For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
Data Security

Malware Protection: Defending Data with Varonis Security Analytics

Malware has become the catch-all term for any bit of code that attempts to hide and then subvert the intentions of the computer’s owner. Viruses, rootkits, lock-screens, and Trojan horses are as common today as a web browser and used by everyone from criminals, governments, and security researchers. Malware detection on endpoints is commonplace, but as WannaCry and NotPetya taught us, malware can end up in your servers as well, creating vulnerabilities and backdoors to…
Compliance & Regulation

SEC Guidance on Cyber Incidents and Risk Disclosures

You know, because you read it here in the IOS blog, that in the US data breach reporting is not nearly as strict and comprehensive as in the EU. At the federal level, we have tough rules for reporting incidents involving medical data (HIPAA) and less tough ones for financial data (GLBA). At the state level, there is a patchwork of notification laws for the exposure of a select set of identifiers. And that’s it!…
Data Security

SIEM Tools: Varonis Is the Solution That Makes the Most of Your SIEM

SIEM applications are an important part of the data security ecosystem: they aggregate data from multiple systems, normalize that data, then analyze that data to catch abnormal behavior or data security attacks. SIEM provides a central place to collect events and alerts – so that you can initiate a security investigation. But what then? The biggest issue we hear from customers when they use SIEM is that it’s extremely difficult to diagnose and research security…
Data Security

The Difference Between IAM’s User Provisioning and Data Access Management

Identity and access management (IAM)’s user provisioning and data security’s data access management both manage access. But provisioning is not a substitute, nor is it a replacement for data access management. The nuances between the two are enough to put the two in distinct categories. Both are important and knowing the difference between the two will help you figure out the right tool for the job. What is User Provisioning? User provisioning is the creation…
Data Security

[Podcast] Manifesting Chaos or a Security Risk?

Regular listeners of the Inside Out Security podcast know that our panelists can’t agree on much. Well, when bold allegations that IT is the most problematic department in an organization can be, ahem, controversial. But whether you love or hate IT, we can’t deny that technology has made significant contributions to our lives. For instance, grocery stores are now using a system, order-to-shelf, to reduce food waste. There are apps to help drivers find alternate…
IT Pros

Adventures in Malware-Free Hacking, Part II

I’m a fan of the Hybrid Analysis site. It’s kind of a malware zoo where you can safely observe dangerous specimens captured in the wild without getting mauled. The HA team runs the malware in safe sandboxes and records systems calls, file created, and internet traffic, displaying the results for each malware sample. So you don’t have to necessarily spend time puzzling over or even, gulp, running the heavily obfuscated code to understand the hackers’…
Data Security

[Podcast] The Security of Legacy Systems

It’s our first show of 2018 and we kicked off the show with predictions that could potentially drive headline news. By doing so, we’re figuring out different ways to prepare and prevent future cybersecurity attacks. What’s notable is that IBM set up a cybersecurity lab, where organizations can experience what it’s like go through a cyberattack without any risk to their existing production system. This is extremely helpful for companies with legacy systems that might…
Data Security

The Difference Between Data Governance and IT Governance

Lately, we’ve been so focused on data governance, extracting the most value from our data and preventing the next big breach, many of us have overlooked IT governance fundamentals, which help us achieve great data governance. The source of some of the confusion is that data and IT governance have very similar and interdependent goals. Broadly speaking, both processes aim to optimize the organization’s assets to generate greater business value for the organization. Since IT…
Data Security, Varonis News

Introducing Varonis Data Security Platform 6.4.100: Varonis Edge, GDPR Thre...

It’s the beginning of a new year, and we have a huge new beta release to share with you.  The beta release of the Varonis Data Security Platform 6.4.100 dropped earlier this month, and I wanted to share a few highlights: Varonis Edge We announced Varonis Edge back in November, and we’re excited for you to try it.  After over a decade of protecting core data stores, we’re extending that same data security approach to…
Data Security

Add Varonis to IAM for Better Access Governance

Managing permissions is a colossal job fraught with peril, and over-permissive folders are the bane of InfoSec and a hacker’s delight. Many organizations employ IAM (Identity Access Management) to help manage and govern access to applications and other corporate resources. One of the challenges that remains after implementing an IAM solution, however, is how to apply its principles to unstructured data. IAM may be able to help you manage group memberships in Active Directory, but…
Data Security

I’m Sean Campbell, Systems Engineer at Varonis, and This is How I Work

In April of 2013, after a short stint as a professional baseball player, Sean Campbell started working at Varonis as a Corporate Systems Engineer. Currently a Systems Engineer for New York and New Jersey, he is responsible for uncovering and understanding the business requirements of both prospective and existing customers across a wide range of verticals. This involves many introductory presentations, proof of concept installations, integration expansion discussions, and even the technical development of Varonis…
Data Security

Adventures in Malware-Free Hacking, Part I

When I first started looking into the topic of hackers living off the land by using available tools and software on the victim’s computer, little did I suspect that it would become a major attack trend. It’s now the subject of scary tech headlines, and security pros are saying it’s on the rise. It seems like a good time for a multi-part IOS blog series on this subject. Known also as file-less or zero-footprint attacks, malware-free…