VARONIS DEMO: Varonis Copilot Risk Assessment - Copilot Readiness

[Music] welcome to chomecast check it out I'm Sam major commercial director of chrme Technologies I'm joined by David Philpot from bronis good to be here today we're going to go through the data exposure risk of Microsoft co-pilot but specifically how veronis as a security platform can help mitigate those risks so if you can talk us through the top three things you and I will cover in today's podcast yeah sure so we'll talk about as you said the data exposure of co-pilot and the risks around it uh we'll walk you through how veronis can help in a demo uh and then we'll talk about the considerations about how you should roll out co-pilot perfect so guess let's let's jump into that right we've done previous podcasts on on co-pilot not you and I but Chrome on on on co-pilot and some of the risks and and our marketing people probably put a thing up here on that if you'd like to watch that um but let's start with the fact co-pilot is fantastic tool fantastically powerful and we're seeing a huge amount of our client base and the world in general kind of jumping in using Ai and specifically co-pilot but as you and I know from experience that is not not without its risks sure yeah I mean there's there's been many examples in our customer base and people that we talk to where they've enabled copilot and they've started to surface data that they wouldn't expect and they've had to kind of roll back what their Ambitions were around co-pilot yeah and I guess that that's that's what you guys are out there and you've been doing this for a long time you're not new to Chrome we've been working with you since 2017 and and you know you guys have been out there a lot longer than that but your offering is is fantastically powerful we're going to talk about co-pilot but just looking at the broader implications of compliance and and you know this is not a new problem of people having access to on data it's just that AI is now really because it's doing some of that Discovery before you it will search everything it's really rising to the top of this problem but the compliance problem has been around for a long time AB yeah absolutely I mean the veronis message hasn't changed in the 20 years that verus has been around the things that have happened are first and foremost we had some data privacy legislation came along which everybody suddenly went oh actually all the stuff that we say we do we we probably better do it now um and now co-pilots come along which is absolutely highlighting the risks around the lack of data security that most organizations uh have so we've seen it a lot in the market um we're helping organizations get better at it but I think it's really important to understand that data security is different to what we think of security within the it in Industry so most people seem to think of it as I've got some firewalls I've got some endpoint I've got some EDR I've got some seam I've got uh you know Outsource sock security is all good but actually data security forms no part of that normally um and that's where Veron is play uh and that's why we're seeing all these risks around co-pilot because we know that that users have far too much access to data we know that co-pilot is going to use all that access uh to to surface information when those users run co-pilot queries and it's just highlighting the risk that's there at the moment so so these risks are there co-pilot as one of my customers said is an inside of threat on steroids yes yeah absolutely like I say it's it doesn't care you ask it to find something if it has access to it it will find it and it will highlight not these aren't new risk as you say but it it is the onster is great because it really is driving home this message of obviously we're a cyber security house and we talk about perimeter and all that sort of stuff but it is that inside of threat and and now it's actually you know helping people as it were find things they shouldn't find and I know we both have examples of of people going live with co-pilot having not been ready and that can be quite quite catastrophic it can be yeah I I think you know I genuinely think that um we are going to see a big data breach and it may not be co-pilot but definitely J I will be involved at some point as well um there's the eui ACT that's coming in to kind of help prevent some of this stuff from happening or make people be more responsible with their co-pilots and with with their AI in generally but actually if you look at the risk or co-pilot is a low risk item and I know that that co-pilot is is already quite high risk for some organizations but in the grand scheme of things it's relatively low risk so everybody's thinking well it's it's probably fine um but I talk to a lot of Security Professionals they are terrified of of releasing copilot into their environments because they just don't have a handle on what their data security is I mean realistically there are three things you need for data security and it's pretty kind of basic stuff really you need to know who's got access to your data and how through any kind of configuration or permission or policy or whatever it is that's granting it you need to classify all your data so you know where your sensitive data be it regulated or business sensitive information uh and you need to monitor all the activity around that to make sure that people aren't misusing those and if you can't answer yes to any one of those three you are not doing data security and you you you run the risk of running a a a co-pilot or something else like that and and a data exposure happening in your environment yeah and the thing is you've rled off there there's just three things we have to do right I know very simple very simple but it isn't right and that's the problem is there's very little out there outside I mean there are vendors out there but you guys are particularly strong in this area of you can do that you actually can help people work out what is it where is it who has access to it and this problem just gets obviously the bigger the business the bigger the problem the more data the the more pots of data we have in all different regions and actually