Varonis debuts trailblazing features for securing Salesforce. Learn More

Varonis announces strategic partnership with Microsoft to acclerate the secure adoption of Copilot.

Learn more
How Varonis works

An in-depth look at the Metadata Framework — the patented technology that powers the Varonis Data Security Platform.

Connect to the systems where important data lives.


On-prem data resources

  • Logo_Windows_Dark Navy
  • Icon_UNIX_Dark Navy
  • Icon_NetApp_Dark Navy
  • Logo_Dell EMC_Dark Navy

Cloud data resources

  • Icon_OneDrive
  • Icon_SharePoint_Dark Navy Copy
  • Icon_Nasuni_Dark Navy-1
  • Icon_Nutanix_Dark Navy


  • Icon_M365_Dark Navy
  • Icon_SharePoint_Dark Navy Copy
  • Icon_Teams_Dark Navy
  • Icon_Exchange_Dark Navy Copy

Directory services

  • Icon_Windows AD_Dark Navy
  • Logo_Azure AD_Dark Navy
  • LDAP-1

Network devices

  • Shape
  • PaloAltoNetworks_2020_Logo
  • Combined Shape-1
  • Cisco_logo-1

Collect, enrich, and normalize metadata without endpoint agents.


Scan, classify, and index file contents and properties.


Collect file and folder structures and permissions from data stores.


Collect local users, groups, and relationships from data stores.


Collect domain users, groups, and relationships from directory services.


Aggregate, normalize, and enrich access events in real time.

Combine, correlate, and analyze metadata across three key dimensions.


Varonis’ Data Classification Engine only scans files that our auditing knows have been changed or created since the previous scan. True incremental scanning allows for petabyte scale.


We achieve pinpoint accuracy by going beyond regular expressions, using proximity matching, negative keywords, OCR, and algorithmic verification.


Unlike most classification technology, Varonis uses non-content factors (such as permissions) to further enhance accuracy.


Access control implementations between Windows, Box, SharePoint, Exchange, UNIX, etc. are unique — each with their own idiosyncrasies and gotchas. Calculating effective rights for a given object or user can be absurdly complex and varies greatly between systems. 


Varonis pre-calculates and normalizes the billions of functional relationships between users, groups, and data with patented data structures and algorithms to instantly and accurately determine effective permissions.


This produces a bi-directional permissions map that visualizes who has access to any object and the reverse which objects any user or group can access.


Much like permissions, access events vary wildly in format and structure across technologies. Figuring out what an employee has accessed in a given day can become a data science project when it should be a simple query. 


Varonis aggregates, normalizes, and enriches data access events, access control and configuration changes, authentication events, and network events from a wide variety of systems from dozens of different vendors. 


We produce a unified, human-readable audit trail that becomes your system of record for all data security questions. These enriched events feed our real time alerting engine, enabling high signal-to-noise ratios.

Profile behavior and surface risk insights without human intervention.

Bi-directional cluster analysis

Varonis maps each user's entitlements and analyzes their activity to determine whether they truly need access. Our analysis goes a step further by creating clusters of users with similar permissions and looks for meaningful deviations in their data usage. 


This analysis yields highly accurate permissions removal recommendations, which can be implemented without human intervention or automatically sent to a business user as part of an entitlement review.

Security analytics and threat modeling

Varonis automatically builds a baseline, or “peace-time profile” over hours, days, and weeks for every user and device, so strange behavior doesn't go unnoticed.


This produces security insights such as:


  • What kinds of accounts are there and who do they belong to?
  • Who uses which devices and which data?
  • When are users active and from where? 


Our product contains hundreds of machine-learning threat models based on real-world attack techniques spanning the cyber kill chain. These models get smarter over time as they learn your environment.


285 users have unnecessary access to the Legal team’s SharePoint.


ELS-backup is a stale service account with domain admin access.


afp-laptop is Amanda Perez’s personal device.

Simulate, commit, and automate changes in the environment.

Sandbox simulations

Because Varonis has a model of your entire environment, you can easily simulate what-if scenarios to determine the precise impact of a permissions change.


Varonis uses historical events to see which users, service accounts, and apps will be impacted.


We perform all the necessary dependency checks to ensure nothing will break unexpectedly when you commit the change.

Commit and rollback

You can commit many changes to your environment via the Varonis platform:


  • Create and manage users/groups
  • Edit folder or mailbox permissions
  • Change Active Directory group memberships


To commit a change, the user making the change must authenticate using credentials that provide the right level of access. Varonis does not run in God Mode.


Our distributed commit engine is multi-threaded, so you can issue widescale changes without waiting a week. Commits can be done ad-hoc or scheduled for a change control window and can be rolled back automatically.


Varonis performs automatic preventative and detective actions to ensure your data is secure.


For example, self-healing permissions, when enabled, will remove any global access group (GAG) that exposes data to all employees. The GAG is replaced with a special purpose access group, thereby limiting your blast radius. This enables petabyte-scale remediation projects to be completed in weeks, not years.

On the detective side, you can trigger customized automated responses to threat models to stop an attack in progress.


Self-heal globally exposed data.


Auto-repair broken access controls.


Auto-quarantine rogue sensitive files.

Frequently asked questions

What are the deployment options?

The Varonis Data Security Platform offers both SaaS and self-hosted deployment options.  

Our cloud-native Data Security Platform is hosted by Varonis and delivered as software-as-a-service (SaaS). Our SaaS platform can monitor and protect both cloud and on-premises data. 

Our self-hosted Data Security Platform can be deployed either on-prem or in any private cloud that can run Windows servers (e.g., Azure, AWS, Google, etc.). 

What are the installation prerequisites?

The SaaS deployment of the Varonis Data Security Platform is hosted in Varonis’ cloud, so there are minimal setup requirements. Request a free trial to get started. 

For self-hosted installations:  

DSP Server: Windows Server 2012+ (can be virtual) with SQL Server 2016+ Standard or Enterprise including Reporting Services (SSRS)  

Solr Server: Windows Server 2012+ (can be virtual) 

We recommend each machine have 8-16 cores 2.3 GHz or better, 16-24 GB of RAM, and 250 GB of dedicated storage. We also require Amazon Corretto JDK 8 and .NET Framework 3.5 SP1 and 4.7.2 on both machines. 

Create a Varonis service account and add it to the domain users security group. Add this service account to the local administrators group on each of the Varonis servers above. 

What if I have more questions? 

Contact us and our systems engineering team will be happy to answer any questions you have!

Varonis focuses on protecting enterprise data where it lives — in the largest and most important data stores and applications across the cloud and on-premises.
Third-party apps

Connect Varonis to the security and privacy tools in your tech stack via ready-made apps and API-based integrations.