Featured content

We take well over a trillion photographs a year, upload hundreds of hours of video a minute, and commit search queries tens of thousands of times per second. The sheer amount of data that companies save is staggering and growing exponentially year-over-year.

A core security principle and perhaps one of the most important lessons you’ll learn as a security pro is AHAT, “always have an audit trail”. Why? If you’re ever faced with a breach, you’ll at least know what, where, and when. And some laws and regulations require audit trails as well.

Penetration testing allows you to answer the question, “How can someone with malicious intent mess with my network?” Using pen-testing tools, white hats and DevSec professionals are able to probe networks and applications for flaws and vulnerabilities at any point along the production and deployment process by hacking the system.

The coronavirus crisis presents a perfect storm for attackers. Routines have been upended, employees are remote, and many will work on unpatched personal devices. It only takes one compromised remote employee to turn your business continuity plan on its head.

Varonis sees the highest number of VPN and O365 events ever recorded across customer base.

The Varonis Security Research team recently investigated an ongoing crypto mining infection that had spread to nearly every device at a mid-size company. Analysis of the collected malware samples revealed a new variant, which the team dubbed “Norman” that uses various techniques to hide and avoid discovery. We also discovered an interactive web shell that may be related to the mining operators.

We have discovered and reverse engineered another new strain of Qbot, a sophisticated, well-known type of malware that collects sensitive data, such as browser cookies, digital certificate information, keystrokes, credentials, and session data from its victims to commit financial fraud.

As the name suggests, data loss prevention (DLP) is a framework designed to provide visibility into data use across your organization so that you can implement policies to safeguard against data theft, loss, or misuse. DLP capabilities include classification, encryption, surveillance, and policy enforcement to help prevent data loss.

Endpoint security is the discipline of locking down any element of an organization that is capable of obtaining internal access to resources such as databases or servers. It is a broad topic that forces cybersecurity professionals to look at every possible access route that a hacker might take in launching an attack.

National Cybersecurity Awareness Month comes around every October, but you shouldn’t rely on one month being enough to drive home the importance of cybersecurity to your employees. You should promote security awareness and cybersecurity best practices year-round. In order to help you kick off or continue your awareness program, we’ve put together a variety of cybersecurity memo templates for employees. These memos cover topics like phishing and whaling, password practices, file and folder permissions, as well as templates for different experience levels.

Hackers do their homework when picking a target, often relying on information left publically exposed to make decisions about how to attack. Whether an OSINT researcher is a hacker looking for vulnerabilities to exploit or an analyst assessing exposure, their core task is to combine public data into an intimate understanding of a business target.

A SOC is an outsourced office that is completely dedicated to analyzing traffic flow and monitoring for threats and attacks. In today’s world of cyberattacks and data breaches, companies of all sizes need to place an emphasis on securing their technology assets. But due to budget constraints and competing priorities, many organizations can’t afford to employ a full-time in-house IT security team. The smart solution to this problem is to look at partnering with a SOC or security operations center.