For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now

[Podcast] Dr. Ann Cavoukian on Privacy By Design

 in Privacy
I recently had the chance to speak with former Ontario Information and Privacy Commissioner Dr. Ann Cavoukian about big data and privacy. Dr. Cavoukian is currently Executive Director of Ryerson University’s Privacy and Big Data Institute and is best known for her leadership in the development of Privacy by Design (PbD). What’s more, she came up with PbD language that made its way into the GDPR, which will go into effect in 2018. First developed in the 1990s,…
Data Security

Pen Testing Active Directory Environments, Part IV: Graph Fun

If we haven’t already learned from playing six degrees of Kevin Bacon, then certainly Facebook and Linkedin have taught us we’re all connected. Many of the same ideas of connectedness also play out in Active Directory environments. In this post, we’ll start out where we left off last time in thinking about the big picture of Active Directory users and groups. Or more accurately pondering the big graph of Active Directory. And the game we’re…
Compliance & Regulation, Data Security

What We Learned From Talking to Data Security Experts

Since we’ve been working on the blog, Cindy and I have chatted with security professionals across many different areas — pen testers, attorneys, CDOs, privacy advocates, computer scientists, and even a guru. With 2016 coming to an end and the state of security looking more unsettled than ever, we decided it was a good time to take stock of the collective wisdom we’ve absorbed from these pros. The Theory of Everything A good place to…
Data Security

[Podcast] Fireside Chat with the Future

Over the past few weeks, we started seeing a few new security trends that we think haven’t yet had their defining moment and will likely see more of next year. And so we reflected on the predictions we made last year and shared our annual cybersecurity predictions for 2017. Meanwhile the Inside Out Security Show panel – Kilian Englert, Forrest Temple and Mike Buckbee – also speculated on a few things of their own based…
Varonis News

I’m Alan Cizenski, Corporate Systems Engineer at Varonis, and This is How I Work

Alan Cizenski is a Corporate Systems Engineer at Varonis. Based in our New York City office, he is responsible for making sure Varonis solutions work smoothly for our prospective customers. Alan helps them realize the value we can provide within their environment and maintain these relationships as they become customers. He’s also a regular panelist for the Inside Out Security show. Listen to him on our most recent episode, Is Security a Benefit or a Feature?…
Data Security

Ransomware: Legal Cheat Sheet for Breach Notification

You respond to a ransomware attack in many of the same ways you would to any other cyber attack. In short: have plans in place to analyze the malware, contain the damage, restore operations if need be, and notify any regulatory or enforcement authorities. And your legal, IT, and communications team should be working together in all your response efforts. Legal meet IT, IT meet legal. So far so good. But ransomware is a different…
Data Security, Varonis News

Can Our Crystal Ball Hack It? 2017 Varonis Cybersecurity Predictions

Everyone makes predictions at this time of year, but who looks back to check on their accuracy? Let’s have a look at some of last year’s omens before directing our forecast lens to 2017. Our first prediction for 2016: The U.S. Presidential campaign will be affected by a cyber attack. We were on to something here, but we should have said numerous attacks. From Wikileaks exposing internal campaign emails to allegations that Russia attempted to…
Data Security

[Podcast] Is Security a Benefit or a Feature?

I recently came across a tweet that was shared during the Infosecurity Magazine Conference in Boston,  “Security is a benefit, but not always a feature.” The reason? You can spend a lot of money and still be hacked or not spend a dime and not be hacked. How did the Inside Out Security Show panel react? Here’s what Mike Buckbee, Kilian Englert and Alan Cizenski had to say: Buckbee: It’s all tradeoffs. It’s all a…
Data Security, IT Pros

Pen Testing Active Directory Environments, Part III:  Chasing Power Users

For those joining late, I’m currently pen testing the mythical Acme company, now made famous by a previous pen testing engagement (and immortalized in this free ebook). This time around I’m using two very powerful tools, PowerView and crackmapexec, in my post-exploitation journey into Acme’s IT. Before we get into more of the details of hunting down privileged users, I wanted to take up one point regarding Active Directory mitigations that I touched on last…
Data Security
Internet Security Basics - How to Protect Yourself Online

Internet Security Basics: How to Protect Yourself Online

It’s the holidays, which means one thing if you’re in IT: dealing with eggnog related support tickets. It’s hard to get excited about a small holiday light display that comes around once a year when you spend weeks at a time in a large frosty room, sporting thousands of machines with dozens of flashing leds each. Well, Varonis has got you this year. We’ve developed a security course designed specifically for you to give to…
Data Security

[Podcast] Password Expert Per Thorsheim on Biometrics and Keystroke Dynamics

Based in Norway, Per Thorsheim is an independent security adviser for governments as well as organizations worldwide. He is also the founder of, an annual conference that’s all about passwords, PIN codes, and authentication. Launched in 2010, the conference invites security professionals & academic researchers to better understand and improve security. In part one of our discussion with Per, we examined two well-known forms of authentication – passwords and hardware.  In this segment, he talks about a lesser…
Data Security, IT Pros

New Mirai Attacks, But It’s Still About Passwords

Last week, Mirai-like wormware made the news again with attacks on ISPs in the UK. Specifically, customers of TalkTalk and PostOffice reported Internet outages. As with the last Mirai incident involving consumer cameras, this one also took advantage of an exposed router port. And by an amazing coincidence, some of the overall points about these ISP incidents were covered in two recent posts of ours: injection exploits are still a plague, and consumers should learn…