For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
Compliance & Regulation, Data Security, Varonis News

Introducing Our New DataPrivilege API and a Preview of Our Upcoming GDPR Pa...

GDPR Patterns Preview We’re less than a year out from EU General Data Protection Regulation (GDPR) becoming law, and hearing that our customers are facing more pressure than ever to get their data security policies ready for the regulation.  To help enterprises quickly meet GDPR, we’re introducing GDPR Patterns with over 150 patterns of specific personal data that falls in the realm of GDPR, starting with patterns for 19 countries currently in the EU (including…
Data Security

Working With Windows Local Administrator Accounts, Part II

Before we delve into Restricted Groups, I thought it might be worthwhile to take a closer look at how hackers take advantage of Administrator passwords. For Pass-the-Hash fans, this post will show you how hashes can be used even with local accounts. I also had a chance to try Windows Local Administrator Passwords Solution or LAPS. Spoiler alert: LAPS scares me a little. Passing Local Hashes After writing the first post, I realized that you don’t…
Compliance & Regulation

A Few Thoughts on Data Security Standards

Did you know that the 462-page NIST 800-53 data security standard has 206 controls with over 400 sub-controls1?  By the way, you can gaze upon the convenient XML-formatted version here. PCI DSS is no slouch either with hundreds of sub-controls in its requirements’ document. And then there’s the sprawling IS0 27001 data standard. Let’s not forget about security frameworks, such as COBIT and NIST CSF, which are kind of meta-standards that map into other security…
Data Security

Working With Windows Local Administrator Accounts, Part I

In writing about hackers and their techniques, the issue of Windows local Administrator accounts often comes up. Prior to Windows 7, the Administrator account was created by default with no password. This was not a good security practice, and hackers have been taking advantage ever since. Starting in Windows 7, the local Administrator accounts were disabled by default. And you should disable them in your domain regardless of which Windows OS you have! But for…
Data Security

How to Better Structure AWS S3 Security

If the new IT intern suggests that you install a publicly accessible web server on your core file server – you might suggest that they be fired. If they give up on that, but instead decide to dump the reports issuing from your highly sensitive data warehouse jobs to your webserver – they’d definitely be fired. But things aren’t always so clear in the brave new world of the cloud – where services like Amazon’s…
Data Security

[Podcast] Blackhat Briefings That Will Add to Your Tool Belt

We’re counting down to Blackhat USA to attend one of the world’s leading information security conference to learn about the latest research, development and trends. We’ll also be at booth #965 handing out fabulous fidget spinners and showcasing all of our solutions that will help you protect your data from insider threats and cyberattacks. In this podcast episode, we discussed not only sessions you should attend, but also questions to ask that will help you reduce…
Data Security

Global Manufacturer Relies on DatAdvantage as it Moves to the Cloud

Dayton Superior is a leading manufacturer for the non-residential concrete construction industry. With thousands of products used in more than one million buildings, bridges and other structures worldwide, Dayton Superior has an ongoing need to monitor and protect information on its network. The Ohio-based company first began using DatAdvantage several years ago after a major acquisition in which company’s employees were merged into a single IT environment. DatAdvantage gave Dayton Superior deep visibility into the…
Data Security

[Podcast] Cyber Threats Are Evolving and So Must Two-Factor

Finally, after years of advocacy many popular web services have adopted two-factor authentication (2FA) as a default security measure. Unfortunately, as you might suspect attackers have figured out workarounds. For instance, attackers that intercept your PIN in a password reset man-in-the-middle attack. So what should we do now? As the industry moves beyond 2FA, the good news is that three-factor authentication is not on the shortlist as a replacement. Google’s identity systems manager, Mark Risher…
Data Security

[Podcast] Budgets and Ethics

Right now, many companies are planning 2018’s budget. As always, it is a challenge to secure enough funds to help with IT’s growing responsibilities. Whether you’re a nonprofit, small startup or a large enterprise, you’ll be asked to stretch every dollar. In this week’s podcast, we discussed the challenges a young sysadmin volunteer might face when tasked with setting up the IT infrastructure for a nonprofit. And for a budget interlude, I asked the panelists…
Data Security, IT Pros

Brute Force: Anatomy of an Attack

The media coverage of NotPetya has hidden what might have been a more significant attack: a brute force attack on the UK Parliament.  While for many it was simply fertile ground for Twitter Brexit jokes, an attack like this that targets a significant government body is a reminder that brute force remains a common threat to be addressed. It also raises important questions as to how such an attack could have happened in the first…
Customer Success

Getting the Most Out of Data Transport Engine

If you don’t need it, get rid of it. If it’s sensitive, make sure sure it’s in the right place, and only accessible to those who need it. Old files are expensive and risky, which is why we have retention and disposition policies for what should happen to data that we don’t need anymore. The Data Transport Engine (DTE) is a component of the Varonis Data Security Platform that lets you automate these kinds of…
Data Security

[Podcast] Is Data Worth More Than Money?

When it comes to infosecurity, we often equate treating data like money. And rightfully so. After all, data is valuable. Not to mention the human hours devoted to safeguarding an organization’s data. However, when a well-orchestrated attack happens to destroy an organization’s data, rather than for financial gain, we wondered if data is really worth more than money. Sure you can quantify the cost of tools, equipment, hours spent protecting data, but what about intellectual…