The Mirai Botnet Attack and Revenge of the Internet of Things


Once upon a time in early 2016, we were talking with pen tester Ken Munro about the security of IoT gadgetry — everything from wireless doorbells to coffee makers and other household appliances. I remember his answer when I asked about basic security in these devices. His reply: “You’re making a big step there, which […]

Continue Reading →

When Security Is Low, How Do We Go High?

Processed with MOLDIV

Our inspiration for this week’s show was Michelle Obama’s popular catchphrase, “When they go low, you go high.” Don’t worry, our next episode will also have a fun Republican catchphrase. In this episode, the Inside Out Security Show panel – Kilian Englert, Kris Keyser, and Forrest Temple – discussed how low the security of our favorite […]

Continue Reading →

The Difference Between Share and NTFS Permissions


Last week when I wrote about managing privileged accounts, I knew I had to write about share and NTFS permissions. Understanding the difference is critical to sharing local resources with others on the network.  They function completely separate from each other but serve the same purpose – preventing unauthorized access. Share When you share a […]

Continue Reading →

SQL Server Best Practices, Part II: Virtualized Environments


This is a multi-part series on SQL Server best practices. Read part I here. It is 2016 and some people still think SQL Server cannot be run on a virtual machine. SQL Server can successfully run in a VM but SQL is resource-intensive by nature and so if you are going to virtualize SQL then […]

Continue Reading →

VIP Data Security Lessons From the Hack of Colin Powell’s Personal Email Account


Are C-levels, high-government officials, and other power elite really all that different than the rest of us? We now know after email hacks involving former Secretary of State Colin Powell’s Gmail account, former CIA director John Brennan’s AOL account, and the Gmail account of John Podesta, a top advisor to the Democrats, that they are, but not for the […]

Continue Reading →

How to Manage Your Privileged Accounts and Protect Your Crown Jewels


When a breach happens, the first question people ask is, “What did the company do wrong?” The short answer is: it depends. However, we do know one mistake many companies unknowingly make is allowing regular users access to the local administrator account. And hackers take advantage of that. “Hackers are trying to get in, and […]

Continue Reading →

HIPAA and Cloud Provider Refresher


As far as regulators are concerned, the cloud has been a relatively recent occurrence. However, they’ve done a pretty good job in dealing with this ‘new’ computing model.  Take HIPAA. We wrote that if a cloud service processes or stores protected health information (PHI), it’s considered in HIPAA-ese, a business associate or BA. As you […]

Continue Reading →

Varonis Earns Recognition in Computing Security Awards 2016


We are proud to announce that we have been recognized by Computing Security Awards 2016 in the following two award categories: Auditing / Reporting Solution of the Year – Varonis DatAdvantage Security Project of the Year – Private Sector – Union Bank UK PLC / Varonis The Awards Ceremony took place on Thursday October 13, […]

Continue Reading →

21st Century Cyber Wars: Defense Lags Offense


We don’t often get to see data security and cyber attacks discussed in detail on a top-rated national talk show, but that was the case last week. John Carlin, Assistant Attorney General for National Security, talked to Charlie Rose about cyber espionage, attack attribution, insider threats, and prevention. Even for those of us in the […]

Continue Reading →

IoT Pen Tester Ken Munro: Security Holes (Part 1)


If you want to understand the ways of a pen tester, Ken Munro is a good person to listen to. An info security veteran for over 15 years and founder of UK-based Pen Test Partners, his work in hacking into consumer devices — particularly coffee makers — has earned lots of respect from vendors. He’s […]

Continue Reading →

IT Concerns Country to Country: Ponemon Institute Study


Varonis recently released the third and final part of a study about data protection and enterprise security with the Ponemon Research institute: Differences in Security Practices and Vigilance across UK, France, Germany and US. This report compares survey responses of more than 3,000 IT professionals and end-user employees in UK, France, Germany and US. The […]

Continue Reading →