Browsed by
Author: Farrah Gamboa

Farrah Gamboa is a Director of Technical Product Management at STEALTHbits Technologies. She is responsible for building and delivering on the roadmap of STEALTHbits products and solutions. Since joining STEALTHbits in 2012, Farrah has held multiple technical roles, including Scrum Master and Quality Assurance Manager. Farrah holds a Bachelor of Science degree in Industrial Engineering from Rutgers University
Using the AIP Scanner to Discover Sensitive Data
Using The AIP Scanner to Discover Sensitive Data

Using The AIP Scanner to Discover Sensitive Data

Comments 0 Comment

Azure Information Protection is Microsoft’s solution to classify, label, and protect sensitive documents. The AIP scanner runs as a Windows service and can be used to protect on-premise documents within the following data stores: Local Folders where the scanner service is configured Network shares that use the SMB protocol Document Libraries and Folders for SharePoint 2013-SharePoint 2019 By default, the AIP scanner client uses Windows IFilters to identify sensitive content within documents and supports the following file types: Application type…

Read More Read More

Advanced Data Security Features for Azure SQL- Part 3 Advanced Threat Protection
Advanced Data Security Features for Azure SQL- Part 3: Advanced Threat Protection

Advanced Data Security Features for Azure SQL- Part 3: Advanced Threat Protection

Comments 0 Comment

In my last blog post, we took a look at the Vulnerability Assessment within the Advanced Data Security (ADS) offering for Azure SQL. In my final blog post of the series, we will take a deep dive into the Advanced Threat Protection features. VIEW PART 1 HERE VIEW PART 2 HERE Advanced Threat Protection for Azure SQL Databases provides administrators with immediate visibility into potential threats such as suspicious database activities, potential vulnerabilities, SQL injection attacks, as well as anomalous…

Read More Read More

Advanced Data Security Features for Azure SQL- Part 2 Vulnerability Assessment
Advanced Data Security Features for Azure SQL- Part 2: Vulnerability Assessment

Advanced Data Security Features for Azure SQL- Part 2: Vulnerability Assessment

Comments 0 Comment

In my last blog post, we took a look at the Data Discovery & Classification features within the Advanced Data Security (ADS) offering for Azure SQL. In this blog post, we will take a deep dive into the Vulnerability assessment. The SQL Vulnerability assessment provides administrators with a streamlined approach to identify and even remediate potential security misconfigurations or vulnerabilities within their Azure SQL databases. The Vulnerability Assessment is a scanning service that contains a set of built-in rules based…

Read More Read More

Advanced Data Security Features for Azure SQL- Part 1 Data Discovery & Classification
Advanced Data Security Features for Azure SQL- Part 1: Data Discovery & Classification

Advanced Data Security Features for Azure SQL- Part 1: Data Discovery & Classification

Comments 0 Comment

Azure SQL provides DBA’s with an easy and efficient means of standing up relational database services for their cloud and enterprise applications. As with any database platform, security remains a top concern and has not been overlooked by Microsoft with the variety of security features available in Azure SQL, including those offered through the Advanced Data Security package. The Advanced Data Security package for Azure SQL provides administrators with a single go-to location for discovering and classifying data, assessing and…

Read More Read More

Least Privilege Access – A Pragmatic Approach Using Resource-Based Groups
Least Privilege Access – A Pragmatic Approach Using Resource-Based Groups

Least Privilege Access – A Pragmatic Approach Using Resource-Based Groups

Comments 0 Comment

At STEALTHbits, we often describe Active Directory as holding ‘the keys to the kingdom’. It stores the users and groups that grant access to an organization’s most sensitive information and should be protected for this very reason.  From an access management perspective, most administrators will stand behind the best practice of assigning access to groups instead of users. This is because it not only makes administration and management of this access more efficient for them but also has real benefits…

Read More Read More

The Open Share Epidemic

The Open Share Epidemic

Comments 0 Comment

Open Access or unrestricted file share access is an inevitable condition that exists in most, if not all, enterprise environments. Many organizations create ‘Open Shares’ to allow end-users an easy way to access resources. What is an Open Share? These shares are open in the sense that access to them is unrestricted at both the Share and NTFS levels, meaning most end users can access them. This is achieved by the use of ‘Open Access Groups’ such as the built-in…

Read More Read More

What is the California Consumer Privacy Act (CCPA)?

What is the California Consumer Privacy Act (CCPA)?

Comments 0 Comment

The EU GDPR took the world by storm, upping the compliance ‘ante’, causing other countries to follow suit in protecting consumer privacy. While the United States hasn’t implemented any federal regulation of this sort, many states have begun to implement their own regulations at the state level. For California, the clock has already begun ticking with the California Consumer Privacy Act (CCPA), a GDPR like regulation with a compliance timeline of January 1st, 2020.   The CCPA introduces sweeping legislation providing…

Read More Read More

NYDFS Regulation
What is the NYDFS Cybersecurity Regulation?

What is the NYDFS Cybersecurity Regulation?

Comments 0 Comment

The New York Department of Financial Services released the NYDFS Cybersecurity Regulation (23 NYCRR 500) in 2017, a set of regulations that place cybersecurity requirements on all DFS regulated entities. This regulation was put into effect at a time where cybersecurity threats are growing, with players coming from nation-states such as Russia, to independent criminal actors, or even terrorist organizations. The goal of this regulation is to not only protect customer information but to also protect a company’s own assets. …

Read More Read More

EMC File Activity Monitoring

EMC File Activity Monitoring

Comments 0 Comment

Note: This is the 4th and final blog of our File System security series. Check out the first three: 1) NetApp File Activity Monitoring, 2) Windows File Activity Monitoring, 3) Challenges with Native File System Access Auditing. Sign up now for my live webinar “Challenges with Relying on Native File System Logging“. Register now. In the final post of this 4 part blog series, we will take a closer look at file access auditing on an EMC Isilon file system leveraging…

Read More Read More

NetApp File Activity Monitoring

NetApp File Activity Monitoring

Comments 0 Comment

Note: This blog is the third in a 4 part series, followed by a webinar to review all the challenges with File System access auditing. Sign up now for the webinar “Challenges with Relying on Native File System Logging“. Register now. In our last post, we walked through configuring file access auditing on a Windows File server and explored some of the common challenges with data interpretation. In this post, we will take a similar look at file access auditing on…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.

Privacy Preference Center

      Consent Management

      privacy-policy

      You have read and agreed to our Privacy Policy

      Necessary

      Advertising

      Analytics

      Other