uba-insider-thumbnail

User Behavior Analytics (UBA) and Insider Theft [White Paper]

Insider theft can be devastating for companies. After all, employees know where the most valuable and sensitive data lives. According to PwC’s 2014 US State of Cybercrime Survey, one-third of respondents said insider data theft is more costly or damaging than those committed by outsiders! How can you tell when an employee breaks bad? We…

pros-cons

The Difference between SIEM and UBA

The latest 2015 Verizon Data Breach Investigations Report indicates that insider threats continue to be a top security concern. As employees go rogue, one effective insider threat prevention technology that has been instrumental for IT security is User Behavior Analytics (UBA). If you currently use a security identity event management (SIEM) tool to monitor user…

Gartner Recognizes Varonis in 2015 Market Guide for File Analysis Software

Having spent the past decade pioneering and building out a range of solutions for managing and protecting critical data, we are pleased to report today that Gartner has recognized Varonis in its 2015 Market Guide for File Analysis Software. File analysis, according to Gartner, is used for three primary reasons: to increase operational efficiency, lower…

Insider Theft 2015: We’ve Been Warned

Identity Theft Resource Center (ITRC) is my go-to source for a running tally of breaches. As of last week ITRC, which gets its stats from media sources and state agencies, has counted 505 incidents, exposing over 139 million records. So a little after the mid-year mark, the number of records taken is ahead of 2014’s…

law firms data security protection

Why Law Firms Should Care About Data Security

An alarming 70% of large firm attorneys do not know if their firm has been breached, according to a recent American Bar Association (ABA) survey conducted by the ABA’s Legal Technology Resource Center. For many companies, it often takes IT months to learn about an incident—if they ever find out at all—and usually only after…

Directories

The IP Theft Puzzle, Part II: Ideas for Spotting Directory Copies

Catching an insider thief before he gets and exfiltrates IP ain’t easy. As I wrote about in the last post in this series, insiders already have access to sensitive content — they’re authorized to view, copy, and edit important code, documents, and presentations. Casing the Joint However, we do know that insiders generally first test…

446px-Elizabeth_I_in_coronation_robes

Her Majesty’s Five Essential Security Controls

The United Kingdom’s GCHQ, their NSA-like organization, has its 10 Steps to Cyber Security. We hear from our friends across the pond that it’s proven to be very popular. These tips from her Majesty’s security service point out general areas where organizations need to focus their security efforts. Are you now asking yourself whether there…

The IP Theft Puzzle, Part I: Insider Entitlement

Earlier this year, the Metadata Era explored some of Carnegie Mellon University’s Computer Emergency Response Team’s (CMU CERT) research on insider threats. To refresh memories, CMU researchers found that motivations for insider actions roughly fell into three categories: financial, sabotage, and Intellectual Property or IP theft. The last one, IP theft, turns out to have…

532px-EU_flag-map

Will the EU’s Data Protection Regulation Apply to Me?

One of the more complex issues that will have to be resolved with the new Data Protection Regulation (DPR) is what’s being called “extraterritoriality.” As proposed by EU Parliament, the DPR will apply to any data transferred outside the EU zone. So under these new rules, if a US company collects data from EU citizens,…

What is User Behavior Analytics?

There’s nothing new in using analytics in data protection or breach prevention. Firewalls, for example, analyze packet contents and other metadata, such as IP addresses, to detect and block attackers from gaining entry. And anti-virus software is constantly scanning file systems for malware by looking for bits of code and other signs that a file…