Category: Insider Threat Security Blog

Read the original article: How to Install TLS/SSL Certificates in NetApp Clustered Data ONTAP HTTPS has definitively become the default and expected method for internet and web app communications that transmit sensitive data, taking the place of the insecure HTTP.…

Read more →

Read the original article: How to Install TLS/SSL Certificates in NetApp Clustered Data ONTAP HTTPS has definitively become the default and expected method for internet and web app communications that transmit sensitive data, taking the place of the insecure HTTP.…

Read more →

Read the original article: Is Privileged Access Management in Need of a Fresh New Approach? Software products to address privileged access have been around for 20 years. From Password Vaulting to Proxy Servers to Dedicated Administrative Accounts, popular Privileged Access…

Read more →

Read the original article: Where do My Files Sent Using Teams Chat Go? Do you know what happens when you share a file via a Microsoft Team’s – Team Chat? That file is not just saved in the Teams chat…

Read more →

Read the original article: Server (Un)Trust Account Active Directory persistence through userAccountControl manipulation I’ve been doing some research on group Managed Service Accounts (gMSAs) recently and reading the MS-SAMR protocol specification for some information. I happened to stumble across some…

Read more →

Read the original article: ProTip: How to Setup User Activity & Server Logon Scan in StealthAUDIT for Oracle Now that you have been using StealthAUDIT for Oracle for a while, you might be wondering how to squeeze more value out…

Read more →

Read the original article: What is Privacy by Design? In this era of big data, it is in an organization’s best interest to seek to safeguard their critical data assets, especially sensitive data, to the best of their ability. However,…

Read more →

Read the original article: Data Privacy and Security are Two Sides of the Same Coin Two things can be inherently related, even though they are thought of differently. Examples abound, from tragedy and comedy, to fear and elation. Many pairs…

Read more →

Read the original article: Data Privacy Essentials: #1 – Don’t Put Your Data at Risk. #2 – Don’t Forget #1 In my last blog, I stated that “data security can be achieved without data privacy, but you can’t effectively fulfill…

Read more →

Read the original article: How to Join Linux Hosts to Active Directory Using realmd & SSSD This blog uses apt commands in its examples (for Debian-based distros like Ubuntu, Kali, Mint, etc.), however, examples have also been tested with yum/dnf…

Read more →

Read the original article: Public Role in SQL Server Roles in relational databases make it easier to grant and revoke privileges from multiple users at once.  Multiple users can be grouped into one or more roles in a database. Rather…

Read more →

Read the original article: Easily Prevent More Breaches by Simply Preventing Bad Passwords A recent cyber-attack on the Canadian government was successful because of a well-known attack technique, credential stuffing. If you’re not familiar, credential stuffing is just taking credentials…

Read more →

Read the original article: The Growth of Global Data Privacy Laws – Beyond GDPR & CCPA The push for data privacy has exploded in recent years, with regulations such as the EU’s General Data Protection Regulation (GDPR) and the California…

Read more →

Read the original article: NTFS File Streams – What Are They? NTFS file streams, also known as alternate data streams (ADS), are part of every file, as well as directories (folders), in a Windows NTFS volume.  NTFS files and folders…

Read more →

Read the original article: Data Subject Access Requests (DSAR) – How to Prepare & Respond A term popularized by the EU’s General Data Protection Regulation (GDPR), a Data Subject Access Request, also known as a DSAR, is an individual’s right…

Read more →

Read the original article: ‘Just-in-Time’ (JIT) – What Does it Mean and How Does it Get Misused? Just-in-Time, JIT, or just plain old ‘Just in Time’; however you say it, we all understand its meaning – “at time requested” –…

Read more →

Read the original article: Types of Azure Storage: Blobs, Files, Queues, Tables, & Disks Azure Storage is Microsoft’s cloud platform for scalable, modern data storage. If the number of options overwhelms you, then keep reading. Each Azure storage offering will…

Read more →

Read the original article: Using PowerShell Cmdlets with StealthINTERCEPT 7.1 StealthINTERCEPT 7.1 ships with a library of cmdlets for PowerShell (PS) which allows PS scripts to perform a majority to the configuration and control tasks normally carried out by the…

Read more →

Read the original article: Pro Tip – StealthINTERCEPT DB Maintenance Best Practices It is important to monitor the size of the NVMonitorData SQL database that is used by StealthINTERCEPT (SI) to store the event data it collects. In production environments,…

Read more →

Read the original article: What is an Access Link in SharePoint Online? This is what it looks like to create an access link, in this blog I will explain which settings affect what options are available on these link creation pages. SharePoint is all…

Read more →

Read the original article: NIST Password Guidelines in 2020 What are NIST Password Guidelines? Since 2014, the National Institute of Standards and Technology (NIST, a U.S. federal agency) has issued requirements and controls for digital identities, including authentication, passwords (known…

Read more →

Read the original article: Lateral Movement to the Cloud with Pass-the-PRT There are several well-documented ways attackers and malware can spread laterally across Windows servers and desktops.  Approaches like pass-the-ticket, pass-the-hash, overpass-the-hash, and Golden Tickets continue to be effective lateral…

Read more →

Read the original article: Securing gMSA Passwords Abusing gMSA Passwords to Gain Elevated Access gMSA Recap If you’re not familiar with Group Managed Service Accounts (gMSA), you can review my last post which gave a high-level overview of how they…

