Introducing StealthAUDIT 11.5! Complete your cloud security puzzle. LEARN MORE
Stealthbits

INSIDER THREAT SECURITY BLOG

And other things that keep you up at night

Blog >Search

Featured Blog

The Growth of Global Data Privacy Laws – Beyond GDPR & CCPA

| Dan Piazza | | Leave a Comment
The push for data privacy has exploded in recent years, with regulations such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) leading the charge. This means consumers around the globe are gaining rights regarding how their data is collected, stored, and sold, as well as more ways to hold companies accountable when poor data security practices lead to data breaches involving their personally identifiable information (PII)…

NTFS File Streams – What Are They?

NTFS file streams, also known as alternate data streams (ADS), are part of every file, as well as directories (folders), in a Windows NTFS volume.  NTFS files and folders are comprised of attributes one of which is $Data.  The content we normally associate with a file such as the text in a .txt file or the executable code in a .exe file is stored in the ‘default’ $Data attribute or ‘stream’.  The name string of this default attribute is empty (set to “”) thus it is often referr…

Data Subject Access Requests (DSAR) – How to Prepare & Respond

| Dan Piazza | | Leave a Comment
A term popularized by the EU’s General Data Protection Regulation (GDPR), a Data Subject Access Request, also known as a DSAR, is an individual’s right to request information on personally identifiable information (PII) an organization has gathered about them, how that organization is using that data, and who that data has been shared with. PII includes names, social security numbers, phone numbers, behavioral data, and more; pretty much anything that can be used to identify a specific indivi…

Types of Azure Storage: Blobs, Files, Queues, Tables, & Disks

Azure Storage is Microsoft’s cloud platform for scalable, modern data storage. If the number of options overwhelms you, then keep reading. Each Azure storage offering will be broken down into simple terms, while also addressing other things to consider when choosing a solution. To make things easier for users, Azure Storage offerings are: Cloud-basedDurableHighly availableSecureScalableManagedAccessible However, there’s not just one storage solution that fits all workflows. First, we…

Pro Tip – StealthINTERCEPT DB Maintenance Best Practices

It is important to monitor the size of the NVMonitorData SQL database that is used by StealthINTERCEPT (SI) to store the event data it collects. In production environments, the event dataset can grow significantly over time.  If left unchecked this DB growth will lead to excessive disk space usage and slowing performance over time inserting new event data.  In addition, users can encounter slow performance reporting data via either the SI Console or the Web Reporting modul…

What is an Access Link in SharePoint Online?

This is what it looks like to create an access link, in this blog I will explain which settings affect what options are available on these link creation pages. SharePoint is all about collaboration and sharing, and in the SharePoint Online cloud, giving access to resources is a bit different than the traditional method of giving a user or group access to something. In SharePoint Online access is primarily controlled via Access Links which can b…
NIST Password Guidelines in 2020

NIST Password Guidelines in 2020

| Dan Piazza | | Leave a Comment
What are NIST Password Guidelines? Since 2014, the National Institute of Standards and Technology (NIST, a U.S. federal agency) has issued requirements and controls for digital identities, including authentication, passwords (known as “memorized secrets”), and more via Special Publication 800-63B. The latest revision (rev. 3) was released in 2017, with updates as recent as 2019. Revision 4 is currently open for comment and review, however, revision 3 is still the standard as of the time of…

Lateral Movement to the Cloud with Pass-the-PRT

There are several well-documented ways attackers and malware can spread laterally across Windows servers and desktops.  Approaches like pass-the-ticket, pass-the-hash, overpass-the-hash, and Golden Tickets continue to be effective lateral movement techniques.  Lateral movement has become increasingly present in targeted ransomware threats, such as Ryuk and WastedLocker.  And as if that wasn’t enough to worry about, new research has …

Securing gMSA Passwords

| Kevin Joyce | | Leave a Comment
Abusing gMSA Passwords to Gain Elevated Access gMSA Recap If you’re not familiar with Group Managed Service Accounts (gMSA), you can review my last post which gave a high-level overview of how they work. In case you need a quick recap, a gMSA is a special Active Directory object used for securely running automated tasks, services and applications. The most important thing to note about these accounts, which plays into to their increased security, is the automatically generated…

Passwordless Authentication with Windows Hello for Business

| Jeff Warren | | Leave a Comment
Passwords are everywhere and nobody likes them.  Not only are they a pain to remember and manage, but they also continue to be a primary source of data breaches.  This affects companies whether they are storing their data in the cloud or on-premises. According to the 2020 Verizon DBIR, 77% of cloud breaches involved stolen and compromised credentials. Clearly, passwords aren’t great and there are better ways of doing things. Smartphones and tablets have moved away from passwords …

Subscribe

DON’T MISS A POST. SUBSCRIBE TO THE BLOG!


Loading

© 2022 Stealthbits Technologies, Inc.

Start a Free Stealthbits Trial!

No risk. No obligation.

FREE TRIAL