Category Archives: Varonis News

Introducing Varonis Data Security Platform 6.4.100: Varonis Edge, GDPR Thre...

Introducing Varonis Data Security Platform 6.4.100: Varonis Edge, GDPR Threat Models, Geolocation and More

It’s the beginning of a new year, and we have a huge new beta release to share with you.  The beta release of the Varonis Data Security Platform 6.4.100 dropped earlier this month, and I wanted to share a few highlights:

Varonis Edge

We announced Varonis Edge back in November, and we’re excited for you to try it.  After over a decade of protecting core data stores, we’re extending that same data security approach to the perimeter: analyzing devices like DNS, VPN, and Web Proxy to detect attacks like malware, APT intrusion, and exfiltration.  With Edge, you’ll be able to correlate events and alerts from your perimeter with alerts and events about your data.

We’ve added new threat models for these perimeter devices: so that you can stay ahead of security events like brute force attacks, DNS tunneling, credential stuffing, and more.


Backed by popular demand, we’ve added new classification categories to our Data Classification Engine (formerly Data Classification Framework).  We’re shipping four predefined categories out of the box, to more easily identify and discover PII, PHI, PCI, and GDPR data.

GDPR Threat Models

With over 250 unique patterns to identify and classify EU data that will fall under the upcoming General Data Protection Regulation (GDPR), we’re making it easier than ever to see what’s happening to that data once it’s identified.  You’ll not only be able to identify regulated data, but monitor and track when suspicious activity occurs on it with specific GDPR threat models: from abnormal service behavior accessing atypical folders containing GDPR data, to global access groups added to a folder with a significant amount of GDPR data, and more.


Everybody likes a map – and DatAlert now tracks cyberattacks to a specific location, alerting when unusual access to your data is coming from a new or unusual physical locations, or geolocation.  New threat models track unreasonable geohopping, activity from a blacklisted geolocation, and activity from  new geolocation.

We’ve added maps and geolocation to the DatAlert web interface – so that you can see what’s going on and where at a glance.

Other updates include:

  • HPE 3PAR support
  • Enhancements to DatAlert search functionality: predefined searches, saved searches, and more
  • Improved performance and support for incremental search results
  • Office 365 Azure AD auditing and collection
  • Enhancements to AD authentication events
  • Automation Engine: support for multiple OU selection for new groups/per filer resolution
  • DataPrivilege request-related and owner-related API now supports both Windows and SharePoint
  • Reporting now supports relative mode for all date filters

Want to see it in action? Get a personalized demo and ask about the latest features today.


Announcing Varonis Edge – to the Perimeter and Beyond

Announcing Varonis Edge – to the Perimeter and Beyond

Email, web, and brute force attacks are the primary ways that malware gets through your defenses.  The Yahoo hacker’s favorite technique? VPN. The Sony hack? Phishing emails.  Remote Access Trojans? DNS.

We’ve spent over a decade working on protecting core data stores – we’re now extending that data security to the perimeter by using telemetry from VPN concentrators and DNS servers to spot signs of attack like DNS tunneling, account hijacking, and stolen VPN credentials. With Varonis Edge – coming soon in beta – you can monitor perimeter attacks and put them in context with activity and alerts in your core data stores for the full picture.

Extend your data security to the edge with enhanced security intelligence and additional threat markers, so that you can alert on external attacks, catch malware in its tracks, and defend your data better from insider threats. Find out more about Varonis Edge here.

Interested? Get a demo and be the first in line to try it.

5 Last Minute Halloween Costume Ideas for IT

5 Last Minute Halloween Costume Ideas for IT

We’ve all been there. Late night. Cold as a witch’s tomb. Deep within the catacombs of the Datacenter. You hear a loud noise and are relieved when it turns out to be a demonic entity from an alternate plane of existence forcing itself into our world and not something genuinely frightening like a RAID enclosure seizing up or a rack toppling over.

But this can only mean one thing: it’s Halloween and here you are without a costume. Varonis is here to help with some last minute costume ideas for the IT professional.

