Varonis debuts trailblazing features for securing Salesforce. Learn More

Varonis announces strategic partnership with Microsoft to acclerate the secure adoption of Copilot.

Learn more

Data Classification Engine

They stop at classification. We start there.

  • Automatically classify sensitive files
  • Drastically reduce exposure
  • Alert on suspicious access behavior

See your data in 3D.


Know which files have high concentrations of sensitive records.


Know which files are exposed and at risk.


Know who is accessing, changing, deleting, or sharing sensitive data.

Visualize your data risk across cloud and on-prem storage.

A flat list of files matching a policy makes it impossible to prioritize risk and comply with privacy laws. Varonis gives you a clear hierarchical view of which locations contain concentrations of sensitive and overexposed files.

04_Visualize your data riskvisualize your data risk

Classification meets automation.


Automatically apply persistent sensitivity labels to encrypt, obfuscate, or enforce DRM.

Learn more


Automatically revoke unnecessary access without impacting the business.

Learn more


Automatically index regulated data so you can quickly handle DSAR requests.

Learn more


Automatically move sensitive data that becomes exposed.

Learn more


Automatically delete or archive data that meets your custom criteria.

Learn more

Shockingly accurate. Infinitely scalable.

Get accurate classification results across petabytes of unstructured data with few false positives. 

Our vast library of policies goes beyond regular expressions with proximity matching, negative keywords, and algorithmic verification to generate high-fidelity results.

Privacy laws move fast. We move faster.

400+ classification policies to cover all your compliance needs.

Learn about Policy Pack

As data privacy regulations change, it’s not always possible to keep track of the specifics. Varonis does it for us with off-the-shelf data classification.
Chief Information Security Officer, Commodities Trader Read the case study

Key features

True incremental scanning

Our file activity audit trail tells the classification engine which files have been created or changed; no need to re-scan every file or check last modified date.

Distributed and multi-threaded

Scanning is performed by distributed multi-threaded nodes so scanning can be performed in close network proximity to the monitored data.

Automatic policy updates

We update our policy definitions automatically so you can be confident your data classification results reflect the latest changes in data privacy laws.

Granular record counts

Report on sensitive record count, not just files (e.g.,  5 files with 100,000 sensitive records vs. 500 files with one record each).

Robust file type support

We leverage Oracle’s Outside-In technology to support many file types including documents, ZIP archives, PDFs, images, spreadsheets, and more.

Pre-defined reports

Unlock a massive library of reports to provide concrete evidence of compliance. Run reports on-demand or email them on a schedule.

DSAR automation

Fulfill data subject access requests (DSARs) and Right to be Forgotten requests with ease using DatAnswers. Export the results to be moved, deleted, or quarantined.

Attack surface reduction

Automatically restrict access to personal information and minimize its exposure with the Automation Engine.

Secrets discovery

Surface improperly stored and overexposed secrets (e.g. API keys, database credentials, encryption certificates, etc.) in your data stores, and automatically remediate access with Automation Engine and Data Transport Engine.