Pen Testing Active Directory

You may have been following our series of posts on pen testing Active Directory environments and learned about the awesome powers of PowerView. No doubt you were wowed by our cliffhanger ending — spoiler alert — where we applied graph theory to find the derivative admin!

We know from the many emails we received that you demanded a better ‘long-form’ content experience. After all, who’d want to read about finding hackable vulnerabilities using Active Directory while being forced to click six-times to access the entire series?

Thanks to the miracle of PDF technology, we’ve compressed the entire series into an easy-to-ready, comfy ebook format. Best of all, you can scroll through the entire contents without having to touch messy hyperlinks.

Get The Ebook Now
Or check it all out online, here.
Compliance & Regulation

SHIELD Act Will Update New York State’s Breach Notification Law

Those of you who have waded through our posts on US state breach notification laws know that there are few very states with rules that reflect our current tech realities. By this I mean there are only a handful that consider personally identifiable information (PII) to include internet-era identifiers, such as email addresses and passwords. And even fewer that would require a notification to state regulators when a ransomware attack occur. Access Alone, or Access…
Compliance & Regulation, Data Security

What Experts Are Saying About GDPR

You did get the the memo that GDPR goes into effect next month? Good! This new EU regulation has a few nuances and uncertainties that will generate more questions than answers over the coming months. Fortunately, we’ve spoken to many attorneys with deep expertise in GDPR. To help you untangle GDPR, the IOS staff reviewed the old transcripts of our conversations, and pulled out a few nuggets that we think will help you get ready.…
IT Pros
women CISO CIO

Women in Tech: The Anatomy of a Female Cybersecurity Leader

Cybersecurity has a gender gap. According to the 2017 Women in Cybersecurity study, a joint venture between the Center for Cyber Safety and Education and the Executive Women’s Forum on Information Security, women only make up 11 percent of the total cybersecurity workforce. In addition to occupying a substantially small space in a massive global industry, the few women who are in cybersecurity hold fewer positions of authority and earn a lower annual salary than…
Compliance & Regulation
running track

HIPAA Compliance: Guide and Checklist

There are currently 14,930,463 individual records in the United States with an open HIPAA data breach investigation. That’s up to 14 million humans that have had their Protected Health Information (PHI) exposed by hacking, IT incident, theft, loss, or unauthorized access/disclosure. That’s just the unresolved case list. If we add the numbers from the resolved breach notifications, we end up with 162,599,642 records – over half of the current US population. And that’s why we…
Data Security

[Podcast] Varonis Track at RSA 2018

We’re all counting down to the RSA Conference  in San Francisco April 16 – 20, where you can connect with the best technology, trends and people that will protect our digital world. Attendees will receive a Varonis branded baseball hat and will be entered into a $50 gift card raffle drawing for listening to our presentation in our North Hall booth (#3210). Attendees that visit us in the South Hall (#417) will receive a car vent…
Data Security
risk framework management

Risk Management Framework (RMF): An Overview

The Risk Management Framework (RMF) is a set of criteria that dictate how United States government IT systems must be architected, secured, and monitored. Originally developed by the Department of Defense (DoD), the RMF was adopted by the rest of the US federal information systems in 2010. Today, the RMF is maintained by the National Institute of Standards and Technology (NIST), and provides a solid foundation for any data security strategy. What is the Risk…
Data Security

58% of organizations have more than 100,000 folders open to all employees

Like a wardrobe malfunction during a live broadcast, no one wants to be overexposed – especially when it comes to your data. The surprising truth: most companies go about their business blithely unaware that some of their most sensitive data is wide open. And by “some” we mean a lot. In fact, our latest research shows that 41% of organizations had at least 1,000 sensitive files open to all employees. As we know, it only…
Data Security

[Podcast] I’m Elena Khasanova, Professional Services Manager at Varonis, ...

Prior to Varonis, Elena Khasanova worked in backend IT for large organizations. She did a bit of coding, database administration, project management, but was ready for more responsibility and challenges. So seven years ago, she made the move to New York City from Madison, Wisconsin and joined the professional services department at Varonis. With limited experience speaking with external customers and basic training, Varonis entrusted her to deploy products as well as present to customers.…
Data Security

[Podcast] Dr. Wolter Pieters on Information Ethics, Part One

In part one of my interview with Delft University of Technology’s assistant professor of cyber risk, Dr. Wolter Pieters, we learn about the fundamentals of ethics as it relates to new technology, starting with the trolley problem. A thought experiment on ethics, it’s an important lesson in the world of self-driving cars and the course of action the computer on wheels would have to take when faced with potential life threatening consequences. Wolter also takes…
IT Pros

Adventures in Malware-Free Hacking, Part V

In this series of post, we’ve been exploring attack techniques that involve minimal efforts on the part of hackers. With the lazy code-free approach I introduced last time, it’s even possible to slip in a teeny payload into a DDE field within Microsoft Word. And by opening the document attached to a phish mail, the unwary user lets the attacker gain a foothold on her laptop. To bring the story up to date, Microsoft ultimately closed the…
Data Security
data integrity hero

Data Integrity: What is it and How Can You Maintain it?

If your company’s data is altered or deleted, and you have no way of knowing how, when and by whom, it can have a major impact on data-driven business decisions. This is why data integrity is essential. To understand the importance of data integrity to a company’s bottom line, let us examine what it is, why it’s significant, and how to preserve it. What is Data Integrity? Data integrity refers to the reliability and trustworthiness…
Data Security
advanced persistent threat hero

Advanced Persistent Threat (APT) Explained

In March of 2018, a report detailing “Slingshot” malware revealed that the malware hid on routers and computers for approximately 6 years before being discovered. Slingshot is a perfect example of malware designed for Advanced Persistent Threat (APT) attacks. What is an Advanced Persistent Threat (APT)? Advanced Persistent Threats (APTs) are long-term operations designed to infiltrate and/or exfiltrate as much valuable data as possible without being discovered. It’s not yet possible to estimate exactly how…