Data Governance Suite “In Evaluation” Phase for Common Criteria EAL2 Certification

By   ISBuzz Team
Writer , Information Security Buzz | Jun 11, 2015 05:30 pm PST

In EvaluationProvides Government and Private Sector Peace of Mind That Varonis Solutions Meet Stringent, Internationally-Recognised Security Certification Standards

Varonis Systems, Inc. (Nasdaq:VRNS), the leading provider of software solutions for unstructured, human-generated enterprise data, today announced that its Data Governance Suite has achieved “In Evaluation” status in the Common Criteria security certification process.  Common Criteria evaluation of security products is mandated for commercial information security products purchased by the U.S. government for use in national security systems. Varonis’ participation in this process reinforces the company’s commitment to providing the highest quality assurance to its customers.

Common Criteria provides both public and private sector organisations a platform to identify security technologies that have completed a rigorous testing process to conform to standards outlined by the International Standards Organization. Since the Varonis Data Governance Suite is now “In Evaluation,” government agencies and other organisations requiring the Common Criteria EAL-2 certification can begin to consider the software for purchase. Varonis is working on the process with Corsec Security, a leading global validation solutions provider, and anticipates it will fully complete the Common Criteria EAL-2 certification by mid-2016. A copy of the Varonis “Notification of Certification Process” is available upon request.

Varonis Vice President David Gibson said, “Varonis is the only company that can monitor, manage and protect human-generated data in critical file systems, email, intranets, and file shares, while at the same time increasing employee productivity and reducing costs. With approximately 3,500 worldwide customers, we have proven that we can do it at scale in both the public and private sectors. We invested in the Common Criteria Certification so that our current and future customers can be assured that our solutions meet all the required standards.”

“Almost every organisation that installs Varonis software quickly sees that much of the data that employees have access to isn’t relevant to them in their jobs — which presents a huge risk for either innocent or malicious data leakage,” Gibson continued. “The ability to view these risk areas and manage them through automated solutions is a sound investment that increases productivity and efficiency and lowers costs while reducing risk.”

  • For more information on how Varonis works with the U.S. Federal Government, visit HERE.
  • To request a live demo click here.

About the Common Criteria

Common Criteria is an internationally recognized set of guidelines (ISO 15408), which define a common framework for evaluating security features and capabilities of Information Technology security products. The standard consists of several predetermined evaluation assurance levels, each one more stringent than the last. Common Criteria allows vendors to have their products tested against a chosen level by an independent third-party testing laboratory. The Common Criteria Mutual Recognition Agreement (CCRA) is a pact which was designed to allow all evaluations up to an evaluation assurance level (EAL) 4, to be recognized by all participating countries, regardless of where the evaluation was completed. There are currently 26 countries involved in the CCRA, including the United States and Canadian governments, with others that follow unofficially such as the EU.
Common Criteria certification of security products is mandated by the U.S. government for federal purchases. The National Information Assurance Acquisition Policy, NSTISSP No. 11, requires agencies to purchase only those commercial security products which have met specified third-party assurance requirements and have been tested by an accredited national laboratory.

About Varonis

VaronisVaronis is the leading provider of software solutions for unstructured, human-generated enterprise data. Varonis provides an innovative software platform that allows enterprises to map, analyze, manage and migrate their unstructured data. Varonis specializes in human-generated data, a type of unstructured data that includes an enterprise’s spreadsheets, word processing documents, presentations, audio files, video files, emails, text messages and any other data created by employees. This data often contains an enterprise’s financial information, product plans, strategic initiatives, intellectual property and numerous other forms of vital information. IT and business personnel deploy Varonis software for a variety of use cases, including data governance, data security, archiving, file synchronization, enhanced mobile data accessibility and information collaboration. As of March 31, 2015, Varonis had approximately 3,500 customers, spanning leading firms in the financial services, public, healthcare, industrial, energy & utilities, technology, consumer and retail, education and media & entertainment sectors.

About Corsec Security

Corsec SecurityCorsec is the global leader in providing access to new markets via IT security validations. With the largest staff of experts in the industry and a comprehensive solution that spans consulting, documentation, testing, managed lab services, and strategic product roadmap planning, Corsec has secured more than 350 FIPS 140-2, Common Criteria and UC APL certifications for hundreds of organizations on five continents over the last 15 years. For more information, visit

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x