Privacy-Practices-2

Privacy by Design Cheat Sheet

Privacy by Design (PbD) has been coming up more and more in data security discussions. Alexandra Ross, the Privacy Guru, often brings it up in her consultations with her high tech clients. Its several core principles have been adopted by U.S. government agencies and others as de facto best practices polices. PbD is about 20…

SOFTWARE PRODUCT OF THE YEAR

Varonis Metadata Framework Voted 2015 Software Product of the Year

Today Varonis is thrilled to report that our Metadata Framework was voted “Software Product of the Year” for 2015 by the UK’s Network Computing magazine, which is the UK’s longest established magazine dedicated to network management. In its ninth year, the winners of its award program are determined by online voting open to the public – such…

Carbanak Attack Post-Mortem: Same Old Phish

The Kaspersky report about Carbanak malware released last month led to some pretty frightening headlines, usually starting with “Billion dollar heist…”.  Now that we’re over a month into reviewing some of the forensic evidence, it appears that Carbanak is less sophisticated than many first thought. At its heart, this was a spear phishing attack that…

State of PCI Compliance 2014

Last year when we wrote about Verizon’s PCI Compliance report, the news was not very encouraging. Only 11% of companies in the Verizon sample passed all 12 of the PCI Data Security Standard (DSS) 2.0’s controls. For hackers, it meant that in 2013 they were unlucky if they found themselves on a compliant site! The…

Windows 10’s Security Reboot, Part III: FIDO and Beyond

FIDO’s Universal Two Factor (U2F) is intended to make it easy for companies to add a strong second factor to their existing crypto infrastructure. Most of us are probably not ready to leap ahead to the password-less Universal Authentication Factor (UAF), which I touched on in the previous post in this series. So U2F is…

Interview With Alexandra Ross, The Privacy Guru

Alexandra Ross is not your ordinary attorney practicing privacy law. Her CV includes a stint as Associate General Counsel for Wal-Mart Stores, where she built this giant retailer’s privacy policies and procedures from the ground up. She is San Francisco based and consults with many Bay area tech companies. Her point of view on privacy…

Marshawn_Lynch_vs._Redskins_2014

Enterprise Search: Connecting File Data and Knowledge, Part II

If you’re like me, you use the autosuggestion box in Google (or your favorite search engine) to quickly confirm or learn new facts even without having to see the search results. Not sure how to spell the name of that Seattle Seahawks running back? Start entering in the first few letters, “mars,” and Google provides…

fido-x

Windows 10’s Security Reboot, Part II: More on Authentication

A good part of Windows 10’s security improvements center on basic changes to the way users and software prove their identities. No, that wasn’t a mistake in the last sentence. Software, like, people, also can have an identity and be required to show they’re the apps they say they are. The underlying technology is well…

password-sos1

Windows 10’s Security Reboot, Part I: Authentication

There’s incredible excitement about the Windows 10 release. If you completely quantum leap over Windows 9, you’d expect big things. In December, I was talking with NYU-Poly’s Professor Justin Cappos. He’s a security expert and had nothing but high praise for Microsoft’s security group. But he added their cutting-edge research doesn’t necessarily make it into…

iamyourcustomer

Timely Cybercrime Analysis from FINRA

Hackers stealing passwords, credit card and social security numbers, and health insurance IDs can lead to significant dollar losses. But let’s think the unthinkable: hackers getting access to our retirement, 401(k), and brokerage accounts. Of course, that’s where the real money is. The Financial Industry Regulatory Authority (FINRA), an independent watchdog group, recently published a…