1. Locky Ransomware

Great art comes from a place deep within, just like when in the cinematic tour de force “Suicide Squad”, Jared Leto brought the crazy energy of the Joker to life by leaving dead rats around the set and plotting future visits to Hot Topic to flesh out his character.

Costume Items

  • Combination Locks
  • Bike Chains
  • Mirror (to practice saying: “Yeah! Yeah! Super Weird! Who Would Do Such A Thing!” without flop sweating in).


Method act your way into being the Locky Ransomware Virus by chaining shut file cabinets, the office fridge and the “good” office bathroom (You know the one? One floor down on the level where sales used to be?).

Be sure to leave a Post It at each location stating that you’ll remove the locks once .2 BTC is deposited in your wallet.

2. Blad the Crimper

Cruelly overlooked by history and eclipsed by his more famous cousin (Vlad the Impaler). Blad is fighting against a society that won’t let him create cables the length that he wants and he’ll stop at nothing to make that happen.

Costume Items:

  • Crimping Tool
  • Dictionary to prove to people that you didn’t just make up the word “crimping”

3. Help Desk Ticket

If it’s one thing that endears you to your co-workers, it’s your insistence on having a help desk ticket for every: “I’ve just got a quick question? Ever since I installed this Free Online Poker website my ‘e’ key doesn’t work. Can you look at why Word won’t print right since the last time you helped me?” that they corner you with.

Costume Items:

  • Posterboard
  • Markers
  • Stapler


Bend the poster board around until it makes a cylinder and staple it in place. Use the markers to draw a happy face on it. Place over your head and contemplate why you didn’t go into a less stressful profession like heart surgeon or something.

4. Data Retention Policy

Halloween is a fun time, but it’s also an opportunity to help educate your co-workers on your Data Retention Policy and basic digital security measures.

Costume Items:

  • A paper shredder
  • The longest extension cord you can find.


Wander around the office (shredder in tow) removing papers from people’s desks and and turning them into meaningless scraps. Be sure to hit the bulletin board in the lunchroom that’s still cluttered with take out menus from 3 years ago.

If anyone asks why you’re doing this, tell them that they’re part of the problem and if they’d just manage their own files, this wouldn’t be necessary.

5. GDPR: General Data Protection Regulation

Everyone loves a good scare and what’s more frightening than a shadowy group of faceless EU bureaucrats taking 4% of your company’s global revenue because you neglected to purge a server of some old files.

Costume Items:

  • Hans Gruber’s Accent from Die Hard
  • Any countdown app for your smartphone


Set the app to countdown to 25 May 2018
Hold it on your forehead “Heads Up” style.
Walk around the Halloween party asking people to divulge everything they know about you under penalty of law.

I’m Mike Thompson, Commercial Sales Engineer at Varonis, and This is How ...

I’m Mike Thompson, Commercial Sales Engineer at Varonis, and This is How I Work

In March of 2015, Mike Thompson joined the Commercial Sales Engineer (CSE) team. From then on, he has been responsible for demonstrating Varonis products to potential customers, installing and configuring the software for both evaluation and production implementations, leading customer training sessions, and making sure customers are getting value out of the Varonis solutions.

This role allows him to talk to people from different parts of the country, getting a glimpse of how companies of all shapes and sizes operate. “You become fast friends when you spend a few hours on an installation with someone.” says Mike.

According to his manager Kris Keyser:

“Mike is a smart, creative engineer who’s fun to work with, is well-liked by his customers and co-workers, but takes his craft seriously. He has been a real asset to the team.”

Read on to learn more about Mike – this time, in his own words.

What would people never guess you do in your role?

CSE’s already handle a lot of different things, but I suspect people would be most surprised to learn that I am a panelist on the Varonis Inside Out Security Show podcast.

How has Varonis helped you in your career development?

My time at Varonis has helped to develop my communication skills as well as providing me a better understanding of the tech and security industries since I work with so many different types of organizations. I already had technical skills before coming to Varonis, but now I am better equipped to apply my skills and experience at a larger scale.

