CONTENTS OF THIS WHITE PAPER Introduction...1 Today s Exchange Management Challenges...1 Shared Mailbox & Delegation Rights Identification & Cleanup... 2 Public Folder Cleanup and Ownership Assignment... 2 Message Activity Auditing/Tracking... 2 Identify Spikes in Email Activity... 2 Stale Public Folders & Mailbox Identification... 2 The Next Generation of Exchange Data Governance...3 Shared Mailbox & Delegation Rights Identification & Cleanup... 3 Public Folder Cleanup and Ownership Assignment... 3 Message Activity Auditing/Tracking... 3 Identify Spikes in Email Activity... 3 Return on Investment...4 Summary...5 Contact Us...5 : How To Reduce Your Workload & Improve Protection INTRODUCTION Email suffers from the same management and protection challenges as every other unstructured and semi-structured data repository. The containers that house this critical data the mailboxes and public folders are often not adequately restricted, many of them have no known owner or steward, many are stale, and audit information is difficult to parse through or unavailable. Many of the same questions that arise about data containers on file servers and SharePoint sites can be difficult to answer for Exchange data containers: Who has access to a mailbox or public folder? Who should and should not have access to them? Who has been accessing mailboxes or public folders? Who do they belong to? Which containers are stale? How do we remediate excessive access without disrupting workflows? The answers to these questions are critical for several Exchange management tasks. This document will describe how an automated data governance solution can provide the answers to these questions, expediting Exchange-related management tasks and improving the controls that protect the critical data contained in mailboxes and public folders. TODAY S EXCHANGE MANAGEMENT CHALLENGES Exchange administrators face daily management and protection challenges with Exchange, beyond making sure email is flowing, available and responsive. Some of these challenges include: Shared Mailbox & Delegation Rights Identification & Cleanup Public Folder Cleanup and Ownership Assignment Message Activity Auditing/Tracking Identify Spikes in Email Activity, Stale Public Folders & Mailbox Identification Varonis Systems, Inc. 1
Shared Mailbox & Delegation Rights Identification & Cleanup It is cumbersome for organizations to identify shared mailboxes and delegated access, and who is making use of that access. Users can make changes to their own mailbox permissions, inadvertently exposing their own data. Cleanup is challenging because it is difficult to determine which users or processes are making legitimate use of this access. Public Folder Cleanup and Ownership Assignment Even in the most rigorous IT departments, Exchange Public folders suffer from the same challenges common to file shares: permissions are often not well maintained, activity is not easily tracked or analyzed, and ownership is often unknown. Public folder permissions contain mail enabled users and distribution groups it is difficult to assess who has access to which public folders and which public folders a user or group has access to. Over time, those permissions and group memberships often grow stale and require review. Creating a permissions report for an Exchange public folder can take quite a bit of time using manual methods. Message Activity Auditing/Tracking Organizations face challenges collecting and analyzing Exchange activity; an enormous amount of messages are sent and received every day throughout a distributed infrastructure. Even if an organization enables journaling on its Exchange servers, those separate journals need to be consolidated and aggregated. In order to keep the data for any period of time and make use of it, it needs to be normalized, processed, and analyzed so that it can be searched and sorted quickly, and actionable information can be distilled. Without technology built for this purpose, Exchange administrators are forced to cull through voluminous, disparate journals when searching for who sent which email to whom, etc. Identify Spikes in Email Activity It is difficult for Exchange administrators to identify changes in user access and transmission activity, whether due to workflow changes, configuration error, malicious activity, or malware. Spikes in activity can degrade system performance as well as signal possible security issues. Email worm and virus outbreaks are often difficult to spot, track, and eradicate. Exchange administrators often have to lean on the security team to analyze IDS/IPS and firewall logs to identify infected targets. Stale Public Folders & Mailbox Identification Many public folders and mailboxes have a shelf life; after a certain period of time they stop being used. Without analysis of actual access activity, it is difficult to identify which folders and mailboxes are not being contributed to or accessed. While not being used, these folders and mailboxes provide little operational value to the organization, are at risk if not properly locked down, and often reside on expense storage. Identifying stale data provides opportunities for cost savings and risk reduction. Varonis Systems, Inc. 2
