For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
Data Security

Varonis Community Announces ‘Varonis Elite’ Program

In February, Varonis launched the ‘Varonis Elite’ program. An initiative that brings cybersecurity and Varonis enthusiasts together, to learn more from one another and engage with Varonis in new ways that were never possible before. Members were nominated by internal account teams based on their knowledge of Varonis and the cybersecurity industry. We are excited to welcome the first round of members! We have an awesome group of customers and certified services partners that span…
C-Level, Compliance & Regulation, Data Security, Privacy

[Online Conference] Varonis Coffee Series: Unique Insights Into Data Securi...

Looking for a different take on the data security landscape? Join our multi-disciplinary team of experts as they discuss the laws, ethics, and defensive techniques behind data protection and privacy. Over four Tuesdays starting March 12, you’ll be briefed on the intersection of red team thinking and diversity, how basic pen testing ideas can change your security practices, the secret Privacy by Design ingredient in GDPR compliance, and how to bring professional ethics into the data security lifecycle.  And there will be coffee: we’re…
Data Security, Varonis News

Varonis Exposes Global Cyber Campaign: C2 Server Actively Compromising Thou...

The Varonis Security Research team discovered a global cyber attack campaign leveraging a new strain of the Qbot banking malware. The campaign is actively targeting U.S. corporations but has hit networks worldwide—with victims throughout Europe, Asia, and South America—with a goal of stealing proprietary financial information, including bank account credentials. During the analysis, we reversed this strain of Qbot and identified the attacker’s active command and control server, allowing us to determine the scale of the attack.…
Data Security

Exchange Vulnerability: How to Detect Domain Admin Privilege Escalation

Researchers recently uncovered a vulnerability in Exchange that allows any domain user to obtain Domain admin privileges that allow them to compromise AD and connected hosts. Here’s how the attack works: Attacker uses a compromised mail-enabled domain user to subscribe to the exchange push notification feature Attacker uses an NTLM relay to impersonate the exchange server: The Exchange server authenticates to the compromised user’s host using NTLM over HTTP, which the attacker users to authenticate…
C-Level, Data Security

Spotlighting Unstructured Data Access

At Varonis, we sometimes highlight external articles, especially when they provide independent insight into our solution. Dr. Edward G. Amoroso, former Senior Vice President and Chief Security Officer of AT&T, and now current Founder and Chief Executive Officer of TAG Cyber, recently penned an independent article on our platform after two technical sessions with our team. “If you care about whether your sensitive data protection policies are being met – or if you just want…
Data Security, IT Pros
group policy editor

Group Policy Editor Guide: How to Configure and Use

The Group Policy Editor is a Windows administration tool that allows users to configure many important settings on their computers or networks. Administrators can configure password requirements, startup programs, and define what applications or settings other users can change on their own. This blog will deal mostly with the Windows 10 version of Group Policy Editor (gpedit), but you can find it in Windows 7, 8, and Windows Server 2003 and later. 5 Ways to…
IT Pros
hero image for windows defender post

Windows Defender Turned Off by Group Policy [Solved]

Picture this scenario: You log into your computer on any random Thursday, and Windows Defender won’t start. You manually kick it off, and you get the message “Windows Defender is turned off by group policy.” Could it be that you’re hacked? Attackers know Windows Defender can detect cyberattacks, so as part of their standard playbook they attempt to disable Defender. Sometimes they could use group policy to disable Windows Defender on multiple machines – depending…
Data Security

Protect Your Data With Super Easy File Security Tricks!

Data security is an all-encompassing term. It covers processes and technologies for protecting files, databases, applications, user accounts, servers, network logins, and the network itself. But if you drill down a little in your thinking, it’s easy to see that data security is ultimately protecting a file somewhere on your system—whether desktops or servers. While data security is a good umbrella term, we need to get into more details to understand file security. File Security…
Data Security

Americans and Privacy Concerns: Who Do We Trust?

Who do Americans trust with their information? In light of massive data breaches, Americans have doubts about the safety of their personal data. Events like the Facebook Cambridge Analytica hack that affected 87 million Facebook profiles and the Marriott data breach that exposed data of up to 500 million guests are enough to get anyone guessing who they can trust with their sensitive information. Consumer mistrust is also prevalent when companies aren’t clear about the…
Compliance & Regulation, Privacy
right to be forgotten hero

Right to be Forgotten: Explained

The “Right to be Forgotten” (RTBF) is a key element of the new EU General Data Protection Regulation (GDPR), but the concept pre-dates the latest legislation by at least five years.  It encompasses the consumers’ rights to request that all personal data held by the company —or “controller” in GDPR-speak — be removed on request.  But it goes further: the GDPR rules (see its article 17 ) says that search engines (like Google) have to…
Data Security
hacker motives hero

Hacker Motives: Red Flags and Prevention

Hackers are getting savvier. They’re constantly finding new ways to abuse system vulnerabilities and sneak into our networks. The worst part? The likelihood of a cyber attack is now higher than a home invasion. Most people don’t notice when their data has been compromised until it’s too late. The silver lining is that the rise in attacks allows us to analyze the patterns hackers follow and strengthen our defenses. Major cybersecurity attacks of the past…
C-Level, Data Security

CEO vs. CISO Mindsets, Part IV: Monte Carlo Breach Cost Modeling for CISOs!

My main goal in this series is to give CISOs insights into CEO and board-level decision making so they can make a winning case for potential data security purchases. In my initial dive last time, I explained how CISOs should quantify two key factors involved in a breach: the frequency of attacks, and then the probability that the breach itself exceeds a certain cost threshold. Knowing these two ingredients (and that there are numbers or…