How Varonis works
An in-depth look at the Metadata Framework — the patented technology that powers the Varonis Data Security Platform.
Connect to the systems where important data lives.
On-prem data resources
Cloud data resources
Collect, enrich, and normalize metadata without endpoint agents.
Scan, classify, and index file contents and properties.
Collect file and folder structures and permissions from data stores.
Collect local users, groups, and relationships from data stores.
Collect domain users, groups, and relationships from directory services.
Aggregate, normalize, and enrich access events in real time.
Combine, correlate, and analyze metadata across three key dimensions.
Varonis’ Data Classification Engine only scans files that our auditing knows have been changed or created since the previous scan. True incremental scanning allows for petabyte scale.
We achieve pinpoint accuracy by going beyond regular expressions, using proximity matching, negative keywords, OCR, and algorithmic verification.
Unlike most classification technology, Varonis uses non-content factors (such as permissions) to further enhance accuracy.
Access control implementations between Windows, Box, SharePoint, Exchange, UNIX, etc. are unique — each with their own idiosyncrasies and gotchas. Calculating effective rights for a given object or user can be absurdly complex and varies greatly between systems.
Varonis pre-calculates and normalizes the billions of functional relationships between users, groups, and data with patented data structures and algorithms to instantly and accurately determine effective permissions.
This produces a bi-directional permissions map that visualizes who has access to any object and the reverse — which objects any user or group can access.
Much like permissions, access events vary wildly in format and structure across technologies. Figuring out what an employee has accessed in a given day can become a data science project when it should be a simple query.
Varonis aggregates, normalizes, and enriches data access events, access control and configuration changes, authentication events, and network events from a wide variety of systems from dozens of different vendors.
We produce a unified, human-readable audit trail that becomes your system of record for all data security questions. These enriched events feed our real time alerting engine, enabling high signal-to-noise ratios.
Profile behavior and surface risk insights without human intervention.
Bi-directional cluster analysis
Varonis maps each user's entitlements and analyzes their activity to determine whether they truly need access. Our analysis goes a step further by creating clusters of users with similar permissions and looks for meaningful deviations in their data usage.
This analysis yields highly accurate permissions removal recommendations, which can be implemented without human intervention or automatically sent to a business user as part of an entitlement review.
Security analytics and threat modeling
Varonis automatically builds a baseline, or “peace-time profile” over hours, days, and weeks for every user and device, so strange behavior doesn't go unnoticed.
This produces security insights such as:
- What kinds of accounts are there and who do they belong to?
- Who uses which devices and which data?
- When are users active and from where?
Our product contains hundreds of machine-learning threat models based on real-world attack techniques spanning the cyber kill chain. These models get smarter over time as they learn your environment.
Simulate, commit, and automate changes in the environment.
Because Varonis has a model of your entire environment, you can easily simulate what-if scenarios to determine the precise impact of a permissions change.
Varonis uses historical events to see which users, service accounts, and apps will be impacted.
We perform all the necessary dependency checks to ensure nothing will break unexpectedly when you commit the change.
Commit and rollback
You can commit many changes to your environment via the Varonis platform:
- Create and manage users/groups
- Edit folder or mailbox permissions
- Change Active Directory group memberships
To commit a change, the user making the change must authenticate using credentials that provide the right level of access. Varonis does not run in God Mode.
Our distributed commit engine is multi-threaded, so you can issue widescale changes without waiting a week. Commits can be done ad-hoc or scheduled for a change control window and can be rolled back automatically.
Varonis performs automatic preventative and detective actions to ensure your data is secure.
For example, self-healing permissions, when enabled, will remove any global access group (GAG) that exposes data to all employees. The GAG is replaced with a special purpose access group, thereby limiting your blast radius. This enables petabyte-scale remediation projects to be completed in weeks, not years.
On the detective side, you can trigger customized automated responses to threat models to stop an attack in progress.
Self-heal globally exposed data.
Auto-repair broken access controls.
Auto-quarantine rogue sensitive files.
Frequently asked questions
What are the deployment options?
Our cloud-native Data Security Platform is hosted by Varonis and delivered as software-as-a-service (SaaS). Our SaaS platform can monitor and protect both cloud and on-premises data.
Our self-hosted Data Security Platform can be deployed either on-prem or in any private cloud that can run Windows servers (e.g., Azure, AWS, Google, etc.).
What are the installation prerequisites?
The SaaS deployment of the Varonis Data Security Platform is hosted in Varonis’ cloud, so there are minimal setup requirements. Request a free trial to get started.
For self-hosted installations:
DSP Server: Windows Server 2012+ (can be virtual) with SQL Server 2016+ Standard or Enterprise including Reporting Services (SSRS)
Solr Server: Windows Server 2012+ (can be virtual)
We recommend each machine have 8-16 cores 2.3 GHz or better, 16-24 GB of RAM, and 250 GB of dedicated storage. We also require Amazon Corretto JDK 8 and .NET Framework 3.5 SP1 and 4.7.2 on both machines.
Create a Varonis service account and add it to the domain users security group. Add this service account to the local administrators group on each of the Varonis servers above.
What if I have more questions?
Contact us and our systems engineering team will be happy to answer any questions you have!
Connect Varonis to the security and privacy tools in your tech stack via ready-made apps and API-based integrations.