different regions being different challenges CU we're talking about obviously the Gen problem but the compliance problem is it gdpr is it socks is it hipper what what is that data regulation how does that change geographically location to location how do you manage that inside a business so these three these three things we need to do that very simple are actually incredibly complex but but that's something that's why we work with you guys is is you do make it very simple you know you kind of evolved the model now with the kind of cloud-based model that you have to actually be able to deploy far easier and get to work on reporting and we'll see that in demo in a bit but very powerful what is is it who has access and the bit I like as a lite you know a nice bit that goes oh and if you did this we could fix these problem absolutely but that to me is the most powerful thing cuz it's one thing understanding what I have and who has access but how do I start to remediate that that's where you guys are incredibly strong absolutely and and the remediation is is you know part of the challenge right because if you try and use any of the Native tools and you know we'll talk about co-pilot but you know in Salesforce they have their own AI which is Einstein you know Google has Gemini I you know you name it whatever platform you're looking at there will be some form of AI in it um you need to have um visibility into all these things and automate the the remediation of that as you say because imagine in 365 I want to fix fix Access Control list in 365 and sharing in 365 and access control list are incredibly complicated because you can share data at a site level you can share it at a folder level or a file level you can share it with people everybody in your in your organization you can share it with individuals can share with people outside external guest you know the list is almost end this you need to be able to understand all of that sharing and all of that um access and also the context of what type of data is being shared to work out if it's appropriate yeah the only way to do that is with automation you just can't do that manually and even if you could and you try to remediate your best bet to remediate is going to be Powershell and the chances of you actually getting all that information right and doing the remediation about locking people out of um their sites or folders or files or breaking a business process is you know and also you can do that manually if you want but that's a never ending the moment you fix it here you're out of date it's like snapshots of of improvements right so it's parentally out of date whereas obviously you guys it's constantly looking and adjusting and Advising absolutely so you know we we we we turn the automations on the platform you see a massive risk reduction at first you know we can take organizations from kind of 10 million unique permissions down to about 100,000 you know and then they sit at 100,000s cuz the automations just keep mopping up you know the new ster permissions that people aren't using well let's take those away cuz you know it's not right that everybody has 24x7 by 365 unfitted access to data that they're not using so let's take that away and reduce that risk uh let's remove people from groups if they're not using that group membership let's disable Stell users let's clean up all your guest users that aren't accessing your system anymore let's let's take away all these uh links that are oversharing data with everybody in the organization uh and one thing that I see all the time so I do a lot of risk assessments that's that's part of my job within veronis is you know we deploy and we we look at the the structure of 365 and I see a lot of public sites and that might be fine right it's okay to have a public site and I cover some of this in the demo um but what if you have a public site that everybody can access in your business and it's got regulated data in it suddenly that's not fine so it's all about context and understanding these things yeah and I think actually it's probably a good time if we jump into the demo because off the back of it then we can dig into some of the more detail bit you do the risk assessments Dr cras and whatnot this is more about the C bit we can dive into that as well so let's jump to the demo let's go so welcome to the veronis DAT security platform so for those of you that don't know anything about veronis uh veronis takes three metadata streams from the platforms that it supports the first thing that for owners do is we will classify all of your data on all the platforms we're monitoring uh using High Fidelity out of the box classification rules looking for things like pii which could include gdpr credentials passwords in clear text financial information credit card information health information uh lots and lots of different things out of the box that relate to sensitive information uh and for those of you that have ever done a risk assessment with veronis or if you're a veronis customer you'll know that we're able to create custom classification rules as well to go and find that information so the first thing we know is we know where your sensitive data is in the various different data stores the next thing we do is we'll understand all the access control lists and all the configurations that are providing access to your users to that data uh and we map that contextually with the sensitivity of the data so I now know where your sensitive data is and who has access to it and how and then the final thing that we do is we collect all the event activity around that so on a on a Windows file server that would be every open delete create and modify but different platforms you have different event types but that enables us to then understand who is accessing that data what type of of data they're accessing when they do it from which device and all sorts of other things as well now we provide this information back to you in these risk dashboards that you can see here in front of you so we have compliance one which aligns to the data classification that you have uh and then the different platforms that we would monitor uh there are more than this as well but we'll just keep it relevant