Blog / All Posts
All Posts
Meta's $1.3B Fine: What can Happen if you Don’t Monitor Your PII
May 22, 2023
Continuous discovery and data monitoring critical to identify misplaced PII.
What Automation Means For Cybersecurity—And Your Business
May 03, 2023
This article explains how automation can help turn the right information into action, helping to defend against cyberattacks, mitigate risk, shore up compliance and improve productivity.
Salesforce Misconfiguration Causes Sensitive Data Leaks
Apr 28, 2023
Brian Krebs recently reported that an alarming number of organizations—including banks and healthcare providers—are leaking sensitive information due to a misconfiguration in Salesforce Communities.
How Varonis' approach to SSPM helps your company
Apr 26, 2023
Adopt a data-first approach with Varonis' SSPM, securing SaaS apps & reducing risk. Learn how you can get better visibility, automation, and protection.
Varonis Launches Third-Party App Risk Management
Apr 25, 2023
Varonis reduces your SaaS attack surface by discovering and remediating risky third-party app connections.
Data Security Posture Management (DSPM): Best Practices Guide for CISOs
Apr 19, 2023
Master Data Security Posture Management (DSPM) best practices with our CISOs' guide. Learn to select the right tool, maintain compliance, and prevent data breaches.
Your Guide to the 2023 RSA Conference
Apr 13, 2023
Varonis has compiled the top RSAC sessions you won’t want to miss. Follow our handy agenda to take advantage of everything RSAC 2023 has to offer.
Varonis Opens Australia Data Centre to Support SaaS Customers
Apr 11, 2023
Australian expansion allows Varonis customers to achieve automated data security outcomes while following national standards for data privacy.
The Exact Data Security Roadmap We've Used with 7,000+ CISOs
Apr 11, 2023
Explore the Varonis data security roadmap for modern protection, aiding 7,000+ CISOs in compliance and safeguarding valuable data.
Global Threat Trends and the Future of Incident Response
Apr 10, 2023
The Varonis Incident Response team discusses recent global threat trends and shares why proactive IR is the future of data security.
80 Cybersecurity Statistics and Trends [updated 2023]
Mar 29, 2023
We’ve compiled more than 70 cybersecurity statistics for 2023, to give you a better idea of the current state of overall security.
Top Cybersecurity Trends for 2023
Mar 23, 2023
We’ve pulled together top security predictions for 2023 to help you determine where you should heed caution and where you can breathe easily.
Varonis Named a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023
Mar 22, 2023
Varonis Named a Leader in the Forrester Wave™: Data Security Platforms, Q1 2023, receiving the highest score in the strategy category.
A Step-By-Step Guide to California Consumer Privacy Act (CCPA) Compliance
Mar 10, 2023
CCPA Compliance: Everything you need to know about protecting user data under the California Consumer Privacy Act.
HIPAA Compliance: Your Complete 2023 Checklist
Mar 10, 2023
Is your organization ready to comply with 2023 HIPAA updates and changes? Ensure HIPAA compliance with your comprehensive 2023 checklist.
How Varonis Saves Salesforce Admins Hours in Their Day
Mar 08, 2023
Varonis provides industry leading Salesforce management and permission implications capabilities to help save Salesforce admins hours in their day.
HardBit 2.0 Ransomware
Feb 20, 2023
HardBit is a ransomware threat that targets organizations to extort cryptocurrency payments for the decryption of their data. Seemingly improving upon their initial release, HardBit version 2.0 was introduced toward the end of November 2022, with samples seen throughout the end of 2022 and into 2023.
Neo4jection: Secrets, Data, and Cloud Exploits
Feb 08, 2023
With the continuous rise of graph databases, especially Neo4j, we're seeing increased discussions among security researchers about issues found in those databases. However, given our experience with graph databases ― from designing complex and scalable solutions with graph databases to attacking them ― we've noticed a gap between public conversations and our security researchers' knowledge of those systems.
VMware ESXi in the Line of Ransomware Fire
Feb 07, 2023
Servers running the popular virtualization hypervisor VMware ESXi have come under attack from at least one ransomware group over the past week, likely following scanning activity to identify hosts with Open Service Location Protocol (OpenSLP) vulnerabilities.
Varonis Enhances GitHub Security Offering With Secrets Discovery and Data Classification
Feb 07, 2023
Varonis is extending our world-class data classification capabilities to discover secrets, keys, and other sensitive data embedded in your GitHub repositories and source code.
Varonis Announces Proactive Incident Response for SaaS Customers
Jan 31, 2023
Varonis offers the brightest minds in offensive and defensive security, watching your data for threats.
Introducing Automated Posture Management: Fix Cloud Security Risks with One-Click
Jan 26, 2023
Varonis launches Automated Posture Management to effortlessly fix cloud Security risks with a simple click of a button
CrossTalk and Secret Agent: Two Attack Vectors on Okta's Identity Suite
Jan 23, 2023
Varonis Threat Labs discovered and disclosed two attack vectors on Okta's identity suite: CrossTalk and Secret Agent.
Introducing Least Privilege Automation for Microsoft 365, Google Drive, and Box
Jan 17, 2023
Varonis announces least privilege automation for Microsoft 365, Google Drive, and Box.
Varonis Launches Customizable DSPM Dashboard
Jan 03, 2023
Varonis introduces a new customizable DSPM dashboard to help improve data security posture management
Australian Privacy Act 2022 Updates
Dec 19, 2022
A series of stunning data breaches in 2022 has prompted lawmakers to begin making changes to the 1988 Australian Privacy Act in the form of the new Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022.
