NTLM warning

A Closer Look at Pass the Hash, Part III: How NTLM will get you hacked (and what you should do about it)

I was about ready to wrap up this series of posts (part 1, part 2 ) on PtH and make my larger point, which is that you should assume hackers will break into your system. And then I learned new information about credential stealing that amplifies this warning by a factor of 10. The most…

rename domain active directory

Risks of Renaming Your Domain in Active Directory

As a sysadmin, there might be moments where you’ll find the need to change, merge, or rename your domain. There are many reasons why you might need to do this, for instance: an organizational restructuring, merger, buyout or expansion. Keep in mind that a rename is not designed to accommodate forest mergers or the movement…

da-chargeback

Usage-Based Storage Chargebacks with DatAdvantage

Usage-based chargebacks is just a better way to do cost sharing: it’s more fair, transparent, and consistent then other approaches.  If you want proof, read our IT Chargeback guide. What about actually doing chargebacks with data storage? Of course, the first step is getting a breakdown of data usage by cost centers or other group…

395px-Automated_Storage_and_Retrieval_System_-_Defense_Visual_Information_Center_·_DD-ST-96-00253

Three Things to Be Aware of With Low-Cost Data Backup Services

I’m always a little surprised by the reaction from customers regarding off-site storage services.  It goes something like, “Well, the price is so good, that I don’t really need to know anything else.”  From a pure accounting standpoint, I do see their point. As a company goes down the road of evaluating low-cost backup and…

Latest Varonis Survey Reveals the Speed Bumps to Ubiquitous Enterprise Search

We can’t imagine modern consumer life without search engines to help us find Web content that answers our most pressing questions. But in the business world, the situation is almost reversed—we’ve settled for pre-Internet era file search technology to locate the documents and information that help us do our jobs. In a Varonis survey of…

Whitepaper - The IT Chargebacks Guide

Varonis Guide to IT Chargebacks

If our posts on IT chargebacks had you asking more questions, then our new whitepaper should have the answers. The Varonis IT Chargeback Guide: How to Quantify IT’s Contribution to the Bottom Line discusses the most common chargeback methodologies to divide up IT costs among the various profit-making business units and the inherent problems with…

800px-Tickets

A Closer Look at Pass the Hash, Part I

We’ve done a lot of blogging at the Metadata Era warning you about basic attacks against passwords. These can be mitigated by enforcing strong passwords, eliminating vendor defaults, and enabling reasonable lockout settings in Active Directory. But don’t rest yet! Hackers have another password trick that’s much more difficult to defend against. Advanced password, or…

How to Best Apply SANS Critical Security Controls to Unstructured Human-Generated Data

The SANS Top 20 Critical Security Controls (CSC) have become a widely accepted strategy for protecting organizations against the most common security risks. They take a practical view of security that’s based on protecting against real-world threats—“offense informs defense”. Developed and maintained by an international group of organizations, government agencies, and security experts, the controls…

Varonis Data Governance Suite 5.9 is now GA

Data Governance Suite 5.9 is packed with new features, including DatAlert, which provides real-time alerts and data breach detection for file servers, NAS, Exchange, and SharePoint.