HIPAA and Cloud Provider Refresher

cloud

As far as regulators are concerned, the cloud has been a relatively recent occurrence. However, they’ve done a pretty good job in dealing with this ‘new’ computing model.  Take HIPAA. We wrote that if a cloud service processes or stores protected health information (PHI), it’s considered in HIPAA-ese, a business associate or BA. As you […]

Continue Reading →

Varonis Earns Recognition in Computing Security Awards 2016

blog-awards

We are proud to announce that we have been recognized by Computing Security Awards 2016 in the following two award categories: Auditing / Reporting Solution of the Year – Varonis DatAdvantage Security Project of the Year – Private Sector – Union Bank UK PLC / Varonis The Awards Ceremony took place on Thursday October 13, […]

Continue Reading →

21st Century Cyber Wars: Defense Lags Offense

war-games

We don’t often get to see data security and cyber attacks discussed in detail on a top-rated national talk show, but that was the case last week. John Carlin, Assistant Attorney General for National Security, talked to Charlie Rose about cyber espionage, attack attribution, insider threats, and prevention. Even for those of us in the […]

Continue Reading →

IoT Pen Tester Ken Munro: Security Holes (Part 1)

pen-testing

If you want to understand the ways of a pen tester, Ken Munro is a good person to listen to. An info security veteran for over 15 years and founder of UK-based Pen Test Partners, his work in hacking into consumer devices — particularly coffee makers — has earned lots of respect from vendors. He’s […]

Continue Reading →

IT Concerns Country to Country: Ponemon Institute Study

blog-pic

Varonis recently released the third and final part of a study about data protection and enterprise security with the Ponemon Research institute: Differences in Security Practices and Vigilance across UK, France, Germany and US. This report compares survey responses of more than 3,000 IT professionals and end-user employees in UK, France, Germany and US. The […]

Continue Reading →

The Federal Trade Commission Likes the NIST Cybersecurity Framework (and You Should Too)

infrastructure

Remember the Cybersecurity Framework that was put together by the folks over at the National Institute of Standards and Technology (NIST)?  Sure you do! It came about because the US government wanted to give the private sector, specifically the critical infrastructure players in transportation and energy, a proven set of data security guidelines. The Framework […]

Continue Reading →

Are Wikileaks and ransomware the precursors to mass extortion?

pexels-photo-1

Despite Julian Assange’s promise not to let Wikileaks’ “radical transparency” hurt innocent people, an investigation found that the whistleblowing site has published hundreds of sensitive records belonging to ordinary citizens, including medical files of rape victims and sick children. The idea of having all your secrets exposed, as an individual or a business, can be […]

Continue Reading →

Six Degrees of Kevin Bacon (Security Edition)

six-degrees

Since security pertains to everyone, in this episode of the IOSS we challenged ourselves to tie security back to Kevin Bacon. You might have to give us a few passes, but the connection is still strong. Keira Knightley: Earlier this year, a man applied for credit account at Best Buy using Keira Knightley’s driver’s license information. […]

Continue Reading →

NSA Contractor Arrest Reinvigorates Interest in Insider Threat

Processed with VSCO with c4 preset

Despite efforts to reform its security after the Edward Snowden breach three years ago, the NSA announced another security breach involving one of its own contractors, Harold Thomas Martin III. This latest bombshell suggests continued vulnerabilities at our nation’s spookiest agency. In an effort to better guard the government’s sensitive data, White House spokesman Josh […]

Continue Reading →

When a Cyber Attack Is a Political Weapon

hack

We’re not surprised when hackers attack companies to scoop up credit card numbers or to cause IT disruption. If they’re state sponsored, they may target organizations to pull out intellectual property – military secrets or other sensitive information — as part of a cyber-espionage program. But hackers associated with a party (or state) hacking into another […]

Continue Reading →

Zero Trust Security: Tough Love for Your Employees

zero-trust

“Users inside a network are no more trustworthy than users outside a network” That’s a quote from the Oversight and Government Reform Committee in the latest 231-page OPM breach report. The report highlights an important solution for preventing data breaches: implementing the Zero Trust Model. What is the Zero Trust Model? Developed in 2009 by […]

Continue Reading →