in the Microsoft and the 365 world for this because we're talking about co-pilot today so now that we've understood where all your sensitive data is and we understand where it's uh at risk and where it's Overexposed and by Overexposed I mean it could be shared with everybody uh in your organization and that's fairly normal uh doesn't mean it's right but it is very fairly normal uh or it could be uh shared with people outside your organization as well so it could be shared with uh anyone uh anyone on the internet for an anonymous guest Link in M365 it could be shared with external or guest users as well now when we are talking about things like co-pilot and generative AI what that uh the way that they would access the data in your environment m is by in the context of whichever user is running the query um so whichever user whatever they have access to that is typically what the uh the AI and co-pilot will will gain access to there are some exceptions to that there are some controls you can put put in place but most organizations haven't got that far with it they just know they want to turn on co-pilot and reap the benefits and the productivity games that it's going to give you so what are some of the challenges around this well if I jump into SharePoint online there's lots of different ways that you can share data in SharePoint online um and by extension teams and one drive because they are all built on SharePoint online and the first thing I do when I'm looking at organizations is I start to uh understand what the exposure of sites is uh because you can share every single level you can share at a site level you can share at a folder level and you can share at an individual file level So within the r platform is really easy and quickly uh identifiable to see where your sites are and how they're exposed so at this point I'm looking at sites that are exposed organization wide and it might be right that you have a site that's exposed organization wide for example this site here is called all staff it could be holding uh information about new for new starters it could be holding companywide information that should be shared and inuence we talk a lot about context and the context that we're able to show you here is that this site contains sensitive information so you can see the classification rules that we've matched over here um so not necessarily wrong that this is a public site as they described but a potentially wrong that it's holding lots of sensitive information and that's that's a really important point and why do we say this is organization wide and why am I saying it's a public site well when you create sites in mm365 uh in SharePoint and teams you you have a a few different options so you typically you have uh the ability to create one as a private site or a public site and these have been created as a public site so we tag them as organization wide and what happens when you create them as a public site um you get this user group added into the members group so you can see they have edit permission and everyone except external users has the ability to edit everything that is in this site um so this is a real problem where you've got regulated data um and if you lay a co-pilot in over the top of that all this this information that's in any of these public sites is going to be returned by co-pilot nobody needs any additional permissions there are other few other nuances to public sites um uh and I'll talk about this during the remediation but effectively the other thing that happens is these is because it is defined as a public site within SharePoint anybody can add thems to the members group of that site so in here this all staff members anybody can come and just add themselves to this site like over and above what what this group gives them okay but let's jump back into the compliance dashboard um uh uh now verus have a methodology for for kind of going through and understanding risk and and and talking about it so we talk about this this this methodology called find fix and alert so at the moment I'm in the fine phase so I found a problem I found a public site uh with with regulated sensitive information in it um but I can see back on my compliance dashboard there's a few other issues as well so that there's there's lots of uh credit card information PCI Data that is Overexposed so let's go and dig into that specifically so we can understand uh where the regulated data is so you can see over here I've got some windows uh servers and shares that have regulated data that's open to everybody organization wide the SharePoint online sites as well okay and I can see rather concern ly here that we've got uh an HR site with documents and salary and compensation folder with a CSV far and it's got lots of hits of of credit card information I can also see over here that it's shared or it's exposed internally and organization wide enter anyone uh if I want more information on that I can click on this here uh and you can see some different types of permissions to the site level that we saw before so we've also got some links in here so some sharing links that have been created so we've got an Anonymous log on guest link um this is a link type I don't see very often anymore but I am still seeing it uh basically anybody with a link any on the internet can access this with with no authentication required if they have the link and it could be anyone in the world they just click on the link they get access to this document straight away so it's a really big problem um the other problem is as well if you looked in the audit Trail the user who logs in would be called Anonymous so not only have you lost access to who has your data you have no idea who is accessing your data um now we can see another couple of links called anyone in the organization with a link uh one with contribute and one with read so this has been shared out with these link types as well um and again it does exactly what it says anybody in the organization who has this link can access this data now that means potentially many people in the organization could have a link and there's many ways they could get that um it could be sent them in an email it could be chucked into a teams