Edge

Stop Intrusion & Data Exfiltration

Edge combines data access with network activity to detect threats with a high signal-to-noise ratio. From APT intrusions to data exfiltration, Edge expands your field of vision.

Download Datasheet

Catch more threats, without more work

Edge completes the picture by analyzing perimeter activity from VPN, DNS, and web proxy in context with data, email, and Active Directory behavior. Our threat models continually learn and adapt to behaviors specific to your organization.

Successful brute-force attack targeting a specific accountDNS cache poisoningData exfiltration via DNS tunnelingUnusual amount of data uploaded to an external website after accessing GDPR data Atypical access to platform from geolocationAbnormal behavior: activity from blacklisted geolocation
Abnormal service behavior: upload of data to external websites Abnormal DNS reverse lookup requests to different IPsUnusual number of failed DNS QueriesUnusual number of users attempted to connect from a single external IPCredentials stuffing attack from an external sourceEncryption downgrade attack
Rapid brute-force attack targeting a specific accountPotential brute-force attack targeting a specific accountAbnormal service behavior: upload of data to external websites Abnormal behavior: activity from new geolocation to the organization

Expand your detection window

Attackers hope to evade detection by blending into your noisy network. But Varonis knows your organization better than your adversary. Our machine learning understands what’s normal and alerts you to what isn’t—for every user and device—from the inside out.

Data
  • Insider threats
  • Ransomware
  • APTs & malware
Email
  • Phishing
  • Infected attachments
  • Data exfiltration
Active Directory
  • Recon
  • Lateral movement
  • Privilege escalation
Edge
  • Brute force
  • Command & control
  • Data exfiltration

In terms of solutions, Varonis Edge was our MVP. Edge directed us to the computers with suspicious DNS requests, correlated them with specific users, and showed us the addresses we needed to block.”

Threat hunt like a pro

Easily hunt for threats or flag policy violations like connections to known C2 domains or large uploads to web-based email sites. Automatically surface relevant events for further investigation. You can even build and save your own queries to jumpstart investigations.

Event logs never looked this good

Logs from network devices are noisy, out-of-order, and each device type and vendor writes logs in their own way. Varonis doesn’t just copy raw logs—we give you clean, human-readable events enriched with valuable context like URL reputation, account type, and data sensitivity.

Connect to your SIEM (or replace it)

Varonis can ingest the logs you’re already collecting in your SIEM. If you don’t have a SIEM, Edge can grab events directly from your network devices via Syslog.

Avoid volume-based pricing

Ingest as much data as you need. Our fair pricing model protects you from big bills when network traffic surges.

Get fewer alerts, more answers

Turn billions of events into a handful of meaningful alerts with behavior-based detection, not clunky SIEM rules.

Investigate on your terms

Send alerts into your SIEM or investigate natively with our fast and powerful forensics tools.

Real-time awareness of your top remote work risks

Visualize and report on indicators of compromise hiding in your network traffic.

  • VPN
  • DNS
  • WEB

Quick & conclusive investigations

When investigating an incident, it’s crucial to be able to quickly answer “Was any data stolen?” Pivot from suspicious perimeter activity to sensitive data access in seconds, without hopping between disparate tools and logs.
1 Filter suspicious events from any source
2 Isolate the top-offending user or device with one click
3 Easily answer “what data did they access?”

Get expert Incident Response help—for free

Whether you’re under attack or looking for some help to understand what you’re seeing, you can call on the expertise of our Incident Response team. They’re here to offer help to prospective customers and existing customers alike.

Matt Radolec

Director, Security Architecture & Incident Response

Ryan O’Boyle

Security Analytics
Manager

Ian McIntyre

Security Analyst,
Incident Response

Madeleine Massee

Security Analyst,
Incident Response

Resources from our world-class research team

Webinar
5 Ways Hackers are Exploiting Remote Workforces

Watch Now

Threat Research
Varonis Exposes Global Cyber Campaign: C2 Server Actively Compromising Thousands of Victims

Read More

Free Trial
Start a free trial of Varonis Edge

Contact Us

FAQ

  • Which VPN vendors does Edge support?

    CheckPoint, Cisco, F5, Fortinet, Palo Alto, Pulse Secure

  • Which web proxies does Edge support?

    Apache, Cisco (IronPort), Forcepoint (WebSense), McAfee, Palo Alto, Squid, Symantec (Bluecoat), Zscaler

  • Which DNS does Edge support?

    Microsoft DNS, Infoblox

  • How does Edge collect events?

    Edge can collect events directly from the source devices using Syslog, or from Splunk or Filebeat. If the data is already collected in Splunk, you can configure Varonis Edge to get the events directly from Splunk.

  • Which stages of the kill chain does Edge cover?

    Edge focused on reconnaissance, intrusion, lateral movement, denial of service, and exfiltration.

    Our threat models analyze Edge data with the file, email, and Active Directory data streams in DatAlert to give you full kill chain coverage.

  • Does Edge require endpoint agents?

    No. Edge monitors network devices, so there is no need to deploy endpoint agents.

  • Can I create my own alerts?

    Yes. You can leverage out-of-the-box threat models as well as create custom alerts that are specifically designed for your data and your environment.

    For example, you may choose to trigger an alert if a specific user attempts to access the VPN or visits a certain website URL. The possibilities are endless.

  • Can I automate threat responses?

    Varonis comes with a set of pre-configured threat response. You can trigger an email, send alerts to syslog, SNMP, or a supported SIEM.

    You can also automatically execute an .exe or PowerShell script as part of the alert itself.

    Some of our customers, for example, use a basic PowerShell script to disable a user’s account and power down their computer when Varonis recognizes malware behavior.

  • Does Varonis integrate with other security products?

    Varonis integrates directly with LogRhythm, Splunk, ArcSight, ServiceNow, and QRadar, and supports more integrations via syslog.

    Not sure if your integration is supported? Get in touch and we'll work with you to find out.

Want to see Edge in action?

Request a Demo