Isis Pharmaceuticals is using Varonis DatAdvantage to manage and monitor file access activity. Like any organization, Isis was increasingly finding it complex and frustrating to keep track of its permission infrastructure. Today, using the intelligence collected by DatAdvantage, Isis is able to easily determine who has access to any particular folder. Conversely it can also discover which folders a user or group has access to.
Isis Pharmaceuticals is engaged in antisense drug development with a broad pipeline of drugs that are applicable to many different disease targets including cardiovascular, metabolic, severe and rare diseases, and cancer. Its antisense technology provides a direct route from genes to drugs with the opportunity to dramatically improve industry drug discovery productivity.
Speaking about its requirements, Shannon McVeigh, responsible for infrastructure support, said, “Often I would need to mirror permissions for one user to another but this was easier said than done. Groups in Active Directory did not correlate to the names of the folders. In honesty I didn’t have an easy way to determine exactly who had access to what. Now, with DatAdvantage, when I want to add any user to a group, I can see exactly what they will have access to on the filers when the change is made. I can also see which filer has different securities, and even what does or doesn’t inherit what.”
Varonis DatAdvantage aggregates Active Directory user and group details, ACL information and all data access events—without requiring native OS auditing—to build a complete picture of who can and who is accessing data, and who should have their access revoked. Using the intelligence collected by DatAdvantage, Isis is able to determine who has access to any particular folder. Conversely it can also be used to discover which folders a user or group has access to. Now when a service request is received that a user needs access to a folder, it can see instantly what needs to be changed with the process reduced from 20 to just five minutes.
Using DatAdvantage, Isis is able to determine which users have been added, or even removed, from any group and exactly when it was completed. Using these reports can help it to demonstrate compliance with Sarbanes-Oxley requirements.
A happy side effect Isis has realized since deploying DatAdvantage is that it can use the statistics collected to determine who is accessing what files the most, or reversely which are not being accessed at all. This will help with its clean up efforts, and subsequent archiving of stale data, in the future.