What's New in Varonis: September 2025

This month, Varonis released new updates to help organizations automate security outcomes and detect threats.

Our new functionality includes:

Varonis acquires SlashNext
Introducing Data Protection Policies
New threat policies of Microsoft Azure and Exchange Online

Continue reading for all the details.

Varonis acquires SlashNext, AI-native email security

Varonis has acquired SlashNext, an AI-native email security with best-in-class phishing detection. With the acquisition, Varonis gives customers a complete threat detection and response solution from the first point of attack to the last. 

In an independent test of cloud email security vendors conducted by the Tolly Group, SlashNext outperformed leading providers such as Abnormal Security and Mimecast. In the test, SlashNext demonstrated the highest overall detection accuracy (99%) and a perfect 100% detection rate for BEC and QR code attacks. 

Introducing Data Protection Policies

At Varonis, we understand that data security is about outcomes. To make it easier to connect the power of automated remediations to outcomes, we are introducing Data Protection Policies, a new way to view automated remediations. Data Protection Policies organize automated remediations by security objective, offering a new and intuitive way to fix issues based on security outcomes.

Each Data Protection Policy identifies a security issue and includes one or more linked automations that directly address that issue. Policies are grouped by category in the main view, and automations are now managed through a side pane.

New threat detection policies for Azure and Exchange Online

Threat detection is a key pillar of end-to-end data security. Varonis is continually adding new threat detection to detect the kinds of abnormal behavior that indicate data is at risk. Varonis has added new threat detection policies for Microsoft Azure and Microsoft Exchange Online.

New Azure threat detection policies:

Access to sensitive Azure application: Detects atypical access patterns to sensitive Azure applications, which may indicate privilege escalation or data extraction attempts.
Unreasonable GEO hopping: Detects logins from geographically distant locations that are physically impossible within a short time frame. This behavior may indicate credential compromise and unauthorized access.
Admin account logged in without MFA: Detects a suspicious first-time login by an admin account without multi-factor authentication, suggesting potential unauthorized access.
Credentials added to service principal: Detects when a password is assigned to a service principal account. Attackers can add privileges to applications and maintain access using the application's service principal.
Mass privileged account modification: Detects rapid modifications to roles or permissions across multiple privileged accounts, which may indicate an attacker attempting tenant takeover. Monitors both additions and removals.
Suspicious Azure token activity: Detects potential unauthorized use of an Azure token. Triggers when the token is accessed from an unusual location or device or is reused in an abnormal way. These anomalies may indicate that the token is compromised.

New Threat Detection Policies for Exchange Online:

Significant number of spam emails sent to recipient: Identifies when a user's mailbox is overwhelmed with spam emails, often due to malicious sign-ups. Attackers may then impersonate IT support to gain trust and access. Known non-malicious domains can be excluded.
Operations on atypical number of mailboxes: Detects operations on atypical number of mailboxes based on learned thresholds.
Suspicious email activity from external user: Detects suspicious email activity that may indicate a phishing attack. It triggers when an atypical external user sends a similar message to multiple internal recipients.
New global forward rule created: Detects the creation of new global forwarding rules on the Exchange server. These rules can be exploited to redirect sensitive emails externally, posing a data exfiltration risk.

Keep up with the latest Varonis product releases.

Varonis’ offerings move fast! Discover product updates you may have missed on our blog.

For more information, including release notes, customer training, and how-to videos, visit the Varonis Community.

See Varonis in action and request a demo today.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Nolan Necoechea Nolan Necoechea is a product marketing strategist at Varonis. He has spent more than a decade working with data and AI innovators.