Varonis Delivers Market-leading Salesforce Security
Dec 13, 2022
Varonis delivers market-leading Salesforce security
Varonis adds file analysis to cloud data classification capabilities
Dec 01, 2022
We’re excited to announce that Data Classification Cloud now includes robust file analysis for verifying classification results across your cloud environment.
Four Must-Know Cyber Tips for Your Business
Dec 01, 2022
The real story behind today’s breaches is never about an isolated bad decision—it’s about the many decisions made long before a sleepy network administrator gets a call from an attacker.
Varonis Threat Labs Discovers SQLi and Access Flaws in Zendesk
Nov 15, 2022
Varonis Threat Labs found a SQL injection vulnerability and a logical access flaw in Zendesk Explore, the reporting and analytics service in the popular customer service solution, Zendesk.
The Logging Dead: Two Event Log Vulnerabilities Haunting Windows
Oct 25, 2022
You don’t have to use Internet Explorer for its legacy to have left you vulnerable to LogCrusher and OverLog, a pair of Windows vulnerabilities discovered by the Varonis Threat Labs team.
Automate Data Security With Varonis Data-centric Insights and Cortex XSOAR
Oct 24, 2022
Discover how to leverage Varonis data risk insights with Cortex XSOAR to accelerate investigations.
What is IDOR (Insecure Direct Object Reference)?
Oct 14, 2022
Insecure Direct Object References (IDOR) are common, potentially devastating vulnerabilities resulting from broken access control in web applications.
Azure Managed Identities: Definition, Types, Benefits + Demonstration
Oct 05, 2022
Use this guide to learn about Azure managed identities: What they are, how many types there are, and what benefits they offer, plus how they work.
SaaS Risk Report Reveals Exposed Cloud Data is a $28M Risk for Typical Company
Oct 04, 2022
The Great SaaS Data Exposure examines the challenge CISOs face in protecting data across a growing portfolio of SaaS apps and services such as Microsoft 365.
The 12 PCI DSS Requirements: 4.0 Compliance Checklist
Oct 03, 2022
Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) is right around the corner. Prepare with our PCI DSS compliance checklist.
Varonis Adds Secrets Discovery for On-Prem and Cloud Data Stores
Sep 27, 2022
Varonis can help you scan your environments for rogue secrets exposed in files and code stored on-prem and in the cloud.
Change These 7 Security Settings After Creating a New AWS Account
Sep 16, 2022
Use these seven AWS security best practices for simple configuration changes on a new AWS account.
Fighting Golden Ticket Attacks with Privileged Attribute Certificate (PAC)
Sep 15, 2022
Learn how and why to control the Active Directory Environment state with PACRequestorEnforcement, the implications of doing so and how to detect Golden Ticket attacks happening in your network.
Compare Salesforce user permissions with ease
Sep 13, 2022
DatAdvantage Cloud now enables admins to compare two Salesforce users’ effective permissions side-by-side with a simple click of a button.
What Is a Data Leak? Definition and Prevention
Sep 09, 2022
Learn why data leaks can be devastating for companies and how you can defend against them.
What Is Zero Trust? Architecture and Security Guide
Sep 09, 2022
Zero trust is a security model that protects against both malicious insiders and external attacks that have breached your perimeter.
U.S. Privacy Laws: The Complete Guide
Sep 02, 2022
This guide breaks down the entirety of the U.S. privacy law ecosystem to help you understand the rights and obligations of citizens and businesses.
SOC 2 Compliance Definition & Checklist
Aug 26, 2022
System and Organization Controls (SOC 2) compliance requires adherence to specific guidelines. This detailed definition and checklist can get you started.
What is Mimikatz? The Beginner's Guide
Aug 26, 2022
Mimikatz is an open-source application that allows users to view and save authentication credentials like Kerberos tickets.
Anatomy of a SolidBit Ransomware Attack
Aug 22, 2022
Solidbit is a ransomware variant derived from Yashma and containing elements of LockBit. Discover how Solidbit's capabilities, execution, what file types it targets, and how to tell if you're been infected.
How to Use Wireshark: Comprehensive Tutorial + Tips
Aug 19, 2022
Learn how to use Wireshark, a widely-used network packet and analysis tool. This tutorial has everything from downloading to filters to packets.
Your Sales Data Is Mission-Critical: Are You Protecting It?
Aug 18, 2022
If you’re like many executives, you might assume your data is secure within those cloud applications. That’s a dangerous assumption, though. Cloud providers are responsible for everything that delivers their application (e.g., their data center); it’s your responsibility to protect the data inside it.
Varonis Maps Cloud Security Alerts to MITRE ATT&CK
Aug 17, 2022
In Varonis’ latest update of DatAdvantage Cloud, we’re layering MITRE ATT&CK tactics and techniques over cloud alerts to aid in faster incident response.
SecurityRWD - How Amazon S3 Object-Tagging Can Put Form Around Flat Storage
Jul 28, 2022
Your favorite Varonis team members Ryan O'Boyle and Kilian Englert will explain how unlike classic storage arrays or traditional file servers, S3 buckets are a linear, flat storage solution, offering data object-tagging to create a sense of hierarchy.
How to Create S3 Buckets in AWS with CloudFormation: Step-by-Step Guide
Jul 22, 2022
Use AWS CloudFormation to create resources such as S3 buckets. Infrastructure as code enables a repeatable, reliable deployment process. Learn more here.
What Is SQL Injection? Identification & Prevention Tips
Jul 22, 2022
SQL injection is a serious open web application security project (OWASP) vulnerability. Learn more about how to combat injection attacks in this article.
What Is a Privacy Impact Assessment (PIA)?
