All posts by David Gibson

Our 2018 Cybersecurity Predictions

Our 2018 Cybersecurity Predictions

Looking back, 2017 had all the twists and turns of a good disaster movie. Hackers steal and leak the NSA’s powerful exploit kit that’s then unleashed on the world through a Dr. Evilish ransomware-worm hybrid.  Later, a top U.S. credit reporting agency discloses a breach involving the social security numbers of 143 million Americans. Meanwhile, a $1.8 billion legal battle is being waged between two tech giants over stolen software for self-driving cars. In the trial, a letter comes to light that claims the defendant was “responsible for acts of corporate espionage, the theft of trade secrets, the bribery of foreign officials and various means of unlawful surveillance.”

Sounds like Lex Luthor had a busy year. While you can make a good case that data security predictions should be made by Hollywood scriptwriters, we decided to put on our wizard’s cap yet again to come up with the following predictions for 2018.

Blended Attacks Will Force More Critical Systems Offline

As bad as WannaCry was – and because many who were hit may have kept quiet – we may never truly know the full extent of the damage. The characteristics involving the payment of the ransom were haphazard, suggesting that these attacks were meant to test the NSA’s exploits’ power and reach when “blended” with other attack vectors, like phishing and ransomware.  In 2018, we should expect more blended, crippling attacks in more countries, and they may well be longer and more severe. As we saw in 2017, expect them to throw a wrench into the daily lives of millions — affecting anything from transportation to shopping to using an ATM.

The IoT Will Bring More Bad News

Brands have been quick to jump on the IoT bandwagon, but they will have their hands full. In 2017, we saw KRACK and BlueBorne exploit WiFi and bluetooth, opening fresh holes in our already battered perimeters. Hackers will continue to leverage unprotected devices to spy on their users and break into home and corporate networks. Multiple botnets exploiting vulnerable IoT devices will be new minions in DDOS attacks, and threaten to take down news and government websites. Millions of consumers will remain unaware that their IoT devices and home networks are being exploited until they finally get to the bottom of why Stranger Things is so slow to download, and unplug their internet-connected toothbrush. Manufacturers will start to address these security faults or risk losing to the companies that bake-in security from the start. GDPR may save the day in the long run–forcing businesses to reconsider personal data collection via IoT, but we won’t see this effect until at least 2019.

Fear the Wiper

A recent survey revealed that 45% of organizations think they will be breached in the next year. In 2018, more organizations will be hit by ransomware, or worse. While ransomware is a scary thought for the C-Suite to consider, the unlucky organizations — those that haven’t prepared and without adequate backups in place — will be hit by wipers that will destroy information and systems with no hope for retrieval. Other unlucky organizations will realize they’ve been hit with APT’s, or Advanced Persistent Threats, that have been siphoning out valuable information for months or longer, like Intellectual Property, public filings, M&A plans, and other trade secrets. The unluckiest probably won’t realize they’ve been hit in 2018 at all, as attackers access their information as if it were their own. In 2018, a widespread wiper at tack, likely driven by political motivations, will hit at least one government agency and many other organizations. Companies will rethink how they’re protecting their critical information as they continue to realize how porous their perimeters have become.

You’ve Got Mail: Buckle up for a Wild Political Season

All 435 seats in the House and a third of the seats in the Senate will be up for grabs in November 2018. With so much at stake, expect a series of revealing leaks affecting candidates in key congressional districts. At least one candidate will drop out of the race based on the contents of old emails. Multiple incumbents will also be forced out of office.

The Rise of Cryptocurrencies

We’ve seen bubbles before: From dutch tulips in the 1600s to dot-com high fliers at the turn of the 21st century, unbridled enthusiasm drives up prices to unrealistic and unsustainable levels. Bitcoin is enjoying such a bubble. Could this be the year for a correction? China is cracking down and other nations appear to be seeking to regulate Bitcoin and their exchanges. If cryptocurrency continues to be associated with monetizing cybercrime and other illegal activity, it will become stigmatized, and its use for legitimate purposes may decline.

