For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
Data Security

Day Tripping in the Amazon AWS Cloud, Part I: Security Overview

I’ve been an occasional user of “the cloud”, a result of working out some data security ideas and threat scenarios in the Amazon EC2 environment. I played at being a system admin while setting up a domain with a few servers, and configuring Active Directory on a controller. My focus was on having a Windows environment that I could do some pen testing. But there’s more to Amazon Web Services (AWS) than EC2 computing environments,…
Compliance & Regulation

[White Paper] Let Varonis Be Your EU GDPR Guide

Everyone knows that when you travel to a strange new country, you need a guide. Someone to point out the best ways to move around, offer practical tips on local customs, and help you get the most out of your experience. The EU General Data Protection Regulation (GDPR) is a country with its own quirky rules (and steep fines if you don’t do things just right). So may we suggest using Varonis to help you…
Compliance & Regulation

New SEC Guidance on Reporting Data Security Risk

In our recent post on a 2011 SEC cybersecurity guidance, we briefly sketched out what public companies are supposed to be doing in terms of informing investors about risks related to security threats and actual incidents. As it happens, late last month the SEC issued a further guidance on cybersecurity disclosures, which “reinforces and expands” on the older one. Coincidence? Of course! But it’s a sign of the times that we’re all thinking about how…
Data Security
shadow of man walking behind glass walls

What is a Rootkit? How Can You Detect it?

“Geez, my computer is really running slow all of a sudden.” “Hmm, I don’t recall seeing this odd application in my task manager before.” If you have ever asked these questions, there is a chance you caught a rootkit virus. One of the most infamous rootkits, Stuxnet, targeted the Iranian nuclear industry, infecting 200,000 computers and physically degraded 1,000 machines inside Iran’s uranium enrichment facilities. What is a Rootkit? Rootkits are the toolboxes of the…
Data Security

The Difference Between E3 and E5 Office365 Features

Microsoft’s Enterprise Mobility and Security offerings are additional sets of security services that can be purchased to help control, audit and protect the data and users of Microsoft’s Azure and Office 365 products. If you’re an enterprise that is concerned about data breaches, ransomware or insider threats, it’s unlikely that you would not upgrade your base (E3) Azure license to the slightly more expensive but worthwhile E5. Note: It’s a licensing distinction, not a technical…
Compliance & Regulation

North Carolina Proposes Tougher Breach Notification Rules

If you’ve been reading our amazing blog content and whitepaper on breach notification laws in the US and worldwide, you know there’s often a hidden loophole in the legalese. The big issue — at least for data security nerds — is whether the data security law considers mere unauthorized access of personally identifiable information (PII) to be worthy of a notification. This was a small legal point until something called ransomware came along. You have…
Compliance & Regulation, Data Security

How to Discover GDPR Data With Varonis

GDPR goes into effect in less than 85 days – but there’s still time to prepare. The first step in getting ready for the upcoming deadline is to discover and classify your GDPR data. More often than not, we’re seeing that customers have much more GDPR eligible data than they thought they had – or even knew existed. A recent GDPR Readiness Assessment for a mid-sized insurance company revealed some eye-opening results. In the below…
Data Security

GDPR Data Protection Supervisory Authority Listing

The DPA (Data Protection Authority) is the agency within each European Union country that is responsible for GDPR (General Data Protection Regulation) assistance and enforcement. What’s the difference between a Data Protection Authority and a Supervisory Authority? A Data Protection Authority handles reports of data breaches, mediates issues like data subject access requests and works to educate their country about best practices in keeping digital data secure. The Supervisory Authority is which particular Data Protection…
Data Security
computer with data

Do Americans Ever Change Their Passwords?

Just how cautious are Americans when it comes to cybersecurity? In today’s hyper-connected, highly-digitized society, data breaches are becoming increasingly commonplace. And they affect both corporations and individuals. In 2017 alone, the Equifax breach — considered by some to be the worst security breach in recent history — put 145.5 million Americans at risk of exposed information and identity theft. Additionally, a Gmail phishing attack last year put 1 million users at risk of exposed…
IT Pros

Adventures in Fileless Malware, Part IV: DDE and Word Fields

For this next post, I was all ready to dive into a more complicated fileless attack scenario involving multiple stages and persistence. Then I came across an incredibly simple code-free attack — no Word or Excel macro required! — that far more effectively proves the underlying premise in this series: it ain’t that hard to get past the perimeter. The first attack I’ll describe is based on a Microsoft Word vulnerability involving the archaic Dynamic…
Data Security

GDPR Requirements in Plain English

You just want to answer the question: “What do I need to do for GDPR?” Maybe you’ve worked your way through a few online quizzes to test for GDPR readiness or skimmed an article that made some vague suggestions. You might even have attempted to read the source European Parliament on General Data Protection Regulation 4.5.2016 L 119/1 only to find that the human nervous system was designed to violently reject exposure to such dense…
Compliance & Regulation

Post-Davos Thoughts on the EU NIS Directive

I’ve been meaning to read the 80-page report published by the World Economic Forum (WEF) on the global risks humankind now faces. They’re the same folks who bring you the once a year gathering of the world’s bankers and other lesser humanoids held at a popular Swiss ski resort. I was told there was an interesting section on … data security. And there was. Data security is part of a report intended to help our world…