Jul 22, 2022
A privacy impact assessment (PIA) helps firms protect data. Find out about this robust approach to data loss prevention and how to implement your own PIA.
166 Cybersecurity Statistics and Trends [updated 2022]
Jul 08, 2022
These cybersecurity statistics for 2021 are grouped by category and include breaches, costs, crime type, compliance, industry-specific stats, job outlook.
Data Lifecycle Management (DLM): Everything You Need to Know
Jul 08, 2022
Data lifecycle management (DLM) is the process of managing data from creation to deletion. In this article, we’ll cover how DLM works and why you need it.
What is the CIA Triad?
Jul 08, 2022
Learn how the CIA triad can be used to classify, secure, and protect your data.
What Is Network Access Control? Explaining NAC Solutions
Jul 07, 2022
Explore network access control (NAC), a technology aimed at giving organizations more control over who can access their network and with what permissions.
86 Ransomware Statistics, Data, Trends, and Facts [updated 2022]
Jul 05, 2022
Ransomware is one of the most common types of malware used in cyberattacks. Check out these comprehensive ransomware statistics, plus prevention tips.
What is SSPM? Overview + Guide to SaaS Security Posture Management
Jul 01, 2022
SaaS security posture management (SSPM) is an automated solution that helps bolster the protection of all SaaS applications used by organizations.
SOX Compliance Checklist & Audit Preparation Guide
Jun 30, 2022
The Sarbanes-Oxley Act (SOX) requires public U.S. companies meet strict reporting and security standards. Here’s what you need to know to comply with SOX.
IDS vs. IPS: What Organizations Need to Know
Jun 30, 2022
We explore IDS vs. IPS and break down the differences between the two cybersecurity systems. Read on to evaluate using them in your network.
How a Doggo Can Teach You the Difference Between Salesforce Objects and Records
Jun 30, 2022
What can Fido teach you about Salesforce? Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team host a special, goodest boy guest to explain the difference between objects, fields, and records in the popular CRM.
DNS over HTTPS as a covert Command and Control channel
Jun 30, 2022
Learn how DNS over HTTPS (DoH) is being actively used as a Command and Control (C2) channel by threat actors.
What is Red Teaming? Methodology & Tools
Jun 29, 2022
Red teaming simulates real-world hacks on your organization’s data and networks and spotlight vulnerabilities that help organizations strengthen security.
What is a Security Policy? Definition, Elements, and Examples
Jun 29, 2022
A security policy is a document that spells out principles and strategies for an organization to maintain the security of its information assets.
What is Open XDR? Benefits and Security Comparisons
Jun 29, 2022
Learn all about the new open XDR solution and whether it’s the right fit for your organization’s security needs.
What is Traceroute? How It Works and How to Read Results
Jun 25, 2022
Traceroute is a tool to trace the path of an IP packet as it traverses routers locally or globally. It is primarily used for diagnostic and troubleshooting purposes.
Ryuk Ransomware: Breakdown and Prevention Tips
Jun 25, 2022
Ryuk ransomware targets large organizations and spreads with deadly speed. Learn about the strain and how to prevent your company from becoming a victim.
What is an Insider Threat? Definition and Examples
Jun 24, 2022
Insider threats are internal risks to cybersecurity and data — learn more about insider threats, indicators, and how to detect them and prevent breaches.
Evil Twin Attack: What it is, How to Detect & Prevent it
Jun 24, 2022
The evil twin attack takes advantage of public WiFi connections. Learn how to prevent it from reaching you and your devices.
How to Paint the Complete Picture of Salesforce Objects and Fields
Jun 22, 2022
Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team explain why — when it comes to understanding what Salesforce objects and fields a user can access — all levels of entitlements need to be taken into consideration to gain a holistic view of what the user can do (or cannot) do in Salesforce.
Anatomy of a LockBit Ransomware Attack
Jun 17, 2022
A detailed case study of the exact techniques and methods that threat actors used in a real-life ransomware attack.
What is Cyber Espionage? Complete Guide with Protection Tips
Jun 16, 2022
Cyber espionage is the unauthorized use of computer networks to access privileged information. Read on to learn more about this growing worldwide problem.
Rogue Shortcuts: LNK'ing to Badness
Jun 16, 2022
Learn how threat actors continue to manipulate Windows shortcut files (LNKs) as an exploit technique.
Varonis Adds Data Classification Support for Amazon S3
Jun 15, 2022
Varonis bolsters cloud security offering with data classification for Amazon S3.
Group Policy Objects (GPOs): How They Work & Configuration Steps
Jun 15, 2022
Group Policy Objects (GPOs) let system admins control and implement cybersecurity measures from a single location. Learn about GPOs and how they work here.
Data Protection Guide: How To Secure Google Drive for Your Business
Jun 15, 2022
Does your company store, handle, or transmit confidential data in Google Drive? Learn about security, encryption, and data protection in Google Workspace.
So I Creep: Aggregating Salesforce Permissions Can Add up to Excessive Risk
Jun 10, 2022
Salesforce entitlements go beyond object and record access — they can give users the ability to perform actions within Salesforce as well. Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team discuss how the combination of Salesforce profiles, permission sets, and permission set groups can grant users far greater rights than were intended.
What Is Data Governance? Framework and Best Practices
Jun 07, 2022
Data Governance helps organize, secure, and standardize data for all types of organizations. Learn more about data governance frameworks here.
ISO 27001 Compliance Guide: Essential Tips and Insights
Jun 03, 2022
Looking to earn ISO 27001 compliance? Learn about this widely known information security standard, what’s in it, and how to become certified in this post!
