splunk partner logo
varonis partner logo

Splunk and Varonis - Taking visibility to the next level

09/08/19 – Author: Andrew Weston – Certified Security Consultant

Splunk already has over 15,000 customers worldwide. If you don’t know what Splunk does feel free to browse our Solutions and Technology pages but in simple terms Splunk turns machine data into answers regardless of your organisation’s size or industry. It helps you solve the toughest IT, security and business challenges.

So why do I need Varonis if I already have Splunk?

Frequently, it is internal staff or contractors with unnecessary access to sensitive data that leak information. Varonis can help mitigate these risks by allowing organisations to quickly identify where sensitive information is located and then take immediate action to reduce exposure by locking down file and directory permissions so that only essential staff have access. In addition, Varonis can help automate entitlement reviews so that data owners have visibility and control over who has access to their data. Varonis also has the capability to generate alerts when highly sensitive files are accessed as well as help identify anomalous behaviour across your data estate.

Early in 2019, Varonis produced their Global Data Risk Report. This found that 53% of companies found over 1,000 sensitive files open to every employee. A few more of the interesting findings are shown below and a copy of the full report is available here

Varonis continually collects and analyses data from your enterprise data stores and perimeter devices. It collects 5 core metadata streams that are key to protecting your data.

By combining this metadata in innovative and unique ways, Varonis is able to prioritise your riskiest data based on sensitivity, exposure and access activity. This allows Varonis to generate recommendations on which users no longer require access, identify data owners as well as model permissions changes. 

Can Varonis help if I have a mixture of data stores within my organisation?

Varonis is consistently extending its full suite of data security functionality to the systems that are most important to their customers.

Within the Perimeter space, Varonis can work with the following.

Hopefully the above has given you an insight into the benefits of both Splunk and Varonis. Let’s now talk a little about the benefits from integrating the two technologies.

Varonis App for Splunk

This app enables you to integrate the Varonis DatAlert functionality into Splunk Enterprise. Using the app’s dashboard, you can locate notable Varonis alerts directly from the Splunk user interface, and then drill down into Varonis DatAlert to get additional insights into the alert and the context in which it was generated. Additionally, the app includes field extractions that assist users in querying and visualising Varonis alerts using Splunk Enterprise and that enable correlating the Varonis alerts with other events collected by Splunk Enterprise. 

The Alert Dashboard shown to the left enables you to view ‘at a glance’ the top alerted users, assets, devices and threat models that match the specified search criteria/timeframe. It enables you to quickly view and detect suspicious activity for further analysis. The Top Alerted Users, Top Alerted Assets, Top Alerted Devices and Top Alerted Threat Models areas of the dashboard each display entities, sorted by the number of alerts generated for that entity. The entity with the most alerts appears at the top of each list. The colour represents the alert with the highest severity on this entity. 

Key benefits of integrating Splunk and Varonis include the following: -

Accelerate Investigations

Ability to drill down from Splunk into the DatAlert Web User Interface for full investigation into potential security breaches and misconfigurations.

Map Alerts

Map Splunk notable events to Varonis alerts – and build a better dashboard. Get the data you want with the context you need. 

Maximise your ROI

Get more out of Splunk with DatAlert – correlate Varonis alerts with other events collected by Splunk and visualise your at-risk assets with advanced threat detection from Varonis.

Free data risk assessment with Varonis

You can schedule a complimentary data risk assessment report below, or contact us for more information.

Scroll to Top