“A Treasure Trove for Hackers” : The U.S. Gets GDPR Envy

“Consumers don’t have a choice over what information Equifax… or Transunion or Experian have collected, stored and sold,” said Illinois Congresswoman Jan Schakowsky, during the House Energy and Commerce Subcommittee Hearing on the Equifax data breach, one of the biggest consumer breaches in history. “What if I want to opt out of Equifax?” Ms. Schakowsky asked. “I want to be in control of my information. I never opted in, I never said it was OK to have all my information, and now I want out. I want to lock out Equifax. Can I do that?”

In May 2018, a sweeping set of data-focused privacy rules for EU citizens will go into effect — they will get a choice. As GDPR takes effect, we’ll see GDPR envy in the U.S. and consumers will demand the same kinds of privacy rights that EU residents receive under GDPR. With the deadline looming, organizations are going to go through an adjustment period — especially ones that collect and leverage user data in innovative, and sometimes controversial, ways, like credit bureaus.

The Data Security Money Pit: An Independent Research Study from Forrester

The Data Security Money Pit: An Independent Research Study from Forrester

We recently released a study with Forrester Consulting entitled “The Data Security Money Pit: Expense in Depth Hinders Maturity” that shows a candy-store approach to data security may actually hinder data protection and explores how a unified data security platform could give security professionals the protection capabilities they desire, including security analytics, classification and access control while reducing costs and technical challenges.

The report finds organizations invest heavily in individual tools to try to mitigate threats and meet compliance requirements. In fact, 76% of data security professionals believe their organization has a mature data security strategy as a result of these efforts.  Forrester writes:

The reality is that companies have spent a lot of money on individual technology — instead of a unified data security strategy — and are judging their maturity based on money spent.

This fragmented approach to data security exacerbates many vulnerabilities and challenges, and 96% of these respondents believe a unified approach would readily prevent and help them more quickly respond to attempted attacks and actual data breaches, meet regulatory compliance and free up resources to focus on building and enforcing policies, procedures and remediation actions. The study goes on to highlight specific areas where enterprise data security falls short:

  • 62% of respondents don’t know where their most sensitive unstructured data resides
  • 66% don’t classify this data properly
  • 59% don’t enforce a least privilege model for access to this data
  • 63% don’t audit use of this data and alert on abuses
  • 93% suffer persistent technical challenges with their current data security approach

Point products may mitigate specific threats, but when used tactically, they undermine more comprehensive data security efforts. Ransomware, for example, exploits the same internal deficiencies that a rogue or compromised insider might – insufficient detective controls and over-subscribed access. Instead of improving detective controls and locking down access – improvements that would mitigate ransomware as well as many other data security threats – organizations sometimes deploy a tactical solution for ransomware and neglect their core controls. This threat-reactive approach appears to have become the norm – many threats; many tools. Expense in depth.

According to the study, “It’s time to put a stop to expense in depth and wrestling with cobbling together core capabilities via disparate solutions.” Almost 90% of respondents desire a unified data security platform. Key criteria to include in such a platform as selected by the survey respondents include:

  • data classification, analytics and reporting (68% of respondents)
  • meeting regulatory compliance (76% of respondents)
  • aggregating key management capabilities (70% of respondents)
  • improving response to anomalous activity (66% of respondents)

In summarizing the findings, Forrester concludes,

A unified data security platform offers core capabilities to help organizations not just establish a robust technology foundation for their data security strategy but also create conditions that help to push firms toward greater security maturity and value-add to the business.

Read highlights from the Forrester report here – including 4 key recommendations for a unified security platform.


Can Our Crystal Ball Hack It? 2017 Varonis Cybersecurity Predictions

Can Our Crystal Ball Hack It? 2017 Varonis Cybersecurity Predictions

Everyone makes predictions at this time of year, but who looks back to check on their accuracy? Let’s have a look at some of last year’s omens before directing our forecast lens to 2017.

Our first prediction for 2016: The U.S. Presidential campaign will be affected by a cyber attack.

We were on to something here, but we should have said numerous attacks. From Wikileaks exposing internal campaign emails to allegations that Russia attempted to affect the outcome, security became a front-and-center issue.

We also predicted: Ransomware damage will double.