NIST 800-53: Definition and Tips for Compliance
Jun 03, 2022
Learn best practices for adopting and implementing the NIST 800-53 framework, a compliance standard for federal agencies and partners.
NIST 800-171 Compliance Checklist and Terminology Reference
Jun 02, 2022
Government contractors who handle Controlled Unclassified Information (CUI) must be NIST 800-171 compliant. Use this checklist as a complete reference.
How to Prepare for a Salesforce Permissions Audit
Jun 02, 2022
In this post, I'll walk you through what a Salesforce audit is, how permissions work, and provide tips on how you can prepare.
SEC Cybersecurity Disclosure Requirements’ Impact on Your Business
Jun 01, 2022
New SEC regulations may change how public companies disclose hacks, breaches, and cyber incidents. Here’s everything you need to know.
Spoofing, and SaaS Vanity URLs, and Social Engineering... Oh My!
May 25, 2022
Kilian Englert and Ryan O'Boyle discuss the recent discovery by Varonis researchers of risks in vanity URL validation, and share what to do to prepare your organization for if (or more likely when) a user accidentally discloses credentials.
89 Must-Know Data Breach Statistics [2022]
May 20, 2022
These 2022 data breach statistics cover risk, cost, prevention and more — assess and analyze these stats to help prevent a data security incident.
SecurityRWD – Getting Started With Salesforce Entitlements
May 19, 2022
Kilian Englert and Ryan O'Boyle from Varonis dive into the Salesforce interface, cover the basics of navigation, and share what to look for when performing a manual Salesforce entitlement review.
Why Every Cybersecurity Leader Should ‘Assume Breach’
May 16, 2022
Any system, account or person at any time can be a potential attack vector. With such a vast attack surface, you need to assume attackers will breach at least one vector.
Spoofing SaaS Vanity URLs for Social Engineering Attacks
May 11, 2022
SaaS vanity URLs can be spoofed and used for phishing campaigns and other attacks. In this article, we’ll showcase two Box link types, two Zoom link types, and two Google Docs link type that we were able to spoof.
Bad Rabbit Ransomware
May 06, 2022
Bad Rabbit is a ransomware strain that spread via hacked websites, infected systems via a fake Adobe installer and held encrypted files for Bitcoin.
SecurityRWD - Salesforce as a file server? You bet.
Apr 25, 2022
Did you know Salesforce isn't limited to just, well, sales? This leading CRM platform can function as a data repository for critical industries ranging from healthcare to finance. Listen in as Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team share their reasoning for thinking about Salesforce as a data store, and tell you what you should consider if tasked with securing it.
Hive Ransomware Analysis
Apr 19, 2022
Learn how Hive ransomware exploits public servers, spreads through your network, encrypts sensitive files, and exports victims for cryptocurrency.
SecurityRWD - Introduction to AWS Lambda
Apr 12, 2022
Join Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team as they discuss AWS's serverless computing platform, Lambda. Find out what the Lambda functions allow for, see an everyday example of how it all comes together, and learn why it's so important for organizations to monitor Lambda's behavior within the entire Amazon Web Service ecosystem.
How to Use Volatility for Memory Forensics and Analysis
Apr 12, 2022
This article will cover what Volatility is, how to install Volatility, and most importantly how to use Volatility.
CCSP vs. CISSP: Which One Should You Take?
Apr 07, 2022
Get an overview of the CCSP and CISSP exams and learn which certification is best for you and your career.
SecurityRWD – GitHub Secret-Scanning Could Create False Sense of Security
Apr 07, 2022
Microsoft recently announced they would be adding another layer of security to their popular code repository, GitHub, by scanning for "secrets" (API tokens, access keys, etc. inadvertently saved in the platform). However, as Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team discuss, this positive first step shouldn't lull developers into a false sense of security. Listen in to hear why it's so important not to let your guard down when securing critical cloud apps and data.
SecurityRWD - Introduction to AWS Elastic Compute Cloud (EC2)
Apr 07, 2022
Concerning headlines about threat groups targeting major security and technology vendors are keeping more than a few security and IT professionals up at night. Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team discuss why advanced attackers target technology like SSO and why organizations must "assume" breach. Watch now for helpful tips to harden your environment and protect your data.
What is the NIST Cybersecurity Framework?
Apr 06, 2022
Learn how you can implement the NIST cybersecurity framework within your own organization.
12 Group Policy Best Practices: Settings and Tips for Admins
Apr 04, 2022
Group Policy configures settings, behavior, and privileges for user and computers. In this article, you’ll learn best practices when working with Group Policy.
Your Guide to Simulated Cyberattacks: What is Penetration Testing?
Mar 31, 2022
Penetration testing simulates a real-world cyber-attack on your critical data and systems. Here’s what penetration testing is, the processes and tools behind it, and how pen testing helps spot vulnerabilities before hackers do.
What is Terraform: Everything You Need to Know
Mar 30, 2022
Terraform is an infrastructure-as-code (IaC) solution that helps DevOps teams manage multi-cloud deployments. Learn about what is Terraform, the benefits of IaC, and how to get started.
Defending Your Cloud Environment Against LAPSUS$-style Threats
Mar 29, 2022
Varonis breaks down the recent LAPSUS$ hacks and provides best practices for defending your cloud environment against LAPSUS$ style threats
How to Use Ghidra to Reverse Engineer Malware
Mar 21, 2022
An overview of the malware analysis tool Ghidra. This article covers how to install and navigate the Ghidra interface.
What Is a Botnet? Definition and Prevention
Mar 18, 2022
Learn why botnets can be so dangerous and what your organization can do to protect your IoT devices and network.
