Browsed by
Author: Jeff Hill

Locking the Vault with IAM Visibility

Locking the Vault with IAM Visibility

Imagine a large bank. Security cameras continuously and meticulously record every movement in the bank lobby, employees’ offices, entrances and exits, and even in the custodial supplies storage area. Access to these areas is carefully monitored and controlled via restricted badges and other means. But there’s not a single camera in the vault where the safe deposit boxes and cash reserves are housed, and access to the vault is not monitored or restricted in any meaningful way. This scenario is,…

Read More Read More

Need Access to Sensitive Information? Just Ask!

Need Access to Sensitive Information? Just Ask!

My mom always said it never hurts to ask, and it looks like the Magnolia Healthcare hacker’s mom did so as well. I gotta admit, as a hacker, you work hard for your ill-gotten booty. You meticulously design phishing emails so realistic that victims can’t help but be enticed to click on the poisonous links. You then install credential-stealing software on the unsuspecting victim’s laptops, and establish surreptitious command and control channels through which you can execute your sophisticated attack….

Read More Read More

The Easiest Blog I’ve Ever Written

The Easiest Blog I’ve Ever Written

British Prime Minister Benjamin Disraeli famously said, “There are three kinds of lies: lies, damned lies, and statistics.” In the enterprise software security world, one of those regularly-quoted statistics is that authentication-based attacks factored into about four of every five breaches involving hacking (2012 Verizon Data Breach Report). Indeed, here at STEALTHbits, we use it all the time. The question, of course, is whether the statistic reflects reality, or it’s manufactured for the benefit of Godless security software vendors as…

Read More Read More

Sex and Spear Phishing

Sex and Spear Phishing

On the heels of NFL divisional playoff weekend, a football analogy may be in order. We football fans love the 50-yard pass. It’s exciting. It showcases the extraordinary athleticism of both the receivers and the cornerbacks tasked with defending the nearly indefensible. It’s sexy. But the consensus among football coaches is that games are won and lost on the defensive and offensive lines, where, let’s just say, flashy and sexy are not the first adjectives that come to mind. Tying…

Read More Read More

Is Your Data Overly Sensitive?

Is Your Data Overly Sensitive?

Here’s a line I’m sure our competitors would like to take out of context: STEALTHbits is not in the business of protecting data. We’re actually in the business of protecting sensitive data. Of course, this may be a distinction without a difference. In today’s data security environment, it seems like just about everything could be sensitive under the right circumstances. Come on, Jeff. No one cares if the bad guys penetrate the network and make off with pictures from the…

Read More Read More

Data vs. Information

Data vs. Information

The Securities and Exchange Commission is responsible for, among other duties, enforcing insider trading laws. In so doing, it needs to know which trades are suspiciously profitable and warrant investigation, and which are routine. In other words, they need valuable information. Each day, millions of securities trades are completed, and each one is meticulously recorded in a database somewhere. The SEC has access to all that data… And it’s worthless. It takes sophisticated algorithms that, I can only guess, employ…

Read More Read More

Who’s In My Mailbox?

Who’s In My Mailbox?

Understanding who is opening another user’s mailbox is an integral Compliance requirement within any regulated institution. Whether Security needs to monitor executive mailboxes for users probing for information on confidential material, or find the Exchange administrators taking advantage of their elevated mailbox support rights, it is pertinent to have a single consolidated view that highlights these access violations. Data leakage can cause both financial and reputational damage to an organization. The business, with the IT team, needs to come together…

Read More Read More

STEALTHbits vs. Varonis Without the Hyperbole

STEALTHbits vs. Varonis Without the Hyperbole

Let’s face it. Varonis has smart people. STEALTHbits has smart people. Varonis doesn’t have super-secret technology that only their smart people can develop, and neither does STEALTHbits. The difference between the two solutions lies in corporate history, market philosophy, and, frankly, a real-time security capability Varonis simply doesn’t offer. History History is powerful. The remnants of decisions made somewhat arbitrarily a thousand years ago still impact us today. Think about it. Some say the modern military salute derives from medieval…

Read More Read More

Who. When. What

Who. When. What

In the original Wall Street movie (1987), an ambitious Bud Fox (Charlie Sheen) literally buys an office building cleaning company so he can gain access to sensitive, nonpublic information on which he can profit from illegal stock trades. He dons a cleaning company supervisor uniform, brings a small camera and hand-held portable copier, and begins surreptitiously searching through file cabinets for financial information, merger and acquisition legal documents, and other data that will give him a leg up in the…

Read More Read More

Taking Insider Threat as Serious as the FBI and DHS

Taking Insider Threat as Serious as the FBI and DHS

This week the FBI and DHS issued a “Public Service Announcement” about insider threat. I’ve written a lot about insider threat over the years. It’s always been something that needs more focus and attention than it gets. In part, this is because it doesn’t make as sexy a headline as “Hacker Steals Everything!!!” Certainly, there have been a lot of those lately. I go see customers and we’re there specifically to talk about things relevant to insider threat: employee access,…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.