An AppSec solution formerly from Micro Focus, spanning SCA, SAST and DAST that supports the breadth and management of any application portfolio, used to secure code. Features API discovery and testing for any application, throughout the software lifecycle.
N/A
Varonis Data Security Platform
Score 8.8 out of 10
N/A
Varonis offers their Data Security Platform, a modular suite of data acess and data security products providing sensitive data discovery, data access governance, unusual behavior detection, GDPR compliance support, as well as incident playbooks and cybersecurity forensic reporting.
It is best suited for runtime application security scanning and very useful for automation. You can seemlessly integrate with pipeline for dynamic scans. Cloud based apps can also be scanned for vulnerabilities, cross site scripting attacks. Basically all OWASP TOP 10. It is less appropriate to use if you have serverless architecture
The most highlighted feature of Varonis Data Security Platform is the data analyzing mechanism. It analyzes your data all the time with some special algorithms to detect any unusual activities so that it can identify any unusual behavior or users and take necessary action to save your sensitive data. They also offer a complete dashboard solution for their customers to control across different data stores, see their current state, and any security breaches to be addressed manually.
Varonis logging is very robust and captures all audit events being sent from the file servers.
The ability to report and alert on Active Directory account events works very well with file activity monitoring. It can show the complete picture of what an account did while being used.
Have a customizable dashboard is great for being able to show upper management information that only pertains to them.
Since every firm needs to perform static code analysis on their applications, I believe Micro Focus Fortify WebInspect would work well for them (they also offer dynamic scanning, although I haven't used it myself). Different static analysis tools scan code in different ways, and Micro Focus Fortify WebInspect asks you to submit a complete build of the application along with debugging files. Depending on how your company builds its apps, this requirement may be simple or challenging.
It is a cloud-based platform which can provide us a very useful and unique features like Application Assessment, Scans, Vulnerability Test, Comprehensive Reporting, Monitoring, etc. Fortify by Open Text is also outstanding in various parameters for the support and integration and it is highly adaptable in various DevOps Program where you need secure app testing with all given features.
Because the tool delivers on its promises and forces us to explore each functionality. Using the tool leads us to seek more knowledge and apply it to our environment, mitigating risks, reducing the attack surface, increasing the team's technical knowledge, and boosting team growth. It also demonstrates to senior management that the tool is extremely necessary for the environment.
Support has always been very responsive and addressed any issues we may have had in the past. Some local engineers are willing to come onsite or work over a web session to discuss creating a new rule set or look at some issues. Getting issues address has never been a problem. There was one feature we had trouble getting to function correctly, but support and local engineers were willing to work with us as much as needed to get it working correctly for our organization.
Fortify Application Defender is a little more timely and upfront with a lot of their information on cyber security. we like what they provide and how they communicate with our users. I think they have a good understanding and practice in their field. they seem best suited for us and the best fit.
Actually, we didn't expend much time evaluating other file auditing platforms. We chose Varonis just after a serious incident and we had already heard about Varonis at a Netapp event. So it was an easy choice. We called Varonis and asked them for a PoC, that's it. The PoC became a production and it is running until this day.