SecurityRWD - Introduction to AWS Simple Storage Service (S3)
Mar 17, 2022
Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team compare and contrast Amazon Web Services S3 to traditional on-prem storage systems. Listen in as the team discusses how AWS S3 goes beyond basic data storage, and enables programmatic access to apps and services inside and outside the AWS environment.
Is this SID taken? Varonis Threat Labs Discovers Synthetic SID Injection Attack
Mar 11, 2022
A technique where threat actors with existing high privileges can inject synthetic SIDs into an ACL creating backdoors and hidden permission grants.
ContiLeaks: Ransomware Gang Suffers Data Breach
Mar 04, 2022
Conti, a prolific ransomware group, has suffered a leak of both internal chat transcripts and source code being shared by a reported Ukrainian member
SecurityRWD - Introduction to AWS Identity and Access Management (IAM)
Mar 04, 2022
Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team compare and contrast Amazon Web Services Identity and Access Management against a traditional on-prem setup with Active Directory. Listen in as the team discusses how AWS IAM goes beyond simple user and group management to creating an entire network and defining access to network resources and infrastructure.
SecurityRWD - Introduction to AWS Services
Mar 01, 2022
Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team kick off a new series diving into the various services found under the AWS umbrella. In this video, they introduce and provide an overview of some of the core services including IAM, S3, and EC2.
Ransomware-as-a-Service Explained: What is RaaS?
Feb 25, 2022
Ransomware as a service (RaaS) is an emerging and potent cybersecurity threat to all organizations. If you’re unaware of how RaaS works, your system is potentially at risk. What RaaS is and how to guard against it.
Common Types of Malware
Feb 25, 2022
This piece covers the various types of malware that are available and their characteristics.
Varonis adds SSPM functionality to DatAdvantage Cloud
Feb 23, 2022
SaaS misconfigurations can unintentionally expose valuable corporate data. The new Insights Dashboard from Varonis helps you find and fix these security gaps.
SecurityRWD - Abusing Power Automate to Exfiltrate Data from Microsoft 365
Feb 18, 2022
Kilian Englert and Ryan O'Boyle from Varonis explore how a powerful, built-in tool called Power Automate can be configured to automatically exfiltrate data out of Microsoft 365 environments and what organizations can do to detect it..
SecurityRWD - Microsoft 365 Makes Collaboration Easy – Almost Too Easy
Feb 15, 2022
Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team examine different types of sharing in Microsoft 365, and what really happens behind the scenes.
Identify and Investigate Business Email Compromise (BEC) Scams
Feb 10, 2022
In this post, we'll review how to spot Business Email Compromise Scams and walk you through an investigation with Varonis.
SecurityRWD - What Happens When You Create A Microsoft Team?
Feb 09, 2022
Microsoft Teams seems like a straightforward collaboration platform, but the deceptive simplicity hides the true complexity lurking just under the surface.
Ransomware Year in Review 2021
Feb 03, 2022
In this post, we dive into six ransomware trends that shaped 2021.
Using Power Automate for Covert Data Exfiltration in Microsoft 365
Feb 02, 2022
How threat actors can use Microsoft Power Automate to automate data exfiltration, C2 communication, lateral movement, and evade DLP solutions.
SecurityRWD – Understanding Salesforce Entitlements
Feb 01, 2022
Kilian and Ryan O'Boyle from the Varonis Cloud Architecture team cover what Secure Access Service Edge (SASE) is all about, and dive into other security considerations organizations should keep in mind when looking to "decentralize" their network architecture.
BlackCat Ransomware (ALPHV)
Jan 26, 2022
Varonis has observed the ALPHV (BlackCat) ransomware, actively recruiting new affiliates and targeting organizations across multiple sectors worldwide.
Varonis 8.6: Control Collaboration Chaos in Microsoft 365
Jan 25, 2022
Varonis is excited to announce Varonis Data Security Platform 8.6, with enhanced data security for Microsoft 365 to help find and fix collaboration risks.
What Every CEO Should Know About Modern Ransomware Attacks
Jan 24, 2022
How To Make Yourself A Tougher Cybersecurity Target
Mixed Messages: Busting Box’s MFA Methods
Jan 18, 2022
Varonis Threat Labs discovered a way to bypass multi-factor authentication (MFA) for Box accounts that use an SMS code for login verification.
Threat Update 73 - What is a Cloud Access Security Broker (CASB)?
Jan 14, 2022
Kilian and Ryan O'Boyle from the Varonis Cloud Architecture team cover what Secure Access Service Edge (SASE) is all about, and dive into other security considerations organizations should keep in mind when looking to "decentralize" their network architecture.
Threat Update 72 - What is SaaS Security Posture Management (SSPM)?
Jan 11, 2022
Kilian and Ryan O'Boyle from the Varonis Cloud Architecture team cover what Secure Access Service Edge (SASE) is all about, and dive into other security considerations organizations should keep in mind when looking to "decentralize" their network architecture.
Threat Update 69 - What is Secure Access Service Edge (SASE)?
Dec 15, 2021
Kilian and Ryan O'Boyle from the Varonis Cloud Architecture team cover what Secure Access Service Edge (SASE) is all about, and dive into other security considerations organizations should keep in mind when looking to "decentralize" their network architecture.
Threat Update 68 - Box MFA Bypass and the Need for Defense in Depth
Dec 09, 2021
Multi-Factor Authentication (MFA) is a critical security control in the increasingly cloud-first world, but like all software, there can be vulnerabilities.
What is an APT?: Advanced Persistent Threat Overview
Dec 08, 2021
Learn how APT threats are targeting more organizations and how to defend against this sophisticated attack.
