Labeling files can be an effective way to protect data. Enterprises rely heavily on sensitivity labels to enforce DLP policies, apply encryption, and broadly prevent data leaks.
In practice, however, getting labels to work is difficult, especially if you rely on humans to apply sensitivity labels. Manual labeling is time-consuming and error-prone.
Automated labeling helps, but inaccurate scanning tools often leave sensitive data overexposed and unprotected.
Let’s take an in-depth look at automated labeling and see how it can be an important element to securing your sensitive data.
Why is automated labeling important?
Take traditional DLP. On the surface, DLP label-driven blocking seems to create a strong safety net for your data, but in reality, your labels quickly become outdated and are rarely accurate enough to rely on for effective enforcement.
The efficacy of label-based data protection quickly degrades with the amount of data generated in the cloud, and with AI primed to generate orders of magnitude more data, the degradation will only get worse. In short, labels must be accurate and automatically updated.
Enter Varonis’ automated labeling.
Varonis uses hundreds of built-in policies to automatically scan for, pinpoint, and label sensitive and regulated data like GDPR, CCPA, and PII. Our sophisticated rule capabilities target specific data and leverage our extensive pattern repository to build even more labeling rules.
Accurate and scalable data classification
Accurate data classification is the crucial element of labeling. Unreliable data discovery and analysis undermines everything from DLP policies to CASB functionality and threat detection and response.
According to Gartner, more than 35% of DLP projects fail because of poor data classification and discovery. DLP effectiveness depends on addressing these challenges and ensuring accurate data classification.
Varonis provides accurate and scalable data classification. Our classification engine combines sophisticated pattern matching with AI classification to reach near 99% accuracy.
We scan multi-petabyte customer environments top-to-bottom and put sensitivity in context with permissions and activity. Varonis classification results are always current because our activity auditing detects files created or changed. There is no need to re-scan every file or check the last modified date.
Custom labeling policies
Varonis allows you to create granular labeling policies to fit your organization’s data protection and privacy requirements for Microsoft 365, Microsoft Copilot, and on-premises.
Find, label, and protect your critical files.
Smart labels
Varonis automatically re-labels files when a policy changes or if the content of the file changes to no longer match the policy. If a label no longer applies, we remove it, ensuring your data protection efforts are always up to date.
Smart labels change when your files change.
Manual label clean-up
Varonis finds files that have been misclassified by users or that aren’t labeled at all by comparing labels to our classification results. We can automatically fix labels in bulk, or you can manually reconcile them.
Fill gaps in manual labeling.
Compliance dashboard
We have several data labeling dashboards to help you better understand your labeling efforts and fix errors. From the dashboards, you can easily drill into a report to see exactly which files are labeled and get more information on each, including:
- Labeled Files: See how many files are labeled in the monitored data source
- Labeled Files per Label: See the number of labeled files per label
- Labeled Files by Classification Category: View the number of classified files labeled in each category
- Labeled Files by Classification Rule: Provides a detailed view of labeled files according to classification rules
- Files with Label Downgraded by User: See files with labels changed to lower priorities by users
- Mislabeled Files: Track incorrect labels over time
- Files Mislabeled Manually per Label Value: View the number of files that were labeled incorrectly by users
- Files Mislabeled Automatically per Label Value: Reveal files incorrectly labeled by automated systems
- Resolved Mislabeled Files: Showcases fixed labels across the Compliance, File Servers, SharePoint Online, and OneDrive dashboards
New data labeling dashboards track your labeling efforts.
Pre-defined reports
Unlock a massive library of reports about your labeled files, including permissions, activity, and trends, to demonstrate your labeling progress to executives, auditors, and even cyber insurers and let them see that you are continuously reducing data exposure. You can run reports on-demand or email them on a schedule.
Label monitoring dashboard
The new labeling monitoring dashboard provides you with a single pane of glass view into the labeling progress across your environment. It helps users understand how many files are labeled, in progress, or have failed, so you can track your labeling progress with absolute confidence.
Monitor your labeling progress from a single page.
Microsoft Purview Information Protection integration
By integrating with Microsoft Purview Information Protection (MPIP), customers can automatically apply classification labels and encrypt files that Varonis has automatically identified as sensitive. Users can manually tag documents, and Varonis will ingest this information and provide additional context around the data.
- Classify a file based on its MPIP label
- Decrypt and scan the content of MPIP-encrypted files
- Automatically apply MPIP labels according to configuration, while skipping manually labeled files
- Automatically correct (and report on) mislabeled files
- Automatically perform bulk re-label when a policy is changed
- Enrich Varonis classification report with classification labels data
EDR, DLP, DRM integration
Varonis makes it easy to integrate with EDR, DLP, and DRM solutions using extended file properties. Our labels are persistent, which means that even when files leave the organization, sensitive data stays protected.
Labels can trigger encryption, obfuscation, tracking, and other DRM and DLP functions. For example, you can use labels to enforce a policy to prevent users from attaching sensitive files to external emails or copying them to USB devices.
See how the integrations work.
How Chemung Canal Trust Company is operationalizing labeling with Varonis
Like all banks, Chemung Canal Trust Company (CCTC) needed to secure sensitive personal and financial data, comply with regulations like SOX and GLBA, and audit data access continuously.
Josiah Bennet, the Security Analyst at CCTC, knew the power of Varonis from previous institution and that he wanted to bring the industry-leading platform to CCTC. CCTC had Microsoft Purview but hadn’t considered embarking on a labeling project.
Now that they have Varonis and Microsoft Purview, CCTC is doing what most companies can only dream of — they are in the process of labeling all their information across their data estate, saving time to prepare for audits, and easily pulling reports from Varonis with all the information they need. Read the full case study here.
See Varonis’ automated labeling in action.
Knowing where your sensitive data exists, who can access it, and what users are doing with it are all critical questions that need answers to protect it from cyberattacks. Varonis uniquely combines these key security aspects in one unified solution.
At Varonis, we’re on a mission to deliver automated security outcomes with a holistic approach to data security. Our unified Data Security Platform installs in just minutes and protects your sensitive data wherever it resides, including cloud, SaaS, and data center.
Are you curious to see what risks may exist in your environment? Schedule a demo to get started today.
