Varonis Version 8.5: New Features to Combat Insider Risk in Microsoft 365

Varonis version 8.5 is here. Discover organization-wide exposure and learn how to combat insider risk in Microsoft 365 with this new update.
Nathan Coppinger
4 min read
Last updated June 9, 2023

The transition to remote work over the last year has exponentially increased the usage of Microsoft 365’s collaboration tools. One look at the massive spike in daily active users for Teams tells the story:

Source

Microsoft reports that users around the globe spend a total of 30 billion minutes a day collaborating across 365—a metric they call Daily Collaboration Minutes (DCM).

With the large volume of data being created and shared via Microsoft 365, security and compliance teams are struggling to keep up. Tracking where sensitive data is stored and shared can be frustrating using Microsoft’s native security tools. It can be difficult, if not possible to answer questions like:

  • How many Team sites contain sensitive data?
  • How many organization-wide shared links to sensitive data do we have?
  • How do we quantify and reduce our collaboration risk?

These blind spots make it difficult for IT to visualize and reduce exposure—not only to external attackers but to insiders across their environment.

Get a Free Data Risk Assessment

Uncover Organization-Wide Exposure in SharePoint Online and OneDrive

Our Remote Work Update de-mystified Teams permissions by showing what happens behind the scenes when a new Teams site is created. With 8.5, we’re expanding that visibility to help IT control organization-wide exposure.

Some of the new updates include the ability to:

  • See where user-generated links expose sensitive data
  • Track sensitive sites created through Teams, including private channels
  • Alert on suspicious behavior in Azure AD

In addition to providing more visibility into potential insider threats, 8.5 provides measures to protect your organization from external threats. New and updated threat models for Azure AD help thwart attackers trying to penetrate Microsoft 365 environments. Customers can also opt-in to receive automatic IOC dictionary updates to help detect emerging threats like the Zerologon vulnerability and SUNBURST.

Track User-Generated Collaboration Links in SharePoint Online and OneDrive

Organization links can inadvertently create overexposure, leaving sensitive data open to insider threats. With 8.5, IT can now easily manage shared links across their organization and see where sensitive data is exposed using the new dashboard widget.

This new dashboard widget can help answer critical questions like:

  • How many links are there?
  • How many links contain sensitive data?
  • What kind of exposure do they create?
  • How many sensitive links are exposed?

The widget draws a clear distinction between links shared with “anyone on the internet” vs. “anyone in your organization” vs. “specific users” – all of which can create varying levels of data security risk.

Full Visibility into Links Shared with Unique Permissions

Users can unknowingly create gaps in visibility within SharePoint Online and OneDrive when they grant files unique permissions. When unique permissions are granted, the parent folder permissions can give a false appearance that ALL content in the folder tree is locked down.

Files gain unique permissions when they are:

  • Shared using a shared link
  • Shared using explicit permissions
  • Manually set to stop inheriting permissions from the parent folder

When a user creates and shares a sub-folder or file using any of the methods above, those objects no longer have the same permissions as the parent folder. Unique permissions are extremely hard to track and can provide a hidden pathway to an attacker.

The new dashboard widget helps IT monitor the extent of their unique permissions risk:

Discover Where Links Create Organization-Wide Exposure

Even if your organization disables all external sharing, users can put sensitive data at risk within M365 through sharing data with organization-wide permissions. With just a few clicks, a user can expose sensitive data to their entire organization:

Organization-wide exposure is created when users share files using:

  • All organization permissions
  • Anyone on the internet permissions
  • Direct access to Everyone except external users
  • Direct access to other global access groups

This update has greatly simplified the discovery of organization-wide access within your Microsoft 365 environment. Prior to this update, whenever users searched for global access groups such as the “Anyone group” in DatAdvantage, they would receive an overwhelming number of results because Varonis would surface literally ALL the underlying groups that Microsoft creates behind the scenes. In other words, we fully revealed M365’s permissions complexity in our UI.

Now, all files that contain the same type of organization-wide permissions are consolidated into a single group within relevant reports, making it far easier to pinpoint overexposure and begin the process of remediation.

Track Sites by Sensitivity in SharePoint Online

What about the 20,000-foot view of risk in M365? Even questions such as “What are my most sensitive SharePoint sites?” or “How many new Teams were created this week that contain sensitive data?” can be a struggle with the native tools in M365.

While IT could see the sites users were making, they did not have any visibility into which sites and private channels contained sensitive information, leaving the data open and vulnerable.

This update introduces a new dashboard widget highlighting where users share sensitive data through SharePoint Online sites and private channels, helping them better understand how sensitive data is being stored and shared across the organization.

.

Additional 8.5 features

DatAlert

New Azure AD threat model updates:

  • Detect Abnormal geo-hopping
  • Discover connections from blacklisted locations
  • Alerts on unusual user activity related to Azure AD accounts
  • NTLM target device events now linked to brute-force models for simplified investigation
  • Alert when abnormal Domain Controller password changes are detected to identify potential Zerologon attacks
Live updates
  • IOC detections are now pushed directly to customers through live-updates.
  • Get alerts pushed through live-update on emerging threats like Zerologon and SUNBURST
Advanced Tuning
  • Tune privileged accounts, exclude specific users and devices

Expanded NAS Coverage

New platform support:

  • Panzura, EMC NAS, Nasuni 8.5, Hitachi NAS, and NetApp ONTAP SELECT 9.7
  • DA support for Hitachi NAS cluster namespaces
DatAnswers
  • Query preview in the personal information form
  • A preview of the user’s query is presented in the Personal Information Form
Web Interface
  • Drill down from SharePoint Online, OneDrive, and Exchange Online dashboards to analytics
New and updated filters and attributes
  • Filter according to sensitivity
  • Reflects if folders directly contain sensitive files
  • See total hit count directly on the files where the event was generated

Want to learn more about combating insider risk in Microsoft 365? Attend our Virtual Connect! event to get enterprise-wide visibility into where sensitive data is exposed within your Microsoft 365 environment.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

what's-new-in-varonis:-march-2024
What's New in Varonis: March 2024
Varonis unveiled updates designed to help you detect and investigate threats, improve your Salesforce and Azure security posture, and streamline your data discovery requests. 
varonis-launches-customizable-data-security-posture-management-(dspm)-dashboard
Varonis Launches Customizable Data Security Posture Management (DSPM) Dashboard
Varonis introduces a new customizable DSPM dashboard to help improve data security posture management
varonis-joins-salesforce-appexchange
Varonis Joins Salesforce AppExchange
The Varonis Data Security Platform can now be found on the Salesforce AppExchange
what’s-new-in-varonis:-december-2023
What’s new in Varonis: December 2023
This month brings you several new features to help security teams manage and secure their critical cloud data.