Cookie_jar

US National Breach Notification Law Gets its 15 Seconds

You’re excused if you missed the very brief mention of a new data security law in the President’s State of the Union address two weeks ago. It received a sentence or two somewhere towards the end of the speech. The White House published the proposed legislation (The Personal Data Notification & Protection Act) on its…

Inside the World of Insider Threats, Part II: More on Motivation

One area the CMU CERT researchers looked into was the chain of events that cause a law-abiding employee to become an insider menace. For those who want to learn about the models the CMU team came up with, they’re welcome to read this fascinating paper on the topic. But I think I can summarize the…

In_the_office_1

Inside the World of Insider Threats, Part I: Motivation

As someone once said in a different context, never let a good crisis go to waste. While we still don’t have definitive proof, there’s good evidence that employees were in some way involved in the Sony meltdown—see Did North Korea Really Attack Sony? from Schneier. The larger point is that the Sony breach opens the…

Big Data Recommendations Engine for Data Access

Could you imagine the web without personalized recommendations? Amazon tells us what new books to buy Spotify tells us what music to listen to Netflix tells us which movies to watch Foursquare tells us where to eat and what to order …but what about a recommendations engine for data access? As users move through an…

We’ve Been Recognized by Gartner

We have good news to share. Gartner, a leading independent provider of IT advisory and market intelligence, has mentioned us in their first ever “Gartner, Market Guide for Data-Centric Audit and Protection (Lowans and Perkins, Nov. 2014)”. Gartner has given us a check mark in all five Data-Centric Audit and Protection (DCAP) categories: Data Discovery,…

campbell-logo

Varonis Keeps Client and Company Data Protected and Private at Campbell Global

Campbell Global is a leader in sustainable timberland and natural resource investment. The company manages approximately 3.1 million acres of land globally and about $6.1 billion in assets. Based in Portland, Oregon, its 300 employees are spread throughout 25 offices. The company critically needed a reliable way to closely document, track and manage activity associated…

Interview With NYU-Poly’s Professor Justin Cappos: Security Lessons From Retail Breaches

I had the chance to talk with cyber security expert Justin Cappos last month about the recent breaches in the retail sector. Cappos is an Assistant Professor of Computer Science at NYU Polytechnic School of Engineering. He’s well known for his work on Stork, a software installation utility for cloud environments. In our discussion, Professor…

Ticket_booth_at_Jenkinson's_Boardwalk_Amusement_Park

Microsoft Fixes Kerberos Silver Ticket Vulnerability

The Kerberos Golden Ticket already had a mythic status in the hacking world even before this summer’s Black Hat conference rolled around. In theory, a hacker could create a universal authentication ticket and lurk forever in an organization’s IT system.  The how-to-accomplish part, though, was always a little murky. At the conference a lot of…

Egyptian-Chariot

99.99% Report Brakes Slowing Down Their Car

(.01% were moving too quickly to comment.) “The whole point of a car is so I can get where I’m going quickly. I just can’t understand why they put the brake pedal right next to the accelerator. And the brakes are merciless now. Whenever I step on them I stop almost immediately. What were they…

ipswich logo

Ipswich Hospital Chooses DatAnywhere

Ipswich Hospital NHS Trust is a busy district general hospital in Suffolk, England. Its 3,500 employees serve the medical needs for a community of over 350,000 people. The Ipswich IT Team was recently faced with an information security challenge. How do you share sensitive, internal documents from the hospital file system with third-party organizations (insurance,…