For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
Data Security

VIP Data Security Lessons From the Hack of Colin Powell’s Personal Email ...

Are C-levels, high-government officials, and other power elite really all that different than the rest of us? We now know after email hacks involving former Secretary of State Colin Powell’s Gmail account, former CIA director John Brennan’s AOL account, and the Gmail account of John Podesta, a top advisor to the Democrats, that they are, but not for the better. I don’t mean to single out any of these senior level folks, but many executives of their era, I…
Data Security

How to Manage Your Privileged Accounts and Protect Your Crown Jewels

When a breach happens, the first question people ask is, “What did the company do wrong?” The short answer is: it depends. However, we do know one mistake many companies unknowingly make is allowing regular users access to the local administrator account. And hackers take advantage of that. “Hackers are trying to get in, and they’re using people’s user credentials. Then they’re hopping around until they get a privileged account,” says senior security director Jackson…
Compliance & Regulation, Data Security

HIPAA and Cloud Provider Refresher

As far as regulators are concerned, the cloud has been a relatively recent occurrence. However, they’ve done a pretty good job in dealing with this ‘new’ computing model.  Take HIPAA. We wrote that if a cloud service processes or stores protected health information (PHI), it’s considered in HIPAA-ese, a business associate or BA. As you may recall, the Final Omnibus Rule  from 2013 says that BAs fall under HIPAA’ s rules. A covered entity — health…
Data Security

Varonis Earns Recognition in Computing Security Awards 2016

We are proud to announce that we have been recognized by Computing Security Awards 2016 in the following two award categories: Auditing / Reporting Solution of the Year – Varonis DatAdvantage Security Project of the Year – Private Sector – Union Bank UK PLC / Varonis The Awards Ceremony took place on Thursday October 13, 2016 at the Cumberland Hotel, in Marble Arch, London. Our award winning product, DatAdvantage, shows you where sensitive data lives,…
Data Security

21st Century Cyber Wars: Defense Lags Offense

We don’t often get to see data security and cyber attacks discussed in detail on a top-rated national talk show, but that was the case last week. John Carlin, Assistant Attorney General for National Security, talked to Charlie Rose about cyber espionage, attack attribution, insider threats, and prevention. Even for those of us in the data security business, some of what he had to say about US cyber security was eye-opening. Carlin explains that our…
Data Security

[Podcast] IoT Pen Tester Ken Munro: Security Holes (Part 1)

If you want to understand the ways of a pen tester, Ken Munro is a good person to listen to. An info security veteran for over 15 years and founder of UK-based Pen Test Partners, his work in hacking into consumer devices — particularly coffee makers — has earned lots of respect from vendors. He’s also been featured on the BBC News. You quickly learn from Ken that pen testers, besides having amazing technical skills,…
Data Security

IT Concerns Country to Country: Ponemon Institute Study

Varonis recently released the third and final part of a study about data protection and enterprise security with the Ponemon Research institute: Differences in Security Practices and Vigilance across UK, France, Germany and US. This report compares survey responses of more than 3,000 IT professionals and end-user employees in UK, France, Germany and US. The survey was conducted to determine the security gaps within organizations that can lead to data breaches and ransomware. Some key…
Compliance & Regulation, Data Security

The Federal Trade Commission Likes the NIST Cybersecurity Framework (and Yo...

Remember the Cybersecurity Framework that was put together by the folks over at the National Institute of Standards and Technology (NIST)?  Sure you do! It came about because the US government wanted to give the private sector, specifically the critical infrastructure players in transportation and energy, a proven set of data security guidelines. The Framework is based heavily on NIST’s own 800-53, a sprawling 400-page set of privacy and security controls used within the federal…
Data Security, Privacy

Are Wikileaks and ransomware the precursors to mass extortion?

Despite Julian Assange’s promise not to let Wikileaks’ “radical transparency” hurt innocent people, an investigation found that the whistleblowing site has published hundreds of sensitive records belonging to ordinary citizens, including medical files of rape victims and sick children. The idea of having all your secrets exposed, as an individual or a business, can be terrifying. Whether you agree with Wikileaks or not, the world will be a very different place when nothing is safe.…
Data Security

[Podcast] Six Degrees of Kevin Bacon (Security Edition)

Since security pertains to everyone, in this episode of the IOSS we challenged ourselves to tie security back to Kevin Bacon. You might have to give us a few passes, but the connection is still strong. Keira Knightley: Earlier this year, a man applied for credit account at Best Buy using Keira Knightley’s driver’s license information. If they didn’t catch him, it would have affected her FICO score. And speaking of FICO, they just created an…
Data Security

NSA Contractor Arrest Reinvigorates Interest in Insider Threat

Despite efforts to reform its security after the Edward Snowden breach three years ago, the NSA announced another security breach involving one of its own contractors, Harold Thomas Martin III. This latest bombshell suggests continued vulnerabilities at our nation’s spookiest agency. In an effort to better guard the government’s sensitive data, White House spokesman Josh Earnest said that in the last few years, the number of people with access to classified information has been reduced…
Data Security

When a Cyber Attack Is a Political Weapon

We’re not surprised when hackers attack companies to scoop up credit card numbers or to cause IT disruption. If they’re state sponsored, they may target organizations to pull out intellectual property – military secrets or other sensitive information — as part of a cyber-espionage program. But hackers associated with a party (or state) hacking into another political party’s IT system to pull out embarrassing material? We’re in uncharted territory. Before you start shouting at your laptop,…