Varonis Platform Reviews

Varonis Platform solves critical questions for many organizations, such as where sensitive data resides, who has access to this data, whether the access is appropriate, and how this data is being used. Many of my clients are in the financial services, healthcare, insurance, and manufacturing domain, and they have been using this for multiple use cases. The number one use case is data governance, identifying secure sensitive information, and other very important use cases include compliance requirements for GDPR, HIPAA, PCI DSS, and Sarbanes-Oxley. Certain other use cases can be around insider threat monitoring and ransomware defense.

My client is using Varonis Platform, which focuses on data permissions, user access, and data movement within their organization. This is how they use this for all practical purposes, and they have been getting returns out of having very strong visibility into their unstructured data. They carry out fairly reasonable permission analysis and can further strengthen their permission-based regime within the organization. They use Microsoft 365, and Varonis Platform has a strong integration with Microsoft 365, which brings in good forensic capabilities as well. Varonis Platform provides great compliance support; it has a great classification engine that helps with insider threat detection and reduces manual effort by automating many processes, which is very important. They have been using this successfully for data discovery, classification, security posture management, access governance, and insider threat protection.

I discussed insider threat detection, ransomware detection, remediation using automation, compliance reporting, and incident investigation in forensics, and these capabilities sum up Varonis Platform.

Varonis Platform offers key features including data discovery, data classification, data analysis, governance, user and entity behavior analysis, also known as UEBA, which helps in ransomware detection, insider threat detection, and compliance reporting. It does a lot of automation from a remediation standpoint, as well as investigation and forensics.

The number one feature that makes the biggest difference for my clients is visibility into unstructured data; that is the most difficult for organizations to achieve. They do not have a good understanding of where sensitive data resides, who has access to this data, whether this access is appropriate, and how data is being used. Varonis Platform provides visibility, governance, threat detection, and automated remediation around data.

Varonis Platform is a great data discovery platform that provides visibility into sensitive data estimates and how it is being used. Clients have been able to reduce excessive permissions, strengthen their compliance posture, detect insider threats, and ransomware activity, which would otherwise be difficult and manual.

Varonis Platform is deployed in my clients' organizations in a combination of all types. Many clients use Varonis Platform in a largely SaaS-based model since it is a data security platform consumed in this way, and many organizations still operate hybrid environments. As far as Varonis Platform is in a position to get the data source and identify systems, it can discover and classify more secure data. Deployment in most of our clients is cloud-based, connecting to Microsoft 365, AWS, or other SaaS applications such as Salesforce. In other environments, it is a hybrid deployment with SaaS and on-premises, including file servers, NAS devices, and AD servers.

I think about a few things regarding how Varonis Platform can be improved. The licensing pricing model and module licensing can be complex for customers to understand. Faster deployment could be beneficial, and there could be more flexibility regarding dashboard customization. AI-powered prioritization to reduce analyst workload could also be looked at. While I think it is a mature and capable platform, there are opportunities around simplifying licensing, accelerating deployment, improving risk management, and further reducing operational complexity.

There is no other relationship. I receive a twenty-dollar gift card.

I have advised many clients who have been using Varonis Platform for more than five years, and the first time I recommended this platform to a number of my clients was about three to four years back.

Varonis Platform is stable and mature. None of our clients have found any issues with it. In my experience, Varonis Platform is a stable and mature platform. It has been in the market for many years, widely deployed across large enterprises, and our clients are capable of handling large environments with significant volumes. It is a mature product with a long track record, widely adopted, and very reliable. Varonis Platform has been consistent and dependable in my experience.

Varonis Platform is highly scalable and designed to support large enterprise environments, which could have millions of files, thousands of users, and multiple data types. Scalability is generally considered one of its strengths.

Customer support is quite strong, and it could be a differentiator as well.

Varonis Platform was not being used before; this was the platform we started using because a need was identified at many client places. There were no piecemeal solutions or comprehensive solutions available, and many clients were either not using anything specific or had some competitors at version 2.0 level, but otherwise, no definite solution.

