User Behavior Analytics

Get inside-out security with sophisticated threat models built on advanced analytics, user behavior, and machine learning.

See Varonis UBA in Action

Protect your data from the inside out

Visualize risk and suspicious activity with the DatAlert web dashboard, and get the information you need in a glance to defend your data from attacks.

Varonis captures more about how users interact with data and file systems than any other technology out there: activity, content, permissions, and more — on AD, Windows, UNIX, SharePoint and Exchange and Office 365.

User Behavior Analytics (UBA) or User and Entity Behavior Analytics (UEBA) focuses on that interaction, and establishes a baseline of normal behavior – so that you know when something suspicious happens.

DatAlert Analytics analyzes and detects suspicious activity and prevent data breaches – using deep analysis of metadata, machine learning, and advanced UBA.


What can you do with DatAlert Analytics?

  • Find things that don’t belong: exploitation tools, ransomware, crypto intrusion, and more
  • Monitor for suspicious activity, including unusual access to sensitive data and abnormal user behavior and file activity
  • Track attempts to damage system infrastructure
  • Analyze policy changes, membership changes, and account modifications to protect against potential exploitation
  • Get the benefits of professional security experts and data scientists continuously developing new threat models based on the latest attack vectors, APTs, and insider threats

We had an outbreak of the crypto virus. Using Varonis I was able to identify the infected user that was encrypting the shares and lock down access in 5 minutes…[I was able to] restore the files that were affected by the user. Varonis saved the day.

Varonis UBA Threat Models

Varonis UBA Threat Models utilize thresholds, statistical analysis and machine learning to trigger alerts on what looks unusual and uncover potential security issues.

These threat models allow you to detect and fight back against:

  • Insider threats
  • Outsider threats
  • Malware activity (including cryptolocker)
  • Suspicious behavior
  • Potential data breaches
  • Compromised assets

Anatomy of a Breach

Varonis addresses security issues and automates threat detection with threat models that map suspicious activity to a kill chain, and monitor and alert on attacks through the entire lifecycle of a breach.


Attackers scope the system, looking for vulnerabilities, points of entry, and actively gathering intel.


The attack becomes active: malware and other dangerous files are sent to the system to gain entry.


Perimeter security is breached; the attackers get into to the system and install additional malicious tools

Privilege Escalation

Attackers gain elevated access to resources, getting even further into the system with added privileges.

Lateral Movement

Credentials are compromised, the attackers are now moving between the systems.

Obfuscation (anti-forensics)

Attackers conceal their presence and mask their activity to avoid detection.

Denial of Service

Network and data infrastructure is targeted, resources become unavailable for legitimate users.


Data is moved out of the system for potential release and further exploitation.

Why DatAlert Analytics?

Get meaningful insights into user and data patterns, security risks, and social connections

Build context around the content of data and activity with collected metadata

Monitor critical assets for suspicious activity and unusual behavior

Recover from potential security breaches quickly, and reduce the amount of time it takes to find and assess a real issue, with forensics on compromised assets

Integrate with SIEM and other UBA systems (including HP ArcSight, FireEye, and Splunk)

Get the latest in data security from a dedicated behavior research laboratory with constant updates to UBA threat models and sophisticated analytics.

Ready to see what's hiding in your data?

All Varonis products are free to try and come with complimentary concierge onboarding and installation.