The Difference Between Share and NTFS Permissions


Last week when I wrote about managing privileged accounts, I knew I had to write about share and NTFS permissions. Understanding the difference is critical to sharing local resources with others on the network.  They function completely separate from each other but serve the same purpose – preventing unauthorized access. Share When you share a […]

Continue Reading →

SQL Server Best Practices, Part II: Virtualized Environments


This is a multi-part series on SQL Server best practices. Read part I here. It is 2016 and some people still think SQL Server cannot be run on a virtual machine. SQL Server can successfully run in a VM but SQL is resource-intensive by nature and so if you are going to virtualize SQL then […]

Continue Reading →

VIP Data Security Lessons From the Hack of Colin Powell’s Personal Email Account


Are C-levels, high-government officials, and other power elite really all that different than the rest of us? We now know after email hacks involving former Secretary of State Colin Powell’s Gmail account, former CIA director John Brennan’s AOL account, and the Gmail account of John Podesta, a top advisor to the Democrats, that they are, but not for the […]

Continue Reading →

How to Manage Your Privileged Accounts and Protect Your Crown Jewels


When a breach happens, the first question people ask is, “What did the company do wrong?” The short answer is: it depends. However, we do know one mistake many companies unknowingly make is allowing regular users access to the local administrator account. And hackers take advantage of that. “Hackers are trying to get in, and […]

Continue Reading →

HIPAA and Cloud Provider Refresher


As far as regulators are concerned, the cloud has been a relatively recent occurrence. However, they’ve done a pretty good job in dealing with this ‘new’ computing model.  Take HIPAA. We wrote that if a cloud service processes or stores protected health information (PHI), it’s considered in HIPAA-ese, a business associate or BA. As you […]

Continue Reading →

Varonis Earns Recognition in Computing Security Awards 2016


We are proud to announce that we have been recognized by Computing Security Awards 2016 in the following two award categories: Auditing / Reporting Solution of the Year – Varonis DatAdvantage Security Project of the Year – Private Sector – Union Bank UK PLC / Varonis The Awards Ceremony took place on Thursday October 13, […]

Continue Reading →

21st Century Cyber Wars: Defense Lags Offense


We don’t often get to see data security and cyber attacks discussed in detail on a top-rated national talk show, but that was the case last week. John Carlin, Assistant Attorney General for National Security, talked to Charlie Rose about cyber espionage, attack attribution, insider threats, and prevention. Even for those of us in the […]

Continue Reading →

IoT Pen Tester Ken Munro: Security Holes (Part 1)


If you want to understand the ways of a pen tester, Ken Munro is a good person to listen to. An info security veteran for over 15 years and founder of UK-based Pen Test Partners, his work in hacking into consumer devices — particularly coffee makers — has earned lots of respect from vendors. He’s […]

Continue Reading →

IT Concerns Country to Country: Ponemon Institute Study


Varonis recently released the third and final part of a study about data protection and enterprise security with the Ponemon Research institute: Differences in Security Practices and Vigilance across UK, France, Germany and US. This report compares survey responses of more than 3,000 IT professionals and end-user employees in UK, France, Germany and US. The […]

Continue Reading →

The Federal Trade Commission Likes the NIST Cybersecurity Framework (and You Should Too)


Remember the Cybersecurity Framework that was put together by the folks over at the National Institute of Standards and Technology (NIST)?  Sure you do! It came about because the US government wanted to give the private sector, specifically the critical infrastructure players in transportation and energy, a proven set of data security guidelines. The Framework […]

Continue Reading →

Are Wikileaks and ransomware the precursors to mass extortion?


Despite Julian Assange’s promise not to let Wikileaks’ “radical transparency” hurt innocent people, an investigation found that the whistleblowing site has published hundreds of sensitive records belonging to ordinary citizens, including medical files of rape victims and sick children. The idea of having all your secrets exposed, as an individual or a business, can be […]

Continue Reading →