If it is a multiyear contract, then a good discount is available. The typical market perception is that Varonis Platform is more premium priced compared to other governance tools, but in large deployments, it is extremely handy, and you can justify the cost through various factors, including return on investment.

Varonis Platform has definitely reduced the risk of data breaches at many client sites and has definitely lowered manual effort; manual effort has decreased by seventy percent due to automating data classification and permission reviews. It has reduced audit preparation time and compliance efforts in evidence selection for GDPR, HIPAA, PCI DSS, and others. I have also seen a strong improvement in security operations with a focus on the introduction of mean time to detect and mean time to respond.

From the perspective of metrics, I can talk about some security metrics where insider threats have been detected. The percentage of detection of insider threat incidents has really gone up; at least the visibility has improved. It has reduced manual access reviews by anywhere between fifty percent to seventy percent. The time for audit preparation has reduced, and the number of compliance findings that have been remediated has decreased. This has reduced the regulatory and compliance risk as well.

I was considering a few options; however, there were a few clients who were using alternatives, but mainly I focused on Varonis Platform.

Varonis Platform's AI capabilities play a very important role in governance and security as it helps organizations understand what sensitive data is, who has access, whether the data is overexposed, and it does continuous monitoring of data while enforcing least privileged access. It definitely provides for sensitive data discovery, access governance, data exposure analysis, helps in compliance support, and provides aid in producing and maintaining audit trails, forensics, and automated remediation. While it is not an AI platform per se, it uses an AI engine to strengthen its data management capabilities, forming a strong foundation for enterprises.

I would advise organizations to treat using Varonis Platform not just as a security tool being deployed but as a data protection program, where the greatest value comes from visibility, excessive permissions, sensitive data exposure, and governance gaps. Everyone should start with high-risk data, establishing clear ownership and leveraging its automation capability as far as possible, cleaning up your permissions early, using automation, setting up alerts and policies, integrating with other workflow systems in your organization, and measuring success through risk reduction metrics. Focus on data exposure reduction and permission governance first, and look at outcomes through ROI eventually. This review has received a rating of nine out of ten.

My main use case for Varonis Platform is for data classification on the user's machine, specifically for data visibility and protection.

A quick, specific example of how I use Varonis Platform for data classification and protection on users' machines is related to identifying and classifying sensitive data in one of the organizations, such as PR data or financial information, and monitoring user activities, including abnormal activities and risky behaviors.

Varonis Platform doesn't just classify and monitor the data; it also helps us understand user behavior, such as when users download or access large files of sensitive data, or share the same data outside the organization, allowing us to see real-time activities and take immediate action.

Varonis Platform has positively impacted my organization by providing clarity regarding data and permissions. Initially, we faced many issues related to data awareness among users. After implementing this solution, both the organization and users gained a clear understanding of managing sensitive and non-sensitive data, improving visibility, security, and compliance.

Using Varonis Platform for data classification has saved us time. With 1,000 users previously unsure about what files could be shared outside the organization, categorizing data enabled users to differentiate between public and sensitive data easily, thus saving time for both users and managers.

Varonis Platform offers multiple features for data protection, such as data discovery and classification. We can identify, discover, and classify sensitive data effectively, which is crucial given the DPDP law in India and GDPR. The platform also excels in access and exposure tracking, enabling us to monitor users, permissions, and reduce access to sensitive files. Additionally, it includes UEBA for behavior analytics and threat detection, making it valuable for compliance and audit readiness.

Varonis Platform has helped our organization primarily for DPDP compliance, although I currently don't have a specific example related to GDPR or HIPAA.

A unique feature of Varonis Platform that stands out to me is that, in the current market, it is one of the best data classification solutions available. Compared to others such as Forcepoint, Varonis Platform is agent-based and AI-driven for detection and response, identifying data based on its content and context, and it includes automated remediation and lifecycle automation, making it a leading product in the market.

While Varonis Platform is powerful, the initial data scanning and indexing can take significant time in large environments. However, this is not an issue in mid-level organizations.