We had the right direction but the problem actually became far worse than our modest foreboding (a real kick in the crystal ball). While 2015 saw about $325 million in ransom from CryptoLocker alone, 2016 will likely hit $1 billion in ransomware damages according to the FBI.

Amid the hacked ruins, compromised confidences and costly shakedowns of 2016 is the realization that privacy can never truly be assured for modern communications.

Let’s see what 2017 will bring.

1. Extortionware will be the new lucrative thing.

Ransomware’s more targeted, more difficult and more lucrative cousin, will emerge and cause major financial damages because of the sheer size of the payouts demanded when highly sensitive data is threatened with exposure. This will go largely unreported for reasons of discretion, making the prescience of this prediction conveniently unverifiable next year.

2. Ransomware will continue to be a major thing (and backups aren’t enough).

Ransomware will continue to grow in terms of the sheer number and frequency of attacks on organizations. IT best practices for defending against ransomware will expand from backup remediation to early detection and alerting as user behavior analytics become more intelligent and predictive. Stopping an attempted attack – before or right after it starts – is far more efficient and less painful than figuring out which files were affected and restoring them from backup.

3. Threats within will drive the need for smarter security analytics.

Adoption of security analytics will increase, as insider threats continue to get CXO and board-level attention. Insiders have legitimate access to systems and data, so preventing initial access is more than impractical. Detection is the next line of defense for employees or contractors who abuse their access, and to reveal insider credentials that are stolen.

4. Goodbye, ads. Hello, blockers.

The use of ad blockers will skyrocket after another major media site becomes a distributor of malware (as Forbes was in 2016) and users take more deliberate command of their own protection against growing malware threats.

5. Weaponizing IoT will become a regular occurrence.

IoT (Internet of Things) devices such as DVRs and security cameras will become more frequent targets for attackers. While the devices themselves may not all contain valuable data, they represent potential stepping stones on a hacker’s path to steal digital assets. The Mirai botnet, capable of some of the biggest attacks yet and able to reach high volumes with minimal ramp-up time, will threaten the adoption of IoT applications as device makers realize they must make security a design principle or lose their markets.

6. You’re hired, Ms. IT Security Candidate.

With $1 trillion predicted to be spent globally on cybersecurity between 2017 and 2021 and more than 200,000 security jobs currently unfilled in the U.S., computer security skills will continue to be the hottest kind in the IT job market in terms of the number of unfilled jobs and the compensation levels.

7. Organizations will need to save users from themselves.

User education on password hygiene and recognizing potential attacks will continue to increase but the reality will sink in that vigilance alone will not suffice, as phishing and malware become more and more difficult for even careful employees to detect. Organizational remedies will become more widespread to protect their employees, customers, partners, and themselves.

Security Disconnect Between End Users and IT: Ponemon Institute Study

Security Disconnect Between End Users and IT: Ponemon Institute Study

Varonis released the second part of a study about data protection and enterprise security with the Ponemon Research institute: The Widening Gap Between End Users and IT.  It compares end-user practices and beliefs with those of their colleagues in IT security and IT generalist roles.

This new analysis draws from the same data released by Varonis and the Ponemon Institute August 9 in a report entitled “Closing Security Gaps to Protect Corporate Data: A Study of US and European Organizations,” which found a sharp rise in the loss or theft of data, an increase in the percentage of employees with access to sensitive data, and the belief among participants that insider negligence is now the #1 concern for organizations trying to prevent these losses.

Some key findings include:

  • 39% of end users believe they take all appropriate steps to protect company data accessed and used in the course of their jobs. A sharp decline from 56% in 2014.
  • 52% of IT practitioners believe that policies against the misuse or unauthorized access to company data are being enforced and followed
  • Only 35% of end user respondents say their organizations strictly enforce those policies
  • 61% of respondents who work in IT or security roles view the protection of critical company information as a very high or high priority. In contrast, only 38% of respondents who are considered end users of this data believe it is a very high or high priority.
  • Asked about their organization’s attitude on productivity vs. security, 38% of IT practitioners and 48% of end users say their organizations would accept more risk to the security of their corporate data in order to maintain productivity.
  • Asked to agree or disagree that the protection of company data is a top priority for their CEO and other C-level executives, only 35% of end users agreed while 53% of IT professionals believe is a top priority for senior executives.
  • Asked for the most likely causes of the compromise of insider accounts, 50% of IT practitioners and 58% of end users say negligent insiders. “Insiders who are negligent” was by far the most frequent response for both IT and end users, more than twice as common as “external attackers” and more than three times as common as “malicious employees.”
  • End users are far more likely to attribute data breaches to insider mistakes than IT or security professionals. 73% of end users say data breaches are very frequently or frequently due to insider mistakes, negligence or malice, while only 46% of IT respondents draw the same conclusions.

