Integrating CTERA with Varonis Data Security Platform
  • 2 Minutes to read
  • Dark
  • PDF

Integrating CTERA with Varonis Data Security Platform

  • Dark
  • PDF

Article summary

CTERA enables centralized data access from any edge location or device without compromising performance or security. In a distributed enterprise with an increasingly remote workforce, the need to ensure unstructured file data is private and secure is paramount for success. Files can contain sensitive enterprise data, such as intellectual property or customer information, and they must be protected from theft, leakage, and loss.

The Varonis Data Security Platform secures data from unauthorized access and cyber-threats by locating where sensitive and regulated information lives across on-premises and cloud datastores – limiting access to data and analyzing activity for abnormal behavior or indications of compromise. Varonis correlates data activity from CTERA into context with additional information such as data classification, authentication events, and network activity to provide a complete audit trail of user activity.

The integration between CTERA and the Varonis Data Security Platform enables the seamless collection of CTERA Edge Filer audit logs through a ctera resource on the Varonis Data Security Platform. This provides:

  • A central feed of file operations from all edge filers.
  • Scans the global file system to map files and permissions and identify sensitive data.
  • Alerts on compliance violations.

A license from CTERA is required to use the Varonis service.

Varonis service tasks can be performed in the global administration view only.


If the CTERA Portal was integrated with Varonis Data Security Platform on a version prior to CTERA Portal 7.5.1159.46, the integration must be removed and then reconfigured as described in this section.

As organizations begin to adopt more rigorous and modern security protocols like Zero Trust, they can utilize CTERA and Varonis in tandem to help reach a mature Zero Trust environment. The Zero Trust security model states that all users, devices, applications, and networks should be inherently untrusted. With CTERA, each direct request is approved and digitally signed by a centralized security authority. Edge devices never possess credentials for object storage, and they cannot corrupt your critical data even if they are compromised. Varonis adds an extra layer of security to the CTERA global file system. The Varonis Data Security Platform rapidly detects and responds to threats by comparing data activity with baseline behavioral profiles created using machine learning algorithms. These algorithms automatically detect abnormal user behaviors and trigger automated responses that stop attackers in their tracks and mitigate any potential damage.
The following events are sent from the edge filers to the portal:

  • create
  • move
  • read
  • write
  • delete
  • chown
  • ACLDeleted
  • ACLChanged
  • ACLAdded
  • ACLProtectionAdded
  • ACLProtectionDeleted
  • AclDenied
  • createDenied
  • OpenDenied
  • deleteDenied

The Flow of Events From Edge Filers to Varonis

The following flow describes the workflow between the edge filers and a CTERA Portal:

  1. CTERA Edge Filers send events from the audit logs to Logstash, a data processing pipeline that collect edge filer events, transforms them by extracting the edge filer ID and formating the event for Varonis.
  2. Logstash sends the transformed events to internal portal dockers.

Was this article helpful?


Eddy AI, facilitating knowledge discovery through conversational intelligence