Varonis for Active Directory

Protect Your Active Directory & Azure AD

Easily visualize your on-prem and Azure AD structure, spot vulnerabilities, and detect attacks like Kerberoasting and pass-the-hash.

Download Datasheet

Uncover hidden attack paths

For attackers to get to what they ultimately want—your data—they need a way in; they need credentials, which are often stored in Active Directory or Azure AD.

Varonis helps you find and fix misconfigurations that hackers commonly exploit. We also monitor all your AD activity—logons, user and group changes, GPO events—and use behavior-based threat models to stop advanced attacks.

Not your normal AD monitoring

Analyzing Active Directory logs are only part of the story. Varonis combines AD activity with data access events and network activity and uses machine learning to build rich, multi-dimensional behavioral profiles. When activity deviates from what’s normal, Varonis detects it automatically.

KerberoastingPrivilege escalation using SID-History modificationUnusual amount of lockouts across admin accountsModification of critical GPOsTicket harvesting attacksPassword spraying & brute-force attacks

Quickly assess your Active Directory risk

Directory Services dashboards provide a high-level view of your AD and Azure AD vulnerabilities, so you can analyze your gaps, prioritize your biggest risks, and demonstrate progress over time.

Untangle your domains

Complex Active Directory structures are hard for administrators to protect and easy for attackers to exploit. Varonis gives you the clear visibility that native tools lack.

We allow you to easily visualize all your domain and local users, groups, and objects in a simple-to-use interface and quickly answer questions like, “who has the ability to change critical settings like adding users to privileged groups?”

Search a unified audit trail of activity

With a human-readable audit trail, admins or security analysts are only a few clicks away from knowing who’s been doing what in Active Directory—right alongside their sensitive file opens, email sends, web requests, and VPN logins.

Investigate incidents quickly and conclusively

Make junior analysts look like battle-tested blue teamers with intuitive forensics and incident response tools. Varonis does all the work to normalize, enrich, and correlate logs to make alerts easy to analyze and act on.


  • How does Varonis monitor Active Directory?

    We gather the security event logs directly from your domain controllers (DCs) in a distributed fashion and combine them all into a single, normalized Varonis log.  We analyze the security events in context with activity from other data sources (like file servers, email, DNS, proxy, cloud) to detect anomalous activity. 

  • Does Varonis require endpoint agents to collect events? 

    No, you don’t need an agent to collect the security event log data.

  • What kinds of attacks can Varonis detect by adding Active Directory monitoring?

    Varonis has many Active Directory-centric threat models to attacks such as: detect brute-force, privilege escalation, encryption downgrade, and pass-the-ticket.  Varonis also tracks user behavior patterns and compares historical baselines to current activity. For example, we can alert you if a service account has a logon event in AD from a device that belongs to an end-user, then started to modify AD objects or access user data.  Monitoring data and access to data with the details from Active Directory provides incredible context to your security analytics. 

  • What other kinds of data about Active Directory can I see?

    In our Directory Services dashboard, you will see dozens of helpful risk metrics like the # of stale but enabled accounts, # of users with no password expiration, or domains where the native admin account was recently accessed.   DatAdvantage gathers many statistics that will help you find and eliminate risks and track your progress to a zero-trust system. 

  • Which Directory Services does Varonis monitor? 

    Active Directory (on-premises), Azure Active Directory, LDAP, NIS 

  • Can I make changes to Active Directory from the Varonis interface?

    Yes. You can see and change many Active Directory settings and properties directly from Varonis. You can also model changes, such as removing users from a group, in a sandbox to see the impact of your change before you make it. Once you’re happy, you can commit changes to AD from Varonis, schedule them, and roll them back if needed. 

Want to see Varonis in action?

Request a Demo