For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
Data Security

Varonis Gets Lightning Fast with Solr

Any security practitioner that has had to perform forensic analysis on a cybersecurity incident likely describes the process as “searching for a needle in a stack of needles.” Even Tony Stark’s magnet isn’t going to help. Anyone who has used a SIEM or any other monitoring system to figure out how gigabytes of data was stolen knows how difficult that task can be. Varonis leverages Solr to optimize and streamline the process of analyzing data…
Data Security
what is mimikatz hero

What is Mimikatz: The Beginner’s Guide

Benjamin Delpy originally created Mimikatz as a proof of concept to show Microsoft that their authentication protocols were vulnerable to attack. Instead, he inadvertently created one of the most widely used and downloaded hacker tools of the past 20 years. Rendition Infosec’s Jake Williams said, “Mimikatz has done more to advance security than than any other tool I can think of.” If you’re tasked with protecting Windows networks, it’s essential to keep up with the…
Data Security

What is an Active Directory Forest?

An Active Directory forest (AD forest) is the top most logical container in an Active Directory configuration that contains domains, users, computers, and group policies. “But wait?” you say. “I thought Active Directory was just one domain?” A single Active Directory configuration can contain more than one domain, and we call the tier above domain the AD forest. Under each domain, you can have several trees, and it can be tough to see the forest…
Data Security
if worlds data were physical

What Would The World’s Data Look Like if it Were Physical?

We take well over a trillion photographs a year, upload hundreds of hours of video a minute, and commit search queries tens of thousands of times per second. The sheer amount of data that companies save is staggering and growing exponentially year-over-year. Social media giants, web infrastructure providers and other large companies around the world manage data at dizzying scales. Not only do these corporations handle a lot of data — they handle important and…
IT Pros
domain controller hero image

What is a Domain Controller, When is it Needed + Set Up

A domain controller is a server that responds to authentication requests and verifies users on computer networks. Domains are a hierarchical way of organizing users and computers that work together on the same network. The domain controller keeps all of that data organized and secured. The domain controller (DC) is the box that holds the keys to the kingdom- Active Directory (AD). While attackers have all sorts of tricks to gain elevated access on networks,…
C-Level, Compliance & Regulation

Wyden’s Consumer Data Protection Act: Preview of US Privacy Law

The General Data Protection Regulation (GDPR) has, for good reason, received enormous coverage in the business and tech press in 2018. But wait, there’s another seismic privacy shift occurring, and it’s happening here in the US. There is now a very good chance that significant data privacy legislation will come to the US soon. I’ll go out on a limb, and say in 2019. But if not next year, then certainly in 2020. Yes, we’ll…
Data Security
blue and red scale

The Likelihood of a Cyber Attack Compared

While the cost of a cyber attack is often discussed, we seldom hear about just how common these attacks actually are. Numerous security experts believe that a cyber attack or breach of catastrophic proportions is no longer a matter of if, but a matter of when. According to the World Economic Forum’s 2018 Global Risks Report, the top three risks to global stability over the next five years are natural disasters, extreme weather and cyber…
C-Level, IT Pros

CEO vs. CISO Mindsets, Part III: Value at Risk For CISOs

To convince CEOs and CFOs to invest in data security software, CSOs have to speak their language. As I started describing in the previous post, corporate decision makers spend part of their time envisioning various business scenarios, and assigning a likelihood to each situation. Yeah, the C-level gang is good at poker, and they know all the odds for the business hand they were dealt. For CSOs to get through to the rest of the…
Data Security
data classification title

What is Data Classification? Guidelines and Process

In order to protect your sensitive data, you have to know what it is and where it lives. Data Classification Defined Data classification is the process of analyzing structured or unstructured data and organizing it into categories based on the file type and contents. Data classification is a process of searching files for specific strings of data, like if you wanted to find all references to “Szechuan Sauce” on your network. Or if you needed…
Compliance & Regulation
nydfs cybersecurity regulation title and logo for

NYDFS Cybersecurity Regulation in Plain English

In 2017, the New York State Department of Financial Services (NYDFS) launched GDPR-like cybersecurity regulations for its massive financial industry. Unusual at the state level, this new regulation includes strict requirements for breach reporting and limiting data retention. Like the GDPR, the New York regulation has rules for basic principles of data security, risk assessments, documentation of security policies, and designating a chief information security officer (CISO) to be responsible for the program. Unlike the…
Data Security
cybersecurity TED talks

12 TED Talks That Will Change the Way You Look at Business Cybersecurity

The cybersecurity landscape is constantly evolving. New security threats pop up daily, and threat actors can be an employee in the next cubicle or a blackhat hacker in a coffee shop in Bangkok. Additionally, cybersecurity has real-world implications that reach far beyond the boardroom — everything from Internet-connected teddy bears to the stability of world governments is impacted by cyber. As such, it’s more important than ever that everyone in your organization is up to…
IT Pros

Koadic: Security Defense in the Age of LoL Malware, Part IV

One of the advantages of examining the gears inside Koadic is that you gain low-level knowledge into how real-world attacks are accomplished. Pen testing tools allow you to explore how hackers move around or pivot once inside a victim’s system, and help you gain insights into effective defensive measures. Block that Hash Passing Pass the Hash (PtH) is one approach, not the only, for moving beyond the initial entry point in the targeted system. It’s…