Varonis matches data, fishy behavior

Large companies are drowning in data, which often leads to embarrassing and financially damaging leaks. Startup Varonis says securing networks starts with securing the data itself

In the old days, keeping track of critical files was pretty easy: just lock up the file cabinets. These days, the problem is not so simple. With the advent of corporate messaging systems, desktop (and now Web-based) productivity suites, CRM systems and other must-have enterprise applications, companies are drowning in data. Not surprisingly, that's led to some embarrassing gaffes (two words for you: "Veterans Administration.") Now a new generation of companies has sprung up to address that problem with so-called "DLP" or data leak prevention technology.

Founded in 2005 and based in New York, Varonis is one of those firms that has taken a somewhat novel approach to the data-leak problem.

Varonis sells data-governance software that allows companies to identify and protect valuable unstructured data to prevent misuse with a data-centric approach.

"Large companies are struggling to get a handle on this problem even as they add new file servers rapidly. They can't manage controls for terabytes of unstructured data, which represents a huge risk," said Varonis President and Chief Executive Officer Yaki Faitelson. "We hook into the directories and file servers and pull in all the important information about users and file structure to show what's out there and what the entitlements are. We're the only ones who can do a detailed audit like this."

Varonis' DatAdvantage technologies are built on four patented technologies that allow it to monitor user activity, place users into groups who interact with data in similar ways, and look for potential red flags. For instance, if a worker who typically never looks at company financials is suddenly copying them to their hard drive, the system would alert someone.

That kind of behavioral approach to the data leak problem is akin to the approach used by established vendors such as Tizor, but Faitelson said Varonis is having no trouble lining up customers. Since coming out of "stealth mode" in April 2007, the company has already attracted 40 customers and carried out 100 installations of its products.

"We ask companies to give us twenty minutes to show them our product, then we start finding all sorts of sensitive data sitting unprotected somewhere on their network and they see the value," Faitelson said. "Our challenge is to convince people that what we can do is truly unique, that it can't be achieved by cobbling multiple applications together to serve the same role, which doesn't work well."

At least one of Varonis' customers appears very satisfied with the product.

"This was something I didn't think we needed but after we saw it, we had to have it. Where there was once chaos we now have order," said Steve Peltzman, chief information officer at the Museum of Modern Art in New York. "We need to protect everything from our donor information to our e-commerce data, and to prove to our board that we're doing a good job of it. Now we can do that."