What advice do you have for prospective candidates?

Organization is key! Also, do not be afraid to ask questions — we do a lot here at Varonis, and certain things can only be learned through direct experience.

What do you like most about the company?

The company culture is fantastic. Everyone works hard, but the expectations are very realistic, and there are plenty of opportunities to grow and take on new roles internally. Most importantly is the nitro cold brew tap that we have during the warm months. It is the best.

What’s the biggest data security problem your customers/prospects are faced with?

Many of our customers are taking a hard look at data security and they find that their existing security strategy and policies don’t necessarily reflect today’s threats.

The biggest problem is not identifying the risks, but rather formulating a plan of attack to rectify the situation and ensure data security going forward, as many of the customers I talk to already have a rough idea of their weak spots. Every aspect of this problem is complex, so many people don’t know where to start.

What certificates do you have?

I’m a wildcard. (That’s a certificate joke…)

Now for some Fun Facts on Mike!

What’ s your all-time favorite movie or tv show?

Mad Men is definitely my favorite TV show. I have been re-watching it lately and it’s even better the second time around. Spectacular writing, great character development, attention to historical detail, and surprisingly funny.

If you could choose any place in the world to live, where would it be and why?

Right now I have no desire to leave my home in Williamsburg, Brooklyn. It’s the ideal neighborhood for me and my wife. But one day I would like to live by the beach — maybe somewhere in California where the mountains meet the ocean.

What is the first thing you would buy if you won the lottery?

A nicer apartment!

Interested in becoming Mike’s colleague? Check out our open positions, here!

Varonis Brings Data Security to Nasuni

Nasuni Cloud NAS

We’re excited to announce that, in an upcoming release, the Varonis Data Security Platform will bring data-centric audit and protection to Nasuni Enterprise File Services. Nasuni is a key Varonis partner in the growing market for hybrid cloud Network Attached Storage (NAS).

If Nasuni is a critical part of your IT infrastructure, adding Varonis will enable you to:

  • Discover and classify sensitive, regulated files
  • Detect and alert on suspicious activity like ransomware and insider threats
  • Lock down file systems and permissions to only the right people
  • Capture and analyze a fully searchable audit trail of file system activity
  • Automatically find and flag stale data

Varonis will use the Nasuni API to analyze access events, lock down file systems and permissions, capture a detailed audit trail for compliance and forensics, and automate reporting. You’ll have unprecedented visibility and protection on your Nasuni edge appliances, helping you stay safe from insider threats and cyberattacks.

If you’re in the Boston area this week and are looking to leverage the cloud for more scalable file sharing, NAS consolidation, or multi-site file collaboration, head on over to Nasuni Summit on October 5 where you can hear more about our partnership. We’re also participating in panel discussions on security, compliance, and cloud.

Stay tuned to learn more about the official release of our Nasuni integration. If you’d like to be one of the first to try it out, simply reach out.

Catching Up With Varonis Tech Evangelist Brian Vecci

Catching Up With Varonis Tech Evangelist Brian Vecci

Who was that incredibly knowledgeable security pro on CNBC talking about the Equifax breach? That familiar face and voice  belongs to none other than our own Brian Vecci. If you’ve been following Varonis on Twitter or Linkedin, you’re likely aware that Brian has been on CNBC before.

And he’s made a lot of other media appearance. So we asked our amazing research staff to track down Brian’s recent interview activity — not surprisingly, he’s been busy! We’ve embedded a few of his interviews below. So sit back and enjoy Mr. V’s high-bandwidth conversations.

CNBC: Equifax Breach

CNBC: Consumer Security Advice

Nightly Business Report (NBR): WannaCry Ransomware

Security Guy TV (Black Hat 2017): Insider Security

Cybersecurity Journal (Black Hat): Data Is a Business Asset

DatAdvantage for Exchange Online Is Here

DatAdvantage for Exchange Online Is Here

We’re thrilled to introduce complete monitoring for Exchange Online as part of our 6.4.50 beta, giving Varonis customers the same coverage we provide with the Exchange on-premise system – but now in the cloud.

