For IT Pros Only

Lets be clear: this is for IT people. Not because IT people are better looking and drive cooler cars than the general populace (which is true: most IT departments look like extras from the set of The Fast and Furious), but because unless you're familiar with things like the dark blackness that grips your soul when you discover that two NICs have the same MAC address on your network - you probably aren't going to appreciate this at all.

Get Your Cards Now
Data Security
cybersecurity TED talks

12 TED Talks That Will Change the Way You Look at Business Cybersecurity

The cybersecurity landscape is constantly evolving. New security threats pop up daily, and threat actors can be an employee in the next cubicle or a blackhat hacker in a coffee shop in Bangkok. Additionally, cybersecurity has real-world implications that reach far beyond the boardroom — everything from Internet-connected teddy bears to the stability of world governments is impacted by cyber. As such, it’s more important than ever that everyone in your organization is up to…
IT Pros

Koadic: Security Defense in the Age of LoL Malware, Part IV

One of the advantages of examining the gears inside Koadic is that you gain low-level knowledge into how real-world attacks are accomplished. Pen testing tools allow you to explore how hackers move around or pivot once inside a victim’s system, and help you gain insights into effective defensive measures. Block that Hash Passing Pass the Hash (PtH) is one approach, not the only, for moving beyond the initial entry point in the targeted system. It’s…
Data Security
powershell vs cmd hero

Windows PowerShell vs. CMD: What’s The Difference?

Back in the day, booting the then-cutting-edge IBM 8086 from the floppy brought you to a green text screen with a cursor blinking at the familiar C:\> prompt. Hacking boot.ini and config.sys to get my games to run was my first introduction to programming. Eventually that C:\> got replaced with a pretty GUI and boot from hard disk. That command prompt (CMD) still lived on for decades. Only recently did CMD get an upgrade, or…
Data Security

Zero-Day Vulnerability Explained

A zero-day vulnerability is a software bug or exploit that hasn’t been patched. It’s like a hole in the bottom of your shoe that you haven’t noticed yet, but a curly-mustachioed villain has found it and is considering putting rusty nails on your gas pedal. Hackers can use these bugs and exploits to steal your data before you’re able to find and patch the weakness. What are Vulnerabilities? Vulnerabilities allow attackers to slip past your…
Data Security

California Consumer Privacy Act (CCPA) vs. GDPR

Data privacy laws are fast becoming a primary element in any data security conversation: from the EU’s GDPR to the California Consumer Privacy Act to Japan’s Act on the Protection of Personal Information, the ability to protect consumer data is top of mind. For companies that are built around consumer data, consumer trust becomes a vital part of their business model. On May 25, 2018, the EU General Data Protection Regulation (GDPR) went into effect.…
C-Level

CEO vs. CSO Mindsets, Part II: Breach Risk, Security Investment, and Thinki...

In the last post, I brought up the cultural differences between CEOs and CSOs. One group is managing and growing the business, using spreadsheets to game plan various money making scenarios. The other is keeping the IT infrastructure going 24/7, and studying network diagrams while tweaking PowerShell scripts. I think you know which is which. The point of this series is to bridge the divide between these two different tribes. In this post, I’ll be…
Compliance & Regulation

How Varonis Helps with the California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA) is set to go into effect on January 1, 2020. It not only gives ownership and control of personal data back to the consumer but holds companies accountable for protecting that data. What is the California Consumer Privacy Act? The CCPA gives California residents four basic rights in relation to how companies collect and store their personal information: Transparency: the right to know what personal information a company is…
Data Security
ids vs ips

IDS vs. IPS: What is the Difference?

Intrusion Detection Systems (IDS) analyze network traffic for signatures that match known cyberattacks. Intrusion Prevention Systems (IPS) also analyzes packets, but can also stop the packet from being delivered based on what kind of attacks it detects — helping stop the attack. How Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) Work Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are both parts of the network infrastructure. IDS/IPS compare network packets to a…
Data Security

Koadic: Implants and Pen Testing Wisdom, Part III

One of the benefits of working with Koadic is that you too can try your hand at making enhancements. The Python environment with its nicely organized directory structures lends itself to being tweaked. And if you want to take the ultimate jump, you can add your own implants. The way to think about Koadic is that it’s a C2 server that lets you deliver JavaScript malware implants to the target and then interact with them from…
Data Security
Brute Force Attack

What is a Brute Force Attack?

A brute force attack (also known as brute force cracking) is the cyberattack equivalent of trying every key on your key ring, and eventually finding the right one. 5% of confirmed data breach incidents in 2017 stemmed from brute force attacks. Brute force attacks are simple and reliable. Attackers let a computer do the work – trying different combinations of usernames and passwords, for example – until they find one that works. Catching and neutralizing…
Data Security
ITAR Compliance

What is ITAR Compliance? Definition and Regulations

The International Traffic in Arms Regulations (ITAR) is the United States regulation that controls the manufacture, sale, and distribution of defense and space-related articles and services as defined in the United States Munitions List (USML). Besides rocket launchers, torpedoes, and other military hardware, the list also restricts the plans, diagrams, photos, and other documentation used to build ITAR-controlled military gear. This is referred to by ITAR as “technical data”. ITAR mandates that access to physical…
Data Security
creative data centers

The World’s Most Creative Data Centers: Infographic

Data centers are facilities used to house computer systems and associated components. They are vital to the daily operations of a network and are home to it’s most pivotal systems and equipment. Sound glamorous? Actually, it is. As data privacy becomes more and more important, data centers need to be placed in extraordinary locations in order the ensure maximum security. This need for security, coupled with the fact that data centers are required to be…