THE NEXT GENERATION OF EXCHANGE DATA GOVERNANCE Organizations have already discovered that to effectively manage and protect folders and SharePoint sites they require metadata and automation to collect, normalize, and analyze that metadata. Organizations will now realize that they need Exchange metadata collection and automation to manage and protect Exchange mailboxes and public folders. Varonis offers this through DatAdvantage for Exchange. With Varonis DatAdvantage for Exchange, three types of Exchange metadata can be automatically collected and presented: Exchange permissions information User and Group information from Active Directory A record of each message sent and received With these metadata streams automatically collected, normalized, and analyzed, organizations will be able to determine who has access to any mailboxes or public folders and which mailboxes and public folders any user or group has access to, who should and should not have access, who has been accessing these containers, and how to remediate excessive access without disrupting end-user activity. Shared Mailbox & Delegation Rights Identification & Cleanup Varonis analyzes all mailbox and sharing permissions, captures all permissions changes and actual access activity, spotting shared and delegated access, and identifying excessive permissions. Administrators may simulate changes prior to committing them; this simulation automatically calculates the probable disruptive impact of the change using the actual activity records. Public Folder Cleanup and Ownership Assignment Varonis brings its proven technology and operational methodology for cleanup, ownership identification and assignment, and ongoing management of public folders. Owners are identified through actual activity and other metadata, assigned through the DatAdvantage interface, and can be provided scheduled reports about their data automatically, such as who has access, who should no longer have access, and who is accessing their data. Message Activity Auditing/Tracking The Varonis Metadata Framework non-intrusively collects audit activity, pre-processes it, normalizes it, analyzes it, stores it, and presents it through interactive, dynamic interfaces. Identify Spikes in Email Activity By analyzing the access activity for statistical deviations in normal access patterns, Varonis will spot likely worm and virus activity, and other abnormally high message activity. Stale Public Folders & Mailbox Identification Varonis uses its record of actual access to determine which mailboxes and public folders are not being accessed, and/or have not been accessed by a non-automated process. These stale mailboxes and public folders may then be archived and locked down to reduce tier 1 storage costs and risk. Varonis Systems, Inc. 3
RETURN ON INVESTMENT Manual management and protection tasks that Exchange administrators perform on a daily basis are cumbersome, prone to errors, take a considerable amount of time, and Exchange administrators don t often get to all the tasks they d like to do. When you take into account all the time spent adding people to distribution groups, figuring out what happened to someone s missing email or calendar invite, tracking down who a public folder (or mailbox) belongs to and who has access to it there is a sizable opportunity for operational savings and reducing risk through automation. Exchange Activities: Manual vs. Automated Activity Manual Automated Creating a permissions report 30 min 2 min Troubleshooting permissions problems 30 min 5 min Fixing Permissions 20 min 5 min Email investigations 6 hours 20 min Identifying the owner of a folder or mailbox 4 hours 15 min Managing distribution groups 20 min 2 min Varonis Systems, Inc. 4
SUMMARY Varonis has extended its underlying Metadata Framework Technology to help organizations manage and protect their Exchange data just as they have protected their file systems and SharePoint severs. By adding Exchange metadata to the permissions information, directory services information, and access activity that has helped answer data governance questions about file systems and SharePoint sites, Varonis will now provide the answers to data governance questions for all prominent unstructured and semi-structured platforms through a single interface: Windows and UNIX File Servers, NAS Devices, SharePoint, and Exchange. The same operational workflows that organizations have been using for several years to automate management and protection of folders and SharePoint sites will now be applied to the data containers in Exchange: mailboxes and public folders. Organizations will be able to analyze permissions, identify excessive access, identify owners for public folders, identify stale containers, and have a complete audit trail of every email sent and received in the same sortable, searchable interface that they have been using to find lost files, perform forensics, and spot anomalous activity. Mailbox and public folder owners will be identified and assigned in DatAdvantage, and then automatically receive reports about their containers: who has access to them, who should not have access to them, who is accessing them, and which containers are growing stale. Additionally, with Varonis DataPrivilege, organizations will be able to automate distribution list management, just as they have automated folder and active directory group management. Distribution list owners may be identified and assigned within Varonis DatAdvantage, and then access list entitlement review and authorization processes will be automated. CONTACT US Worldwide Headquarters New York, NY Phone: 877-292-8767 sales@varonis.com WORLDWIDE HEADQUARTERS EUROPE, MIDDLE EAST AND AFRICA 499 7th Ave., 23rd Floor, South Tower 1 Northumberland Ave., Trafalgar Square New York, NY 10018 London, United Kingdom WC2N 5BW Phone: 877-292-8767 Phone: +44-0-800-756-9784 sales@varonis.com sales-europe@varonis.com