5 Essential Steps to EU GDPR – Part 5: GDPR The Ticking Time Bomb

5 Essential Steps to EU GDPR – Part 5: GDPR The Ticking Time Bomb

At the time of writing this blog, there are 378 days, 8 hours until the GDPR comes into force. That’s 54 weeks or approximately 270 weekdays, not considering public holidays. Surely plenty of time to get everything in place and ensure your business is compliant. Right? Wrong! Let me back this up by putting some context around the various elements discussed in the previous blogs in this series. The GDPR Project Obviously, no two organisations are identical so for the sake of…

Read More Read More

Lucky 13: WannaCry Ransomware and EU GDPR

Lucky 13: WannaCry Ransomware and EU GDPR

WannaCry Ransomware and GDPR 13 Months. That is the number of months (from the time of this writing) separating the #WannaCry attack from being not just a massive information security “incident” but the single largest test of the EU General Data Protection Regulation (GDPR). We are not going to focus on the WannaCry ransomware in this post though. If you’re interested in my technical breakdown, you can read my previous post. Today, I want to double-click past the malware and…

Read More Read More

What you need to know about the WannaCry Ransomware

What you need to know about the WannaCry Ransomware

WannaCry / Wcry / WannaCrypt Ransomware A large-scale cyber attack (WannaCry ransomware) that began on May 13th has already infected over 230,000 computers in 150 countries, demanding ransom payments in 28 languages – these numbers continue to grow and given the patch for the vulnerability being exploited is only two months old, we are likely to see these numbers increase. The perpetrators of the attack are not yet known, however, the origins are. The infection vector was made “wormable” or…

Read More Read More

Amazon Echoes, Fitbits, and Fuzzy Handcuffs – Another Reflection on the Internet of Things

Amazon Echoes, Fitbits, and Fuzzy Handcuffs – Another Reflection on the Internet of Things

I’m Going to Start This Blog out With a Story The other weekend my roommate and I had some company over to our apartment. It was like any other Friday night – friends chatting, music playing, and a few adult beverages being passed around. However, as we were leaving to go out to the bars, one of our guests decided it would be hilariously funny to play a little prank. Unbeknownst to me, he used the voice ordering feature on…

Read More Read More

StealthAUDIT 8.0: Active Directory Permissions Analyzer

StealthAUDIT 8.0: Active Directory Permissions Analyzer

Active Directory Permissions The release of StealthAUDIT 8.0 delivers enhanced Active Directory (AD) Permissions analysis capabilities. This is welcome news to the over 90% of organizations that use Active Directory to control who can access their network and resources. I say welcome because there are so many different ways to grant privileged access to AD and no easy way to see all these permissions in one place with native tools. Permissions Analyzer That’s where comes StealthAUDIT for Active Directory –…

Read More Read More

STEALTHbits ProTip: 3 Steps to Control Local Administrator Access

STEALTHbits ProTip: 3 Steps to Control Local Administrator Access

Controlling Local Administrator Access Local administrative access is necessary for IT staff to perform tasks like installing software and fixing server and desktop issues. Often users outside IT also end up with local admin rights so they too can install software on their own machines or make other configuration changes. However, many organizations lack processes for monitoring and maintaining the local admin groups that control these rights. This gap creates a serious security risk. All it takes is one employee…

Read More Read More

Automate Least Privilege Access with Resource-Based Groups

Automate Least Privilege Access with Resource-Based Groups

The success of any Data Access Governance program starts with implementing a resource-based groups provisioning workflow by automating the least privilege access model. StealthAUDIT 8.0 automates the application of least privilege access control across file systems in bulk and at scale. By converting existing access control lists to a resource-based group security model and revoking excessive privileges, StealthAUDIT programmatically protects data from exfiltration and ransomware.   A Resource-Based Group model is the easiest to manage and most suitable for facilitating…

Read More Read More

Top 10 Ways to Identify and Detect Privileged Users by Randy Franklin Smith

Top 10 Ways to Identify and Detect Privileged Users by Randy Franklin Smith

Privileged users are the penultimate goal of cyberattacks. Once attackers have privileged access, it’s only a small step to the information they want to steal. Cybercriminals leverage tools such as malware and phishing scams to gain a foothold within your organization, looking for ways to access and utilize credentials. In “wash, rinse, repeat” fashion, attackers patiently claw and scrape their way from first gaining access to a low-level local account all the way up to getting the highest privileged accounts…

Read More Read More