chat or you know um somebody could have sent it directly so uh the biggest problem with this is you just don't know who has this link uh there are ways to track how many users have the link but you don't know who has that link and again if people have got access to this link if they've used this link um all that data is available to co-pilot to surface okay so another big problem uh and traditionally when we see this it's because people don't don't understand how they're sharing data they they should really be using individual users on the link but most users uh don't understand what they're doing uh they just use a default link type or or they just pick the first one in the list and this is why we end up with this and then finally down the bottom in this HL memb site we see a different type of of Global Group so this is not a public site however uh there is this everyone group that exists in there in the members which means everybody has got edit rights as well so there's a lot of different ways you can share data there are a lot of different problems that you can create so so we talked about finding problems there um now what we want to do is we want to start to fix them um and veronis uh has uh been identified by Microsoft um as an organization that can help accelerate and securely uh adopt co-pilot in your organization um and that's because of what we just in the platform so we have a co-pilot dashboard here um it's got a number of different widgets on it again some of these may seem familiar to the ones that I've seen shown you before on the SharePoint dashboard about exposures and collaboration links and things like that but we've also got some information about what is happening within co-pilot so we can see the number of prompts which files that are sensitive have been referenced as part of that um and the total number of files as well so some good informational statistics here and we'll come back to this as well but let's talk about fixing some of those problems that you see so all of these widgets that we have here that have this blue shield on they have automated policies that sit behind them and will remediate the risk that it sees in the widget so if I click on the top one here we're going to start remediating that Global risk so there's a few different policies here that we would recommend you that you turn on uh the first one here is this remove direct permission uh for all guide groups so that's going to get rid of things like the everyone except external users group um and we also have this one here where if these groups are nested in other groups we can then start to take them out uh and remove them now the great thing about the policies is um you have complete control over them so you can use them in their default state or you can Target them as well so you can change um what the conditions are we also have an approval chain in here as well so if you want you can send this for approval for executes um and somebody has to review the list of changes it's going to make and agree to the ones that are going to be made approve them and then it will go away and make the changes but the important thing about this is this is not a onetime exercise for all of these policies you need to continually iterate through this to make sure that your security not is only safe today but is safe going forwards okay um another one that we've got is collaboration links so on that second example of that HR uh document there were a number of different collaboration links that were on it and again we have different um automations that fix these as well so as you can see here um the anyone on the internet link that that Anonymous guest link type that was in use uh we can just go away and take all of those away for you automatically the same as the anyone in the organization link we can turn on this policy uh and we can go and revoke and delete all those links there as well um but we've also got some other ones as well so collaboration links that overexpose sensitive data so we're bringing in the context of sensitive data um and if we look at the link types it's those two link types that I previously spoke about so you don't have to remove all of those links there may be times where you want to use them um but now we're going to say we're going to set a policy that says if anything is sensitive being exposed by those links we will turn those on and we will remediate that RIS and maintain that risk as zero now when I've done this with organizations before whilst we do have this approval chain in here um quite often once we've been through the pilot phase most organizations are happy to turn that off and just let the policy run and maintain good security posture for them now those are two types of risks that we've seen um but there's also this big problem in M365 especially around stale access now there was a a report done by Microsoft at the end of last year called their their state of cloud permissions report and in there Microsoft themselves identified that 99% of all permissions in 365 are unused 99% um and if you think about it the reason that this happens is because when somebody shares information um with somebody else probably via a link um they'll send me for example uh a link to a a a presentation and I'll review the presentation having clicked on the link and then I will close it and not think anything else of it but that link still stays there and if I need access to that that that presentation again do I go and find the link in my email or in the teams chat no I don't I just go and ask the person for the link again and they share it with me again okay and that's the typical behavior that we see other things that happen are where people get added into teams groups and then they they know no longer work on that uh and they get removed uh from that that project or whatever it was they were working but their permissions just get maintained so we end up with lots and lots of resources that have lots and lots of access that's no longer required however when you start lowering in co-pilot and you start to use co-pilot because that access is there and because co-pilot is going to use all those user permissions it's going to return data that people just