Varonis For

F5 BIG-IP Access Policy Manager

Combine BIG-IP APM’s VPN events with Varonis’ file, email, and Active Directory metadata to detect threats faster with a high signal-to-noise ratio.

Request a demo
F5 Big-IP logo

Challenge

Attackers hope to evade detection by blending into your noisy network. As the perimeter becomes less defined and adversaries become sophisticated, it’s critical to expand your detection window and take a defense-in-depth approach.

Would you know if an attacker or malicious insider was accessing sensitive data, moving laterally, and uploading files to a personal account? Could you trace an incident from your perimeter to the data that was touched or stolen? Many organizations are data-blind.

Solution

BIG-IP APM enables organizations to reduce friction for users to remote access (SSL VPN). It also reduces friction for web applications. By sending BIG-IP APM events to Varonis Edge, you’ll enhance your infiltration and exfiltration detections.

Edge events are aggregated, normalized, and enriched with valuable context such as geolocation, URL reputation, and account type. Events from BIG-IP APM are stored in a unified audit trail for forensics investigations, threat hunting, and reporting.

Behavior-based, real-time detection 

Boost your kill chain coverage for intrusion, C2, and data exfiltration. Turn billions of events into a handful of meaningful alerts with hundreds of out-of-the-box machine learning models developed by Varonis’ elite researchers and data scientists. 

Quick & conclusive investigations

Get a normalized, human-readable audit log that makes it easy to correlate events from BIG-IP APM with activity from Windows, Active Directory, Exchange, and Microsoft 365. Pivot from suspicious network activity to sensitive data access in seconds with end-to-end forensics.

Create saved queries such as “Failed VPN Login Attempts from Suspicious Sources Today" or “Web Requests from Disabled Accounts.” 

Flexible deployment

Send events from BIG-IP APM to Varonis using syslog. If BIG-IP APM data is already collected in Splunk, you can forward those events directly to Varonis Edge.