The most valuable feature, in my opinion, is that it serves as a central repository where you can see all of your file servers from the GUI. There are two interfaces: the web version and the graphical user interface (GUI) available on local machines.

Another valuable feature is the ability to easily apply restrictions through Varonis, without having to manually configure permissions on individual servers. You can remotely register, block, or enable server or file permissions from one central location. This can be done in bulk as well. 

I also appreciate the reporting feature, which allows for the extraction of various reports based on specific needs. These reports can be used for audit purposes, such as tracking changes in file locations or deletions.

Additionally, Varonis offers data classification capabilities. You can manually create classifications and categorize data accordingly. After a short processing time, you have visibility into where specific types of data are located.

There are many other aspects of Varonis worth mentioning, as I learn something new about it every day. However, I have now transitioned to the Microsoft platform and primarily work with Power BI, so my Varonis usage is limited these days.

One area for improvement is the calculation engine. When applying rules in Varonis, especially for large datasets (terabytes of data), the calculations can be slow and require time to process. Speeding up this process would be beneficial.

Additionally, although Varonis is considered an IAM tool, it also plays a role in data security. Introducing DLP (Data Loss Prevention) capabilities within Varonis would be a valuable addition. While there are ways to implement DLP within the platform, integrating it more tightly would provide greater flexibility for analysts to manage data, set restrictions, and define policies directly within Varonis.

I have been using it for eight years.

I have experience in data protection, specifically data security and identity access management. Varonis is one platform I have worked with extensively.

When dealing with a large amount of data and trying to extract a report that contains a significant amount of data, especially very old data (let's say from around 2015 or 2016), I often encountered the issue of exceeding the database limit. This prevented me from getting the desired report. 

We have communicated with Varonis multiple times regarding this issue, and they have provided updates and patches that temporarily resolve the problem. However, a permanent solution has not yet been found.

So, when dealing with huge amounts of data, the Varonis platform can sometimes encounter issues or even break down.

In my previous product-based company, we had over 10,000+ employees, but only around 50 used Varonis for administrative work. There were also business users who performed their regular activities on the platform. 

In my next organization, which was service-based, I worked for a client and created around 46 accounts for people to use Varonis.

There is a specific portal where you raise a regular ticket. Someone from the team would then contact you, and you work with them to get the issue fixed.

Plenty of times, issues were fixed within one or two days. However, there were times when no one could find a solution, and I was passed from one team to another. While this might have been due to a genuine issue, from a customer perspective, it wasn't helpful. I had to delay project activities because of the lack of support.

Neutral

Deployment isn't really a hard task. Like any other tool, it involves a setup file and a set of instructions. The account used for setup must be an administrative account, and the servers you want to connect to Varonis should have access.

It can be a bit tricky if you have an organization with two separate forests and you want to join both sets of servers under one shadow account. However, there's a solution for that. You can use two accounts simultaneously by setting them up manually, instead of relying on the automatic process. But aside from that, everything else is straightforward.

Deployment model:

Earlier, when I started with it back in 2018, it was on-premises. After the introduction of the GDPR, our organization asked us to assess our data, segregate it, and classify it. For this purpose, we acquired Varonis, and at that time, we had on-premises servers. We deployed the Varonis client on one of our servers and connected all other file servers to it to manage the data.

Sometimes I feel it's worth what I'm paying for, but with the advent of cloud computing, there are other tools in the market, like Proofpoint and some IBM tools like Guardian, that are actually better than Varonis.

It's expensive, kind of, really expensive. The Varonis platform consists of different modules, and each module has a price associated with it. You don't buy one license and get every feature; instead, different features come with different licenses and associated costs. So, if you add up all the costs, it can become very expensive.

First, you need to understand your infrastructure. If you plan to onboard Varonis on-premises, you must check your local environment and its design, especially the Active Directory setup. You need to know if users, servers, and machines are in the system and whether there's one account or multiple accounts for monitoring and reporting. These are some basic things to understand before onboarding.

Once you start onboarding your servers, you might encounter various issues, and you'll need privileged access to fix them. You also need to understand the nature of your business, the level of restrictions you want to implement, and the type of data you'll be dealing with. This understanding will help you segregate and classify your data based on sensitivity levels, such as confidential or highly confidential.

You need some basic IT skills to use Varonis. It's not extremely difficult, but it's not plug-and-play either. There are technical aspects you need to understand, such as how it works and how things will fall into place. 

Overall, I would rate the solution a six out of ten because there are multiple competing products in the market, and Varonis lags behind in some areas.

Customers use the product to identify sensitive information, correlate it with access permissions, and utilize its automation engine for remediation. It includes fixing broken permissions and managing global access. In healthcare settings, the data privilege module allows for implementing the least privilege and simplifies permission management. It also provides effective data alerting and reporting for both on-premises and cloud environments like Microsoft 365.

The solution's areas of improvement are the interface and the dependency on on-premises deployment for some components. 

The interface has improved with the move to a SaaS model, but aspects could still be modernized. Additionally, some elements, like the data privilege module, still require on-premises deployment.

I have worked with Varonis platform for approximately two and a half years.

The product is stable. However, issues related to component deployment and latency between collectors and data sources may arise. Increasing resources on these components typically resolves performance issues.

The product's scalability is managed automatically with the SaaS deployment. 

It depends on the capacity of components like SQL servers and collectors for on-premises setups. Adding more collectors can help handle increased data loads.

Overall, customer support is good. However, there can be delays in issue resolution, with some problems requiring multiple sessions to resolve. 

Varonis and Microsoft's solutions, particularly in data classification and protection, complement each other. 

Microsoft's offerings, especially if included in an E5 license, provide a comprehensive and cost-effective solution. Varonis excels in classification and integration with Microsoft's tools but is generally more expensive.

The installation is relatively straightforward, but estimating the duration for remediation tasks can be challenging. The setup involves adding targets and basic configuration, which typically takes between seven days to two weeks. Ongoing engagement is crucial to ensure the platform remains effective and provides value.

The ROI can be high initially, especially if the platform is used for significant remediation tasks. Over time, as automation tasks become routine, the perceived ROI may diminish. The expanding feature set and competition from other solutions may also impact the ROI.

The platform is expensive. I rate the pricing a nine out of ten. 

The solution's classification engine is highly configurable and efficient. It provides good reporting and visualization, which is superior to previous tools like Microsoft's. The platform's data alerting capabilities and automation features for managing broken permissions are particularly notable.

It offers robust automation capabilities, including global permission repair, broken access repairs, and data transport engine features for archiving and migration. The automation tools are useful for managing permissions and performing cleanup tasks efficiently.

It provides strong reporting capabilities that help customers adhere to regulations and maintain compliance. Automating reporting is beneficial for maintaining robust governance, risk, and compliance (GRC) posture.

It does incorporate some AI elements, particularly in its data alerting module. However, AI integration has yet to be the primary focus of my implementations. AI is expected to play a larger role in future enhancements.

I recommend Varonis, particularly its effectiveness in performing data security remediation tasks. Despite its high cost, it is valuable for its capabilities and the lack of impact on end users.

Overall, I rate it a nine out of ten.