Data Mapping in the age of GDPR – Unknown Application Workflows

Data Mapping in the age of GDPR – Unknown Application Workflows

When the enemy is already inside Security breaches is a fact of life. Employees click on links in phishing emails, web applications get compromised, weak passwords get guessed, and insiders misuse their privileges. As a matter of fact, internal actors play a role in every 4th breach according to the latest 2017 Data Breach Investigations Report from Verizon (http://www.verizonenterprise.com/verizon-insights-lab/dbir/). Once the enemy is within the external defenses it is critical to protect the internal data and the business operations. Not…

Read More Read More

STEALTHbits Introduces Automated Machine Learning to Data Access Governance at NetApp Insight

STEALTHbits Introduces Automated Machine Learning to Data Access Governance at NetApp Insight

STEALTHbits CTO, Jonathan Sander, recently returned from a road trip across the U.S. where he met with several customers. One of them remarked that finding sensitive data across his organization was like trying to find Waldo in the children’s book series, Where’s Waldo. The customer went on to say, ‘Even if we find it, we don’t have a foolproof way of keeping our sensitive information safe.’ He’s not the only one facing this dilemma. Organizations that have successfully implemented a…

Read More Read More

File System Attacks

File System Attacks

Credentials Are the Means to Attack Data If you’ve been reading the attack blog series until now, you’ve seen we have focused on attacks against Active Directory – like attacking core AD infrastructure, leveraging AD service accounts to attack, attacking AD with misconfigured permissions, and our series on Mimikatz attacks. Of course, AD is the hub for so much access to data in any organization that it may feel like those attacks actually compromise everything else. Today we’re kicking off…

Read More Read More

Stealing Sensitive Data One User at a Time: The Unlikely Headline

Stealing Sensitive Data One User at a Time: The Unlikely Headline

Sensitive Data Attacks vs. Typical Headlines As I write this, you are likely reading something about the Equifax breach. The attention it is getting is well-deserved. So many millions of personal records and sensitive data exposed are always a cause for concern. However, it feeds an unhealthy cycle. Huge breaches happen when attackers break a web application—or get lucky with phishing and pull a huge spreadsheet off the first desktop they hit. This causes the press to believe that all…

Read More Read More

STEALTHbits ProTip: Identifying Active Directory Attacks

STEALTHbits ProTip: Identifying Active Directory Attacks

Identifying Active Directory Attacks Hacking Active Directory is most often associated with the process of elevating domain user access to domain admin access.  Monitoring domain controller events can help identify when this process has started. The first phase of any attack is reconnaissance.  The attacker must learn about the environment to identify high-value targets.  For Active Directory, this starts with LDAP queries. StealthINTERCEPT has built-in policies for monitoring LDAP queries to determine if an attacker has started to map out…

Read More Read More

The 180 Days Are Over: NYS DFS Cybersecurity Regulation – 23 NYCRR 500

The 180 Days Are Over: NYS DFS Cybersecurity Regulation – 23 NYCRR 500

The New York State Department of Financial Services (NYS DFS), announced 23 New York Code Rules and Regulations 500 (23 NYCRR 500), a cybersecurity regulation for all financial institutions doing business in New York. Today marks the end of the first major deadline for this regulation, 180 days after going into effect on March 1, 2017. By now, financial institutions doing business in New York should have a cybersecurity program, cybersecurity policies, a Chief Information Security Officer (CISO), access privileges,…

Read More Read More

From Botnets to DACL Backdoors: A Journey through Modern Active Directory Attacks – Part I

From Botnets to DACL Backdoors: A Journey through Modern Active Directory Attacks – Part I

Active Directory DACL Backdoors In my last blog post, we examined Active Directory (AD) backdoors and how to defend against them. The botnets’ primary communication mechanism relied on abusing AD attributes. Once established, these botnets allow attackers to communicate across internal security controls, exfiltrate data—and most importantly—gain a foothold that is very difficult to detect and remove. All accomplished without one line of malicious code. Now that’s a real life advanced persistent threat…only it isn’t as advanced as nation-state style…

Read More Read More

STEALTHbits ProTip: Filter out Event Noise with STEALTHbits File Activity Monitor (SFAM)

STEALTHbits ProTip: Filter out Event Noise with STEALTHbits File Activity Monitor (SFAM)

STEALTHbits File Activity Monitor The STEALTHbits File Activity Monitor has multiple configuration options to filter out noisy event operations from file servers. For example, Windows® native logs are typically big offenders when it comes to logging these noise events, creating more than 200 log entries when a user creates, reads, modifies, and then saves a file. The sFAM utility filters those operations into a more human-readable, event audit trail for those file operations. The sFAM utility also includes many scoping…

Read More Read More

Prevent Data Theft with File Activity Monitoring

Prevent Data Theft with File Activity Monitoring

Preventing Data Theft with File Activity Monitoring If you ask most folks who pay attention to cybersecurity what the recent big-name breaches and headline-grabbing malware have in common, you would get many answers. Some would say they were next-generation ransomware like NotPetya or WannaCry. Others would say that the HBO and Sony breaches started with a phishing email and ballooned from there. Even more would say that next-generation firewalls should have helped but didn’t. While these are all true, they…

Read More Read More