Pen Testing Active Directory

You may have been following our series of posts on pen testing Active Directory environments and learned about the awesome powers of PowerView. No doubt you were wowed by our cliffhanger ending — spoiler alert — where we applied graph theory to find the derivative admin!

We know from the many emails we received that you demanded a better ‘long-form’ content experience. After all, who’d want to read about finding hackable vulnerabilities using Active Directory while being forced to click six-times to access the entire series?

Thanks to the miracle of PDF technology, we’ve compressed the entire series into an easy-to-ready, comfy ebook format. Best of all, you can scroll through the entire contents without having to touch messy hyperlinks.

Get The Ebook Now
Or check it all out online, here.
Data Security

Maximize your ROI: Maintaining a Least Privilege Model

TL;DR: Managing permissions can be expensive. For a 1,000 employee company, the overhead of permissions request tickets can cost up to $180K/year. Automating access control with DataPrivilege can save $105K/year or more and reduce risk. Read on to see the math. One of the most important requirements of implementing a data security plan in today’s breach-a-day era is to implement and maintain a least privilege model across your enterprise. The principle of least privilege says…
Data Security

[Podcast] Bring Back Dedicated and Local Security Teams

Last week, I came across a tweet that asked how a normal user is supposed to make an informed decision when a security alert shows up on his screen. Great question! I found a possible answer to that question at New York Times director of infosecurity, Runa Sandvik’s recent keynote at the O’Reilly Security Conference. She told the attendees that many moons ago, Yahoo had three types of infosecurity departments: core, dedicated and local. Core…
Compliance & Regulation

IT Guide to the EU GDPR Breach Notification Rule

Index Personal Data Breach vs. Reportable Breach Notifying the Regulators Breach Notification and Ransomware Individual Reporting Breach Notification in Phases Notification Details This Is Not Legal Advice The General Data Protection Regulation (GDPR) is set to go into effect in a few months — May 25 2018 to be exact. While the document is a great read for experienced data security attorneys, it would be nifty if we in the IT world got some practical…
Data Security, Varonis News

Announcing Varonis Edge – to the Perimeter and Beyond

Email, web, and brute force attacks are the primary ways that malware gets through your defenses.  The Yahoo hacker’s favorite technique? VPN. The Sony hack? Phishing emails.  Remote Access Trojans? DNS. We’ve spent over a decade working on protecting core data stores – we’re now extending that data security to the perimeter by using telemetry from VPN concentrators and DNS servers to spot signs of attack like DNS tunneling, account hijacking, and stolen VPN credentials.…
Data Security

[Podcast] Rita Gurevich, CEO of SPHERE Technology Solutions

Long before cybersecurity and data breaches became mainstream, founder and CEO of SPHERE Technology Solutions, Rita Gurevich built a thriving business on the premise of assisting organizations secure their most sensitive data from within, instead of securing the perimeter from outside attackers. And because of her multi-faceted experiences interacting with the C-Suite, technology vendors, and others in the business community, we thought listening to her singular perspective would be well worth our time. What stood…
IT Pros

Defining Deviancy With User Behavior Analytics

For over the last 10 years, security operations centers and analysts have been trading indicators of compromise (IoC), signatures or threshold-based signs of intrusion or attempted intrusion, to try to keep pace with the ever-changing threat environment. It’s been a losing battle. During the same time, attackers have become ever more effective at concealing their activities. A cloaking technique, known as steganography, has rendered traditional signature and threshold-based detective measures practically useless. In response, the…
Data Security

Why A Honeypot Is Not A Comprehensive Security Solution

A core security principle and perhaps one of the most important lesson you’ll learn as a security pro is AHAT, “always have an audit trail”. Why? If you’re ever faced with a breach, you’ll at least know what, where, and when. And some laws and regulations require audit trails as well. To assist, there’s a smorgasbord of tools to help you monitor devices, systems, apps and logs. Since these tools monitor networks on a 24×7…
Varonis News

5 Last Minute Halloween Costume Ideas for IT

We’ve all been there. Late night. Cold as a witch’s tomb. Deep within the catacombs of the Datacenter. You hear a loud noise and are relieved when it turns out to be a demonic entity from an alternate plane of existence forcing itself into our world and not something genuinely frightening like a RAID enclosure seizing up or a rack toppling over. But this can only mean one thing: it’s Halloween and here you are…
Data Security

[Podcast] The Moral Obligation of Machines and Humans

Critical systems once operated by humans are now becoming more dependent on code and developers. There are many benefits to machines and automation such as increased productivity, quality and predictability. But when websites crash, 911 systems go down or when radiation-therapy machines kill patients because of a software error, it’s vital that we rethink our relationship with code and as well as the moral obligation of machines and humans. Should developers who create software that…
IT Pros, Varonis News

I’m Mike Thompson, Commercial Sales Engineer at Varonis, and This is How ...

In March of 2015, Mike Thompson joined the Commercial Sales Engineer (CSE) team. From then on, he has been responsible for demonstrating Varonis products to potential customers, installing and configuring the software for both evaluation and production implementations, leading customer training sessions, and making sure customers are getting value out of the Varonis solutions. This role allows him to talk to people from different parts of the country, getting a glimpse of how companies of…
IT Pros

My Big Fat Data Breach Cost Post, Part III

How much does a data breach cost a company? If you’ve been following this series, you’ll know that there’s a huge gap between Ponemon’s average cost per record numbers and the Verizon DBIR’s (as well other researcher’s). Verizon was intentionally provocative in its $.58 per record claim. However, Verizon’s more practical (and less newsworthy) results were based on using a different model that derived average record costs more in line with Ponemon’s analysis. The larger…
Compliance & Regulation

GDPR By Any Other Name: The UK’s New Data Protection Bill

Last month, the UK published the final version of a law to replace its current data security and privacy rules. For those who haven’t been following the Brexit drama now playing in London, the Data Protection Bill or DPB will allow UK businesses to continue to do business with the EU after its “divorce” from the EU. The UK will have data rules that are effectively the same as the EU General Data Protection Regulation…