I suggest enhancing tighter integration with third-party solutions, such as SIEM or SOAR platforms, for smoother incident response workflows. Standard compliance-related reports specifically tailored for the DPDP Act would also be beneficial.

I chose nine out of ten because, while it is an excellent solution, I would have given it a perfect score if there were standard reports for the DPDP Act and if the console were less complicated.

I have been using Varonis Platform for around 1.6 years.

Varonis Platform is stable.

Varonis Platform is highly rated for scalability. It operates effectively within our mid-sized organization and is adaptable as our data needs grow, supporting hybrid environments for future use.

Customer support for Varonis Platform is very good. I would rate the customer support for Varonis Platform at nine out of ten.

Positive

Before using Varonis Platform, we utilized the Titus data classification solution, specifically Forcepoint's solution, which was traditional and lacked many features and visibility, prompting our switch to Varonis Platform.

After using Forcepoint's data classification, we directly switched to Varonis Platform without evaluating other options.

I monitor the effectiveness of Varonis Platform using its built-in dashboard and weekly risk reports that display data exposures, alert volumes, and remediation progress.

Varonis Platform integrates with other security tools easily since it just requires APIs. For instance, we can forward Varonis Platform logs directly to our SIEM solution, integrate Active Directory for permission tracking, and also link it with cloud storage platforms such as O365, SharePoint, and OneDrive.

I have seen a return on investment mainly through time savings and improved security for sensitive data, making it a valuable investment.

My experience with pricing, setup costs, and licensing for Varonis Platform has been good, with competitive costs. I believe it offers one of the best solutions available at this price point.

I suggest enhancing tighter integration with third-party solutions, such as SIEM or SOAR platforms, for smoother incident response workflows. Standard compliance-related reports specifically tailored for the DPDP Act would also be beneficial.

I rate Varonis Platform at nine out of ten. Organizations serious about protecting their data should definitely consider Varonis Platform.

My main use case for Varonis Platform is for Active Directory.

We use Varonis Platform for Active Directory to check stale users, to look at the last login machines, and any kind of UBA information. We also use Active Directory for file shares, and we use that to look at stale files and shared files, access to certain files.

In my experience, Varonis Platform offers many features, providing great insight into data that is across the organization, how it's used, and how it's accessed. It also gives a lot of information on user behavior analytics and different Active Directory key points that need to be addressed.

The analytics feature has helped us day-to-day to be able to look at different alerts when they come in, especially if a user has deleted certain files. We have created automatic scripts in case there is a chance that it is a ransomware malicious actor, and it will automatically disable the user, log them out, and disable the actual workstation. That has helped us with different risks that we face in the industry, especially with ransomware attacks.

The analytics also helps with user behavior analytics and shows what files are being accessed by what users and how, and things along that line. Varonis Platform has definitely helped us with the different permissions within files and data that are out there throughout the organization. It has helped us see different Active Directory data throughout the organization, and it has definitely helped with user behavior analytics and incidents.

I think Varonis Platform does a great job in every aspect that we have for right now, and I believe there are some modules that are getting ready to be released that we are looking into adding to our organization. I hope those new modules will work as similarly to the rest.

A phishing email module would be great; I look forward to when that comes out.

I have been using Varonis Platform for around four years.

Varonis Platform is stable.

It has scaled throughout the organization very well.

The customer support is above par; it is what I think other organizations should look at to be comparable to. Varonis Platform support has been amazing throughout every step that we have taken with them.

I would rate the customer support a 10.

Positive

Most of it was done manually, but we did use some of the Microsoft different tools that we had.

I did not deal with the pricing, setup costs, or licensing.

I definitely say that we have had time savings by using the DataVantage module and also time savings using the AD module when we are dealing with different incidents.

I advise others looking into using Varonis Platform to make sure they do a proof of concept, to ensure it will work in their organization and meet their needs. Additionally, be prepared that when you implement the product, you will have to tune it as you go.

I would recommend Varonis Platform to most organizations out there that are corporate and really want to help reduce risks throughout their operations.

On a scale from one to ten, I rate Varonis Platform a nine.

