Case Study

How Varonis Helped a Large Services Company Eliminate a Massive Malware Infection


a massive Cryptominer infection


on-prem & in the cloud


on suspicious activity

"In terms of solutions, Varonis Edge was our MVP. Edge directed us to computers with suspicious DNS requests, correlated them with specific users, and showed us the addresses we needed to block.”

Security Engineer, IT Department, Services Company


The signs of the attack were subtle: computers running a little slower, unstable applications, and general network slowdowns. But it was enough that the security engineers for a large services company (who requested anonymity), knew something was wrong. They decided to install Varonis DatAlert and Edge to get to the bottom of the problem.

What they found was shocking: With Varonis, they discovered that nearly every server and workstation was infected with cryptomining malware.

"A lot of vendors just wanted to sell us something. They’d say, ‘we’ve seen it all’ or ‘we can solve that problem’ without investigating further. But when we showed the problem to the Varonis team, they said, ‘We’ve never seen that before.’”

Security Engineer, IT Department, Services Company


  • Remove a widespread malware infection: There had been malicious activity going on undetected within the company’s environment for months. To figure out what the threat was and how to stop it, the Varonis Security Research Team collaborated with security engineers to investigate the extent of the infection. With Varonis’ help, they were able to understand the activity, find the source of the problem, and eliminate the malware infection from every device.
  • Detect and respond to threats: With the DatAlert Suite, the engineers were able to track potential threats to their source. The extra context it provided enabled the security team to understand the problem and take swift and decisive action. And, for detecting and dealing with the cryptomining malware, Edge was invaluable. By analyzing activity on perimeter devices combined with data access activity, Edge was able to detect this almost invisible threat—and stop it from escalating any further.
  • Provide visibility into sensitive data on-prem and in the cloud: DatAdvantage gave the client more visibility into what’s going on in their servers and in the cloud. It made it easy to see when and where changes were taking place and who was making them. They like the fact that even though Varonis’ offers granular insights, the dashboard prioritizes the most important information, making it easy to understand and actionable

“We use DatAlert every day. It alerts us to suspicious activity and lets us drill down to the root of the problem—the username or computer the issue occurred on, the IP address that caused the problem, if the attacker is geo-hopping, etc.”

Security Engineer, IT Department, Services Company

Customer Profile

  • Location: U.S.
  • Industry: Professional Services

Varonis Products

See what products this services company uses to protect their sensitive data.

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.