The Value of Sandboxes

There’s been a lot of talk about malware sandboxing as a form of protection against advanced persistent threats (APTs). The idea behind malware sandboxing is that you can drop suspicious binaries into a virtualized environment, execute them, and observe what happens without posing any risk to your production systems.  After the malicious code wreaks its…

Using Varonis: “Fast Track” Recommendations

(This is one entry in a series of posts about the Varonis Operational Plan – a clear path to data governance.  You can find the whole series here.) Over time, a user’s access to systems and data in an organization tends to grow, regardless of their role or responsibilities. From an IT perspective, it’s much more…

Fixing the Open Shares Problem

I recently spoke with an IT administrator who had started a manual open share cleanup project—finding and locking down folders and SharePoint sites open to global access groups like Everyone, Domain Users and Authenticated Users. After removing the everyone group from several folders, they began to receive help desk calls from people who had been…

10 Things IT Should Be Doing (But Isn’t): Free On-Demand Webinar

On our last webinar: 10 Things IT Should Be Doing (But Isn’t), we reviewed some of the challenges associated with unstructured data management and protection. IT requires the ability to answer critical questions about data in order to efficiently and effectively protect it. Some of these questions are: Who has access to data? Who has…

Who Is TRYING To Access Your Data?

In our previous post we discussed how over 80% of data breaches are considered “opportunistic.” The majority of them are regular employees who have excess permissions, who abuse their access to obtain sensitive information. When we take these two things into account we can confidently say that a primary area of risk is where regular…

Substantially Reducing Risk by Cleaning Up Access Permissions

The article, “The Art of Profiling Cyber Criminals” within Dark Reading on December 8th, 2011 provides a brief outline of the characteristics of a typical cyber criminal.  The article is of interest because of its detailed description of the malicious insider.  Of particular interest is the following quote: “Around 65 percent of malicious insiders have…