The main use case for Varonis Platform is data security, data labeling, and data classification, as we have integrated it with Microsoft Purview, which facilitates the labeling side, and it also enhances data security.

I can give a quick, specific example of how we use Varonis Platform for data labeling or security in our organization. We had all of our files with good permissions, but we needed to classify them into confidential, sensitive, and public categories to ensure nothing malicious was happening and that no one was sharing anything that they shouldn't be, which is very important for implementing AI in the future.

In my experience, the best features that Varonis Platform offers are data labeling, data classification, along with all the integrations and its easy-to-use platform. They have a really good setup, and their sales team and technical service are reliable; they hold monthly, weekly, and quarterly reviews, and they respond quickly to anything we need, which is not common among platforms.

Varonis Platform has a big variety of integrations, and they continuously work on new updates and integrations, such as ChatGPT Enterprise and Zoom, ensuring that they meet any new needs that customers have, maintaining a roadmap for features that they constantly bring out.

Since implementing Varonis Platform, we have noticed positive impacts in our organization. People are more careful when they go abroad, we have greater visibility, and it's very important for compliance to ensure we follow compliance rules, as we have some good reporting and the out-of-hours MDR service.

I would appreciate some improvements in reporting, specifically in PDF exports, although I think they are always working on new features.

It would be beneficial if the reporting in Varonis Platform could use PDFs instead of Excel for better graphs, as the dashboards are really good, and it would be nice to have simplified dashboards in PDF for business reporting purposes.

We have been using Varonis Platform for just over a year.

They have a really good setup, and their sales team and technical service are reliable; they hold monthly, weekly, and quarterly reviews, and they respond quickly to anything we need, which is not common among platforms.

Positive

For others looking into using Varonis Platform, my advice is that in terms of data security and everything associated with data, they are very good, and I think it's worth trialing. Their technical team excels in implementation, setup, documentation, and guiding you through the process while advising on what you need.

I wouldn't say audits are easier with Varonis Platform, but given that we're regulated by the FCA, we have rules to follow, and it's much easier now with the dashboards and everything we have integrated to ensure we always adhere to these regulations, especially regarding sensitive client data and to ensure no malicious activity or ransomware occurs, particularly because we integrated it with Microsoft Defender, which locks these devices straight away.

Varonis Platform is deployed in our organization with their dashboard in the public cloud, but we have all of their systems installed on-prem, which means it's mostly public.

We use Azure for our public cloud deployment.

We did not purchase Varonis Platform through the Azure marketplace, but rather through a third-party provider.

Our company has a business relationship with this vendor as a reseller; they are all resellers.

On a scale of 1-10, I rate Varonis Platform a 9.

I mainly use Varonis Platform to identify the overall security posture of an organization from a data security point of view. When you want to understand where exactly the critical data resides, it functions as a discovery tool. From an initial point, you can see where exactly the data resides. With that capability, it can also allow you to put a restriction if there is an open base. Overall, if you want to check your data from an initial point of view, Varonis Platform is the best use case you can consider.

The functions of Varonis Platform that I appreciate the most include the data transport engine, which is something I haven't seen in other DSPM tools. This engine allows you to move your stale data to an archive location in an automated solution that requires nothing from you. It is pre-filled and happens in the background, moving your data whenever required. This functionality has been coded into the platform itself.

I do use the data classification feature in Varonis Platform, and it is indeed useful because of the dictionaries, pre-built features, and custom classifiers it has, which is commendable. It also gives you the capability to write regex if you wanted. In comparison to Purview, I would rate it in second place, with Purview being the top one.

My opinion about the ML-based threat detection capabilities in Varonis Platform is that it doesn't have its own ML. What they did was integrate with Co-pilot as an extended feature. From the organization's perspective, organizations can simply do the scanning and everything from Co-pilot itself rather than going to the tool itself. From an AI use case, the threat intelligence covers more gaps and can detect an anomaly from a user perspective. If a person has regularly been using a particular folder, it detects those patterns. Earlier, an analyst would have had to write those rules, but now AI and ML in the system can actually detect those anomalies.