One of the biggest takeaways from these findings is that you can’t prevent what you don’t know about: overexposed data and users with excess privilege present a huge risk to enterprise security, leaving file and email servers vulnerable to data breaches and theft.

In order to close these security gaps and protect organizations from data theft and ransomware attacks, organizations need to monitor file activity & user behavior — and get to a least privilege model so that sensitive data is locked down and secure.

Find out how Varonis closes these security gaps and protects enterprise data.



Varonis Connect Customer Conferences: Ready, Set, Go!

Varonis Connect Customer Conferences: Ready, Set, Go!

It’s that time of year again! We’ve kicked off our annual series of Varonis Connect events and due to high customer demand, we’ve doubled the number of events from 2015 to 2016 – we’re expecting twice as many customer attendees.

Varonis Connect events are free educational and networking conferences that we expect to draw more than one thousand IT leaders from across North America and Europe over the next few months to learn about our new product innovations and share experiences and success stories. Connect attendees will learn how to use our solutions for an increasing range of use cases, including data security, governance and compliance, user behavior analytics, archiving, search, and file synchronization and sharing. Our engineering and product teams will be on hand to provide attendees with personalized consultations.

Our customers tell us that they look forward to meeting with their peers across different industries to discuss best practices using Varonis solutions. We’re confident that customers will walk away from their local Varonis Connect event feeling  more knowledgeable about the different ways our solutions can help them protect data from insider threats and cyberattacks.

Through these events, our online community and regular communications to our worldwide customers, Varonis Connect is a continuous interactive commitment we make to the thousands of conscientious, forward-thinking IT professionals who rely on Varonis to keep their data secure.

Here’s the 2016 Connect Event Lineup:

United States & Canada:

  • April 12: Boston, MA
  • April 12: Charlotte, NC
  • April 19: Atlanta, GA
  • April 21: Washington, D.C.
  • May 10: Calgary, Alberta, Canada
  • May 11: Seattle, WA
  • May 12: Portland, OR
  • May 17: Tampa, FL
  • May 18: New York, NY
  • May 24: Chicago, IL
  • May 25: Cincinnati, OH


  • April 13: Milan, Italy
  • April 20: Amsterdam, Netherlands
  • April 21: Brussels, Belgium
  • April 28: London, England
  • May 3: Munich, Germany
  • May 10: Luxembourg
  • May 11: Paris, France
  • May 12: Geneva, Switzerland
  • May 18: Zurich, Switzerland

Varonis Connect 2016 is free and open to Varonis customers. If you would like to inquire about attending or would like to receive an invitation, please email

We look forward to seeing you!

4 Step Guide to Managing Network Share Permissions

4 Step Guide to Managing Network Share Permissions

Setting up network file sharing is one of those core IT practices that every Windows admin knows about and has implemented as part of their daily work. The basic mechanics of this have not dramatically changed since Windows Server 2003 and are relatively straightforward. However, after configuring the resource shares and the individual NTFS permissions for each folder, admins sometimes lose sight of the big picture as they handle daily permission requests on an ad-hoc basis.

Over time, as permissions are added to folders, the result is that permissions are set too broadly—to the delight of hackers and internal data thieves. The key reason is that admins and IT are generally not equipped to keep track of the current roles of workers, organizational changes that shift group authorizations, and job terminations—three of the most common occurrences that impact user access to file content.

It’s not for lack of focus or commitment on the part of IT, but simply that it’s hard to visualize and understand the mappings between users and their file permissions. This is often the result of complex permission hierarchies that make it difficult for IT staff to work this out quickly on their own without help from software automation.