What is a Brute Force Attack? Definition
Dec 08, 2021
A brute force attack (also known as brute force cracking) is the cyberattack equivalent of trying every key on your key ring, and eventually finding the right one.
Threat Update 67 - Jira Permission Leaks
Dec 03, 2021
Jira can be an interesting attack target for recon, lateral movement, and exfiltration - but it is made all the more dangerous by a simple permissions misconfiguration at the heart of hundreds of exposed Jira instances discovered by the Varonis Threat Research Team.
Bypassing Box's Time-based One-Time Password MFA
Dec 02, 2021
The Varonis research team discovered a way to bypass Box's Time-based One-Time Password MFA for Box accounts that use authenticator applications.
Defend Against Ransomware with the NIST Ransomware Profile
Dec 01, 2021
Learn about the NIST ransomware profile and how it can help defend against ransomware with Varonis.
Threat Update 66 - Not The "Cloud Solution" You Are Expecting
Nov 22, 2021
To celebrate Thanksgiving in the U.S., Kilian and Ryan discuss a solution that contains the closest thing they can find to actual tiny clouds, as well as additional elements necessary...
Threat Update 65 - What is Cloud Security Posture Management (CSPM)?
Nov 19, 2021
Kilian and Ryan O'Boyle from the Varonis Cloud Architecture team cover what a Cloud Security Posture Management (CSPM) is designed to protect, key features and capabilities, as well where it fits into the overall cloud security stack.
How to Monitor Network Traffic: Effective Steps & Tips
Nov 18, 2021
In this article, you will learn how to monitor network traffic using different tools and methods.
No Time to REST: Check Your Jira Permissions for Leaks
Nov 17, 2021
Varonis researchers enumerated a list of 812 subdomains and found 689 accessible Jira instances. We found 3,774 public dashboards, 244 projects, and 75,629 issues containing email addresses, URLs, and IP...
What is Role-Based Access Control (RBAC)?
Nov 17, 2021
Role-Based Access Control (RBAC) is a security paradigm where users are granted access depending on their role in your organization. In this guide, we'll explain what RBAC is, and how to implement it.
What is a Security Operations Center (SOC)?
Nov 17, 2021
What is SOC security? In this article we'll dive into the functions of an SOC and why it's critical for the safety of your company's security and response to cybersecurity incidents.
INVEST in America Act: Billion-Dollar Funding for Cybersecurity
Nov 16, 2021
The INVEST in America Act provides nearly two billion dollars in funding to enhance the nation's cybersecurity. Who should care? State, local, and tribal governments. $1 billion in funding over...
Threat Update 64 - Escaping Einstein's Wormhole
Nov 12, 2021
If your organization created a Salesforce Community prior to Summer 2021 you could accidentally leak sensitive information publicly unless you take steps now to remediate.
Threat Update 63 - Moving To The Cloud Doesn't Mean You Don't Own The Data Risk
Nov 05, 2021
Leveraging cloud solutions can alleviate some legacy infrastructure risks but can bring data protection challenges to the forefront. Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team discuss...
Cloud Applications Put Your Data At Risk - Here's How To Regain Control
Nov 05, 2021
Cloud applications boost productivity and ease collaboration. But when it comes to keeping your organization safe from cyberattacks, they're also a big, growing risk. Your data is in more places...
How to Install and Import Active Directory PowerShell Module
Nov 03, 2021
The Active Directory PowerShell module is a powerful tool for managing Active Directory. Learn how to install and import the module in this detailed tutorial!
Einstein's Wormhole: Capturing Outlook & Google Calendars via Salesforce Guest User Bug
Nov 02, 2021
If your organization uses Salesforce Communities and Einstein Activity Capture, you might have unknowingly exposed your administrator's Outlook or Google calendar events to the internet due to a bug called...
BlackMatter Ransomware: In-Depth Analysis & Recommendations
Nov 02, 2021
CISA has issued a security bulletin regarding the BlackMatter 'big game hunter' ransomware group following a sharp increase in cases targeting U.S. businesses. To mitigate these attacks, it is recommended...
Salesforce Security: 5 Ways Your Data Could be Exposed
Oct 29, 2021
Salesforce is the lifeblood of many organizations - Here are five things you should know about your Salesforce security and how to effectively reduce risk
Update 62 - SaaS Authentication Monitoring Evasion
Oct 29, 2021
Businesses know they need to monitor their SaaS apps, but it's easy to get lulled into a false sense of security if you're relying on authentication monitoring as your only line of defense.
The MITRE ATT&CK Framework: A Comprehensive Guide
Oct 25, 2021
The MITRE ATT&CK framework helps businesses discover which hacker techniques, tactics, and behaviors they're most vulnerable to. Read about how to use ATT&CK for penetration testing within your organization today.
Threat Update 61 - When Work and Home SaaS Use Blurs, Expect the Unexpected
Oct 22, 2021
Businesses can face unexpected risk as the lines between corporate and personal SaaS apps begin to blur - especially as users introduce sensitive or regulated content into a corporate SaaS app.
Abusing Misconfigured Salesforce Communities for Recon and Data Theft
Oct 21, 2021
Our research team has discovered numerous publicly accessible Salesforce Communities that are misconfigured and expose sensitive information.
Illinois Privacy Law Compliance: What You Need to Know
Oct 20, 2021
The Illinois Personal Information Protection Act (PIPA) is designed to safeguard the personal data of Illinois residents. Learn what PIPA is, who it affects, and how to maintain compliance.