User behavior analytics in Varonis Platform is helpful for my company's security posture. UBA is an excellent feature and a classic example of integrating AI with the data security posture. There would be many actions done from a user end that you cannot treat manually. The AI capability and user behavior analytics understand how exactly a user is working on a day-to-day basis and how it normally goes. If there is anything abnormal, it should trigger an alert or an automated response action, which Varonis Platform has this capability inside the data alert module.

The potential areas of improvement I see for Varonis Platform are that it doesn't have a SIEM or SOAR console where you can see your incidents or a native style incident case management where you can see all your incidents and do the tracking of all those things. The endpoint part is also missing in Varonis Platform. It cannot inspect the DLP things. For example, when somebody is trying to print something, Varonis Platform cannot block that action. That is also one major use case that I see is missing from Varonis Platform.

I have been working with the solution for about seven years.

I would rate the technical support from the vendor between six and seven. I rate the technical support at this level because there are times when people are not skillful enough to understand the issue. You need to speak to them again and again and let them know about the process and what exactly the issue is. Then they understand and conduct what I would call an inside connect investigation. They do a lot of investigation and then come back to us. This takes a lot of time. The matter of how much time it will take is something I wish was faster, as sometimes you need a quick response. However, I do get my resolution every time.

Varonis Platform's initial setup is simple because whatever the requirements are for implementing a solution inside an organization, all those features are enabled. A service account is required to navigate through the platform, which I believe is ultimately the same for each tool for their agent to run on. The setup is not complicated.

The main benefits for me as an end user of Varonis Platform include its excellent performance from a security point of view. There is also a very good feature in its capability for basic IAM features where you can manage the ownership and file permissions. Earlier, you had to go into that particular folder to manage it, but now from Varonis Platform, you only have to go inside the console and see where exactly the open areas are and conduct those IAM activities rather than using a classical IAM tool such as Active Directory or an intranet. This means all you can do is just access it from Varonis Platform, which is a classical benefit I have received. I rate this product as an eight overall.

My main use case for Varonis Platform is to monitor access to sensitive data across file shares, Microsoft 365, and SharePoint. The main objective is to identify overexposed data, reduce access risk, and detect abnormal user behavior that may indicate insider threats or compromised accounts.

A specific example of how I used Varonis Platform to monitor and detect abnormal user behavior involved a file share on our network that contained terabytes of data. We did not have enough visibility to know if someone was stealing important information or if incorrect permissions were set on some information, which meant we had to protect the data available for the entire company.

The best features Varonis Platform offers include its visibility. Before using Varonis Platform, we had limited insight into who accessed sensitive files on this file share, whether permissions were excessive, and Varonis Platform helped us quickly identify stale data, permissioned folders, and unusual access patterns, significantly improving our data governance and security posture.

Varonis Platform's visibility feature helped us improve our data governance as we created a process that involved data classification and discovery over sensitive content. After that, we started contacting the owners to verify if the files and permissions were correct. If they were not, we moved the information to another folder or asked the owner to do that.

Varonis Platform positively impacted our organization by helping us identify sensitive data that was accessible to more users than necessary, thereby reducing unnecessary permissions.

Varonis Platform could be improved because when I used it, we had a significant issue related to the large volume of data on that file share. Although Varonis Platform helped us gain more visibility, it became really slow when handling a lot of information, which created some issues.

I have been using Varonis Platform for two years.

I noticed measurable outcomes from this, mainly the reduction of people reporting that certain information was available for everyone, which led to fewer tickets being raised about this information.

Varonis Platform receives a rating of seven out of ten. I chose seven out of ten because the user experience was easy, we could apply it and gain more visibility, but the performance of the solution needs more improvement.

I did not use much of the artificial intelligence capabilities on Varonis Platform regarding governance and security. I did not have experience with the accuracy and reliability of output regarding the artificial intelligence capabilities on Varonis Platform.

My advice for others looking into using Varonis Platform is that if you want to use it in a very large environment, you should think twice and conduct some proofs of concept first to check if it is a good fit. Otherwise, I would not recommend it.

