For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
Data Security

Ransomware: What happens when the first layer of defense fails?

76% of respondents see ransomware as a major business threat today, according to a recent Information Security Media Group (ISMG) survey, “2017 Ransomware Defense Survey: The Empire Strikes Back,” aimed at understanding the true impact of ransomware on organizations. While this news isn’t worthy of breaking into the latest episode of Madame Secretary, what follows in the Varonis sponsored survey is an alarming disconnect between perception and reality of how these attacks happen and how…
Compliance & Regulation

Data Security Compliance and DatAdvantage, Part I:  Essential Reports for ...

Over the last few years, I’ve written about many different data security standards, data laws, and regulations. So I feel comfortable in saying there are some similarities in the EU’s General Data Protection Regulation, the US’s HIPAA rules, PCI DSS, NIST’s 800 family of controls and others as well. I’m really standing on the shoulders of giants, in particular the friendly security standards folks over at the National Institute of Standards and Technology (NIST), in…
Data Security

[Podcast] What CISOs are Making, Reading and Sharing

Besides talking to my fav security experts on the podcast, I’ve also been curious with what CISOs have been up to lately. Afterall they have the difficult job of keeping an organization’s network and data safe and secure. Plus, they tend to always be a few steps ahead in their thinking and planning. After a few clicks on Twitter, I found a CISO at a predictive analytics SaaS platform who published a security manifesto. His…
Varonis News

The Varonis Connect Customer Conferences Are Coming: Education and Network ...

This April we will kick off our annual series of Varonis Connect customer events where attendees will learn about new Varonis product innovations and share experiences and success stories. The series, in its 6th year, runs through June across 33 cities in North America and Europe.  In fact, we’ve added 11 more cities than last year, and we expect attendance to increase as well! Varonis Connect attendees, from the company’s rapidly expanding customer base, will…
Data Security
Office Documents with Malicious Metadata

Detecting Malware Payloads in Office Document Metadata

Ever consider document properties like “Company,” “Title,” and “Comments” a vehicle for a malicious payload? Checkout this nifty PowerShell payload in the company metadata: #powershell payload stored in office metadataDocument Properties -> Advanced Properties -> Summary -> Companyhttps://t.co/S8GfQt7Gei pic.twitter.com/BQqMe9uit0 — JaromirHorejsi (@JaromirHorejsi) March 27, 2017 Here’s the full VirusTotal entry. The target opens the Office document and, with macros enabled, the payload stored within the document’s own metadata executes and does its work. No extra…
Data Security

How to Protect Yourself from Leaky Apps: Varonis on CNBC’s On the Money

This past weekend, Varonis’ Brian Vecci, Technical Evangelist, appeared on CNBC’s On the Money with Jennifer Schlesinger to discuss how consumers can protect themselves from leaky apps – both legitimate and illegitimate ones. From a consumer perspective, there are a few things to keep in mind: Any app could potentially be breached or broken in some way, so be careful about what kinds of information you provide. Try not to use the same password everywhere,…
Data Security

[Podcast] No Data Left Behind

Over the past few weeks, we’ve been debating a user’s threshold for his personal data seen in the public domain. For instance, did you know that housing information has always been public information? They are gathered from county records and the internet has just made the process of gathering the information less cumbersome. However, if our personal information leaks into the public domain – due a security lapse – it’s still not as serious as, say,…
Data Security

[Podcast] How Diversity & Inclusion Drives Innovation and Market Growt...

In part two of my interview with Allison F. Avery, a Senior Diversity & Inclusion Specialist at NYU Langone Medical Center, she clarified common misconceptions about Diversity & Inclusion (D&I) and offered a framework and methodology to implement D&I. She reminded me, “You should not be doing diversity for diversity sake.” I’ve put together a few interview highlights below. By the way – they’re perfect for cutting-and-pasting into an email to your company’s HR executives and…
Data Security

Practical PowerShell for IT Security, Part II: File Access Analytics (FAA)

In working on this series, I almost feel that with PowerShell we have technology that somehow time-traveled back from the future. Remember on Star Trek – the original of course — when the Enterprise’s CTO, Mr. Spock, was looking into his visor while scanning parsecs of space? The truth is Spock was gazing at the output of a Starfleet-approved PowerShell script. Tricorders? Also powered by PowerShell. Yes, I’m a fan of PowerShell, and boldly going…
Data Security

[Podcast] When Our Reality Becomes What the Data Says

In our “always-on” society, it’s important that our conversation on IoT security continues with the question of data ownership. It’s making its way back into the limelight when Amazon, with the defendant’s permission, handed over user data in a trial. Or what about that new software that captures all the angles from your face to build your security profile? Your face is such an intimate aspect to who you are, should we reduce that intimacy down…
Data Security

Varonis Cited by Forrester for Data Classification Capabilities

When I signed up for home insurance, I remember filling out a worksheet that forced me to catalog all the important, expensive and irreplaceable items within the property so we could make an accurate prediction of the costs to replace them if something were to happen, like theft or arson. This is similar to the same kind of analysis organizations should be doing with their data. Asking ourselves: What information am I storing? Where is…
Compliance & Regulation

Cybercrime Laws Get Serious: Canada’s PIPEDA and CCIRC

In this series on governmental responses to cybercrime, we’re taking a look at how countries through their laws are dealing with broad attacks against IT infrastructure beyond just data theft. Ransomware and DDoS are prime examples of threats that don’t necessarily fit into the narrower definition of breaches found in PII-focused data security laws. That’s where special cybercrime rules come into play. In the first post, we discussed how the EU’s Network and Information Security…