don't need access to anymore now because we have that activity stream we can say who is using uh their permissions and who who isn't which links are active and which ones aren't uh and we can automate the remediation of that so uh a couple of them that we have here are for collaboration links um so one if the entire link is stale nobody's used it for a period of say 120 days so 4 months let's just delete the link yeah cuz cuz there there's going to be no impact to your business and this is this is the important bit about all these remediations because they are intelligent because they have the the event stream and that we understand the sensitivity and all the permissions we can confidently turn these on without impacting your business we're not going to break a business process while remediating something we can also take off people who aren't using links so in the event that somebody shares something with 10 people in the organization two of those people save a link and use it on a regular basis but the other eight people don't well we'll just take those eight people off that link yeah we'll maintain the link with those two people on and remove those eight people uh and we can remove stale permissions as well so if people aren't using this their their access to those sites uh and even on Windows File Service as well not necessarily in scope of co-pilot but important n nonetheless we can start to revoke those permissions as well so what we're actually talking about here is is real automated lease priv access uh and that's a really powerful thing and it's really really hard for people to do that the amount of time you would have to spend doing this if you were to attempt to do this manually uh is Monumental in most organizations and the chance of you actually remediating something which you're going to have to use par shell probably to do that um you the attempt to do that without breaking anything it's highly unlikely so that's a massive thing for us and we have a a a whole program of works of when you would layer in these different uh automations at different stages to to reduce this risk okay so that's the finding we've done that we found where the problems are and the different types of problems that there are we' we've shown you what the fixing looks like um but what about alerting well part of the things that are coming in the European AI act and just generally you need to know how people are interacting with data um and when you lay a copilot in you've got to think about how people are using co-pilot um and some of that is going to be monitoring what those people do uh normally as their business and then monitoring what they do around copilot um so we're going to have to start looking at the prompts that people are using now if I click into the search here you can see that we've got some interactions with co-pilot um by this uh user Alan kry now actually if I come along here you can actually jump in uh and see the entire uh conversation stream that at this user has had with um co-pilot so you can see the prompt and you can see the response you can also see the files that have been returned as part of that response and that's really really important you need to understand are people using this for um for nefarious means and is this going to cause me a problem are they surfacing data that they really shouldn't be surfacing so we have the ability here to monitor this um using the audit trail that we collect uh uh and the enrichment of all of that with all this co-pilot information okay now we're not expecting you to have to go into this and review every single one of these these uh conversations that your users again we're not trying to burden you here um so we have uh an alerting part of the platform um and we actually layer on um our own managed data detection and response service over the top which is a 247 365 service with veronis experts looking at the alerts that are generated in the platform um now there's lots of different things that we will Monitor and lots of different things that we are going to uh alert you to and veronis will triage those and escalate them to you if needed um but let's look at some of the alerts so again let's look at this HR site and see what's been happening what's been generated uh in this area so uh you can see again this character Alan KY has uh shared a load of data uh Vira an anonymous guestlink that's what this alert is telling me so again I know he's been using pilot let's go and see uh what actually other alerts he has generated uh in the same time frame um so what you can see here is some of the co-pilot alerts that we are capable of generating now so we are monitoring and and we're building up a profile of how the users would normally behave what data they would normally touch what assets they would normally touch uh which devices they would normally come from which GEOS which times all these different sorts of things that forms part of their Baseline profile when they step outside of that uh we're going to alert you so I can see that Alan kry has uh created an abnormal number of sensitive co-pilot interactions and again really important to note we're talking about the context that this is involving sensitive information in your organization um if I click onto this I can see a bit more information about the alert uh we have our own AI assistant over here because everybody's using a AI nowadays and that can help you investigate the alert if you need to um but to be honest with you Veron would probably be telling you about this before you realize that it's there um there's some information here about it and we can also jump into the events that generated this alert so we can see there's a number of files that were referenced that generated that alert this is the actual audit Trail and again this is really important in the event that a data breach happens using co-pilot or not as part of your responsibility you're going to have to report to the Ico in in the UK um and potentially uh other data privacy Regulators in various different GEOS um what was impacted what was touched what types of data well here it is this is the data that was touched as part of this we can tell you that within sort of five