Admins, of course, can review file activity records to see who is actually accessing records, and then decide whether the user should have access. As a rule most companies don’t set up file auditing—it’s a resource hog—and even if this is done for a short period, the log results can overwhelm the abilities of admins to parse the trails and come up with the appropriate follow-up actions. However, there is a way out of this permission trap. In this post, we’ll explore a four step strategy that will make it far easier for IT admins to manage file sharing and folder permissions.

1. Toward A Binary Model For Permissions And Sharing

Rather than working on an ad-hoc basic, it’s important for admins to have a foundational policy—the simpler the better. Experts recommend thinking about folder permissions as having three states:

  • Directly applied permissions —every access control entry is directly applied to the assets control list
  • Inherited permissions — permissions are inherited from the parent directory
  • Hybrid— both directly and inherited permissions

When looking at your current implementation, work out which one of the above states the folders you’re interested in taming are currently in. Don’t be surprised to find many of the folders in a hybrid state—it’s not at all unusual. However, your goal should be to eliminate the hybrids and move toward a twostate or binary model: the folders should either be inheriting all, or none of their permissions. The next step is to standardize your existing group permissions.

It’s worth pointing out that you should only have group permissions. They are far easier to manage than having individual permissions. Is it acceptable to have a group of only one? The answer is yes since it is likely that the group will eventually grow and you’ll have established a policy that will continue forward.

Here again a simple binary group policy is better: place users into either a read group or a read-write group. Of course, there should also be a separate administrative group, but 99% of users will fall into one of those two groups. One of the reasons it’s hard to work out the actual permissions on a specific folder is that you most likely nested groups inside other groups. Our advice is to try to avoid nesting. It’s better to assign a domain local or universal group to the ACL and add users to this group. In some cases, nested groups may be best (following Microsoft’s recommended AGLP strategy), especially when there’s a group already created that contains the right users, and will be maintained by a group owner.

Over the years, there’s been some confusion about how to handle the combination of NTFS permissions and Windows sharing permissions. Experts agree it’s best to standardize share permissions and use the NTFS permissions to granularly manage access. For example, you’ll want to set sharing permissions so that they are accessible to all authenticated users, and then use the NTFS permissions to determine on a more granular basis who has access (whether over the network or directly on the server). As with groups, it’s best to avoid ‘nested shares’ – ultimately it just introduces unnecessary complexity.

The final element is to set up traverse permissions correctly for the shares. For example, if you’re trying to give someone access to a folder that’s several levels below a share, they’ll need traverse permissions all the way down the tree. Rather than trying to do that manually, it’s better to use an automated solution that keeps track of these and sets them correctly.

With the permissions now squared away, can we simplify the actual structure of the shared areas? The answer that IT experts give is also to take a simple binary approach. They suggest using large departmental or divisional shares and then use specific project shares to allow employees from different departments to work together on as-needed basis.

2. Data Owners Are The True Access Guardians

Part of the reason that data permissions are set too broadly is that IT can often only guess at whether a user is truly authorized to access content. So admins will err on the side of inclusiveness. A better approach is for IT to work more closely with the data owners—the users, generally managers, from the business side who know the context about the data, and are best positioned in the organization to say who should have access.

IT should initiate an initial entitlement review process with the data owners. This would involve the owners reviewing who currently has access to a folder— typically by reviewing current group structures and possibly audit logs—and then deciding whether to remove users from a group. For IT, this is often a complex process—especially tracing users to groups—so automated solutions will make this easier.

It’s important to keep in mind that entitlement reviews are not a one-time fix, instead they need to be continually performed to keep pace with changing user roles. As an example, it’s common for some users to be given temporary access to project folders—perhaps they were hired as a short-term consultant or they’re an employee assigned to a group on as-needed basis. When the project is finished, access should be revoked.

Unfortunately, managers often forget to contact IT or assume that IT will remove access for them. These kind of changes fall through the cracks and lead to permissions that don’t reflect current organizational structure, and ultimately are broader than necessary. But with regular entitlement reviews—perhaps on a quarterly basis—these lapses can be addressed by the owners.

