For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
Data Security

[Podcast] Are Users and Third-Party Vendors Frenemies?

In the midst of our nationwide debate on social media companies limiting third party apps’ access to user data, let’s not forget that companies have been publicly declaring who collects our data and what they do with it. Why? These companies have been preparing for GDPR, the new EU General Data Protection Regulation as it will go into effect on May 25th. This new EU law is a way to give consumers certain rights over…
Data Security

How to Protect GDPR Data with Varonis

In the overall data security paradigm, GDPR data isn’t necessarily more important than other sensitive data, but demands specific monitoring, policy, and processing – with significant fines to encourage compliance. Once you discover and identify GDPR data, you need to be able to secure and protect that data. GDPR Article 25, “Data Protection by Design and Default,” sets the rules for securing GDPR data. Varonis helps automate and implement a process to get to and…
Data Security, Privacy
Comparing social media privacy

Social Media Security: How Safe is Your Information?

In 2012 a massive cyber attack by a hacker named “Peace” exploited over 117 million LinkedIn users’ passwords. After the dust settled from the initial attack, new protocols were put in place and the breach was all but forgotten in the public eye, the same hacker reared their head again. Nearly five years later, “Peace” began releasing the stolen password information of the same LinkedIn users from the earlier hack. With millions of users’ data…
Data Security
swings on a swing set

Role Based Access Control (RBAC): What is it and Why Implement?

Can a stolen password get you the keys to the entire kingdom? Well, it turns out that 81% of data breaches in 2017 used stolen or weak passwords to get onto the network. We need to be better than that in 2018. We need to go back over our permissions standards and implement Role Based Access Control (RBAC) to keep users within their assigned seats on the network. Role Based Access Control (RBAC): What is…
Data Security

Day Tripping in the Amazon AWS Cloud, Part I: Security Overview

I’ve been an occasional user of “the cloud”, a result of working out some data security ideas and threat scenarios in the Amazon EC2 environment. I played at being a system admin while setting up a domain with a few servers, and configuring Active Directory on a controller. My focus was on having a Windows environment that I could do some pen testing. But there’s more to Amazon Web Services (AWS) than EC2 computing environments,…
Compliance & Regulation

[White Paper] Let Varonis Be Your EU GDPR Guide

Everyone knows that when you travel to a strange new country, you need a guide. Someone to point out the best ways to move around, offer practical tips on local customs, and help you get the most out of your experience. The EU General Data Protection Regulation (GDPR) is a country with its own quirky rules (and steep fines if you don’t do things just right). So may we suggest using Varonis to help you…
Compliance & Regulation

New SEC Guidance on Reporting Data Security Risk

In our recent post on a 2011 SEC cybersecurity guidance, we briefly sketched out what public companies are supposed to be doing in terms of informing investors about risks related to security threats and actual incidents. As it happens, late last month the SEC issued a further guidance on cybersecurity disclosures, which “reinforces and expands” on the older one. Coincidence? Of course! But it’s a sign of the times that we’re all thinking about how…
Data Security
shadow of man walking behind glass walls

Rootkit: What is a Rootkit and How to Detect it?

“Geez, my computer is really running slow all of a sudden.” “Hmm, I don’t recall seeing this odd application in my task manager before.” If you have ever asked these questions, there is a chance you caught a rootkit virus. One of the most infamous rootkits, Stuxnet, targeted the Iranian nuclear industry, infecting 200,000 computers and physically degraded 1,000 machines inside Iran’s uranium enrichment facilities. What is a Rootkit? Rootkits are the toolboxes of the…
Data Security

[White paper] 3 Ways Varonis Enhances Data Loss Prevention

Those who have tried data loss prevention (DLP) to limit the loss of intellectual property, healthcare data, financial data, and personally identifiable information typically don’t move beyond the beginning stages of discovering and monitoring data flows. In a recent DLP poll, Gartner analyst Anton Chuvakin found that two-thirds of poll participants were skeptical, believing that DLP “just cannot work”, “sort of, but too inefficient”, or “works only against unsophisticated threats”. What could be the problem?…
Data Security

[Podcast] Details Matter in Breaches and in Business

With one sensational data breach headline after another, we decided to take on the details behind the story because a concentrated focus on the headline tends to reveal only a partial dimension of the truth. For instance, when a bank’s sensitive data is compromised, it depends on how as well as the what. Security practitioner Mike Buckbee said, “It’s very different if your central data storage was taken versus a Dropbox where you let 3rd…
Data Security

The Difference Between E3 and E5 Office365 Features

Microsoft’s Enterprise Mobility and Security offerings are additional sets of security services that can be purchased to help control, audit and protect the data and users of Microsoft’s Azure and Office 365 products. If you’re an enterprise that is concerned about data breaches, ransomware or insider threats, it’s unlikely that you would not upgrade your base (E3) Azure license to the slightly more expensive but worthwhile E5. Note: It’s a licensing distinction, not a technical…
Compliance & Regulation

North Carolina Proposes Tougher Breach Notification Rules

If you’ve been reading our amazing blog content and whitepaper on breach notification laws in the US and worldwide, you know there’s often a hidden loophole in the legalese. The big issue — at least for data security nerds — is whether the data security law considers mere unauthorized access of personally identifiable information (PII) to be worthy of a notification. This was a small legal point until something called ransomware came along. You have…