Good for Evil: DeepBlueMagic Ransomware Group Abuses Legit Encryption Tools
Oct 19, 2021
A group known as "DeepBlueMagic" is suspected of launching a ransomware attack against Hillel Yaffe Medical Center in Israel, violating a loose "code of conduct" that many ransomware groups operate...
ReConnect - Tackling SaaS Security
Oct 19, 2021
Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team answer audience questions from the Virtual Connect event about how the CISO of a global communications firm approaches cloud security and minimizes risk across a wide variety of cloud platforms.
Password Spraying: What to Do and Prevention Tips
Oct 15, 2021
Using common or overly simplistic passwords can make users and organizations vulnerable to password spraying. Learn what password spraying attacks are, how they work, and what you can do to prevent one.
Threat Update 60 - Abusing Public Salesforce APIs for Fun & Profit
Oct 15, 2021
APIs are designed to facilitate programmatic access for application integrations and data sharing, but simple access misconfigurations in critical solutions like Salesforce can allow attackers to inappropriately access sensitive contacts, records, and more.
gMSA Guide: Group Managed Service Account Security & Deployment
Oct 12, 2021
Learn about Group Managed Service Accounts (gMSAs), a type of managed service account, and how you can secure your on-premise devices.
Lessons from the Twitch Data Leak
Oct 07, 2021
What happened? Increasingly covered by the mainstream press throughout Wednesday, October 6, 2021, the impact of the recent Twitch leak will undoubtedly grow as bad actors take advantage of the...
PeStudio Overview: Setup, Tutorial and Tips
Oct 06, 2021
An overview of the free malware analysis tool PeStudio.
Microsoft LAPS Overview: Setup, Installation, and Security
Sep 28, 2021
Learn the basics of Microsoft LAPS to keep users from gaining unauthorized access to your system. Contact us for help with your data protection needs.
Varonis extends security capabilities to Nutanix Files
Sep 24, 2021
The Varonis Data Security Platform now supports monitoring, alerting, and data classification in Nutanix Files, providing increased visibility and security over unstructured data. Monitor and secure Nutanix Files with Varonis…
The Ultimate Guide to Procmon: Everything You Need to Know
Sep 21, 2021
Knowledge is power when it comes to maintaining a proactive cybersecurity posture. Knowing what’s going on within your systems and monitoring networks for potential issues, hacks, or malware is critical…
Salesforce Security Guide: Best Practices
Sep 21, 2021
Data breaches exposed 36 billion records in the first half of 2020. This number continues to increase as more businesses go online, with more knowledge workers working remotely in 2021….
Threat Update 56 – SSO Imposter: Targeting Box
Sep 20, 2021
In the final part of the series, Kilian Englert and Ryan O’Boyle from the Varonis Cloud Architecture team walk through how attackers could target Box. They investigate how an attacker…
Google Workspace Data Protection Guide & Resources
Sep 16, 2021
Google Workspace, formerly known as G Suite, dominated the office productivity suite space in 2020, with a 59 percent US market share. Businesses worldwide continue to trust Google’s productivity and…
Threat Update 55 – SSO Imposter: Targeting Google
Sep 15, 2021
In part two of this three-part series, Kilian Englert and Ryan O’Boyle from the Varonis Cloud Architecture team investigate how an attacker who compromised a single sign-on admin account can…
Texas Privacy Act: Overview and Compliance Guide
Sep 15, 2021
Many countries, states, and jurisdictions have recently passed — or are planning to pass — legislation to protect the privacy and data rights of consumers. The state of Texas is…
The 2021 Manufacturing Data Risk Report Reveals 1 in 5 Files is Open to All Employees
Sep 14, 2021
Threats against the manufacturing sector continue — from big game ransomware groups that steal victim’s data before encrypting it, to nation-state attackers seeking technology secrets, to company insiders looking for…
Threat Update 54 – SSO Imposter: Intrusion
Sep 07, 2021
Virtually every organization leveraging more than a few cloud offerings has a single sign-on solution to simplify the management of their various cloud apps. With a little careful planning, attackers…
Threat Update 53 – ProxyShell and PetitPotam and Ransomware… Oh My!
Aug 31, 2021
Technology grows, evolves, and changes over time, but most organizations often need to support legacy systems. In the Microsoft world, this typically means keeping legacy authentication protocols like NTLM authentication…
Securing Azure Blob Storage: Set-Up Guide
Aug 25, 2021
Security is vital in today’s cloud-first environment. Cloud services are often enabled to solve an issue quickly, but no one goes back to verify if security best practices have been…
Azure CLI Overview: Setup, Comparison, and Integration Tips
Aug 24, 2021
The Azure CLI is a command-line tool for managing your Azure environment. This article covers the benefits of Azure CLI and how to get started using it!
Introduction to AWS DevOps: Skills + Tools You Need
Aug 24, 2021
Amazon Web Services has capabilities that help you accelerate Devops journey. In this article, we discuss the AWS tools, architecture and how they help organizations increase the ability to deliver and deploy applications at high velocity and better quality.
Threat Update 52 – 2021 SaaS Risk Report
Aug 23, 2021
Cloud solutions have changed the way we do business, allowing organizations to leverage the scale and flexibility of SaaS, and IaaS platforms, and support an increasingly mobile “work from anywhere...
How to Fix Broken Registry Items: Visual Guide and Solutions
Aug 18, 2021
Broken Registry Items can rarely cause a nonfunctional PC, but in many instances attempts to “clean” or optimize the registry will do more harm than good.
Threat Update 51 – LockBit and Insider Threats for Hire
Aug 16, 2021
Organizations face threats from all sides – both external attackers trying to get in, and internal “trusted” employees going rogue. It was only a matter of time before these two...