3. Always Be Monitoring

There’s still more work for IT to do after setting up the folder access policies and engaging in periodic entitlement reviews. They also should be continuously monitoring shared folders. Why? Making a resource available on the network is a great way to boost collaboration between employees, but this also comes with security obligations.

With data breaches now a common occurrence, IT staff should be analyzing network file activity for signs that outside hackers or malware have taken over the credentials of internal users, or that internal users may be up to no good. In other words, IT should be reviewing file access activity with an eye towards looking for unusual patterns—for example, spikes in activity, permission changes to existing folders, and sensitive content that’s experiencing above average viewings. Here again the use of automation, especially real-time alerting mechanisms, is a far better way to implement monitoring then manually reviewing logs.

On a more operational level, IT should also analyze shared activity as a way to tighten up permissions –for example, users and groups that have folder access permissions that are never used—or to spot whether sensitive data is accessible and/or being viewed by non-authorized employees. The results of this analysis can be then be brought up during entitlement reviews to help tighten up access.

4. Don’t Forget Retention

While it’s natural for IT to be busy thinking about setting up network file shares and managing existing shares, sometime life cycle issues can be pushed into the background. Remember: all data has a life-span and the older the contents gets, the less relevant it becomes. So IT should have in place data retention policies as well. This is not just a matter of saving on disk space by removing and archiving stale data, but this also has data security implications.

There’s an approach to data security known as privacy by design, which has had a strong influence on data compliance—both industry standards as well as legal regulations. One of the ideas in privacy by design is that companies should minimize the data they collect and then set retention limits for files and folders. The security advantage of putting a shelf life on data is that there would be less for thieves to steal. This is a basic defensive strategy, but an effective one.

To help put some bite into the retention limits, IT pros suggest you charge users on a per byte basis for storage. If department heads or group managers then don’t want to pay for their slice of shared storage from their budgets, IT can remove it or copy the data to secondary storage.

To start you thinking about a retention policy, we list below a few factors that should be taken into account:

  • Determine the age at which each type of data that has not been accessed would be considered stale – 1 year? 2 years? 5 years?
  • Implement a solution that can identify where stale data is located based on actual usage (not just file timestamps)
  • Automate the classification of data based on content, activity, accessibility, data sensitivity and data owner involvement
  • Automatically archive or delete data that is meets your retention guidelines
  • Automatically migrate data that is stale but contains sensitive information to a secure folder or archive with access limited to only those people who need to have access (e.g. the General Counsel)
  • Make sure your solution can provide evidence (e.g. reports) of your defensible data retention and disposal policy


Network file sharing is an essential service in any organization and the starting point for implementing collaborative solutions. However, shared content also comes with its own administrative and security overhead. Overall, IT should have in places policies for file sharing that encompass the ideas in this paper. We’ve discussed a basic model for folder permissions and groups, but your organization may evolve its own strategies—mileage may vary. But even in the simplest policies, the complexity for managing folder access rights for more than a few users would require automation in order to ensure the policies are effectively enforced.

Here’s Why Most Companies Are Easy Prey for Cyberattackers

Here’s Why Most Companies Are Easy Prey for Cyberattackers

Today we announced the results of anonymous data that our DatAdvantage and Data Classification Framework solutions collected throughout 2015 during risk assessments conducted for potential customers on a limited subset of their file systems. The results show a staggering level of exposure in corporate file systems, including an average of 9.9 million files per assessment that were accessible by every employee in the company.

Varonis DatAdvantage provides full visibility into who can and does access file systems and unstructured data. Varonis Data Classification Framework identifies sensitive and regulated content, like credit card numbers and health records, and maps them to exposures in their host file systems. Even while assessment and remediation projects are in progress, Varonis DatAlert can detect and stop insider threats, unwanted privilege escalations and abuse, and ransomware like Cryptolocker.

Of the insights gleaned from dozens of customer risk assessments conducted in mid-to-large enterprises prior to remediation, Varonis found the average company had, in a subset of its file systems:


  • 35.3 million files, stored in 4 million folders
  • 1 million folders, or an average of 28% of all folders, with “everyone” group permission enabled –open to all network users
  • 9 million files that were accessible by every employee in the company regardless of their roles
  • 8 million folders, or 70% of all folders, contained stale data — untouched for the past six months
  • 25,000 user accounts, with 7,700 of them or 31% “stale” – having not logged in for the past 60 days, suggesting former employees, or consultants and contractors whose engagements have ended

The ‘everyone’ group is a common convenience for permissions when originally set up. That mass access also makes it astonishingly easy for hackers to steal company data.