The primary use case for Varonis Platform is data discovery, specifically for discovering sensitive data in our organization to protect it. We are looking for a solution that can scan our repositories to identify sensitive data and classify it as restricted or confidential based on our information security policy. 

Additionally, we are considering its use for data security and risk assessment and managing and monitoring user activities and access permissions.

Varonis offers robust data access governance, allowing us to understand which sensitive data exists and who has access to it. It also allows us to manage access permissions. It is effective in threat management, discovery, classification, access integration, and access governance. 

Varonis is excellent for scanning unstructured data sources like file shares, OneDrive, SharePoint, Azure Blob Storage, and S3s.

Varonis started as an on-premises solution and is transitioning to cloud. It hasn't fully moved yet, which is an area for improvement. 

Varonis requires more access permissions for its core functions compared to competitors, which can be a concern for companies about data safety. 

The licensing cost of Varonis is high, which might be a drawback for mid-tier companies.

I have experience with Varonis for three to four years.

I would rate the solution's stability as eight to eight point five out of ten.

I would rate Varonis's scalability as eight to eight point five out of ten. It's a scalable solution.

Technical support from Varonis is rated as nine out of ten.

Positive

There have been instances where a company did not renew the Varonis license due to its high cost. In such cases, they may switch to other tools that are cheaper, despite Varonis's capabilities.

The initial setup is not difficult since Varonis is a Windows-based setup. However, configuring a data source for scanning requires many access permissions, which can raise concerns about data safety. Varonis needs many access permissions compared to its competitors.

We implement the tool and run scans, while different operations teams manage activities post-scan.

Varonis is known for its high licensing cost, which can include the cost of multiple servers required for its operations, called collectors. The total setup cost makes it a challenge for companies with a limited budget.

Companies may consider tools like BigID, Security AI, and others when evaluating alternatives to Varonis.

I would recommend Varonis to other businesses if their budget allows for it, as it offers great features and capabilities. Varonis suits companies focusing on unstructured data scanning, whereas competitors might be more suited for structured data.

I rate the overall solution as eight out of ten.

The most valuable feature, in my opinion, is that it serves as a central repository where you can see all of your file servers from the GUI. There are two interfaces: the web version and the graphical user interface (GUI) available on local machines.

Another valuable feature is the ability to easily apply restrictions through Varonis, without having to manually configure permissions on individual servers. You can remotely register, block, or enable server or file permissions from one central location. This can be done in bulk as well. 

I also appreciate the reporting feature, which allows for the extraction of various reports based on specific needs. These reports can be used for audit purposes, such as tracking changes in file locations or deletions.

Additionally, Varonis offers data classification capabilities. You can manually create classifications and categorize data accordingly. After a short processing time, you have visibility into where specific types of data are located.

There are many other aspects of Varonis worth mentioning, as I learn something new about it every day. However, I have now transitioned to the Microsoft platform and primarily work with Power BI, so my Varonis usage is limited these days.

One area for improvement is the calculation engine. When applying rules in Varonis, especially for large datasets (terabytes of data), the calculations can be slow and require time to process. Speeding up this process would be beneficial.

Additionally, although Varonis is considered an IAM tool, it also plays a role in data security. Introducing DLP (Data Loss Prevention) capabilities within Varonis would be a valuable addition. While there are ways to implement DLP within the platform, integrating it more tightly would provide greater flexibility for analysts to manage data, set restrictions, and define policies directly within Varonis.

I have been using it for eight years.

I have experience in data protection, specifically data security and identity access management. Varonis is one platform I have worked with extensively.

When dealing with a large amount of data and trying to extract a report that contains a significant amount of data, especially very old data (let's say from around 2015 or 2016), I often encountered the issue of exceeding the database limit. This prevented me from getting the desired report. 

We have communicated with Varonis multiple times regarding this issue, and they have provided updates and patches that temporarily resolve the problem. However, a permanent solution has not yet been found.

So, when dealing with huge amounts of data, the Varonis platform can sometimes encounter issues or even break down.

