The ability to monitor file access activity across file shares residing on NAS and Windows devices represents both a tremendous gap and opportunity for organizations looking to identify threats, achieve compliance, and streamline operations. Unfortunately, most organizations can’t answer the most basic questions surrounding data activity, and it ultimately boils down to a handful of […]

Ransomware is a form of malware currently taking the world by storm. Take for instance the headlines this month about a Kentucky hospital being struck down by a virulent strain, essentially halting all use of company equipment and websites until the malware could be quarantined. Think of ransomware in terms of your data being held […]

I never considered myself a runner. I am your typical IT guy. I like hot wings, beer, and video games. Information security was something that I had an interest in at a young age, but running? No. That could possibly involve sweating. So why I am writing a blog about security and how it relates […]

RSA gets bigger every year. More vendors, sessions, and people flooded the halls of Moscone Center. The conference came from humble beginnings to the now largest security conference in the world. What was RSA 2016 like you are wondering? It was special. We celebrated the twenty fifth anniversary of the conference and you could feel […]

Interest in IAM solutions has increased substantially over the past few years, as the perpetrators of many high profile breaches have exploited stolen credentials to steal sensitive data and inflict damage on their victim organizations. And, as the popularity of IAM solutions has increased, the solutions are evolving. Once one-size-fits-all IAM products forced their customers’ […]

I read an article the other day about Advanced Persistent Threats vs. Targeted Attacks. It had some insightful information that got me thinking about hackers of today. I think we all can agree that the word hack or hacker has changed since its inception. One of my favorite movies back in the 90’s was called […]

Authentication-based attacks remain a primary concern for many of our clients no matter the size or sector of their organization. While knowledge of these threats has increased, understanding the risk factors – and how to remediate them – has not. Most attacks are premised on stealing data for financial gain, and obtaining access is only […]

Access governance ‘in the cloud’ can be no different than access governance in general. For most organizations, at minimum, the same levels of controls will be required that were in force before the service was transitioned to a cloud-based offering. Adoption of Office 365, Dropbox and similar cloud services requires translating access governance concepts such […]

Data is like a precious metal to a business. Like any precious metal it has to be found, extracted, valued, and refined before it can be truly useful. Understanding how precious data is to an organization leads us down the path of needing to know who has access to what data within the organization. The […]

If you’ve heard the terms “lateral movement” or “golden tickets” recently, you might be wondering what they were referring to, and maybe not even realized they had anything to do with computer security. They are in fact references to the new breed of ‘Advanced Persistent Threats’ (APT) which have come to prominence as a result […]