Open Access or unrestricted file share access is an inevitable condition that exists in most, if not all, enterprise environments. Many organizations create ‘Open Shares’ to allow end users an easy way to access resources. What is an Open Share? These shares are open in the sense that access to them is unrestricted at both the Share and NTFS levels, meaning most end users can access them. This is achieved by the use of ‘Open Access Groups’ such as the…
The EU GDPR took the world by storm, upping the compliance ‘ante’, causing other countries to follow suit in protecting consumer privacy. While the United States hasn’t implemented any federal regulation of this sort, many states have begun to implement their own regulations at the state level. For California, the clock has already begun ticking with the California Consumer Privacy Act, a GDPR like regulation with a compliance timeline of January 1st, 2020. The CCPA introduces sweeping legislation providing consumers…
The New York Department of Financial Services released the NYDFS Cybersecurity Regulation (23 NYCRR 500) in 2017, a set of regulations which place cybersecurity requirements on all DFS regulated entities. This regulation was put into effect at a time where cybersecurity threats are growing, with players coming from nation states such as Russia, to independent criminal actors, or even terrorist organizations. The goal of this regulation is to not only protect customer information but to also protect a company’s own…
Note: This is the 4th and final blog of our File System security series. Check out the first three: 1) NetApp File Activity Monitoring, 2) Windows File Activity Monitoring, 3) Challenges with Native File System Access Auditing. Sign up now for my live webinar “Challenges with Relying on Native File System Logging“. Register now. In the final post of this 4 part blog series, we will take a closer look at file access auditing on an EMC Isilon file system leveraging…
Note: This blog is the third in a 4 part series, followed by a webinar to review all the challenges with File System access auditing. Sign up now for the webinar “Challenges with Relying on Native File System Logging“. Register now. In our last post, we walked through configuring file access auditing on a Windows File server and explored some of the common challenges with data interpretation. In this post, we will take a similar look at file access auditing on…
Note: This blog is the second in a 4 part series, followed by a webinar to review all the challenges with File System access auditing. Sign up now for the webinar “Challenges with Relying on Native File System Logging“. Register now. In our first post of the series, we discussed some of the challenges with native file system access auditing techniques, from the configuration all the way to one’s ability to easily understand the resultant data. In this post, we will…
Note: This blog is the first in a 4 part series, followed by a webinar to review all the challenges with File System access auditing. Sign up now for the webinar “Challenges with Relying on Native File System Logging“. Register now. An organization’s ability to efficiently and effectively capture file level access is paramount in order to not only proactively prevent data breaches or attacks, but to respond in the event your data has already been compromised. Often times, we…
Data security is more important than ever. Some of your most important information resides within databases, so devising a sound database security and auditing strategy is a must. CSO published an article earlier this year listing the top 16 security breaches of the century based on how much risk or damage the breach caused. Out of these 16 attacks, databases were at the heart of at least 4, including the Heartland Payment Systems breach in March of 2008, the result…
