For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
Data Security

Interview With Wade Baker: Verizon DBIR, Breach Costs, & Selling Board...

Wade Baker is best known for creating and leading the Verizon Data Breach Investigations Report (DBIR). Readers of this blog are familiar with the DBIR as our go-to resource for breach stats and other practical insights into data protection. So we were very excited to listen to Wade speak recently at the O’Reilly Data Security Conference. In his new role as partner and co-founder of the Cyentia Institute, Wade presented some fascinating research on the…
Compliance & Regulation

Do Your GDPR Homework and Lower Your Chance of Fines

Advice that was helpful during your school days is also relevant when it comes to complying with the General Data Protection Regulation (GDPR): do your homework because it counts for part of your grade! In the case of the GDPR, your homework assignments involve developing and implementing privacy by design measures, and making sure these policies are published and known about by management. Taking good notes and doing homework assignments came to my mind when…
Compliance & Regulation

[Podcast] Privacy Attorney Tiffany Li and AI Memory, Part II

Tiffany C. Li is an attorney and Resident Fellow at Yale Law School’s Information Society Project. She frequently writes and speaks on the privacy implications of artificial intelligence, virtual reality, and other technologies. Our discussion is based on her recent paper on the difficulties of getting AI to forget. In this second part, we continue our discussion of GDPR and privacy, and examine ways to bridge the gap between tech and law. We then explore…
IT Pros

Top Azure Active Directory Tutorials

 in IT Pros
Remember a few years ago when security pros and IT admins were afraid to store business files on the cloud? Today, the circumstances are different. I recently spoke with an engineer and he said he’s getting more questions about the cloud than ever before. What’s more, according to Microsoft, 86% of Fortune 500 companies use Microsoft cloud services –  Azure, Office 365, CRM Online etc – all of which sit on Azure AD. And so…
Data Security

[Podcast] Privacy Attorney Tiffany Li and AI Memory, Part I

Tiffany Li is an attorney and Resident Fellow at Yale Law School’s Information Society Project. She frequently writes about the privacy implications of artificial intelligence, virtual reality, and other disruptive technologies. We first learned about Tiffany after reading a paper by her and two colleagues on GDPR and the “right to be forgotten”. It’s an excellent introduction to the legal complexities of erasing memory from a machine intelligence. In this first part of our discussion, we talk…
Data Security

8 Tips to Surviving the Data Security Apocalypse

These days, working in data security can feel like surviving a zombie apocalypse – mindless hordes of bots and keyloggers are endlessly attempting to find something to consume. Just like in “The Walking Dead,” these zombies are an ancillary threat to other humans. The bots and keyloggers are pretty easy to defeat: it’s the human hackers that are the real threat. How prepared are you to deal with the real threats out there? Get Global…
Data Security

After Equifax and WannaCry: New Survey on Security Practices and Expectati...

You’ve seen the headlines: Breaches are hitting high-profile organizations almost daily. After major events — the WannaCry and NotPetya outbreaks, and most recently the Equifax breach — we wanted to know if professionals responsible for cybersecurity in their organizations are shoring up their security, what approaches they are taking, and if they believe they are prepared for the next big attack. Today we release the results of a new independent survey: After Equifax and WannaCry:…
Data Security

Maximize your ROI: Maintaining a Least Privilege Model

TL;DR: Managing permissions can be expensive. For a 1,000 employee company, the overhead of permissions request tickets can cost up to $180K/year. Automating access control with DataPrivilege can save $105K/year or more and reduce risk. Read on to see the math. One of the most important requirements of implementing a data security plan in today’s breach-a-day era is to implement and maintain a least privilege model across your enterprise. The principle of least privilege says…
Data Security

[Podcast] Bring Back Dedicated and Local Security Teams

Last week, I came across a tweet that asked how a normal user is supposed to make an informed decision when a security alert shows up on his screen. Great question! I found a possible answer to that question at New York Times director of infosecurity, Runa Sandvik’s recent keynote at the O’Reilly Security Conference. She told the attendees that many moons ago, Yahoo had three types of infosecurity departments: core, dedicated and local. Core…
Compliance & Regulation

GDPR Data Breach Guidelines

Index Personal Data Breach vs. Reportable Breach Notifying the Regulators Breach Notification and Ransomware Individual Reporting Breach Notification in Phases Notification Details This Is Not Legal Advice The General Data Protection Regulation (GDPR) is set to go into effect in a few months — May 25 2018 to be exact. While the document is a great read for experienced data security attorneys, it would be nifty if we in the IT world got some practical…
Data Security, Varonis News

Announcing Varonis Edge – to the Perimeter and Beyond

Email, web, and brute force attacks are the primary ways that malware gets through your defenses.  The Yahoo hacker’s favorite technique? VPN. The Sony hack? Phishing emails.  Remote Access Trojans? DNS. We’ve spent over a decade working on protecting core data stores – we’re now extending that data security to the perimeter by using telemetry from VPN concentrators and DNS servers to spot signs of attack like DNS tunneling, account hijacking, and stolen VPN credentials.…
IT Pros

Defining Deviancy With User Behavior Analytics

For over the last 10 years, security operations centers and analysts have been trading indicators of compromise (IoC), signatures or threshold-based signs of intrusion or attempted intrusion, to try to keep pace with the ever-changing threat environment. It’s been a losing battle. During the same time, attackers have become ever more effective at concealing their activities. A cloaking technique, known as steganography, has rendered traditional signature and threshold-based detective measures practically useless. In response, the…