Has My Information Been Compromised? Probably!

Has My Information Been Compromised? Probably!

It’s your worst fears come true. You try to log onto your LinkedIn account. Maybe it’s Tumblr or even your Dropbox profile. Perhaps you’ve been thawed out after being cryogenically frozen for the last 10 years and attempt to access a new, Tom-less Myspace. But all of them return an error. Your password has been changed. Spam messages start flowing from your hijacked account, flooding your news feed with offers for certain ‘enhancement’ pills. What other information did you have…

Read More Read More

5 Steps to Building a Successful Data Access Governance (DAG) Program

5 Steps to Building a Successful Data Access Governance (DAG) Program

In listening to Adam Rosen’s recent webinar, I learned that nearly 60 percent of security breaches involve the theft of unstructured data.[i] And, only 12 percent of organizations are confident they can detect a breach involving unstructured data.[ii] Given that 80% of an organization’s data is unstructured,[iii] is it any wonder a hacker was able to steal login credentials and personal information from Sony, including Sylvester Stallone’s social security number? Going Rambo won’t protect you. What will is a successful…

Read More Read More

Political Hacks (The Cyber Kind): Colin Powell and the DNC

Political Hacks (The Cyber Kind): Colin Powell and the DNC

In politics, information is power. Just one small comment or suggestion from a candidate or figure held in high esteem can potentially sway entire elections. Politicians also hold access to a treasure trove of sensitive information, not intended for the masses. That’s why Hillary Clinton’s private server fiasco is such a big deal in the eyes of many. But with the leaks of the Democratic National Committee (DNC) emails, and more recently, the hack of Colin Powell’s account, can we really…

Read More Read More

STEALTHbits ProTip: Where Did My File Go?

STEALTHbits ProTip: Where Did My File Go?

“Where did my file go?” With File System Activity in place for StealthAUDIT, this question can be answered easily within the Access Information Center. Not only can we identify what happened to the file, we can sometimes even show you where it ended up. The options menu while viewing an Activity Details Report in the AIC has a Target Path checkbox that, when enabled, can show moves and renames: *Due to monitoring limitations this can only be seen when the…

Read More Read More

Market Trends: Data Access Governance

Market Trends: Data Access Governance

Excessive access to unstructured data is pervasive in enterprise file environments around the world. In a recent report, 62% of the business users surveyed reported having access to content they should not be able to view. In light of recent breaches, malware attacks, and insider theft, many organizations now recognize that Access Governance is critical to protecting their businesses. Here are a few of the top reasons companies are getting serious about implementing a least-privileged approach. Ransomware: Ransomware attacks have…

Read More Read More

Agent Hardening locks it down for STEALTHbits

Agent Hardening locks it down for STEALTHbits

Over the years, I’ve had the privilege of attending many trade shows and conventions; some better than others. However, one thing remains the same – meeting interesting people. As a vendor, you attend expecting to be the one showing people how things are done. More often than not, though, this becomes a two-way conversation and I go home with plenty of new and exciting ideas to be thinking about. This year’s Black Hat USA in Las Vegas was no exception. Logs,…

Read More Read More

Delta Airlines, Stuxnet, and the Internet of Things

Delta Airlines, Stuxnet, and the Internet of Things

We live in a very connected world, and it’s only becoming more connected. Every day I see more and more commercials etching us further toward the “home of the future.” Not long ago would it have been unthinkable to see commercials for a Wi-fi enabled refrigerator complete with a massive touch screen (presented by America’s favorite celebrity couple) or a thermostat controlled by your phone. Now, not a day goes by that I don’t see Alec Baldwin pitching an Amazon…

Read More Read More

What’s New in StealthAUDIT v7.2?

What’s New in StealthAUDIT v7.2?

A “dot” release has never packed a bigger punch! The latest release of StealthAUDIT is all about what it should be; controlling and securing credentials and data. Attackers – whether internal or external – are after at least one of these two things, but usually both.  They continue to slip past the perimeter with relative ease, and once they do, operate undetected and largely unencumbered while they map out the environment and infect system after system like a digital cowbird….

Read More Read More

Who, What, Where, When, LDAP

Who, What, Where, When, LDAP

Who’s talking to my Active Directory? What is LDAP? Active Directory, ADAM and AD-LDS.  Microsoft’s implementation of directories that follow the X.500 standard.  Referred to as Lightweight Directory Access Protocol, or LDAP to the layman: A directory tree Domain Hierarchy Objects consisting of various attributes Users, Groups, Computers Attributes have a type, a name and a value(s) Name, sAmaccountName, Description, SIDHistory Sets of attributes make up the schema Windows 2012 r2 Forest Functional Level Each object must be unique and…

Read More Read More

STEALTHbits ProTip: Entitlement Reviews for Sensitive Data

STEALTHbits ProTip: Entitlement Reviews for Sensitive Data

Entitlement Reviews are a great way to get feedback from your business owners, and now with StealthAUDIT 7.2 we can now also canvas these same business owners for Sensitive Data Reviews. There are two optional settings to consider enabling before beginning a Data Review process. The first option is to enable the collection of File Level Details by the 1-FSAA System Scans query, to record file sizes, last modified times, and ownership and permissions data for the files scanned. This…

Read More Read More