Varonis For

Apache HTTP Server

Combine Apache Software’s web proxy events with Varonis’ file, email, and Active Directory metadata to detect threats faster with a high signal-to-noise ratio.

Challenge

Attackers hope to evade detection by blending into your noisy network. As the perimeter becomes less defined and adversaries become sophisticated, it’s critical to expand your detection window and take a defense-in-depth approach.

Would you know if an attacker or malicious insider was accessing sensitive data, moving laterally, and uploading files to a personal account? Could you trace an incident from your perimeter to the data that was touched or stolen? Many organizations are data-blind.

Solution

Apache HTTP Server is a free, open-source web proxy that can help secure your network with SSL Inspection and web filtering capabilities. By sending web proxy events from the Apache HTTP Server to Varonis Edge, you’ll enhance your infiltration and exfiltration detections.

Edge events are aggregated, normalized, and enriched with valuable context such as geolocation, URL reputation, and account type. Events from Apache HTTP server are stored in a unified audit trail for forensics investigations, threat hunting, and reporting.

Behavior-based, real-time detection 

Boost your kill chain coverage for intrusion, C2, and data exfiltration. Turn billions of events into a handful of meaningful alerts with hundreds of out-of-the-box machine learning models developed by Varonis’ elite researchers and data scientists. 

Quick & conclusive investigations

Get a normalized, human-readable audit log that makes it easy to correlate web proxy events from Apache with activity from Windows, Active Directory, Exchange, and Microsoft 365. Pivot from suspicious network activity to sensitive data access in seconds with end-to-end forensics.

Flexible deployment

Send proxy events from Apache to Varonis using syslog. If web proxy log data is already collected in Splunk, you can forward those events directly to Varonis Edge.