Strategic Relationship with Varonis
Authorized Distributor
Explore Varonis Products

How Varonis Works

An in-depth look at the Metadata Framework—the patented technology that powers the Varonis Data Security Platform.

Connect to the systems where important data lives.
Combine, correlate, and analyze metadata across three key dimensions.

Varonis’ classification engine only scans files that our auditing knows have been changed or created since the previous scan. True incremental scanning allows for petabyte scale.

We achieve pinpoint accuracy by going beyond regular expressions, using proximity matching, negative keywords, OCR, and algorithmic verification.

Unlike most classification technology, Varonis uses non-content factors (such as permissions) to further enhance accuracy.


Access control implementations between Windows, Box, SharePoint, Exchange, UNIX, etc. are unique—each with their own idiosyncrasies and gotchas. Calculating effective rights for a given object or user can be absurdly complex and varies greatly between systems.

Varonis pre-calculates and normalizes the billions of functional relationships between users, groups, and data with patented data structures and algorithms to instantly and accurately determine effective permissions.

This produces a bi-directional permissions map that visualizes who has access to any object and the reverse—which objects any user or group can access.

Much like permissions, access events vary wildly in format and structure across technologies. Figuring out what an employee has accessed in a given day can become a data science project when it should be a simple query.

Varonis aggregates, normalizes, and enriches data access events, access control/configuration changes, authentication events, and network events from a wide variety of systems from dozens of different vendors.

We produce a unified, human-readable audit trail that becomes your system of record for all data security questions. These enriched events feed our real-time alerting engine, enabling high signal-to-noise ratios.

Profile behavior and surface risk insights without human intervention.
Bi-Directional Cluster Analysis
Varonis maps each user's entitlements and analyzes their activity to determine whether they truly need access. Our analysis goes a step further by creating clusters of users with similar permissions and looks for meaningful deviations in their data usage.
This analysis yields highly accurate permissions removal recommendations which can be implemented without human intervention or automatically sent to a business user as part of an entitlement review.
Security Analytics & Threat Modeling
Varonis automatically builds a baseline, or “peace-time profile” over hours, days, and weeks for every user and device, so when they behave strangely, they get noticed.
This produces security insights such as:
1. What kinds of accounts are there and who do they belong to? 2. Who uses which devices and which data? 3. When are they active and from where?
Our product contains hundreds of machine-learning threat models based on real-world attack techniques spanning the cyber kill chain. These models get better over time as they learn your environment.
We can't say anything more about these models. The lawyers are watching.
Simulate, commit, and automate changes in the environment.
Sandbox Simulations

Because Varonis has a model of your entire environment, you can easily simulate what-if scenarios to determine the precise impact of a permissions change.

Varonis uses historical events to see which users, service accounts, and apps will be impacted.
We perform all the necessary dependency checks to ensure nothing will break unexpectedly when you commit the change.

Commit & Rollback

You can commit many changes to your environment via the Varonis platform:
1. Create and manage users/groups 2. Edit folder or mailbox permissions 3. Change Active Directory group memberships To commit a change, the user making the change must authenticate using credentials that provide the right level of access. Varonis does NOT run in God mode. Our distributed commit engine is multi-threaded, so you can issue wide-scale changes without waiting a week. Commits can be done ad-hoc or scheduled for a change control window and can be rolled back automatically.

Varonis performs automatic preventative and detective actions to ensure your data is secure.
For example, self-healing permissions, when enabled, will remove any global access group (GAG) that exposes data to all employees. The GAG is replaced with a special purpose access group thereby limiting your blast radius. This enables petabyte-scale remediation projects to be completed in weeks, not years. On the detective side, you can trigger customized automated responses to threat models to stop an attack in progress.
Case Study
Varonis Automation Engine helped Zurich Insurance dramatically reduce their risk at scale.

Varonis named a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023

The report states "Varonis is a top choice for organizations prioritizing deep data visibility, classification capabilities, and automated remediation for data access."

Varonis protects your data first, not last.

At Varonis, we protect data where it lives. Our platform is purpose-built to look deeply inside and around data—and then automate its protection using patented, battle-hardened machine learning. Varonis products address additional important use cases including data protection, data governance, Zero Trust, compliance, data privacy, classification, and threat detection and response.

Reduce your risk without taking any.