clicks of the mouse okay so really really important um so yeah that that at a high level is is the ronus data security platform so it forms part of the finding finding where the risks are understanding where the risks are it forms part of the actually fixing those risks so reducing the risk and reducing what we describe as the blast radius uh and then alerting you if anything bad is happening we are watching your data 247 365 uh and helping to protect your organization your data I hope that was useful and back to the podcast awesome that's really interesting especially the kind of whole journey bit there and the monitoring bit once we've gone post deployment but let's go let's go back to the beginning of that because OB you take our clients on this journey of this co-pilot Readiness let's jump in the beginning of that and we'll get to the interesting bits sure so we we always start engagements with the risk assessment so it can be a co-pilot risk assessment or a more General data risk assessment um where we'll deploy the platform and we'll look in their environment and we'll start to understand what the risks look like and then they can understand is copilot appropriate to be deployed at this point in time and generally the answer is no um not yet so what we would then do is we would talk them through well what does that look like so we have a a co-pilot road map to get them ready for co-pilot with some fairly well defined stages um and it's going to be you know classifying the data understanding where all that is which we'll do as part of the risk assessment but but generally as we start to move into this phase of deploying getting ready for co-pilot we're going to add additional data stores into that as well um once we've understood that we can then start to remediate some of the risks so there's some quick wins around flipping public sites into into private sites and getting rid of that um organization wide type sharing let's take that away because that's never a good thing if you're sharing you know Anonymous guest links out to the internet definitely take those away because that's a really really bad thing um but then we can start to move into understanding how users are interacting with data and whether the permissions and and the sharing links that are there are stale now that takes a bit of time so typically we talk about sort of a four month window from from deployment now obviously if you've done a risk assessment with verus we have some data there we typically you know like the users or organizations to become customers so we can roll it straight into production and then we still got all that intelligence that we've gathered before that can then shorten that time window but it's really about what their risk appetite is we can obviously shorten these time windows and use less events that we have but the risk of us uh running a remediation and and locking somebody out of something is increased now I have a organizations who said we'll do 30 days and that's fine and they've accepted the risk and we've done it in 30 days other organizations are more risk averse so they want to wait for that four-month period but the really good thing is the automations take care of the risk uh and that's the really cool bit is is actually we know that we can run these automations we're not going to impact the business we can get a rid of a load of this risk around your data and then at that point you can start to deploy co-pilot in in Pilot as it were uh and some people never get it out of pilot and they might have 10 users on it forever um but you know once that that's happened you can start to then look into the copil interactions you can work out what your business use cases are for co-pilot cuz I'm very much on the data security side but obviously there's a whole piece around co-pilot of actually why are we buying it you know what are we going to get from it um but you can do that safely because we're monitoring those interactions um then we get to that kind of four Monon period we can clean up all the stale permissions all the stale access and all that sort of stuff and then at that point you can typically Go full production with co-pilot as well um but the other thing is as well that never stops yeah unfortunately this isn't just a project you can run data security is a 247365 thing and and that's why the automations are there because it's incredibly uh honorous task to initially do any kind of um any kind of remediation work now we've taken all that away from you with the platform but we need to keep running it because new stuff's going to come stale sensitive data is going to be put in place as it shouldn't be all these sorts of things nothing sits sits still as you say um and then what we'll do is we'll monitor that activity as well so if weird stuff starts to happen in your user base around your data you've got your veronis instant response team who are monitoring that 247365 who are going to escalate that to you uh and that might be completely innocuous you know somebody might start to decide that they want to use co-pilot to go and search for information and it suddenly starts returning a load of sensitive information hopefully that's the case it may not be innocuous you know either way good to know absolutely yeah um and again veronis is doing all the heavy lifting for you as of that with that service um we offer a 30 minute SLA around ransomware which is industry-leading and we can do that because we don't care which ransomware variant is merrily encrypting your files because we're monitoring data activity we'll see it happening and we can take action on it um and that's been really successful for us in the past um and we'll also integrate that with any kind of EDR or seam or third party sock if you've got it as well um so it is a full solution from bronis around data security and we're obviously talking about co-pilot but we do this across lots of other platforms as well I Pas SAS all these sorts of things as well bringing those in because again one thing that people don't really consider around co-pilot is you can actually put co-pilot into applications like Salesforce you can add these connectors in as well and depending how they're