In my previous product-based company, we had over 10,000+ employees, but only around 50 used Varonis for administrative work. There were also business users who performed their regular activities on the platform. 

In my next organization, which was service-based, I worked for a client and created around 46 accounts for people to use Varonis.

There is a specific portal where you raise a regular ticket. Someone from the team would then contact you, and you work with them to get the issue fixed.

Plenty of times, issues were fixed within one or two days. However, there were times when no one could find a solution, and I was passed from one team to another. While this might have been due to a genuine issue, from a customer perspective, it wasn't helpful. I had to delay project activities because of the lack of support.

Neutral

Deployment isn't really a hard task. Like any other tool, it involves a setup file and a set of instructions. The account used for setup must be an administrative account, and the servers you want to connect to Varonis should have access.

It can be a bit tricky if you have an organization with two separate forests and you want to join both sets of servers under one shadow account. However, there's a solution for that. You can use two accounts simultaneously by setting them up manually, instead of relying on the automatic process. But aside from that, everything else is straightforward.

Deployment model:

Earlier, when I started with it back in 2018, it was on-premises. After the introduction of the GDPR, our organization asked us to assess our data, segregate it, and classify it. For this purpose, we acquired Varonis, and at that time, we had on-premises servers. We deployed the Varonis client on one of our servers and connected all other file servers to it to manage the data.

Sometimes I feel it's worth what I'm paying for, but with the advent of cloud computing, there are other tools in the market, like Proofpoint and some IBM tools like Guardian, that are actually better than Varonis.

It's expensive, kind of, really expensive. The Varonis platform consists of different modules, and each module has a price associated with it. You don't buy one license and get every feature; instead, different features come with different licenses and associated costs. So, if you add up all the costs, it can become very expensive.

First, you need to understand your infrastructure. If you plan to onboard Varonis on-premises, you must check your local environment and its design, especially the Active Directory setup. You need to know if users, servers, and machines are in the system and whether there's one account or multiple accounts for monitoring and reporting. These are some basic things to understand before onboarding.

Once you start onboarding your servers, you might encounter various issues, and you'll need privileged access to fix them. You also need to understand the nature of your business, the level of restrictions you want to implement, and the type of data you'll be dealing with. This understanding will help you segregate and classify your data based on sensitivity levels, such as confidential or highly confidential.

You need some basic IT skills to use Varonis. It's not extremely difficult, but it's not plug-and-play either. There are technical aspects you need to understand, such as how it works and how things will fall into place. 

Overall, I would rate the solution a six out of ten because there are multiple competing products in the market, and Varonis lags behind in some areas.

Customers use the product to identify sensitive information, correlate it with access permissions, and utilize its automation engine for remediation. It includes fixing broken permissions and managing global access. In healthcare settings, the data privilege module allows for implementing the least privilege and simplifies permission management. It also provides effective data alerting and reporting for both on-premises and cloud environments like Microsoft 365.

The solution's areas of improvement are the interface and the dependency on on-premises deployment for some components. 

The interface has improved with the move to a SaaS model, but aspects could still be modernized. Additionally, some elements, like the data privilege module, still require on-premises deployment.

I have worked with Varonis platform for approximately two and a half years.

The product is stable. However, issues related to component deployment and latency between collectors and data sources may arise. Increasing resources on these components typically resolves performance issues.

The product's scalability is managed automatically with the SaaS deployment. 

It depends on the capacity of components like SQL servers and collectors for on-premises setups. Adding more collectors can help handle increased data loads.

Overall, customer support is good. However, there can be delays in issue resolution, with some problems requiring multiple sessions to resolve. 

Varonis and Microsoft's solutions, particularly in data classification and protection, complement each other. 

Microsoft's offerings, especially if included in an E5 license, provide a comprehensive and cost-effective solution. Varonis excels in classification and integration with Microsoft's tools but is generally more expensive.

The installation is relatively straightforward, but estimating the duration for remediation tasks can be challenging. The setup involves adding targets and basic configuration, which typically takes between seven days to two weeks. Ongoing engagement is crucial to ensure the platform remains effective and provides value.