With DatAdvantage for Exchange Online, you’ll be able to manage access and monitor email events – and with DatAlert, you’ll get alerted when there’s unusual mailbox activity.

We’ve also added new threat models for Exchange Online – including abnormal service behavior: atypical actions performed on mailboxes owned by other users, and abnormal admin behavior: access to atypical mailboxes.

DatAdvantage for Exchange Online gives you a complete audit trail of exactly who is sending emails (and where they’re going), which users are accessing what email folders, and which users open phishing emails – those kinds of things.  You’ll have transparency and know everything that happens in Exchange Online.

Try it out today and see how DatAdvantage for Exchange Online will help build your email defenses in the cloud, protect against email hijacking and phishing attempts – and keep your data secure.

Introducing Our New DataPrivilege API and a Preview of Our Upcoming GDPR Pa...

Introducing Our New DataPrivilege API and a Preview of Our Upcoming GDPR Patterns

GDPR Patterns Preview

We’re less than a year out from EU General Data Protection Regulation (GDPR) becoming law, and hearing that our customers are facing more pressure than ever to get their data security policies ready for the regulation.  To help enterprises quickly meet GDPR, we’re introducing GDPR Patterns with over 150 patterns of specific personal data that falls in the realm of GDPR, starting with patterns for 19 countries currently in the EU (including the UK).

Using the Data Classification Framework as a foundation, GDPR Patterns will enable organizations to discover regulated personal data: from national identification numbers to IBAN to blood type to credit card information. This means that you’ll be able to generate reports on GDPR applicable data: including permissions, open access, and stale data.  These patterns and classifications will help enterprises meet GDPR head on, building out security policy to monitor and alert on GDPR affected data.

Try it today and discover how GDPR Patterns will help prepare you for 2018 and keep your data secure.

IAM & ITSM Integration with DataPrivilege

We’ve been talking a lot lately about unified strategies for data security and management, and the challenge of juggling multiple solutions to meet enterprise security needs.

DataPrivilege puts owners in charge of file shares, SharePoint sites, AD security and distribution groups by automating authorization requests, entitlement reviews and more. DataPrivilege now includes a new API so customers can take advantage of its capabilities by integrating with other technologies in the security ecosystem, like IAM (Identity and Access Management) and ITSM (IT Service Management) Solutions.

Our new DataPrivilege API provides more flexibility for IT and business users so they can unify and customize their user experience and workflows. With the API, you’ll be able to synchronize managed data with your IAM/ITSM solution and return instructions to DataPrivilege to execute and report on requests and access control changes.  You’ll be able to use the integration to externally control DataPrivilege entitlement reviews, self-service access workflows, ownership assignment, and more.

Ask for a demo and see how it works with your current set up.


Introducing the Automation Engine, DatAlert Analytics Rewind, and more

Introducing the Automation Engine, DatAlert Analytics Rewind, and more

Put Least Privilege on Autopilot

Getting to least privilege can be a nightmare. The first steps – tracking down inconsistent ACLs and remediating global access groups can turn even the most basic file share clean-up project into a huge to-do.

And so we’re thrilled to announce the upcoming availability of the Automation Engine, which will take the headache out of least privilege by discovering undetected security threats and fixing hidden vulnerabilities without all the manual legwork.

The Varonis Automation Engine automatically repairs and maintains file systems so that you’re less vulnerable to attacks, more compliant, and consistently enforcing a least privilege model.

  • Fix hidden security vulnerabilities like inconsistent ACLs and global access.
  • Revoke unnecessary access that users no longer need or use, reducing your risk profile.
  • Accelerate and automate least privilege.

Interested?  Get a demo now and be the first in line to try it.

What’s past is prologue

One of our earliest patents was our simulation capability in DatAdvantage – which our customers now use consistently to test access control changes against past access activity, highlighting users that would be disrupted or applications that might break if they had made those changes in the past.

We’re extending our simulation capabilities with Analytics Rewind.

