Varonis debuts trailblazing features for securing Salesforce. Learn More

Varonis named a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023

Read the report
Data Security Threat Research Varonis Products Cloud Security Ransomware Active Directory Privacy & Compliance
View by category
Data Security Threat Research Varonis Products Cloud Security Ransomware Active Directory Privacy & Compliance
Featured
Data Security
Varonis Named a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023
Avia Navickas
Avia Navickas Mar 22, 2023
Varonis Named a Leader in the Forrester Wave™: Data Security Platforms, Q1 2023, receiving the highest score in the strategy category.
Featured
Varonis Products
What's New in Varonis: May 2023
Yumna Moazzam
Yumna Moazzam May 30, 2023
Check out the new features that help security teams automatically enforce least privilege and uniformly apply sensitivity labels across their hybrid cloud and on-prem environments.
Featured
Threat Research
Using Power Automate for Covert Data Exfiltration in Microsoft 365
Eric Saraga
Eric Saraga Feb 02, 2022
How threat actors can use Microsoft Power Automate to automate data exfiltration, C2 communication, lateral movement, and evade DLP solutions.
Featured
Threat Research
Ghost Sites: Stealing Data From Deactivated Salesforce Communities
Nitay Bachrach
Nitay Bachrach May 31, 2023
Varonis Threat Labs discovered improperly deactivated Salesforce 'ghost' Sites that are easily found, accessible, and exploitable by attackers.
Try Varonis free.

Get a detailed data risk report based on your company’s data. Deploys in minutes.

