Varonis Systems, Inc. is a software company based in Miami, Florida with R&D offices in Herzliya, Israel. The company’s Data Security Platform analyzes data, identities, and activity to find and remediate data exposure in cloud and multi-cloud environments, and in software-as-a-service (SaaS) and infrastructure-as-a-service (IaaS) applications that include AWS, Azure, Google Cloud, Salesforce, ServiceNow, and databases.

History

Varonis Systems was founded in 2005 by Yaki Faitelson and Ohad Korkus, to address security issues such as file activity tracking, information rights management, and access control. Prior to Varonis, Faitelson and Korkus worked at the global professional services and systems integration divisions of NetVision and NetApp.

Faitelson and Korkus invented a solution that would retrieve metadata contained in file systems. In 2005, Faitelson and Korkus filed a patent, “Automatic management of storage access control", which was granted in 2006.

Varonis IPO'ed on Nasdaq with the ticker symbol VRNS on February 28, 2014. Varonis raised capital from Accel Partners, Evergreen Venture Partners, Pitango Venture Capital, and EMC.

In 2021, Varonis Systems announced that it was expanding its operations and doubling its workforce in Cork.

In 2022 Varonis announced it would deliver its Data Security Platform as a SOC® 2-compliant SaaS, citing faster updates and improved features.

In 2023, Varonis added generative AI to its SaaS platform, allowing administrators to analyze and reduce investigation times.

In 2024, Varonis began supporting Microsoft Copilot with a solution that monitors and audits Copilot prompts and data access in real-time and detects abnormal interactions to identify those with malign intent or those without malign intent that yielded undesirable outcomes. Also that year, Varonis expanded its portfolio of products that monitor data access and detect potential breaches to offer a managed service to detect and respond to incidents.

In September 2024, the company announced new capabilities in its Salesforce Security Posture Management (SSPM) solution aimed at helping customers identify and eliminate data security risks automatically.

In November 2024 Varonis announced that it would be expanding its IaaS security coverage to the Google Cloud. The company’s 2024 10-K reported customers in 95 countries and a Q1 2025 relocation of its headquarters to Miami, Florida. In February 2025 it was reported that the company was set to accelerate and complete its SaaS transition by 2025, with a target of $737-$745 million ARR.

In 2025, Varonis introduced database activity monitoring capabilities and an anti-phishing product that uses a sandbox environment to identify malicious links in email.

Acquisitions

In 2020 the company made its first acquisition, Polyrize, a company that tracks users and the cloud data stores they use and gives them the ability to track where data is going.

In January 2025 the Calcalist reported Varonis was in advanced negotiations to acquire cyber startup Apex Security, whose investors include Sam Altman, founder and CEO of OpenAI, as well as the venture capital funds Sequoia and Index.The value of the deal was estimated at $30–40 million.

In March 2025, Varonis announced that it would be acquiring Cyral to improve database security using cloud-native, AI-driven technology.

Varonis acquired California-based start-up SlashNext, developer of an email security tool that uses AI to prevent phishing attacks, for $150 million in September 2025.

In February 2026, the company acquired AI start-up AllTrue.ai, which developed technology for monitoring and controlling AI, for $150 million.

Threat Research

Varonis Threat Labs created a proof-of-concept called Cookie Bite that showed how access to Azure cloud could be obtained using persistent authorization session cookies that were capable of bypassing MFA requirements.

In December 2025, Varonis researchers reported Spiderman, an automated phishing campaign kit that mimics the login pages of multiple European banks.

In January 2026, Varonis' research unit disclosed a vulnerability called "Reprompt" in Microsoft Copilot Personal that could allow attackers to trick the AI tool into retrieving sensitive data using a "try twice" command.

Technology and Architecture

Varonis performs User Behavior Analytics (UBA) that identify abnormal behavior from cyberattacks. Their software extracts metadata from an enterprise's IT infrastructure and uses this information to map relationships among employees, data objects, content, and usage.