Top Five Most Dangerous Software Errors

Over the years, Mitre, the MIT research group, has been analyzing software bugs and missteps that hackers have been able to exploit. Their Common Vulnerabilities and Exposures (CVE) classifications are something of a de-facto standard used for describing the root software causes in an attack.  Working with SANS, the Mitre CVE team has come up…

Continue Reading

Billion User Breach PSA

The latest story which has the security world in tizzy is the New York Times report that Russian hackers have amassed more than a billion Internet passwords. Bruce Schneier wrote in interesting post yesterday calling into question the validity of this report. He points out that Hold Security, the company that is hyping this breach, is not only…

Continue Reading


How Big Data Challenges the Fourth Amendment

I came across an article recently about how the Santa Cruz Police Department was experimenting with big data analytics to help fight crime. They were experiencing a perfect storm– 30% increase in crime and a 20% decrease in police staff.  But they responded in an interesting way: by using predictive-analytics software to estimate where home,…

Continue Reading


Authentication Lessons from the Magic Kingdom: A Closer Look at Kerberos, Part I

The flaws in NTLM I’ve been writing about might lead you to believe that highly-secure authentication in a distributed environment is beyond the reach of mankind. Thankfully, resistance against hackers is not futile. An advanced civilization, MIT researchers in the 1980s to be exact, developed open-source Kerberos authentication software, which has stood the test of…

Continue Reading

hidden - keys-partial

Deadly credential vulnerabilities found in mobile apps

I’m beginning to be known around here as the bearer of bad news on authentication hacks. Unfortunately, I have more to share. In June, researchers at Columbia University announced they discovered secret login keys hidden in thousands of Google Play apps. Left by developers to access their own cloud-based accounts—on Facebook, AWS, Twitter, and other…

Continue Reading

what you may have missed

What You May Have Missed

1. In life, it’s often said that it’s the little things that count and this timeless saying is also true when it comes to Big Data. While many businesses hope for and perhaps expect a transformative, Holy Grail solution, this Economist article argues that lots of incremental gains and improvements have a  good cumulative effect…

Continue Reading


How Varonis Helps with Federal Information Security Management Act (FISMA)

Government agencies are required by the Federal Information Security Management Act (FISMA) to audit and report on their information systems, including servers containing unstructured and semi-structure data. FISMA also requires that government agencies develop an automated risk model that provides “greater visibility and focus on their most significant vulnerabilities at any time.” If you’re looking…

Continue Reading

21 Free Tools Every SysAdmin Should Know

Check out our favorite free sysadmin tools that we use to help us work faster and be more awesome. At Varonis we’re always looking for productivity hacks—whether it be keyboard shortcuts or meditation techniques.  Last week, a bunch of us got together and shared our favorite free sysadmin tools—ones we love and use all time….

Continue Reading

Varonis SysAdminDayContest Blog

Varonis #SysAdmin Day Twitter Photo Contest – Deadline Extended!

As a Sys Admin you’re your company’s IT hero – putting out fires day in and day out. Well here’s your chance to take a break, and maybe win something for your effort. Keep reading… In honor of the 15th Annual SysAdmin Day on July 25th Varonis invites you to tweet us your best photo,…

Continue Reading