Fraud Management & Cybercrime
,
Identity & Access Management
,
Security Operations
Acquisition Targets Business Email Compromise, Impersonation and Spear-Phishing

Varonis purchased an email security provider in a bid to take on sophisticated phishing and social engineering attacks with technology developed by an architect of FireEye’s core malware sandbox technology.
See Also: 2024 Threat Hunting Report: Insights to Outsmart Modern Adversaries
The Miami-based data security stalwart praised Pleasanton, California-based SlashNext for its highly accurate detection engine, easy integration model and synergy with Varonis’ existing infrastructure. The influence of artificial intelligence in enabling impersonation and malicious communication drove the decision to integrate native capabilities rather than relying on third-party providers, said CEO Yaki Faitelson.
“The question was how the identity was compromised in the first place. And almost always, it’s by very sophisticated social engineering and business email compromise,” Faitelson said.
SlashNext dates back to 2014, employs nearly 100 people and has raised $43 million, having closed a $26 million Series B funding round in October 2021. The company’s founder and product leader is Atif Mushtaq, who spent nearly nine years at FireEye and helped architect their sandbox technology. The acquisition of SlashNext is valued at up to $150 million, including performance-based retention awards (see: CEO Faitelson on How Varonis’ SaaS Migration Helps Customers).
Attackers can hijack real conversations, inject malicious content and manipulate users far more convincingly than in the past due to widely available AI tools. Once credentials are stolen, attackers can access vast amounts of data undetected. SlashNext is trained to identify not just malicious links, but conversation hijacking, tonal shifts and the kinds of manipulations that human users may not catch.
“We are going to see tremendous amounts of fraud that’s related to identities, because you can take my voice, you can take my image and do a lot of stuff with AI,” Faitelson said. “At this edge of AI, we just saw these becoming much, much, much, much more sophisticated.”
What Stands Out About SlashNext’s Approach
Faitelson said attackers impersonate users by obtaining credentials through phishing emails, malicious links, or business email compromise. The speed and stealth of these attacks make them hard to detect using conventional security tools, which monitor for file anomalies, malware signatures, or behavioral patterns that these new attacks bypass entirely.
“The way that attacks are happening today is transparent to most security solutions,” Faitelson told Information Security Media Group. “Once I get your identity or credentials, I’m becoming you. The amount of data that you can access without noticing is tremendous.”
Faitelson said Varonis realized it must get ahead of attacks after previously focusing solely on detecting and responding to incidents after identity compromise. The company evaluated many vendors but decided SlashNext’s technology was exceptional in its accuracy and efficiency at identifying and blocking phishing threats.
“We started to look at everything that there is in the market, and with SlashNext, we just saw that they built the best detection engine in the world,” Faitelson said. “Atif, the founder, understood it extremely well – phishing, spear phishing, account control and social engineering – and really built a tremendous AI machine to build this detection.”
What stood out most was SlashNext’s ability to maintain a very low false positive and false negative rate since over-blocking legitimate emails would hurt productivity, while under-blocking threats would open the door to compromise. The integration between data science, engineering and cybersecurity research within SlashNext provides a holistic and deeply informed approach to building the product, he said.
“It rarely miss anything, and doesn’t stop healthy email exchanges and conversations,” Faitelson said.
How Varonis, SlashNext Will Come Together
The integration is targeted for completion by November, a timeline made possible by the architectural compatibility of both platforms. Once integrated, Faitelson said the system will automatically block malicious links, attachments and payloads.
“The other thing in the product that is beautiful is this product is plug and play,” Faitelson said. “Like you put it in and it’s immediately, without any configuration, in very smooth way, provides all the value.”
Faitelson believes that security solutions should be hands-off, automated and guaranteed to protect, not tools that require configuration and hope for the best. He said customers using Varonis will likely avoid data breaches, avoid compliance penalties and be able to adopt AI technologies safely. It’s not enough to detect a breach after the fact; the goal is to stop identity compromise before it begins.
“My promise to my customers is that with us, most probably, you will not have a data breach, you will not have compliance fines, you will be able to use AI safely and you will be able to do it automated,” Faitelson said. “We are not selling software. We are selling outcomes. If we need to do an acquisition, this is something that we will do.”