What is Ransomware? Types and Definitions of Ransomware Attacks
Aug 16, 2021
Ransomware attacks can result in significant loss of data, system functionality, and financial resources. But exactly what is ransomware? Ransomware can take a variety of shapes and forms, not to...
Last Week in Ransomware: Week of August 16th
Aug 16, 2021
This week was a win with REvil and SynACK decryption keys being released, but also saw a rise in PrintNightmare use by ransomware gangs.
Think Your Data Is Secure? Three Questions You Need To Answer Right Now
Aug 11, 2021
As organizations become more data driven, they also store more data in more places and access it in more ways — with phones, tablets and laptops. These ever-connected endpoints serve as gateways to large, centralized troves of sensitive information stored in your data center and in the cloud.
Threat Update 50 – Critical Salesforce Misconfiguration
Aug 11, 2021
Salesforce is the lifeblood of many organizations. The amount of critical, and sensitive information stored within is astronomical – however, there are parts of the solution designed to be accessed by non-corporate users, such as the Community module.
Understand and Implement Azure Monitor for Monitoring Workloads
Aug 09, 2021
You always want your business-critical production applications to run without issues or downtime. To achieve this you need to continuously analyze system logs, monitor your application and their dependent services…
Last Week in Ransomware: Week of August 9th
Aug 09, 2021
This week saw the rise of a new ransomware group called BlackMatter and demonstrated even ransomware groups should worry about disgruntled employees.
Packet Capture: What is it and What You Need to Know
Aug 05, 2021
Packet capture describes the act of capturing IP packets for troubleshooting, security review, or other purposes. It can also be misused for nefarious purposes.
How to Investigate NTLM Brute Force Attacks
Aug 05, 2021
This post explains the process the Varonis IR team follows to investigate NTLM Brute Force attacks, which are common incidents reported by customers.
Your Comprehensive Guide to Salesforce Shield
Aug 04, 2021
Salesforce Shield provides an excellent suite of tools for Salesforce data security. This guide explains why it might be the right choice for your enterprise security needs.
What is Two-Factor Authentication (2FA) and Why Should You Use It?
Aug 04, 2021
Learn why 2FA is one of the most effective cybersecurity tools you can use across your organization.
What is Threat Modeling and How To Choose the Right Framework
Aug 04, 2021
Learn why threat modeling is necessary for protecting your organization and how to choose the right framework for your specific needs.
Threat Update 49 – SeriousSAM & Black Hat 2021
Jul 30, 2021
Cybersecurity folks find themselves in a “Zero-Daze” as they get hit with another new 0-day attack, called SeriousSAM, that allows attackers to get access to the Windows Security Account Manager (SAM) file containing hashed account passwords from a system.
2021 SaaS Risk Report Reveals 44% of Cloud Privileges are Misconfigured
Jul 29, 2021
Cloud apps make collaboration a breeze, but unless you’re keeping a close watch on identities, behavior, and privileges across each and every SaaS and IaaS you rely on, you’re a sitting duck.
Memory Forensics for Incident Response
Jul 26, 2021
When responding to a cybersecurity incident I’ve always found memory forensics to be a great skill to have. By capturing the memory of a compromised device you can quickly perform…
What is PSD2 Compliance and What Does it Mean for Your Business?
Jul 26, 2021
The PSD2 regulation for the EU encourages financial innovation while also mandating better safeguards for consumers. Read about PSD2 compliance and what it means for your business.
Last Week in Ransomware: Week of July 26th
Jul 26, 2021
This week REvil Ransomware had a universal decryption key appear out of thin air and the US has accused China of ProxyLogon.
Threat Update 48 - Using Google to Spot Exposed Data in the Cloud
Jul 23, 2021
Cloud data stores like Box and Google Workspace make sharing and collaborating easy and convenient. However, there can be hidden risks.
What is a Brute Force Attack?
Jul 20, 2021
A brute force attack (also known as brute force cracking) is the cyberattack equivalent of trying every key on your key ring, and eventually finding the right one. The most basic brute force attack is a dictionary attack, where the attacker works through a dictionary of possible passwords and tries them all.
What is PCI Compliance: Requirements and Penalties
Jul 20, 2021
PCI compliance provides businesses with guidance on protecting customer credit card information and cut down on credit card fraud. Read on to find out how to protect your company from fines and breaches.
Threat Update 47 – Ransomware Early Warning: Data Exfiltration
Jul 19, 2021
Thought ransomware couldn’t get any worse? Ransomware gangs are now stealing victim’s data before unleashing ransomware – forcing victims to pay up or deal with the fallout when attackers post…
Last Week in Ransomware: Week of July 19th
Jul 19, 2021
This past week hasn't seen quite as much activity as others, likely due to the new ransomware task force created in the US and the mysterious disappearance of REvil and other gangs.
Data Migration Guide: Strategy Success & Best Practices
Jul 19, 2021
Wondering what you need to know about data migration? Our guide to success will provide you with all the information you're looking for!
Threat Update 46 – Ransomware Early Warning: Data Discovery
Jul 09, 2021
Ransomware gangs are in it for the payout. To ensure maximum “conversion” rates for their victims to pay up, they often try to find as much sensitive or valuable data to steal before unleashing an attack and encrypting the victim's data.
Everything You Need to Know About Cyber Liability Insurance
Jul 07, 2021
Cyber insurance is a necessary component of any IT or cybersecurity department responsible for protecting the assets, data, reputation, and bottom line of a company in the face of cybersecurity…
No overhead. Just outcomes.