Get started
Featured collections
Latest articles
See all articles
imposter-syndrome:-ui-bug-in-visual-studio-lets-attackers-impersonate-publishers
Imposter Syndrome: UI Bug in Visual Studio Lets Attackers Impersonate Publishers
imposter-syndrome:-ui-bug-in-visual-studio-lets-attackers-impersonate-publishers
Dolev Taler
June 7, 2023
Varonis Threat Labs found a bug in Microsoft Visual Studio installer that allows an attacker to impersonate a publisher and issue a malicious extension to compromise a targeted system
how-to-deal-with-sensitive-data-in-salesforce:-a-guide-to-data-classification
How to Deal With Sensitive Data in Salesforce: A Guide to Data Classification
how-to-deal-with-sensitive-data-in-salesforce:-a-guide-to-data-classification
Megan Garza
June 6, 2023
Salesforce Ben and the Varonis team up to discuss Salesforce data classification best practices.
ghost-sites:-stealing-data-from-deactivated-salesforce-communities
Ghost Sites: Stealing Data From Deactivated Salesforce Communities
ghost-sites:-stealing-data-from-deactivated-salesforce-communities
Nitay Bachrach
May 31, 2023
Varonis Threat Labs discovered improperly deactivated Salesforce 'ghost' Sites that are easily found, accessible, and exploitable by attackers.
speed-data:-featuring-pat-benoit,-global-ciso-for-brinks,-inc.
Speed Data: Featuring Pat Benoit, Global CISO for Brinks, Inc.
speed-data:-featuring-pat-benoit,-global-ciso-for-brinks,-inc.
Megan Garza
May 30, 2023
Pat shared the four leadership rules he follows, what it takes to succeed in cybersecurity, and why he just might be “The Most Interesting Man in the World.”
See all articles
Data Security
See all Data Security
speed-data:-featuring-pat-benoit,-global-ciso-for-brinks,-inc.
Speed Data: Featuring Pat Benoit, Global CISO for Brinks, Inc.
speed-data:-featuring-pat-benoit,-global-ciso-for-brinks,-inc.
Megan Garza
May 30, 2023
Pat shared the four leadership rules he follows, what it takes to succeed in cybersecurity, and why he just might be “The Most Interesting Man in the World.”
what-automation-means-for-cybersecurity—and-your-business
What Automation Means For Cybersecurity—And Your Business
what-automation-means-for-cybersecurity—and-your-business
Yaki Faitelson
May 3, 2023
This article explains how automation can help turn the right information into action, helping to defend against cyberattacks, mitigate risk, shore up compliance and improve productivity.
data-security-posture-management-(dspm):-best-practices-guide-for-cisos
Data Security Posture Management (DSPM): Best Practices Guide for CISOs
data-security-posture-management-(dspm):-best-practices-guide-for-cisos
Rob Sobers
April 19, 2023
Master Data Security Posture Management (DSPM) best practices with our CISOs' guide. Learn to select the right tool, maintain compliance, and prevent data breaches.
your-guide-to-the-2023-rsa-conference
Your Guide to the 2023 RSA Conference
your-guide-to-the-2023-rsa-conference
Megan Garza
April 13, 2023
Varonis has compiled the top RSAC sessions you won’t want to miss. Follow our handy agenda to take advantage of everything RSAC 2023 has to offer.
See all Data Security
Threat Research
See all Threat Research
imposter-syndrome:-ui-bug-in-visual-studio-lets-attackers-impersonate-publishers
Imposter Syndrome: UI Bug in Visual Studio Lets Attackers Impersonate Publishers
imposter-syndrome:-ui-bug-in-visual-studio-lets-attackers-impersonate-publishers
Dolev Taler
June 7, 2023
Varonis Threat Labs found a bug in Microsoft Visual Studio installer that allows an attacker to impersonate a publisher and issue a malicious extension to compromise a targeted system
ghost-sites:-stealing-data-from-deactivated-salesforce-communities
Ghost Sites: Stealing Data From Deactivated Salesforce Communities
ghost-sites:-stealing-data-from-deactivated-salesforce-communities
Nitay Bachrach
May 31, 2023
Varonis Threat Labs discovered improperly deactivated Salesforce 'ghost' Sites that are easily found, accessible, and exploitable by attackers.
hardbit-2.0-ransomware
HardBit 2.0 Ransomware
hardbit-2.0-ransomware
Jason Hill
February 20, 2023
HardBit is a ransomware threat that targets organizations to extort cryptocurrency payments for the decryption of their data. Seemingly improving upon their initial release, HardBit version 2.0 was introduced toward the end of November 2022, with samples seen throughout the end of 2022 and into 2023.
neo4jection:-secrets,-data,-and-cloud-exploits
Neo4jection: Secrets, Data, and Cloud Exploits
neo4jection:-secrets,-data,-and-cloud-exploits
Nitay Bachrach
February 8, 2023
With the continuous rise of graph databases, especially Neo4j, we're seeing increased discussions among security researchers about issues found in those databases. However, given our experience with graph databases ― from designing complex and scalable solutions with graph databases to attacking them ― we've noticed a gap between public conversations and our security researchers' knowledge of those systems.
See all Threat Research
Varonis Products
See all Varonis Products
what's-new-in-varonis:-may-2023
What's New in Varonis: May 2023
what's-new-in-varonis:-may-2023
Yumna Moazzam
May 30, 2023
Check out the new features that help security teams automatically enforce least privilege and uniformly apply sensitivity labels across their hybrid cloud and on-prem environments.
varonis-launches-third-party-app-risk-management
Varonis Launches Third-Party App Risk Management
varonis-launches-third-party-app-risk-management
Nathan Coppinger
April 25, 2023
Varonis reduces your SaaS attack surface by discovering and remediating risky third-party app connections.
varonis-opens-australia-data-centre-to-support-saas-customers
Varonis Opens Australia Data Centre to Support SaaS Customers
varonis-opens-australia-data-centre-to-support-saas-customers
Rachel Hunt
April 11, 2023
Australian expansion allows Varonis customers to achieve automated data security outcomes while following national standards for data privacy.
how-varonis-saves-salesforce-admins-hours-in-their-day
How Varonis Saves Salesforce Admins Hours in Their Day
how-varonis-saves-salesforce-admins-hours-in-their-day
Nathan Coppinger
March 8, 2023
Varonis provides industry leading Salesforce management and permission implications capabilities to help save Salesforce admins hours in their day.
See all Varonis Products
Featured videos
 
