The Worst Assumption You Can Make About Healthcare Information

There’s a common misconception that HIPAA only applies to database records. It’s somewhat understandable because “health record” is used frequently on the Health and Human Services (HHS) web site. However, if you read the actual language of HIPAA more closely, you’ll see that the rules cover protected health information (PHI) in any electronic format. Have…

Continue Reading


PoS Cyber Attack Insight: Malware Isn’t What You Think It is

As headlines over the last few months have shown, hackers are becoming more and more resourceful at getting through corporate firewalls to directly attack retail terminals and back-end PoS servers. If IT can’t stop them from getting through the front door, is there a second line of defense to, at a minimum, contain the cyber-thieves…

Continue Reading

Exchange Public Folder Migration Guide

Many organizations rely on Exchange’s public folders to store emails, documents, calendars, tasks, and more.  Over time, with substantial and frequent use, emails pile up, and many organizations want to know: Is anyone using all of this content? Who does it belong to? Is the sensitive stuff protected? Should we get rid of it or…

Continue Reading

Unique Offerings + Rapid Growth = Prestigious Industry Recognition for Varonis

Much of the recent talk in the IT industry has revolved around the fates of traditional IT giants. Rumors of mergers, breakups, and divestments often miss one of the underlying factors creating this turbulence: customers want innovation and they are finding it with fresh approaches from newer players. Our relentless passion to innovate for our…

Continue Reading

dhs - backoff

Driving a Stake through Backoff and other PoS Malware

Despite a US CERT warning and several well-publicized hacking incidents over the summer, Backoff malware continues to add new corporate victims. Krebs has been on the case and has more details on the most recent attacks against two well-known brands. The government warning pointed out that anti-virus vendors may not have the latest signatures for…

Continue Reading

Blank computer screen

Miscommunication as a Cybersecurity Threat

There was a great interview in WSJ this weekend with Blackstone’s CISO Jay Leek.  They asked Mr. Leek a question that I love asking people in high-level security roles: WSJ: What most worries you? LEEK: The No. 1 most significant risk to every organization is your well-intentioned, nonmalicious insider who is trying to do the…

Continue Reading

Using PowerShell to Combat CryptoLocker

On the Varonis blog, we recently wrote about how CryptoLocker—the malware that encrypts your local files and holds them for a Bitcoin ransom—has better marketing than many companies. However, we thought it would be helpful to also offer some tactical advice for dealing with CryptoLocker using our sysadmin tool of choice: PowerShell. What follows are…

Continue Reading


POODLE SSL Bug Scanner

As you may have noticed, there’s been widespread attention on this new POODLE SSL attack (CVE-2014-3566) that lets attackers spy on your traffic to any website that is vulnerable. As a public service, we’ve made a free, easy-to-use site that lets you scan any URL to see if it’s vulnerable and offers some helpful links to…

Continue Reading


Getting Ready for PCI DSS 3.0 and Beyond: A New Focus on Testing

To get a sense of where the PCI Data Security Standard (DSS) is heading, it helps to take a look beyond the actual language in the requirements.  In August, PCI published a DSS 3.0 best practices document that provided additional context for the 12 DSS requirements and their almost 300 sub-controls. It’s well worth looking at. The…

Continue Reading

How can I find out which Active Directory groups I’m a member of?

The ability to administer and maintain up-to-date user lists and groups is critical to the security of an organization. There are a number of different ways to determine which groups a user belongs to. First, you can take the GUI approach: Go to “Active Directory Users and Computers”. Click on “Users” or the folder that…

Continue Reading