Live TechTalk: More Fuel For Your SIEM

Security Information and Event Management (SIEM) offers an excellent way to combine and analyze multiple data streams and generate alerts that help protect your organization. But a SIEM is only as powerful as the data it consumes. Does your SIEM currently receive file and folder access events? How about SharePoint and Exchange activity?  There is a…

Continue Reading

688px-US_Navy_031206-N-9693M-517_Army_and_Navy_football_players_vie_for_control_of_the_ball_during_the_104th_Army_Navy_Game

Back to Basics: Payment Card Industry’s DSS 3.0

The long awaited revision to the credit card industry’s security standards was published last month. As expected, the latest version of Data Security Standard (or DSS) has clarified and strengthened existing requirements and has added a major new section for penetration testing. Among the improvements are stronger rules for passwords, authentication, and audit trails. If…

Continue Reading

ssh-2

How Did Snowden (Really) Do It?

I recently stumbled across an article in Dark Reading entitled “How Did Snowden Do It?”  The piece does a great job pointing out how failures in authentication allowed Snowden to gain access to sensitive data repositories, acting both as himself and impersonating other privileged users. The author states that Snowden a.) used social-engineering to convince…

Continue Reading

VIDEO: Applying Big Data Analytics to Human-Generated Content

Last week, Varonis and GigaOm held a panel discussion on the value of applying big data analytics to human-generated data.  It was a really thought-provoking discussion about an emerging technology that is helping early-adopting enterprises reduce risk, lower data management costs, and get insights about how people within the organization work and collaborate with data….

Continue Reading

800px-2.5m_Hajj_pilgrims_visited_jamarat_yesterday,_according_to_Saudi_public_security_monitors_-_Flickr_-_Al_Jazeera_English

2013 State of the Breach: More of the same (but keep an eye on unstructured data)

As 2013 comes to a close, it’s not too early to peek at current breach stats and see what this past year has brought. For this type of research, I rely on the Identity Theft Resource Center for an up to date tally of data exposures. So what are the major trends for 2013? With over…

Continue Reading

800px-Front_of_server_racks_at_NERSC

Enterprise Dark Data Is a Hidden Asset

In the last year, Dark Data has been finding its way, so to speak, into the spotlight. In my mind, Dark Data is a subset of Big Data—enormous but without formal boundaries as defined by database schemas. In other words, it’s the human generated content in documents, presentations, spreadsheets, notes, and other readable formats that…

Continue Reading

How to Do Data Classification at Scale

One of the important points we make in our recently published Information Entropy report is that you can’t just decide you have intellectual property, issue NDAs to employees, and leave it at that. Confidential information requires real ongoing work on the company’s part. This is especially true for a class of IP known as trade…

Continue Reading

isilon

Varonis Adds Support for EMC Isilon

Download the EMC-Varonis Partner datasheet here. One of the biggest benefits of the Varonis Data Governance Suite is the wide platform support.  This is important for two very significant reasons: 1.) We want to help customers manage and protect their data wherever it lives without forcing them to move into a document management silo.  We…

Continue Reading

Video: 6 Steps to HIPAA Compliance

On the heels of the HIPAA Omnibus Rule we decided to put together a jam-packed, highly educational webinar that dives deep into the world of HIPAA and HITECH.  I was joined by HIPAA expert Mark Eggleston of Health Partners Plans for what would be Varonis’ most well-attended webinar to date.  In this recording, we cover:…

Continue Reading