For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
Data Security, IT Pros

Brute Force: Anatomy of an Attack

The media coverage of NotPetya has hidden what might have been a more significant attack: a brute force attack on the UK Parliament.  While for many it was simply fertile ground for Twitter Brexit jokes, an attack like this that targets a significant government body is a reminder that brute force remains a common threat to be addressed. It also raises important questions as to how such an attack could have happened in the first…
Customer Success

Getting the Most Out of Data Transport Engine

If you don’t need it, get rid of it. If it’s sensitive, make sure sure it’s in the right place, and only accessible to those who need it. Old files are expensive and risky, which is why we have retention and disposition policies for what should happen to data that we don’t need anymore. The Data Transport Engine (DTE) is a component of the Varonis Data Security Platform that lets you automate these kinds of…
Data Security

[Podcast] Is Data Worth More Than Money?

When it comes to infosecurity, we often equate treating data like money. And rightfully so. After all, data is valuable. Not to mention the human hours devoted to safeguarding an organization’s data. However, when a well-orchestrated attack happens to destroy an organization’s data, rather than for financial gain, we wondered if data is really worth more than money. Sure you can quantify the cost of tools, equipment, hours spent protecting data, but what about intellectual…
Data Security

Data Security Software: Platforms Over Tools

As recent security incidents like NotPetya, Wannacry and the near daily data breach reports have shown, data security isn’t getting easier. And it’s not because IT groups aren’t putting in the work. IT and Infosec Is Just Fundamentally Getting More Complex. New internal and external services are being added constantly, and each service requires management. These days you need everything from data classification to auditing to risk management to archiving in order to stay compliant…
Data Security

[Podcast] In the Dark about Our Data

It’s been reported that 85% of businesses are in the dark about their data. This means that they are unsure what types of data they have, where it resides, who has access to it, who owns it, or how to derive business value from it. Why is this a problem? First, the consumer data regulation, GDPR is just a year away and if you’re in the dark about your organization’s data, meeting this regulation will…
Data Security

The Complete Ransomware Guide

Table of Contents What Bitcoin Has to Do With Ransomware Should You Pay? Yes No Why You Should Work with Law Enforcement Before You Pay Major Ransomware Types Encryption Deletion Locking Attack Vectors What to Do After You’ve Been Infected Mitigation Methods Overview Ransomware – malware that encrypts a victim’s data, extorting a ransom to be paid within a short time frame or risk losing all his files – has been around for quite some…
Compliance & Regulation

[Podcast] What Does the GDPR Mean for Countries Outside the EU?

The short answer is: if your organization store, process or share EU citizens’ personal data, the EU General Data Protection Regulation (GDPR) rules will apply to you. In a recent survey, 94% ­of large American companies say they possess EU customer data that will fall under the regulations, with only 60% of respondents that have plans in place to respond to the impact the GDPR will have on how th­ey handle customer data. Yes, GDPR…
Data Security, IT Pros

Exploring Windows File Activity Monitoring with the Windows Event Log

One might hope that Microsoft would provide straightforward and coherent file activity events in the Windows event log. The file event log is important for all the usual reasons –  compliance, forensics, monitoring privileged users, and detecting ransomware and other malware attacks while they’re happening.  A log of file activities seems so simple and easy, right? All that’s needed is a timestamp, user name, file name, operation (create, read, modify, rename, delete, etc.), and a…
Data Security
NotPetya Ransomware

🚨 Petya-Inspired Ransomware Outbreak: What You Need To Know

On the heels of last month’s massive WannaCry outbreak, a major ransomware incident is currently underway by a new variant (now) dubbed “NotPetya.” For most of the morning, researchers believed the ransomware to be a variant of Petya, but Kaspersky Labs and others are reporting that, though it has similarities, it’s actually #NotPetya. Regardless of its name, here’s what you should know. This malware doesn’t just encrypt data for a ransom, but instead hijacks computers and…
Data Security

Please Disable UPnP on Your Router. Now!

Remember the first large-scale Mirai attack late last year? That was the one directed at IP cameras, and took advantage of router configurations settings that many consumers never bother changing. The main culprit, though, was Universal Plug and Play or UPnP, which is enabled as a default setting on zillions of routers worldwide. Also known as port forwarding, UPnP is a convenient way for allowing gadgets, such as the aforementioned cameras (or WiFi-connected coffee pots),…
Data Security

[Podcast] Troy Hunt and Lessons from a Billion Breached Data Records

Troy Hunt is a web security guru, Microsoft Regional Director, and author whose security work has appeared in Forbes, Time Magazine and Mashable. He’s also the creator of “Have I been pwned?”, the free online service for breach monitoring and notifications. In this podcast, we discuss the challenges of the industry, learn about his perspective on privacy and revisit his talk from RSA, Lessons from a Billion Breached Data Records as well as a more…
Data Security

I Click Therefore I Exist: Disturbing Research On Phishing

Homo sapiens click on links in clunky, non-personalized phish mails. They just do. We’ve seen research suggesting a small percentage are simply wired to click during their online interactions. Until recently, the “why” behind most people’s clicking behaviors remained something of a mystery. We now have more of an answer to this question based on findings from German academics. Warning:  IT security people will not find their conclusions very comforting. Attention Marketers: High Click-Through Rates!…