Skip to main content

Help us improve the Digital Marketplace - send your feedback

INTEGRITY360 LIMITED

Varonis Data Security Platform

Varonis specialize in software for data security, governance, compliance, classification, and analytics. Varonis detects insider threats and external cyberattacks like ransomware by analyzing cloud data stores and monitoring user behavior, mitigating risk in M365, Teams, Salesforce, Slack, Box and on-premise file servers by locking down sensitive data and remediating access.

Features

  • Full enumeration of all directories and Access Control Lists
  • Complete mapping of directory services' user and group membership
  • Bi-directional view of permissions and access to every directory
  • Full auditing for file data, email, and Directory Service action
  • Over 150 predefined threat models for advanced and real-time alerts
  • Pre-defined classification rules including full GDPR coverage, PCI, and more
  • Permissions and membership change
  • Advanced investigation and forensics dashboard interface
  • Enterprise search to facilitate Data Subject Access Requests
  • Comprehensive storage platform and file system support

Benefits

  • Prioritise the most at-risk data and remediate to least-privilege access
  • Automated remediation at scale
  • Analyse user and device behaviour for signs of inappropriate behaviour
  • Automate alert responses to minimise impact of ransomware/other threats
  • Identify and eliminate/manage stale and toxic data to reduce risk
  • Help satisfy auditing and compliance requirements
  • Increase efficiency through business user access provisioning and entitlement re-certification
  • Automate disposition, quarantining, and data policy enforcement
  • Increase operational efficiency, devolving responsibility from IT to data owners
  • Provide identity, access and analytics data for security ecosystem integrations

Pricing

£6.49 a licence

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

8 2 6 1 0 1 7 7 2 2 2 2 0 6 7

Contact

INTEGRITY360 LIMITED Davide Poli
Telephone: 02083721000
Email: bidreviewboard@integrity360.com

Service scope

Service constraints
EULA Governance
Varonis can be implemented in your own cloud environment. The Varonis architecture requires to be run on Microsoft Windows Server with Active Directory for security and SQL Server for data storage, but can monitor and manage a plethora of Microsoft/LDAP/Linux/UNIX/NAS platforms
System requirements
  • On prem:
  • DA Cloud: Virtual machines running in AWS
  • Linux OS
  • Windows server 2008 R2 SP2 or newer
  • Cloud:
  • .NET framework 4.7.2 and 3.5 SP1 installed on all nodes
  • Microsoft SQL Server 2014/2016/2017 - standard/enterprise

User support

Email or online ticketing support
Email or online ticketing
Support response times
Varonis standard support is available Monday to Friday from 9am to 9pm local time. 24/7 support can be accessed for an additional cost.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Varonis Support has 3 tiers of response- FLS (T1), Tier2, Tier 3. Most cases that are open by SEs/Partners/customers will be received by FLS, and escalated according to need.
SLA is defined upon the level of Support Services the customer has purchased and the severity of the case.
For further details, please see ""Varonis Support Principles"" document
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Training and Education available from Varonis. Caretower can also provide professional services to help install and configure the solution at a cost.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Varonis can be implemented in your own cloud environment. You control who has access to your Varonis environment, and we do not have access to your data or facilities. Varonis Systems does not host, process, or maintain access to any customer data or facilities. All data processing is performed at the customer facility, under the control of customer staff
End-of-contract process
Varonis can be implemented in your own cloud environment. You control who has access to your Varonis environment, and we do not have access to your data or facilities. Varonis Systems does not host, process, or maintain access to any customer data or facilities. All data processing is performed at the customer facility, under the control of customer staff

Using the service

Web browser interface
Yes
Using the web interface
The Data Security Platform Web Interface enables users to review high-level summarized data via metrics in dashboards and perform investigation flows based on the data collected by DatAdvantage.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Apache Solr and Zookeeper must be installed to access the Varonis Web Interface.
Web interface accessibility testing
As a company with more than 7,000 customers we regularly get feedback from our customers and throughout the years improved accordingly.
API
Yes
What users can and can't do using the API
Yes - but it's supplemental, the service can be used without an API
API automation tools
Other
Other API automation tools
Please refer to Varonis Portal
API documentation
Yes
API documentation formats
Other
Command line interface
No

Scaling

Scaling available
No
Independence of resources
Conducting a proper sizing of the system prior deployment. In addition, the system has many internal mechnisms (queuing, back-pressure, etc) to cope with high load.
Usage notifications
Yes
Usage reporting
API

Analytics

Infrastructure or application metrics
Yes
Metrics types
Other
Other metrics
  • Some metrics are collected (memory, cpu etc)
  • But are not customer-facing
Reporting types
Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Varonis

