8 Things You Didn’t Know About Security Regulations (#4 is Crazy!)

1. The HHS has a “Wall of Shame”.

In the US, the Health Insurance Portability and Accountability Act (HIPAA) requires hospitals, insurers, and other “covered entities” to take a few steps after a breach of protected health information (PHI). Many are familiar with the rule that you have to directly notify the patient when there’s been exposure of unprotected PHI.

NTLM warning

A Closer Look at Pass the Hash, Part III: How NTLM will get you hacked (and what you should do about it)

I was about ready to wrap up this series of posts (part 1, part 2 ) on PtH and make my larger point, which is that you should assume hackers will break into your system. And then I learned new information about credential stealing that amplifies this warning by a factor of 10. The most…

da-chargeback

Usage-Based Storage Chargebacks with DatAdvantage

Usage-based chargebacks is just a better way to do cost sharing: it’s more fair, transparent, and consistent then other approaches.  If you want proof, read our IT Chargeback guide. What about actually doing chargebacks with data storage? Of course, the first step is getting a breakdown of data usage by cost centers or other group…

iron-safe

A Closer Look at Pass the Hash, Part II: Prevention

Last week, I attended a webinar that was intended to give IT attendees a snapshot of recent threats—a kind of hacker heads-up. For their representative case, the two sec gurus described a clever and very targeted phishing attack. It led to an APT being secretly deposited in a DLL. Once the hackers were in, I…

Latest Varonis Survey Reveals the Speed Bumps to Ubiquitous Enterprise Search

We can’t imagine modern consumer life without search engines to help us find Web content that answers our most pressing questions. But in the business world, the situation is almost reversed—we’ve settled for pre-Internet era file search technology to locate the documents and information that help us do our jobs. In a Varonis survey of…

Whitepaper - The IT Chargebacks Guide

Varonis Guide to IT Chargebacks

If our posts on IT chargebacks had you asking more questions, then our new whitepaper should have the answers. The Varonis IT Chargeback Guide: How to Quantify IT’s Contribution to the Bottom Line discusses the most common chargeback methodologies to divide up IT costs among the various profit-making business units and the inherent problems with…

800px-Tickets

A Closer Look at Pass the Hash, Part I

We’ve done a lot of blogging at the Metadata Era warning you about basic attacks against passwords. These can be mitigated by enforcing strong passwords, eliminating vendor defaults, and enabling reasonable lockout settings in Active Directory. But don’t rest yet! Hackers have another password trick that’s much more difficult to defend against. Advanced password, or…

privacy policy

Data Brokers and Data Governance Practices

Along with other data security and privacy wonks, I was looking through the FTC’s 110-page report on the data broker industry. Released last Tuesday, “Data Brokers: A Call for Transparency and Accountability” has some interesting and even a few eyebrow-raising facts based on the FTC’s year-long investigations. The FTC looked into nine data brokers to…

Heidelberg, Hörsaal in der Universität

The Lowdown on PCI DSS and Two-Factor Authentication

With the big security breaches from last year on our minds and with little new information available, there’s still plenty to puzzle over. One aspect of the Target breach that left security observers scratching their heads was the ease with which the hackers were able to gain access to the internal network by just swiping…