Earlier this year, Andy blogged on Carnegie Mellon University’s Computer Emergency Response Team (CMU CERT) research on insider attacks: specifically their motivation, means and opportunity, and what we can do to prevent them. To quickly review, insiders know that information is an asset. They often have access to the data, know where the data is […]
Everyone knows that data breaches can be devastating: destroying reputations, revealing sensitive business emails and documents, compromising intellectual property, and costing millions.
So why is it so easy for data to be stolen? Why are so many data breaches happening? Why does traditional perimeter security leave data so vulnerable?
Hear from our CEO and VP of Strategy and Market Development in our latest video about protecting data from the inside out.
We’re very excited to present this Q&A with Ed Skoudis. Skoudis is a very large presence in the security world. Here’s just a snippet from his lengthy bio: founder of Counter Hack, sought-after instructor at the SANS Institute, creator of NetWars CyberCity, and winner of the US Army’s Order of Thor Medal. We focused our questions […]
The Federal Financial Institutions and Examination Council (FFIEC) is a U.S. government interagency that unifies the supervision of financial institutions, prescribes uniform principles, standards, and report forms. Various laws, including principally the Gramm-Leach-Blilely Act’s 501(b) data safeguard requirements, give the FFIEC the power to establish a set of data security standards for banking and financial institutions. In setting […]
Last week I broke into a Windows 2008 server and inserted a remote access trojan or RAT. Don’t call security, I did this in a contained environment within virtual machines. To continue on with my pen testing experiment, in this post I’ll explore a few basic steps and techniques used by hackers after they’ve entered […]
Active Directory serves as a hub for nearly every organization of any size – storing user identities, authenticating access, enforcing machine configuration policies, and more. Since access to almost all critical data and systems relies on Active Directory, it is one of the most important technologies to protect. However, because of its inherent complexity, we […]
Today we’re happy to announce the interoperability of our DatAdvantage and DatAlert solutions with the FireEye® Threat Analytics Platform™ (TAP™). FireEye TAP provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. Hackers are getting better […]
If you’re looking to understand the current security environment, and why perimeter defenses no longer can, ahem, hack it, may we direct you to a recent newsletter from Gartner? It’s just a few pages but well worth your time. Our own Yaki Faitelson, Varonis CEO, is featured, and he tells it like it is, security-wise. […]
“I hate automation” said no sysadmin, ever. PowerShell has become a very popular scripting solution for perpetually overworked sysadmins and other IT pros. It can be used to automate almost any area of the Windows ecosystem, including Active Directory and Exchange. What’s the best way to learn about this time saving tool? I scoured the […]
Remote Access Trojans or RATs are vintage backdoor malware. Even though they’ve been superseded by more advanced command-and-control (C2) techniques, this old, reliable malware is still in use. If you want to get a handle on what hackers are doing after they’ve gained access, you’ll need to understand more about RATs. A RAT’s Tale RATs […]