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
Other locations
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other
Other data at rest protection approach
N/A for the on-prem SW. For the cloud SW - we rely on AWS. Operating System (OS) level encryption can be utilized, such as BitLocker encryption to encrypt data at rest.
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • The DatAdvantage installation and its data can be backed up
  • With any software. However, all MS SQL installations in the
  • DatAdvantage system must use the simple recovery mode.
Backup controls
Via Portal
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Varonis uses a layered security strategy as part of a defence in depth approach to detect and respond to threats targeting our environment. The layered security strategy includes industry recognized premier solutions for perimeter, network, endpoint, cloud, and data security (i.e. Firewalls, SIEM, AV, EDR, Encryption, Network Segmantation, Content Filtering, Access Control, least-privilege, etc.). The defence in depth approach includes other security preparations other than directly protective which address such concerns as:

1) Monitoring, alerting, and emergency response
2) Authorized personnel activity accounting
3) Disaster recovery and business continuity
4) Criminal activity reporting
5) Forensic analysis
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99%, subject to commerical agreement
Approach to resilience
There is an established business resiliency program that has been approved by management, communicated to appropriate constituents, and an owner to maintain and review the program
Outage reporting
We currently not support status updates.

Identity and authentication

User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication
SSO based on AD/Azure AD
IAM authentication with Active Directory and Varonis user credentials
Access restrictions in management interfaces and support channels
Permission and Role based
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication
SSO based on AD/Azure AD
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Less than 1 month
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
The Standards Institution of Israel
ISO/IEC 27001 accreditation date
22/05/2018
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • SOC 2 Type 2
  • ISO/IEC 27701
  • ISO/IEC 27018:2019
  • ISO/IEC 27017:2015

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Check varonis.com/trust

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The change management process includes communication to the relevant stakeholders and business owner and security team approvals
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Varonis has a Vulnerability and Threat Management Policy. Varonis systems are scanned and results are reviewed by the CISO and IT departments. Security vulnerabilities are remediated within the timeline defined within the policy which includes procedures decided by the CISO for zero-day and other urgent patches.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Varonis uses a layered security strategy as part of a defence in depth approach to detect and respond to threats targeting our environment. The layered security strategy includes industry recognized premier solutions for perimeter, network, endpoint, cloud, and data security (i.e. Firewalls, SIEM, AV, EDR, Encryption, Network Segmentation, Content Filtering, Access Control, least-privilege, etc.). The defence in depth approach includes other security preparations other than directly protective which address such concerns as:

1) Monitoring, alerting, and emergency response
2) Authorized personnel activity accounting
3) Disaster recovery and business continuity
4) Criminal activity reporting
5) Forensic analysis
Incident management type
Supplier-defined controls
Incident management approach
Varonis has an Incident Response Policy that includes notification to the relevant stakeholders (including customers) as needed. Varonis will notify customers with all relevant information and cooperate with reasonable requests for information. This policy is aligned with industry best practices and included prepartion, identification, reporting, containment, discovery, eradication, recovery, and post incident report.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Hyper-V
How shared infrastructure is kept separate
N/A

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
We are using AWS

Social Value

Fighting climate change

Fighting climate change

We continuously strive to minimize the impact of our operations on the environment, while maximizing sustainable business practices to better serve our employees, customers, partners, shareholders and communities.
Tackling economic inequality

Tackling economic inequality

We support and strengthen our local communities by enabling employees to donate time and resources where they are most passionate, by investing in causes that have a positive social impact, and by providing skills to people around the world to help maximize their full potential. Through our giving back program, our employees have helped hundreds of students realize more of their limitless potential with consistent, hands on mentoring in life skills and academic subjects.
Equal opportunity

Equal opportunity

We are dedicated to the success of Varonis employees worldwide through an inclusive workplace experience that supports their growth and well-being. We are committed to hiring the best talent and bringing together individuals across unique backgrounds, cultures and identities. We are proud to have been recognized as one of the top places to work in several of our locations, including New York City and North Carolina. "Modern Slavery Statement : https://info.varonis.com/hubfs/Website_Reboot/Policies/Varonis%20(UK)%20Limited%20Modern%20Slavery%20Statement.pdf?hsLang=en Code of Business Conduct and Ethics:
https://s1.q4cdn.com/401483577/files/doc_downloads/2020/04/08/CODE-OF-BUSINESS-CONDUCT-AND-ETHICS.pdf

Pricing

Price
£6.49 a licence
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Customers are provided an evaluation of our platform to use for 30 days.
Evaluations are provided by our sales and engineering team.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.