configured you could be pulling all the information out of Salesforce into your co-pilot in 365 as well and we've seen a little bit of that um but fortunately you know we're aware of that risk happening so we can help you with that um and the veronis you know I work veronis because I'm passionate about data security and From veron's perspective our customers you know they're are lifeblood so we offer an an incredible wraparound service to them as well um part of our un boarding process we would look at data classification rules now we have a load of them out the box um but if anybody's ever tried to do any data classification projects in the past it's incredibly difficult so we again will help you with that process we'll turn on our outof thebox rules we've got um some classification Engineers that will come in and look at those results with you make sure they're returning the right information help you build any custom rules that you want as well so you don't have to be experts in data classification we're the experts in that and we will help you with that as well that's is fundamental of importance with this because it's such a big subject being the expert as it were I mean good luck finding that person that can work in your organization and manage all that it's the impossible task and and I know we've both seen this where some customers almost throw their hands up just too much we we'll ignore ignore it we'll do other things that are more interesting or will impact the business and we'll just pretend that's not there we've seen it with big brewhaha of gdpr people did a bit of stuff to get ready and then it all went a bit why because it's it's huge and you think the amount of data that we store the speed at which we create data these days is mental right and now we touched you know the Gen bit what we're doing is putting the big Spotlight over the stuff we haven't done properly people's houses are not in order and this wonderfully powerful tool is just it's just highlighting that we have a big problem we have to address and there are very few things out there that we have found that can make this as easy to deal with as you guys do and I think that's for our client base and and for the general World At Large um you know you guys are a great option just because it does become you take the horrible thing and you make it manageable and you make it manageable over and over and add in an item yeah it's a a difficult thing I think people have been ignoring it we have to step up and address it and you guys make that fantastically easy and the whole purpose of this is is to educate more people that you're out there that you're doing some great work and that you know if they want to contact us to do a CRA or Dr they may have the pleasure of meeting your in person they may or or or the displeasure because again as part of the veronis experience let's call it that um I don't go away post sale as well I come in and I I lecture people for good or bad about day security you know and again that's part of the services we'll look at your estate we'll look at any additional applications that you're using we'll make recommendations for you so you get a wealth of experience from all of our customers that that the sales engineers and vars can bring to you and talk about that and we run lots of training online and lots of webcasts and all this sort of stuff that you can actually consume as well to kind of sharpen up your skills and also see what's happening and what other people are doing um it's really really important that we do this um I mean if you look at all the data breaches that have happened recently the key part of them is data right nobody cares how the import was compromised nobody really cares that an an exchange mailbox was compromised what they care about is the data that was taken how many records were in it and who was impacted by it and and it's getting harder it's getting harder to do it if you look at the the snowflake The Ticket Master breach Sant andere I mean these are Big organizations they have a very mature security stack and yet they are still getting breached one could argue as we said very secure security stack your perimeter and soone is taken care of but this classification and access problem is one that now has to be addressed yeah I mean uh somebody I read something the other day which say you know identity is the new perimeter but 25% of all your breaches happen from internal internal people our CEO says you know attackers are no longer hacking in they are logging in yeah so identity is not part you know is part of the problem if you think your identity is your perimeter again you have a problem we need to flip the conversation around and and rs have always talked about this data Centric approach to security start with the thing you're trying to protect and work out at the moment we still are starting at a perimeter whatever that perimeter looks like and working in um let's flip that on it on its head let's let's look after the data and and part of that is you know going back to co-pilot is you know monitoring what your users are doing with co-pilot that's a really important part of what we need to do um because there will be people out there who will misuse co-pilot and you need to be able to catch them it's coming in legislation you as an organization are responsible for that so so let's make that happen and again that's you know one of the really cool things that I love about our platform is the ability to see the conversation that's happened the ability to see the the data that's been surfaced by co-pilot and whether or not it's sensitive because again it's all about context um and then Monitor and alert if if weird stuff happens around that brilliant well listen thank you very much for joining me today probably won't be your last time on it I think said an every spanning subject has to be dealt with so I'm sure at some point in the future we'll deep back into this yeah thanks for having me from at all and thank you for joining us on this episode of Chromecast remember to like subscribe and share and if you'd like to see Dave back cover anything else leave it in the comment section below check it out

2024-12-05 10:23

Other news