DatAlert

Security Analytics for Your Data

Spot threats before they become breaches.

Watch Video
Request a Demo

Security analytics with deep data context

Confidently answer the question “Is my data safe?” with continuous monitoring and alerting on your core data and systems. Varonis is the only solution that combines data classification and access governance with UEBA, giving our threat models richer context and more accurate alerts.

Detect unusual file and email activity, suspicious user behavior, and trigger alerts cross-platform to protect your data before it’s too late. Automatic response triggers can stop ransomware in its tracks, and mitigate the impact of compromised accounts and potential data breaches.

Can you see what's happening with your data?

Get a Demo

Protect your data wherever it lives

DatAlert gives you actionable intelligence and security analytics on your data: analyze behavioral patterns to see when a user is acting suspiciously - and compare their activity against their peers, their normal working hours, and their typical behavior.

Don't rely on signatures

Our dedicated team of security experts and data scientists continually introduce new behavior-based threat models to monitor patterns, track the latest APTs, and keep your data safe.

Achieve regulatory compliance

Prove to auditors that you’re not just watching regulated data, but proactively protecting it. Track, monitor, and automatically alert on regulated data to pass audits for PCI-DSS, GDPR, HIPAA, SOX, GLBA, FISMA, and more.

Investigations & forensics

Visualize security threats with an intuitive dashboard, investigate security incidents - even track alerts and assign them to team members for closure.

Want to go even further? Rewind to see incidents from the past, identify breaches that may have already occurred, and pre-emptively tune out false positives.

Get the big picture

Knowing something’s amiss isn’t enough - so get the full picture with context: see how unusual behavior maps to incidents and activity across platforms.

Get a holistic view of what’s going on: see user actions, monitor their behavior, and automatically compare against peer behavior.

Request a Demo

100+ threat models and growing

Unauthorized privilege escalations
Mass delete behaviors
Abnormal lockout behaviors
Attempts to damage and destroy operational files
Exploitation tools
Membership changes
Modifications to critical files and units
Modifications to critical GPOs
Suspicious access activity
Permission changes
Brute force attacks
Attempted data exfiltration
Ransomware behavior
Unusual file activity
Unusual mailbox and email activity
Access to sensitive data
Unauthorized access attempts
Unusual encryption activity
Accumulative analysis on idle and sensitive data
Unusual access to system files
Unauthorized data access
Unusual encryption activity
Misconfigurations
System intrusion

Sends alerts to your favorite apps

Take it a step further, and send alerts to your inbox, a SIEM, syslog, and more. Incorporate rich context and data security intelligence from DatAlert into your favorite SIEM for better breach detection.

In the last year, we’ve gone from averaging five ransomware attacks a month to now around 10-15 times a day – all because someone clicks on something they shouldn’t have.

Varonis DatAlert helps us to identify and stop these breaches.

Gary Hayslip, Chief Information Security Officer at City of San Diego, City of San Diego

A week into our implementation we had a brush with ransomware. One of the employees remotely connected and went on a site that started downloading Locky. Luckily DatAlert immediately told me when the individual started encrypting the file, so we disabled the account and restored the files.

Lee Powe, CIO, Hugh Chatham Memorial Hospital

We have it installed on 19 file servers. [We use it for] monitoring for unusual file activity, PII information, and unusual user activity.

It’s like having an extra staff member that never sleeps always watching over our data.

Jay Attiya, Director of IT, Tom's River Regional Schools

Cryptolocker is a huge security threat, so having Varonis DatAlert in place to help prevent attacks is a no-brainer for us.

It’s nice to know Varonis is looking out for us and will be able to catch things and help us proactively prevent internal and external data breaches.

Jim Hanlon, SVP & CTO, Dedham Savings Bank

FAQFrequently Asked Questions

General Information

  • Is it scalable? How much can I monitor?

    DatAlert is extremely scalable - it's engineered from the ground up to be scalable, responsive, and adaptable. It's set up to scale to as many servers as needed: we have customers monitoring over 20PB of data at once; others are running Varonis on over 40 servers.

  • Will it affect/slow down/impact my systems?

    Nope. Varonis leverages collectors to manage all of the data processing for DatAlert, so there is zero additional load on your data stores.

  • Can I create my own alerts?

    Creating your own alerts is one of the highlights of DatAlert: you can leverage out-of-the-box threat models as well as custom alerts that are specifically designed for your data and your environment.

    Creating your own alerts is a simple point-and-click process in the UI: it takes just a few minutes to create and deploy your custom alert.

  • How do I create my own alerts?

    To create a new alert:

    • Select the folder or files you want to monitor
    • Select who will trigger or not trigger the alert
    • Specify what kind of file actions will trigger an alert
  • Can I automate threat responses?

    DatAlert comes with a set of pre-configured threat responses, including integrations with Event logs, SIEMs, and email alerts. You can also automatically execute an exe or PowerShell script as part of the alert itself.

    Some of our customers, for example, use a basic PowerShell script to disable a user’s account and then power down their computer when DatAlert recognizes a malware attack in-progress.

  • How does geolocation affect alerts?

    Understanding the geographic details of where an event occurs has become an increasingly critical component in identifying and analyzing potential threats. The right information can reduce incident response times, enabling you to quickly detect and preempt attacks in real-time.

    Varonis maps the external IP address of supported platforms to the country and regional subdivision from which the alerts and events are generated. If geolocation is found, the geographic information is added to the event and alert data. This information can be used to trace back an attacker and prevent intrusions.

  • Does it integrate with X?

    DatAlert integrates with LogRhythm, Splunk, and QRadar, and supports other integrations via syslog or SNMP.

    You can also code your own integrated threat response using any exposed API. Not sure if your integration is supported? Get in touch and we'll work with you to find out.

  • How easy are threat models to deploy?

    With just a few clicks, threat models are fully deployed and enabled in just a few minutes.

  • Is the learning period different for different threat models?

    Absolutely. Many of our threat models work by building behavioral profiles. Each profile is a collection of metadata that Varonis gathers for all users and their activities in the computing environment over a number of days called the learning period.

    At the end of this period, user behavior analysis (UBA) can identify atypical user behavior, which may indicate malicious intent. Some behaviors make sense to respond immediately, while others require a longer period of time to determine a baseline of what's normal and what's not.

    Different threat models look at different types of activities: for example, the learning period for establishing a user's working hours might be as little as 10 days; the learning period to establish what's normal for peer behavior is a minimum of 30 days; and to establish an accumulative increase in accessing stale data requires a minimum of 60 days.

Interested in seeing Varonis in action?

Request a demo or contact sales at 877-292-8767