The ROI can be high initially, especially if the platform is used for significant remediation tasks. Over time, as automation tasks become routine, the perceived ROI may diminish. The expanding feature set and competition from other solutions may also impact the ROI.

The platform is expensive. I rate the pricing a nine out of ten. 

The solution's classification engine is highly configurable and efficient. It provides good reporting and visualization, which is superior to previous tools like Microsoft's. The platform's data alerting capabilities and automation features for managing broken permissions are particularly notable.

It offers robust automation capabilities, including global permission repair, broken access repairs, and data transport engine features for archiving and migration. The automation tools are useful for managing permissions and performing cleanup tasks efficiently.

It provides strong reporting capabilities that help customers adhere to regulations and maintain compliance. Automating reporting is beneficial for maintaining robust governance, risk, and compliance (GRC) posture.

It does incorporate some AI elements, particularly in its data alerting module. However, AI integration has yet to be the primary focus of my implementations. AI is expected to play a larger role in future enhancements.

I recommend Varonis, particularly its effectiveness in performing data security remediation tasks. Despite its high cost, it is valuable for its capabilities and the lack of impact on end users.

Overall, I rate it a nine out of ten.

It includes activity monitoring, sensitive data threat detection, and discovery, all of which fall under the 10101 Umbrella. Additionally, because of unstructured data, there's overexposed access.

We use the tools that come with it, such as data classification and real-time active alerting.

We're in the process of maturing the incident response for our team. We're transitioning from on-prem to the cloud and are now evaluating it for the cloud as well as Defender for Cloud and all of its components. So, we're doing a comparison of that.

The most effective feature for me is its ability to identify sensitive areas, allowing you to drill down into the sensitive data, provided you have access, to determine whether it's a false positive or a true positive. 

That's the best thing for me, out of all of it. It's got everything, like other ones, but I like to be able to look at something if I'm doing forensics on the alert and say, "Okay, do I really need to do something with this?"

For example, we don't want sensitive data in our OneDrive. So it identifies the sensitive data that's possibly in the OneDrive. And what I can do is look at it and identify whether it's actually sensitive data in Datalert or whether it looks like sensitive data, but I know it's a false positive.

If it is a false positive, I can basically say ignore this pattern based on X, Y, and Z, you know, whether it's Redjax or keyword proximity. So I like that.

With other tools, I gotta go through a whole process because it's a little bit more complex.

Here, I can tag it and bag it in one shot. And the next good time I scan, it slips over it. So it helps in that.

For me, it's more about performance, but that's being resolved with certain issues. And it's just because of the volume of data that we're putting through it.

I have been using it for three years. 

I would rate the stability a nine out of ten. 

I had concerns with performance. Especially with the new product plugins for monitoring, considering how Windows always has quirks in the Office 365 environment.

The SaaS version is highly scalable. 

The company has over 10,000 people, and currently, four or five are using it. We're looking into self-service for reporting and governance and normalizing the data into a data lake solution.

I have a direct line, a red phone direct line to them. Nothing but a good experience here. 

Positive

The initial setup is straightforward. I would rate my experience with the initial setup a five out of ten only because I wasn't used to it. I've worked with IBM Guardian and BigFix before. 

Since I was really familiar with those two products, as a consultant, I could install them in less than a week as long as I had all the configuration requirements done. Most of its configuration requirements. Other than that, it's straightforward in installations.

There were seven people involved in the deployment. We had someone for global access reviews, another for scale data, one for maintaining the environment, architects for the installations, and an operations guide for updates.

We have only one person for maintenance. 

It was a negotiation based on my past experiences with monitoring this type of software.

I don't know the exact amount. It's pricey, not for a small company. It's Fortune 500 type of software.

I would rate the pricing an eight out of ten, with ten being the most expensive. 

For unstructured data monitoring, it's one of the top ones, if not the top one, due to its usability. The telemetry to capture everything and the reports are very easy to configure without having a developer degree.

Overall, I would rate the solution an eight out of ten.