Quantify value
• Routine system health checks • Community of 40,000+ Varonis users
• Discuss roadmap
 MAJOR CLOUD MARKETPLACES

Flexible
purc ha s e
options
○ AWS and Azure marketplace
○ Customers can use credits to GLOBAL CHANNEL PARTNER ECOSYSTEM

purchase Varonis

○ Service partners and resellers

Pa c ka ging
 Va ronis Saa S Da ta Se c urity Pla tform
The following functionality is included by default in our s ingle Sa a S pla tform SKU.

Re a l-tim e vis ibility Autonom ous re m e dia tion Proa c tive thre a t de te c tion

○ Data activity auditing ○ Least privilege automation ○ Alerts and investigations

○ Data risk assess ment for Microsoft 365 ○ Advanced UEBA threat
○ Data access intelligence ○ Built-in remediation policies models

○ DSPM ○ Custom remediation policies ○ Proactive incident response

○ Data discovery & team

classification
○ Discovery policy library

VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.

 The re a re thre e prote c tion pa c ka ge s
Simply decide what they’d like Varonis to protect.

Windows / NAS Mic ros oft 365 Hybrid

Windows (CIFS), EMC, SharePoint Online, Includes everything in

NetApp, Panzura, Ctera, OneDrive, Teams, and the other Windows/NAS
etc. Azure AD + M365 packages

We also offer support for Salesforce, GitHub, Box, Google, AWS, Zoom, Slack, Okta, and Jira via our
DatAdvantage Cloud SKU.

VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL.

 Whe re doe s Va ronis provide vis ibility?

Da tAdva nta ge Cloud Da ta Se c urity Pla tform (Sa a S)

Sa a S Struc ture d da ta ba s e s Mic ros oft 365 Priva te c loud / on-pre m

Ia a S/ Pa a S Ide ntity Ide ntity Ne twork Edge

Produc t Se c urity
SOC2 Type II
c om plia nt
At Varonis, we are committed to meeting rigorous security
standards for our products because the safety and security of
our customer's cloud data is of the utmost importance to us.
Our compliance program include SOC2, ISO 27001:2013, ISO
27017:2015, ISO 27018:2019, ISO 27701:2019, CSA Star Level
1, and NIAP Common Criteria certifications.
Questions 1 – What are the outcomes delivered by Varonis for your data?

a) Real-time visibility on sensitivity/permissions/access activities

b) Automatic risk remediation
c) Threat detection and response
d) All of the above
Question 2 – What is the SLA for ransomware alert response for Varonis Managed Data
Detection and Response (MDDR)?

a) 30 minutes
b) 2 hours
c) 6 hours
d) 12 hours
Question 3 – What are the NetApp platform(s) supported by Varonis?

a) NetApp ONTAP on-premises

b) Cloud Volumes ONTAP
c) Amazon FSx for NetApp ONTAP
d) All of the above