CTERA enables centralized data access from any edge location or device without compromising performance or security. In a distributed enterprise with an increasingly remote workforce, the need to ensure unstructured file data as private and secure, is paramount for success. Files can contain sensitive enterprise data, such as intellectual property or customer information, and they must be protected from theft, leakage, and loss.

The Varonis Data Security Platform secures data from unauthorized access and cyber-threats by locating where sensitive and regulated information lives across on-premises and cloud datastores – limiting access to data and analyzing activity for abnormal behavior or indications of compromise. Varonis correlates data activity from CTERA into context with additional information such as data classification, authentication events, and network activity to provide a complete audit trail of user activity.

The integration between CTERA and the Varonis Data Security Platform enables the seamless collection of CTERA Edge Filer audit logs from more than one CTERA Edge Filer, through a ctera resource on the Varonis Data Security Platform. This provides:

A central feed of file operations from all edge filers.
Scans the global file system to map files and permissions and identify sensitive data.
Alerts on compliance violations.

Note

The CTERA Portal must be licensed to integrate with the Varonis Data Security Platform. To add a license see Installing the Portal License.

Varonis service tasks can be performed in the global administration view only.

As organizations begin to adopt more rigorous and modern security protocols like Zero Trust, they can utilize CTERA and Varonis in tandem to help reach a mature Zero Trust environment. The Zero Trust security model states that all users, devices, applications, and networks should be inherently untrusted. With CTERA, each direct request is approved and digitally signed by a centralized security authority. Edge devices never possess credentials for object storage, and they cannot corrupt your critical data even if they are compromised. Varonis adds an extra layer of security to the CTERA global file system. The Varonis Data Security Platform rapidly detects and responds to threats by comparing data activity with baseline behavioral profiles created using machine learning algorithms. These algorithms automatically detect abnormal user behaviors and trigger automated responses that stop attackers in their tracks and mitigate any potential damage.

The following events are sent from the edge filers to the portal:

create
move
read
write
delete
chown
ACLDeleted
ACLChanged
ACLAdded
ACLProtectionAdded
ACLProtectionDeleted
AclDenied
createDenied
OpenDenied
deleteDenied

The Flow of Events From Edge Filers to Varonis

The following flow describes the workflow between the edge filers and a CTERA Portal:

CTERA Edge Filers send events from the audit logs to Logstash, a data processing pipeline that collect edge filer events, transforms them by extracting the edge filer ID and formatting the event for Varonis.
Logstash sends the transformed events to internal portal dockers.
The CTERA Portal Varonis service communicates with Varonis via RabbitMQ.

Integrating CTERA with Varonis Data Security Platform