Yahoo Breach: Pros react to massive breach impacting hundreds of millions of users

Yahoo has confirmed a data breach affecting at least 500 million users in the latest mega breach to make headlines. Here’s what some infosec pros had to say about it. If Yahoo waited ~2mo to inform Verizon of the breach, that says interesting things about the acquisition negotiations during that period. — Jeremiah Grossman (@jeremiahg) September […]

Continue Reading →

Why the OPM Breach Report is a call-to-action for CSOs to embrace data-centric security

The Committee on Oversight and Government Reform released a fascinating 231-page report detailing the how and why behind the epic breach at the United States Office of Personnel Management. Richard Spires, the former CIO of the IRS and DHS, remarked on OPM’s failure to take a data-centric approach to information security: “[I]f I had walked […]

Continue Reading →

Protecting Bridget Jones’s Baby

miramax__120329094238

In the wake of the Sony Pictures breach, studios are getting much smarter when it comes to data protection. A shining example is Miramax, a global film and television studio best known for its award-winning and original content such as 2016’s Bridget Jones’s Baby with Universal Pictures and Studio Canal. Read the full case study ⟶ Miramax was […]

Continue Reading →

The Best Ransomware Defense: Limiting File Access

pexels-photo-90099

If ransomware lands on your machine, but can’t find your files, are you really infected? This isn’t a philosophical thought experiment, I promise.  Let me explain. Keeping data off your endpoints A common paradigm in IT for many years has been to keep user data on network drives–departmental shares, home folders, etc. Not only do network […]

Continue Reading →

21 Free Tools Every SysAdmin Should Know

pexels-photo-29596-large

Knowing the right tool to the right job is something that can save you hours of extra work and tedium. We’ve compiled a list of of some of the best general purpose sysadmin tools for troubleshooting, testing, communicating and fixing the systems that you need to keep running. WireShark http://www.wireshark.org/ Wireshark is the world’s foremost […]

Continue Reading →

Email security in the wake of #DNCLeaks

DatAlert

Back in December, our #1 prediction for 2016 was that the U.S. Presidential campaign would be impacted by a cyber attack. And here we are. Watching the fallout from #DNCLeaks it’s evident just how devastating email breaches can be. For many organizations email is the most sensitive asset they have, yet monitoring for anomalous access […]

Continue Reading →

The Difference Between Active Directory and LDAP

Active Directory (AD) is a directory service made by Microsoft. It provides all sorts of functionality like authentication, group and user management, policy administration and more. LDAP is a way of speaking to Active Directory. LDAP, which stands for Lightweight Directory Access Protocol, is a means for querying items in any directory service that supports […]

Continue Reading →

Football player hacked live during NFL draft

Experts had Laremy Tunsil flagged as one of the top prospects in Thursday night’s NFL draft. But shortly before the opening pick, something disturbing happened. An incriminating video tweeted from Tunsil’s own verified Twitter account showed the Ole Miss star smoking a “marijuana-like substance” from a gas mask. It quickly became clear that Tunsil’s account […]

Continue Reading →

The DROWN Attack

pexels-photo

First Heartbleed, then Poodle, now DROWN. Yet another SSL vulnerability. Here’s what you need to know. With DROWN, a rather significant portion of the web (mail servers, VPNs, etc.) are open to an attack that, while tricky to execute, can decrypt a securely encrypted TLS connection. Researchers estimate more than 3.5 million HTTPS servers are […]

Continue Reading →

Varonis DatAnswers is GA

DatAnswers

Our newest product, DatAnswers, was made generally available on December 15th. Now that the New Year’s change freeze is behind us, why not try it free for 30 days? Wait, what is DatAnswers? A secure, highly efficient, affordable enterprise search engine for file shares and SharePoint. Why would Varonis make a search engine? Not only […]

Continue Reading →

Miscommunication as a Cybersecurity Threat

Blank computer screen

There was a great interview in WSJ this weekend with Blackstone’s CISO Jay Leek.  They asked Mr. Leek a question that I love asking people in high-level security roles: WSJ: What most worries you? LEEK: The No. 1 most significant risk to every organization is your well-intentioned, nonmalicious insider who is trying to do the […]

Continue Reading →