DatAlert Analytics Rewind allows customers with three or more months of data to analyze past user and data activity with DatAlert threat models, and identify alerts that they would have gotten in the past. You can not only pre-emptively tune out false positives, but also look back at your data activity history to identify breaches that may have already occurred.

New Threat Models for Exchange and DS

You asked, we listened.  We’re adding more threat models to DatAlert Analytics to detect and prevent impersonation, exploitation, and account hijacking.  The latest set keeps you aware of suspicious mailbox and Exchange behaviors, password resets and unusual activity from personal devices.

Email security and Exchange:  New threat models flag abnormal amount of emails sent to accounts outside the organization, unusual mailbox activity from service accounts, and automated forwarding that might indicate an attacker trying to redirect and exfiltrate data.

Directory Services:  New threat models detect suspicious password resets that may indicate attempts to hijack a user account, unusual access to personal devices, suspicious attempts to access an unusual amount of resources, and unusual login activity that may indicate a credential stuffing attack.

Want to see them in action? Get a demo our data security platform and see how you can stop data breaches.

Varonis + Splunk: Epic Threat Detection and Investigations

Varonis + Splunk: Epic Threat Detection and Investigations

We’re bringing our powerful DatAlert functionality to Splunk® Enterprise to give you comprehensive visibility into data security with our new Varonis App for Splunk – now available for download on splunkbase!

DatAlert can now send alerts to the Varonis App for Splunk, providing Splunk additional context into anomalous file system, email, and Active Directory behavior. Users of the App can view Varonis alerts directly from Splunk Enterprise, and drill into DatAlert for additional insight into what’s going on and accelerate security investigations, reducing mean time to resolution.

At-a-glance Dashboards

Our at-a-glance dashboards set SysAdmins and Security Analysts up for success – correlating Varonis alerts with Splunk events, and providing additional insight and context into potential security threats.

Want to learn more?

You can take a closer look at selected entities in the drill-down dashboard – access a complete list of all alerts on a specific entity (user, asset, threat model, device) within the selected timeframe.

Streamline your investigation with the DatAlert Web UI – and determine whether suspicious activity is malicious or a misconfiguration.

Want to try out the Varonis for Splunk app? Download it directly from splunkbase to get started.

Not yet a Varonis customer? What are you waiting for! Check out a demo of our data security platform today and get a personalized walkthrough of the Varonis App for Splunk while you’re at it.

2017 Varonis Data Risk Report: 47% Had at Least 1,000 Sensitive Files Expos...

2017 Varonis Data Risk Report: 47% Had at Least 1,000 Sensitive Files Exposed

Today we released the 2017 Varonis Data Risk Report, showcasing an alarming level of exposure for corporate and sensitive files across organizations, including an average of 20% of folders per organization open to every employee.

Using the Varonis Data Security Platform (DSP), Varonis conducted over a thousand risk assessments for customers and potential customers on a subset of their file systems. The assessment provides insight into the risks associated with corporate data, identifies where sensitive and regulatory data resides, reveals over-exposed and high risk areas and makes recommendations to increase their data security posture.

Here is a sample of the risks discovered:

Failure to reduce the use of global access groups, lock down sensitive files and dispose of stale data exposes an organization to data breaches, insider threats and crippling ransomware attacks.  By identifying and reducing exposed data through global access, broken ACLs and unique permissions, organizations are able to decrease their attack footprint and maintain compliance standards.

“We found files with sensitive PII in places it should not have been,” said a Chief Security Officer for a state and local government in a recent TechValidate customer survey.

According to that same survey, 68% of end users perform a risk assessment to validate security concerns, 95% agree that the risk assessment helped them identify at-risk, sensitive and classified data and build a plan of attack to reduce the likelihood of a data breach and 82% rate global access remediation a top priority after seeing the results.

“The initial assessment gets the immediate attention of management, which then assists in building and executing the internal remediation process,” said a Security Manager at a beverage company in the same TechValidate customer survey. “Varonis does an excellent job of identifying internal data security vulnerabilities.”

Download the 2017 Varonis Data Risk Report here and then request your own risk assessment.