Pen Testing Active Directory

You may have been following our series of posts on pen testing Active Directory environments and learned about the awesome powers of PowerView. No doubt you were wowed by our cliffhanger ending — spoiler alert — where we applied graph theory to find the derivative admin!

We know from the many emails we received that you demanded a better ‘long-form’ content experience. After all, who’d want to read about finding hackable vulnerabilities using Active Directory while being forced to click six-times to access the entire series?

Thanks to the miracle of PDF technology, we’ve compressed the entire series into an easy-to-ready, comfy ebook format. Best of all, you can scroll through the entire contents without having to touch messy hyperlinks.

Get The Ebook Now
Or check it all out online, here.
Compliance & Regulation

Data Security Compliance and DatAdvantage, Part III:  Protect and Monitor

At the end of the previous post, we took up the nuts-and-bolts issues of protecting sensitive data in an organization’s file system. One popular approach, least-privileged access model, is often explicitly mentioned in compliance standards, such as NIST 800-53 or PCI DSS. Varonis DatAdvantage and DataPrivilege provide a convenient way to accomplish this. Ownership Management Let’s start with DatAdvantage. We saw last time that DA provides graphical support for helping to identify data ownership. If…
Data Security

[Podcast] Christina Morillo, Enterprise Information Security Expert

If you want to be an infosec guru, there are no shortcuts to the top. And enterprise information security expert, Christina Morillo knows exactly what that means. When she worked at the help desk, she explained technical jargon to non-technical users. As a system administrator, Christina organized and managed AD, met compliance regulations, and completed entitlement reviews. Also, as a security architect, she developed a comprehensive enterprise information security program. And if you need someone…
Compliance & Regulation, Data Security

Data Security Compliance and DatAdvantage, Part II:  More on Risk Assessme...

I can’t really overstate the importance of risk assessments in data security standards. It’s really at the core of everything you subsequently do in a security program. In this post we’ll finish discussing how DatAdvantage helps support many of the risk assessment controls that are in just about every security law, regulation, or industry security standard. Last time, we saw that risk assessments were part of NIST’s Identify category. In short: you’re identifying the risks…
Data Security

[Podcast] Evolving Bank Security Threats

It was only last week that we applauded banks for introducing cardless ATMs in an effort to curb financial fraud. But with the latest bank heists, it may help to turn up the offense and defense. Why? Hackers were able to drill a hole, connect a wire, cover it up with a sticker and the ATM will automatically and obediently dispense thousands. Another group of enterprising hackers changed a bank’s DNS, taking over their website and…
Data Security
What is a Data Security Platform?

What is a Data Security Platform?

A Data Security Platform (DSP) is a category of security products that replaces traditionally disparate security tools. DSPs combine data protection capabilities such as sensitive data discovery, data access governance, user behavior analytics, advanced threat detection, activity monitoring, and compliance reporting, and integrate with adjacent security technologies. They also provide a single management interface to allow security teams to centrally orchestrate their data security controls and uniformly enforce policies across a variety of data repositories,…
Data Security

Varonis Data Security Platform Listed in Gartner 2017 Market Guide for Data...

In 2005, our founders had a vision to build a solution focused on protecting the data organizations have the most of and yet know the least about – files and emails.  Executing on this vision, Varonis has built an innovative Data Security Platform (DSP) to protect enterprise data against insider threats, data breaches and cyberattacks. To this end, we are pleased to be listed as a representative vendor in Gartner’s 2017 Market Guide for Data-Centric…
Data Security

[Podcast] Americans’ Cyber Hygiene

Recently, the Pew Research Center released a report highlighting what Americans know about cybersecurity. The intent of the survey and quiz was to understand how closely Americans are following best practices recommended by cybersecurity experts. One question on the quiz reminded us that we’re entitled to one free copy of our credit report every 12 months from each of the three nationwide credit reporting companies. The reason behind this offering is that there is so much financial fraud. And in…
Data Security, IT Pros

Practical PowerShell for IT Security, Part III: Classification on a Budget

Last time, with a few lines of PowerShell code, I launched an entire new software category, File Access Analytics (FAA). My 15-minutes of fame is almost over, but I was able to make the point that PowerShell has practical file event monitoring aspects. In this post, I’ll finish some old business with my FAA tool and then take up PowerShell-style data classification. Event-Driven Analytics To refresh memories, I used the Register-WmiEvent cmdlet in my FAA…
Data Security

Ransomware: What happens when the first layer of defense fails?

76% of respondents see ransomware as a major business threat today, according to a recent Information Security Media Group (ISMG) survey, “2017 Ransomware Defense Survey: The Empire Strikes Back,” aimed at understanding the true impact of ransomware on organizations. While this news isn’t worthy of breaking into the latest episode of Madame Secretary, what follows in the Varonis sponsored survey is an alarming disconnect between perception and reality of how these attacks happen and how…
Compliance & Regulation

Data Security Compliance and DatAdvantage, Part I:  Essential Reports for ...

Over the last few years, I’ve written about many different data security standards, data laws, and regulations. So I feel comfortable in saying there are some similarities in the EU’s General Data Protection Regulation, the US’s HIPAA rules, PCI DSS, NIST’s 800 family of controls and others as well. I’m really standing on the shoulders of giants, in particular the friendly security standards folks over at the National Institute of Standards and Technology (NIST), in…
Data Security

[Podcast] What CISOs are Making, Reading and Sharing

Besides talking to my fav security experts on the podcast, I’ve also been curious with what CISOs have been up to lately. Afterall they have the difficult job of keeping an organization’s network and data safe and secure. Plus, they tend to always be a few steps ahead in their thinking and planning. After a few clicks on Twitter, I found a CISO at a predictive analytics SaaS platform who published a security manifesto. His…
Varonis News

The Varonis Connect Customer Conferences Are Coming: Education and Network ...

This April we will kick off our annual series of Varonis Connect customer events where attendees will learn about new Varonis product innovations and share experiences and success stories. The series, in its 6th year, runs through June across 33 cities in North America and Europe.  In fact, we’ve added 11 more cities than last year, and we expect attendance to increase as well! Varonis Connect attendees, from the company’s rapidly expanding customer base, will…