Some individual companies’ lowlights that were gleaned from the Varonis risk assessments:

  • In one company, every employee had access to 82% of the 6.1 million total folders.

  • Another company had more than 2 million files containing sensitive data (credit card, social security or account numbers) that everyone in the company could access.

  • 50% of another company’s folders had “everyone” group permission, and more than 14,000 files in those folders were found to contain sensitive data.

  • A single company had more than 146,000 stale users – accounts whose users had not logged in for the past 60 days. That’s nearly three times more users than the average FORTUNE 500 company has employees.

Although this data presents a bleak look at the average enterprise’s corporate file system environment, the organizations running these risk assessments are taking these challenges seriously. Most of them have since implemented Varonis, embracing a more holistic view of the data on their file and email systems and closing these gaping, often unseen security holes before the next major breach causes heavy damage. Our software is able to provide a granular look at where sensitive data lives, where it is over-exposed within an organization, who is accessing that data, and how to lock it down. While that remediation process is running, our ability to detect and stop many types of insider threats has been a major revelation for our customers.


Our Risk Assessments quickly show you where your most vulnerable data is stored, who is accessing it, and what needs to be done to secure it.

Request a Risk Assessment from the Varonis Professional Services Team visit:


Varonis Continues to Win Recognition for Leadership in User Behavior Analyt...

Varonis Continues to Win Recognition for Leadership in User Behavior Analytics

Today we’re proud to announce that our DatAlert solution has been recognized as a Gold winner of the Info Security Product Guide’s 2016 Global Excellence Awards® in the User Behavior Analytics (UBA) category. More than 50 judges from a broad spectrum of industry voices from around the world participated in the Info Security awards, and their average scores determined the 2016 Global Excellence Awards Finalists and Winners.

This is one of two UBA recognitions we’ve received in the last two weeks – on February 29th we were named by Cyber Defense Magazine as a “Hot Company in UBA.” This is the first year in which we’ve seen companies being recognized for UBA offerings, which is a clear indication that UBA is becoming an increasingly important security software category.

The emergence of user behavior analytics reinforces the need to protect and monitor unstructured data — the largest, most valuable and most sensitive type of data in an organization and the target of most cyberattacks. Varonis has been doing User Behavior Analytics for years, and we track and analyze more about how users access unstructured data, their access permissions, and file content than any other solution. Last November, we launched the latest iteration of our UBA threat models in DatAlert in version 6.2.5 of the Metadata Framework platform.

Our customers are finding great success with DatAlert and its UBA threat models, which profile user roles and analyze behavior and detect threats throughout the lifecycle of a breach. We believe the capabilities in DatAlert represent the most advanced analytics and predictive threat monitoring available to help organizations stem the rise in data breaches. From spotting signs of ransomware activity, like Cryptolocker, to catching unusual employee activity on sensitive data, DatAlert has helped to stop numerous breaches.

Learn what makes insiders tick, and how UBA can spot potential threats in our white paper. You can also sign up for a free DatAlert trial here.

New Survey Places Varonis among Readers’ Top Choices for Data Loss Preven...

Varonis was recently named a “Readers’ Top Five” pick for Data Loss Prevention (DLP) solutions in a newly released survey of nearly 5,000 TechTarget readers. The survey respondents are IT and security professionals who are attempting to protect their organizations from the onslaught of data breaches, meet compliance and audit requirements, and protect intellectual property., a TechTarget site, conducted the reader survey in October. When asked “Which DLP vendors are you considering for your data protection project?” four responses were by far the most common: three very large, broadly focused companies (Symantec, McAfee/Intel Security Group and Microsoft) along with Varonis, the focused pioneer of unstructured data management and protection.

In the survey of 4,635 readers, the most important drivers for future data protection projects were:

  • “Meeting compliance/audit requirements” (69%)
  • “Attempting to avoid future data breach” (53%)
  • “Protection of intellectual property” (46%).