Webinar
State of Cybercrime: China's Silent Cyber Campaigns
 
Webinar
Data-First Forum: The Path to CISO
 
Video
The Varonis Data Security Platform
Cloud Security
See all Cloud Security
what-automation-means-for-cybersecurity—and-your-business
What Automation Means For Cybersecurity—And Your Business
what-automation-means-for-cybersecurity—and-your-business
Yaki Faitelson
May 3, 2023
This article explains how automation can help turn the right information into action, helping to defend against cyberattacks, mitigate risk, shore up compliance and improve productivity.
how-varonis'-approach-to-sspm-helps-your-company
How Varonis' approach to SSPM helps your company
how-varonis'-approach-to-sspm-helps-your-company
Rob Sobers
April 26, 2023
Adopt a data-first approach with Varonis' SSPM, securing SaaS apps & reducing risk. Learn how you can get better visibility, automation, and protection.
what-is-idor-(insecure-direct-object-reference)?
What is IDOR (Insecure Direct Object Reference)? - Varonis
what-is-idor-(insecure-direct-object-reference)?
Robert Grimmick
October 14, 2022
Insecure Direct Object References (IDOR) are common, potentially devastating vulnerabilities resulting from broken access control in web applications.
change-these-7-security-settings-after-creating-a-new-aws-account
AWS Security Best Practices for a New Account
change-these-7-security-settings-after-creating-a-new-aws-account
Shane Waterford
September 16, 2022
Use these seven AWS security best practices for simple configuration changes on a new AWS account.
See all Cloud Security
Ransomware
See all Ransomware
four-must-know-cyber-tips-for-your-business
Four Must-Know Cyber Tips for Your Business
four-must-know-cyber-tips-for-your-business
Yaki Faitelson
December 1, 2022
The real story behind today’s breaches is never about an isolated bad decision—it’s about the many decisions made long before a sleepy network administrator gets a call from an attacker.
ryuk-ransomware:-breakdown-and-prevention-tips
Ryuk Ransomware: Breakdown and Prevention Tips
ryuk-ransomware:-breakdown-and-prevention-tips
David Harrington
June 25, 2022
Ryuk ransomware targets large organizations and spreads with deadly speed. Learn about the strain and how to prevent your company from becoming a victim.
why-every-cybersecurity-leader-should-‘assume-breach’
Why Every Cybersecurity Leader Should ‘Assume Breach’
why-every-cybersecurity-leader-should-‘assume-breach’
Yaki Faitelson
May 16, 2022
Any system, account or person at any time can be a potential attack vector. With such a vast attack surface, you need to assume attackers will breach at least one vector.
bad-rabbit-ransomware
Bad Rabbit Ransomware
bad-rabbit-ransomware
Michael Raymond
May 6, 2022
Bad Rabbit is a ransomware strain that spread via hacked websites, infected systems via a fake Adobe installer and held encrypted files for Bitcoin.
See all Ransomware
Active Directory
See all Active Directory
azure-managed-identities:-definition,-types,-benefits-+-demonstration
Azure Managed Identities: Complete Guide with Free Demonstration
azure-managed-identities:-definition,-types,-benefits-+-demonstration
Neeraj Kumar
October 6, 2022
Use this guide to learn about Azure managed identities: What they are, how many types there are, and what benefits they offer, plus how they work.
group-policy-objects-(gpos):-how-they-work-&-configuration-steps
Group Policy Objects (GPOs): How They Work & Configuration Steps
group-policy-objects-(gpos):-how-they-work-&-configuration-steps
David Harrington
June 15, 2022
Group Policy Objects (GPOs) let system admins control and implement cybersecurity measures from a single location. Learn about GPOs and how they work here.
12-group-policy-best-practices:-settings-and-tips-for-admins
12 Group Policy Best Practices: Settings and Tips for Admins | Varonis
12-group-policy-best-practices:-settings-and-tips-for-admins
Jeff Brown
April 4, 2022
Group Policy configures settings, behavior, and privileges for user and computers. In this article, you’ll learn best practices when working with Group Policy.
securing-azure-blob-storage:-set-up-guide
Securing Azure Blob Storage: Set-Up Guide | Varonis
securing-azure-blob-storage:-set-up-guide
Jeff Brown
August 25, 2021
Security is vital in today’s cloud-first environment. Cloud services are often enabled to solve an issue quickly, but no one goes back to verify if security best practices have been…
See all Active Directory
Privacy & Compliance
See all Privacy & Compliance
meta's-$1.3b-fine:-what-can-happen-if-you-don’t-monitor-your-pii
Meta's $1.3B Fine: What can Happen if you Don’t Monitor Your PII
meta's-$1.3b-fine:-what-can-happen-if-you-don’t-monitor-your-pii
Brian Vecci
May 22, 2023
Continuous discovery and data monitoring critical to identify misplaced PII.
hipaa-compliance:-your-complete-2023-checklist
HIPAA Compliance: Your Complete 2023 Checklist
hipaa-compliance:-your-complete-2023-checklist
David Harrington
March 10, 2023
Is your organization ready to comply with 2023 HIPAA updates and changes? Ensure HIPAA compliance with your comprehensive 2023 checklist.
australian-privacy-act-2022-updates
Australian Privacy Act 2022 Updates
australian-privacy-act-2022-updates
Michael Buckbee
December 19, 2022
A series of stunning data breaches in 2022 has prompted lawmakers to begin making changes to the 1988 Australian Privacy Act in the form of the new Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022.
the-12-pci-dss-requirements:-4.0-compliance-checklist
The 12 PCI DSS Requirements: 4.0 Compliance Checklist
the-12-pci-dss-requirements:-4.0-compliance-checklist
David Harrington
October 3, 2022
Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) is right around the corner. Prepare with our PCI DSS compliance checklist.
See all Privacy & Compliance
We're Varonis.
Our mission is to deliver meaningful security outcomes on autopilot.
No overhead. Just outcomes.  
Learn more