How Varonis works

An in-depth look at the Metadata Framework—the patented technology that powers the Varonis Data Security Platform.

Connect to the systems where important data lives.

database2-1

On-prem data resources

  • Logo_Windows_Dark Navy
  • Icon_UNIX_Dark Navy
  • Icon_NetApp_Dark Navy
  • Logo_Dell EMC_Dark Navy
cloud-2

Cloud data resources

  • Icon_OneDrive
  • Icon_SharePoint_Dark Navy Copy
  • Icon_Nasuni_Dark Navy-1
  • Icon_Nutanix_Dark Navy
play-1

Applications

  • Icon_M365_Dark Navy
  • Icon_SharePoint_Dark Navy Copy
  • Icon_Teams_Dark Navy
  • Icon_Exchange_Dark Navy Copy
activedirectory

Directory services

  • Icon_Windows AD_Dark Navy
  • Logo_Azure AD_Dark Navy
  • LDAP-1
  • centrify-seeklogo.com
database

Network devices

  • Shape
  • PaloAltoNetworks_2020_Logo
  • Combined Shape-1
  • Cisco_logo-1

Collect, enrich, and normalize metadata without endpoint agents.

restricted_access-1

Scan, classify, and index file contents and properties.

file-1

Collect file and folder structures and permissions from data stores.

database-2

Collect local users, groups, and relationships from data stores.

user_group2-2

Collect domain users, groups, and relationships from directory services.

dot_grid_4-1

Aggregate, normalize, and enrich access events in real-time.

Combine, correlate, and analyze metadata across three key dimensions.


Sensitivity

Varonis’ classification engine only scans files that our auditing knows have been changed or created since the previous scan. True incremental scanning allows for petabyte scale.

 

We achieve pinpoint accuracy by going beyond regular expressions, using proximity matching, negative keywords, OCR, and algorithmic verification.

 

Unlike most classification technology, Varonis uses non-content factors (such as permissions) to further enhance accuracy.


Permissions

Access control implementations between Windows, Box, SharePoint, Exchange, UNIX, etc. are unique—each with their own idiosyncrasies and gotchas. Calculating effective rights for a given object or user can be absurdly complex and varies greatly between systems. 

 

Varonis pre-calculates and normalizes the billions of functional relationships between users, groups, and data with patented data structures and algorithms to instantly and accurately determine effective permissions.

 

This produces a bi-directional permissions map that visualizes who has access to any object and the reversewhich objects any user or group can access.


Activity

Much like permissions, access events vary wildly in format and structure across technologies. Figuring out what an employee has accessed in a given day can become a data science project when it should be a simple query. 

 

Varonis aggregates, normalizes, and enriches data access events, access control/configuration changes, authentication events, and network events from a wide variety of systems from dozens of different vendors. 

 

We produce a unified, human-readable audit trail that becomes your system of record for all data security questions. These enriched events feed our real-time alerting engine, enabling high signal-to-noise ratios.


Profile behavior and surface risk insights without human intervention.


Bi-Directional Cluster Analysis

Varonis maps each user's entitlements and analyzes their activity to determine whether they truly need access. Our analysis goes a step further by creating clusters of users with similar permissions and looks for meaningful deviations in their data usage. 

 

This analysis yields highly accurate permissions removal recommendations which can be implemented without human intervention or automatically sent to a business user as part of an entitlement review.


Security Analytics & Threat Modeling

Varonis automatically builds a baseline, or “peace-time profile” over hours, days, and weeks for every user and device, so when they behave strangely, they get noticed.

 

This produces security insights such as:

 

  • What kinds of accounts are there and who do they belong to?
  • Who uses which devices and which data?
  • When are they active and from where? 

 

Our product contains hundreds of machine-learning threat models based on real-world attack techniques spanning the cyber kill chain. These models get better over time as they learn your environment.

 

We can’t say anything more about these models. The lawyers are watching.


product-hiw-profile-1@2x

285 users have unnecessary access to the Legal team’s SharePoint.

Illustration_HowitWorks_StaleServiceAccount

ELS-backup is a stale service account with domain admin access.

product-hiw-profile-3@2x

afp-laptop is Amanda Perez’s personal device.

Simulate, commit, and automate changes in the environment.


Sandbox Simulations

Because Varonis has a model of your entire environment, you can easily simulate what-if scenarios to determine the precise impact of a permissions change.

 

Varonis uses historical events to see which users, service accounts, and apps will be impacted.

 

We perform all the necessary dependency checks to ensure nothing will break unexpectedly when you commit the change.


Commit & Rollback

You can commit many changes to your environment via the Varonis platform:

 

  • Create and manage users/groups
  • Edit folder or mailbox permissions
  • Change Active Directory group memberships

 

To commit a change, the user making the change must authenticate using credentials that provide the right level of access. Varonis does NOT run in God mode.

 

Our distributed commit engine is multi-threaded, so you can issue wide-scale changes without waiting a week. Commits can be done ad-hoc or scheduled for a change control window and can be rolled back automatically.


Automation

Varonis performs automatic preventative and detective actions to ensure your data is secure.

 

For example, self-healing permissions, when enabled, will remove any global access group (GAG) that exposes data to all employees. The GAG is replaced with a special purpose access group thereby limiting your blast radius. This enables petabyte-scale remediation projects to be completed in weeks, not years.


On the detective side, you can trigger customized automated responses to threat models to stop an attack in progress.


globe

Self-heal globally exposed data.

classified

Auto-repair broken access controls.

dot_grid_1

Auto-quarantine rogue sensitive files.

Architecture

Illustration_ArchitectureDiagram
Group 3@2x-1
products-hiw-arch-mobile-2

Frequently asked questions


What are the installation prerequisites?

DSP Server: Windows Server 2012+ (can be virtual) with SQL Server 2016+ Standard or Enterprise including Reporting Services (SSRS). 

 

Solr Server: Windows Server 2012+ (can be virtual).

 

We recommend each machine have 8-16 cores 2.3 GHz or better, 16-24 GB of RAM, and 250 GB of dedicated storage. We also require Amazon Corretto JDK 8 and .NET Framework 3.5 SP1 and 4.7.2 on both machines.

Create a Varonis service account and add it to the Domain Users security group. Add this service account to the Local Administrators group on each of the Varonis servers above.


Is the Varonis Data Security Platform a hosted solution?

No. The Varonis Data Security Platform is a self-hosted software product. You can, however, deploy Varonis in any cloud that can support Windows servers (e.g., Azure, AWS, Google, etc.). 

 

Varonis DatAdvantage Cloud is a SaaS.


Does Varonis need domain admin?

No. We’ll need admin credentials to install, but our services do not need to run as domain admin once they’re there. In fact, we really prefer they don’t. To monitor Windows servers, for example, we need a domain user with backup operator and power user rights. In UNIX, we run as a normal user.

Integrations

Varonis focuses on protecting enterprise data where it lives—in the largest and most important data stores and applications across the cloud and on-premises.

Third-Party Apps

Connect Varonis to the security and privacy tools in your tech stack via ready-made apps and API-based integrations.