Pen Testing Active Directory

You may have been following our series of posts on pen testing Active Directory environments and learned about the awesome powers of PowerView. No doubt you were wowed by our cliffhanger ending — spoiler alert — where we applied graph theory to find the derivative admin!

We know from the many emails we received that you demanded a better ‘long-form’ content experience. After all, who’d want to read about finding hackable vulnerabilities using Active Directory while being forced to click six-times to access the entire series?

Thanks to the miracle of PDF technology, we’ve compressed the entire series into an easy-to-ready, comfy ebook format. Best of all, you can scroll through the entire contents without having to touch messy hyperlinks.

Get The Ebook Now
Or check it all out online, here.
Data Security

[Podcast] Security and Privacy Concerns with Chatbots, Trackers, and more

The end of the year is approaching and security pros are making their predictions for 2018 and beyond. So are we! This week, our security practitioners predicted items that will become obsolete because of IoT devices. Some of their guesses – remote controls, service workers, and personal cars. Meanwhile, as the business world phase out old technologies, some are embracing the use of new ones. For instance, many organizations today use chatbots. Yes, they’ll help…
Data Security

New Survey Reveals GDPR Readiness Gap

With just a few months left to go until the EU General Data Protection Regulation (GDPR) implementation deadline on May 25, 2018, we commissioned an independent survey exploring the readiness and attitudes of security professionals toward the upcoming standard. The survey, Countdown to GDPR: Challenges and Concerns, which polled security professionals in the UK, Germany, France and U.S., highlights surprising GDPR readiness shortcomings, with more than half (57%) of professionals still concerned about compliance. Findings…
Compliance & Regulation
risk assessment video

[Video] Varonis GDPR Risk Assessment   

Are you ready for GDPR ? According to our survey of 500 IT and risk management decision makers, three out of four are facing serious challenges in achieving compliance when GDPR becomes effective on May 25 2018. Varonis can help. A good first step in preparing for GDPR is identifying where EU personal data resides in the file system, and then checking that access permissions are set appropriately. But wait, EU personal data identifiers span…
Data Security

Interview With Wade Baker: Verizon DBIR, Breach Costs, & Selling Board...

Wade Baker is best known for creating and leading the Verizon Data Breach Investigations Report (DBIR). Readers of this blog are familiar with the DBIR as our go-to resource for breach stats and other practical insights into data protection. So we were very excited to listen to Wade speak recently at the O’Reilly Data Security Conference. In his new role as partner and co-founder of the Cyentia Institute, Wade presented some fascinating research on the…
Compliance & Regulation

Do Your GDPR Homework and Lower Your Chance of Fines

Advice that was helpful during your school days is also relevant when it comes to complying with the General Data Protection Regulation (GDPR): do your homework because it counts for part of your grade! In the case of the GDPR, your homework assignments involve developing and implementing privacy by design measures, and making sure these policies are published and known about by management. Taking good notes and doing homework assignments came to my mind when…
Data Security

[Podcast] The Challenges and Promise of Digital Drugs

Recently the Food and Drug Administration approved the first digital pill. This means that medicine embedded with a sensor can tell health care providers – doctors and individuals the patient approves – if the patient takes his medication. The promise is huge. It will ensure a better health outcome for the patient, giving caretakers more time with the ones they love. What’s more, by learning more about how a drug interacts with a human system,…
Compliance & Regulation

[Podcast] Privacy Attorney Tiffany Li and AI Memory, Part II

Tiffany C. Li is an attorney and Resident Fellow at Yale Law School’s Information Society Project. She frequently writes and speaks on the privacy implications of artificial intelligence, virtual reality, and other technologies. Our discussion is based on her recent paper on the difficulties of getting AI to forget. In this second part, we continue our discussion of GDPR and privacy, and examine ways to bridge the gap between tech and law. We then explore…
IT Pros

Top Azure Active Directory Tutorials

 in IT Pros
Remember a few years ago when security pros and IT admins were afraid to store business files on the cloud? Today, the circumstances are different. I recently spoke with an engineer and he said he’s getting more questions about the cloud than ever before. What’s more, according to Microsoft, 86% of Fortune 500 companies use Microsoft cloud services –  Azure, Office 365, CRM Online etc – all of which sit on Azure AD. And so…
Data Security

[Podcast] Privacy Attorney Tiffany Li and AI Memory, Part I

Tiffany Li is an attorney and Resident Fellow at Yale Law School’s Information Society Project. She frequently writes about the privacy implications of artificial intelligence, virtual reality, and other disruptive technologies. We first learned about Tiffany after reading a paper by her and two colleagues on GDPR and the “right to be forgotten”. It’s an excellent introduction to the legal complexities of erasing memory from a machine intelligence. In this first part of our discussion, we talk…
Data Security

8 Tips to Surviving the Data Security Apocalypse

These days, working in data security can feel like surviving a zombie apocalypse – mindless hordes of bots and keyloggers are endlessly attempting to find something to consume. Just like in “The Walking Dead,” these zombies are an ancillary threat to other humans. The bots and keyloggers are pretty easy to defeat: it’s the human hackers that are the real threat. How prepared are you to deal with the real threats out there? Get Global…
Data Security

After Equifax and WannaCry: New Survey on Security Practices and Expectati...

You’ve seen the headlines: Breaches are hitting high-profile organizations almost daily. After major events — the WannaCry and NotPetya outbreaks, and most recently the Equifax breach — we wanted to know if professionals responsible for cybersecurity in their organizations are shoring up their security, what approaches they are taking, and if they believe they are prepared for the next big attack. Today we release the results of a new independent survey: After Equifax and WannaCry:…
Data Security

Maximize your ROI: Maintaining a Least Privilege Model

TL;DR: Managing permissions can be expensive. For a 1,000 employee company, the overhead of permissions request tickets can cost up to $180K/year. Automating access control with DataPrivilege can save $105K/year or more and reduce risk. Read on to see the math. One of the most important requirements of implementing a data security plan in today’s breach-a-day era is to implement and maintain a least privilege model across your enterprise. The principle of least privilege says…