For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
Data Security

Practical Powershell For IT Security, Part II: File Access Analytics (FAA)

In working on this series, I almost feel that with PowerShell we have technology that somehow time-traveled back from the future. Remember on Star Trek – the original of course — when the Enterprise’s CTO, Mr. Spock, was looking into his visor while scanning parsecs of space? The truth is Spock was gazing at the output of a Starfleet-approved PowerShell script. Tricorders? Also powered by PowerShell. Yes, I’m a fan of PowerShell, and boldly going…
Data Security

[Podcast] When Our Reality Becomes What the Data Says

In our “always-on” society, it’s important that our conversation on IoT security continues with the question of data ownership. It’s making its way back into the limelight when Amazon, with the defendant’s permission, handed over user data in a trial. Or what about that new software that captures all the angles from your face to build your security profile? Your face is such an intimate aspect to who you are, should we reduce that intimacy down…
Data Security

Varonis Cited by Forrester for Data Classification Capabilities

When I signed up for home insurance, I remember filling out a worksheet that forced me to catalog all the important, expensive and irreplaceable items within the property so we could make an accurate prediction of the costs to replace them if something were to happen, like theft or arson. This is similar to the same kind of analysis organizations should be doing with their data. Asking ourselves: What information am I storing? Where is…
Compliance & Regulation

Cybercrime Laws Get Serious: Canada’s PIPEDA and CCIRC

In this series on governmental responses to cybercrime, we’re taking a look at how countries through their laws are dealing with broad attacks against IT infrastructure beyond just data theft. Ransomware and DDoS are prime examples of threats that don’t necessarily fit into the narrower definition of breaches found in PII-focused data security laws. That’s where special cybercrime rules come into play. In the first post, we discussed how the EU’s Network and Information Security…
Data Security

Varonis eBook: Pen Testing Active Directory Environments

You may have been following our series of posts on pen testing Active Directory environments and learned about the awesome powers of PowerView. No doubt you were wowed by our cliffhanger ending — spoiler alert — where we applied graph theory to find the derivative admin! Or maybe you tuned in late, saw this post, and binge read the whole thing during snow storm Nemo. In any case, we know from the many emails we received…
Data Security

[Podcast] How Infosec Can Implement Diversity & Inclusion Programs to ...

Data breaches keep on happening, information security professionals are in demand more than ever. Did you know  that there is currently a shortage of one million infosec pros worldwide? But the solution to this “man-power” shortage may be right in front of and around us. Many believe we can find more qualified workers by investing in Diversity & Inclusion programs. According to Angela Knox, Engineering Director at Cloudmark, “We’re missing out on 50% of the…
Data Security

[Podcast] Security Courts the Internet of Things

As more physical devices connect to the internet, I wondered about the responsibility IoT manufacturers have in building strong security systems within devices they create. There’s nothing like a lapse in security that could potentially halt the growth of a business or bring more cybersecurity awareness to a board. I discussed these matters with this week’s Inside Out Security Show panel – Forrest Temple, Kilian Englert and Mike Buckbee. First in line to be discussed…
IT Pros

Practical PowerShell for IT Security, Part I: File Event Monitoring

Back when I was writing the ultimate penetration testing series to help humankind deal with hackers, I came across some interesting PowerShell cmdlets and techniques. I made the remarkable discovery that PowerShell is a security tool in its own right. Sounds to me like it’s the right time to start another series of PowerShell posts. We’ll take the view in these posts that while PowerShell won’t replace purpose-built security platforms — Varonis can breathe easier…
Customer Success

City of San Diego Uses the Varonis Data Security Platform to Defend Against...

The City of San Diego provides city services to more than 1.3 million people who live and work in Southern California. To provide these services, the City operates 24 networks, about 40,000 endpoints spread across the county and 14,000 desktops in everything from police cars, trash trucks and city buildings. In order to continue to defend against the half a million cyberattacks a day, including 10-15 ransomware assaults, the City realized they needed a solution…
Data Security

[Podcast] More Scout Brody: Bringing Design Thinking to IoT

By now, we’ve all seen the wildly popular internet of things devices flourish in pop culture, holding much promise and potential for improving our lives. One aspect that we haven’t seen are IoT devices that not connected to the internet. In our follow-up discussion, this was the vision Simply Secure‘s executive director Scout Brody advocates, as current IoT devices don’t have a strong foundation in security. She points out that we should consider why putting a full…
Data Security

[Podcast] Proper Breach Notification

I recently came across an article that gave me pause, “Why Data Breaches Don’t Hurt Stock Prices.” If that’s the case and if a breach doesn’t impact the sale of a company, does security matter? So I asked the Inside Out Security Panel – Forrest Temple, Mike Buckbee and Kilian Englert. They gently reminded me that there’s more than just the stock price to look at – brand, trust, as well as pending lawsuits. In…
Data Security

G’Day, Australia Approves Breach Notification Rule

Last month, Australia finally amended its Privacy Act to now require breach notification. This proposed legislative change has been kicking around the Federal Government for a few years. Our attorney friends at Hogan Lovells have a nice summary of the new rule. The good news here is that Australia defines a breach broadly enough to include both unauthorized disclosure and access of personal information. Like the GDPR, Australia also considers personal data to be any information…