We’re pleased to see continued awareness increase of the market’s need for the kind of solutions we have been developing and perfecting over the past decade. In a recent market guide, Gartner highlighted the advantages of using User and Entity Behavior Analytics (UEBA) to detect malicious insider behavior that often goes unnoticed by other technologies. Varonis solutions are unique as we combine DLP capabilities with permissions context and what we believe are the most advanced user behavior analytics available to help organizations protect their file systems and unstructured data from insider threats.

You can read the complete survey results here.  Click here to learn more about Varonis UBA offerings.

Varonis Honored by Cyber Defense Magazine as Most Innovative Insider Threat...

Varonis Honored by Cyber Defense Magazine as Most Innovative Insider Threat Detection Solution, Hot Company in User Behavior Analytics

We’re thrilled to announce that we’ve been recognized by Cyber Defense Magazine, the industry’s leading electronic information security magazine and media partner of the RSA® Conference 2016, in the following two award categories:

  • Varonis DatAdvantage was named the “Most Innovative Insider Threat Detection Solution”
  • Varonis DatAdvantage with DatAlert the “Hot Company in User Behavior Analytics (UBA)”

Here’s what Pierluigi Paganini, the Editor-in-Chief of Cyber Defense Magazine had to say about us, “We’re thrilled to recognize next-generation innovation in the information security marketplace and that’s why Varonis has earned both awards from Cyber Defense Magazine. Some of the best info security defenses come from forward thinking players, like Varonis.”

Varonis DatAdvantage provides insight into how employees use data, including emails, files, presentations and spreadsheets, highlighting patterns, security risks, and social connections to monitor and protect sensitive data from insider threats. From a single interface, administrators can quickly manage and visualize permissions and map groups of users to only the data they need access to.

With DatAlert, real-time alerts are triggered across multiple platforms, helping to detect security breaches, misconfigurations and other security-related issues in real-time.

At Varonis, we empower companies to discover where their sensitive data is overexposed, uncover vulnerable or stale data, and lock it down without interrupting their businesses activities. Administrators can manage and visualize permissions, mapping groups of users to only the data they need access to. Varonis behavioral-based threat models offer unmatched ability to monitor and protect data from malicious insiders, privilege abuse, Ransomware, and other threats.

Thank you again Cyber Defense Magazine, we are truly honored to receive this important recognition.

For the full list of winners visit:

Varonis is Now Integrated with IBM Storwize V7000 Storage Systems

Varonis is Now Integrated with IBM Storwize V7000 Storage Systems

We’re excited to announce yet another technology integration today – our Metadata Framework is now interoperable with IBM Storwize V7000 version 1.6 storage systems. The integration will provide IBM Storwize users insight, intelligence and control over their information that Varonis solutions bring to thousands of organizations around the world.

It’s critical for organizations to go beyond perimeter protection and understand the relationships between users and data. The integration of the Varonis Metadata Platform with IBM Storwize brings two leading technology platforms together to help organizations of all sizes manage and protect their rapidly growing volumes of unstructured data from insider threats.

The market-leading file analysis, audit and protection capabilities of Varonis DatAdvantage can prevent many of the data breaches that are happening with such frequency. The ability of Varonis DatAlert to provide real-time alerts can detect potential security breaches before they cause major damage, and the Varonis Data Classification Framework discovers sensitive content and its possible exposure, then helps you lock it down.

In the related press release we issued today, Eric Herzog, Vice President Marketing IBM Storage Systems at IBM, said, “Our clients store some of their most valuable and sensitive data on IBM Storwize, so the ability to monitor who has access to which files and when they actually access that data is critical. The Storwize V7000 Unified and Storwize V7000 systems provide the latest storage technologies for unlocking the business value of stored data. Together with the Varonis solutions, they provide valuable, complementary capabilities designed to give our clients peace of mind. The Storwize family supports the massive volumes of data created by today’s demanding applications. Together with Varonis, we can provide best-of-breed efficiency, ease of use and dependability for organizations of all sizes looking to glean insights and monitor their unstructured data.”

To learn more visit