Read more →

Read the original article: Passwordless Authentication with Windows Hello for Business Passwords are everywhere and nobody likes them.  Not only are they a pain to remember and manage, but they also continue to be a primary source of data breaches. …

Read more →

Read the original article: Data Security vs Data Privacy Data is quite possibly the most critical asset within any organization and is at the heart of most, if not all, cyberattacks. Organizations struggle to implement the appropriate processes to ensure…

Read more →

Read the original article: Back to “The Basics” Blog Series – Part 3: Privileged Access Webinar Preview: Back to “The Basics” – Pragmatic advice from Gavin Ashton, author of “Maersk, me, & notPetya” Part 3 – Privileged Access This is…

Read more →

Read the original article: Back to “The Basics” Blog Series – Part 3: Privilege Access Webinar Preview: Back to “The Basics” – Pragmatic advice from Gavin Ashton, author of “Maersk, me, & notPetya” Part 3 – Privilege Access This is…

Read more →

Read the original article: Public Roles in Oracle Roles in relational databases make it easier to grant and revoke privileges from multiple users at once.  Multiple users can be grouped into one or more roles in a database. Rather than…

Read more →

Read the original article: How to Use Native SharePoint Online and OneDrive Activity Auditing If you are a security analyst, engineer, admin, or otherwise responsible for protecting the personal and private data of employees and customers – the following 3 statistics should…

Read more →

Read the original article: PROTIP: Policy Registration & Managing StealthINTERCEPT via PowerShell and Editing StealthDEFEND Investigations & Categorizing Playbooks There are actually four (4) ProTips in this blog (Click below to go to one you want): Multiple Policy Registration in…

Read more →

Read the original article: Stealthbits Detects More Threats & Reduces Attacker Dwell Time with New Capabilities Cyberattacks and data breaches are simply too common, with nearly 4,000 confirmed data breaches reported in the latest 2020 Verizon Data Breach Investigations Report.…

Read more →

Read the original article: Back to “The Basics” Blog Series – Part 2: Active Directory Part 2 – Active Directory This is the second part of a three part series on Maersk, me, & notPetya, a blog post by Gavin…

Read more →

Read the original article: Back to “The Basics” Blog Series – Part 2: Active Directory Part 2 – Active Directory This is the second part of a three part series on Maersk, me, & notPetya, a blog post by Gavin…

Read more →

Read the original article: Stealthbits Detects More Threats & Reduces Attacker Dwell Time with New Capabilities Cyberattacks and data breaches are simply too common, with nearly 4,000 confirmed data breaches reported in the latest 2020 Verizon Data Breach Investigations Report.…

Read more →

Read the original article: What Is Kerberos? What is it?   Kerberos is an authentication protocol enabling systems and users to prove their identity through a trusted third-party. The protocol was initially developed at the Massachusetts Institute of Technology (MIT) as part of a larger project called Project Athena. Project Athena was a joint initiative of MIT,…

Read more →

Read the original article: EU-US Privacy Shield Revoked: What This Means for EU-US Commercial Data Transfers Europe’s top court, the Court of Justice of the European Union, recently struck down the EU-US data privacy arrangement known as Privacy Shield, which…

Read more →

Read the original article: Back to “The Basics” Blog Series Webinar Preview: Back to “The Basics” – Pragmatic advice from Gavin Ashton, author of “Maersk, me, & notPetya” Part 1 – Ransomware The origins of modern ransomware trace back all…

Read more →

Read the original article: A History of Passwords The following blog post was created using an excerpt from the Stealthbits Technologies/emt Distribution presentation “Prioritizing Password Security with Troy Hunt: The Good, the Bad, and the Ineffective”. Please see here to…

Read more →

Read the original article: How to Hide API Keys, Credentials, & Authentication Tokens on GitHub With the rise of open-source, more and more public repositories are being hosted on GitHub. In fact, back in 2018 GitHub celebrated 100 million live repositories, and things have only…

Read more →

Read the original article: What is Data Lifecycle Management? Data Lifecycle Management (DLM) can be defined as the different stages that the data traverses throughout its life from the time of inception to destruction. Data lifecycle stages encompass creation, utilization, sharing, storage, and deletion.  Each stage of…

Read more →

Read the original article: What is the SigRed vulnerability in Windows DNS Server? What is it? SigRed, CVE-2020-1350, is a remote code execution vulnerability in the Microsoft Windows DNS server that was publicly disclosed on July 14, 2020, by Israeli…

Read more →

Read the original article: A Guide to California Consumer Privacy Act (CCPA) Compliance in 2020 The California Consumer Privacy Act was signed into law in 2018 and went into effect on January 1st, 2020. With the EU’s GDPR paving the way, CCPA has a significant impact on how enterprises…

Read more →

Read the original article: A Guide to California Consumer Privacy Act (CCPA) Compliance in 2020 The California Consumer Privacy Act was signed into law in 2018 and went into effect on January 1st, 2020. With the EU’s GDPR paving the way, CCPA has a significant impact on how enterprises…

Read more →

Read the original article: What are Group Managed Service Accounts (gMSA)? High Level Overview of GMSAs Group Managed Service Accounts Overview Group Managed Service Accounts (gMSA) were introduced in Windows Server 2016 and can be leveraged on Windows Server 2012…

Read more →

Read the original article: The Importance of Updating Your Breach Password Dictionary With breaches and cyber-attacks continually increasing every year, a constant stream of compromised passwords finds their way to the dark web for purchase and use. This should NOT…

Read more →

Read the original article: PROTIP: How to Update the “Have I Been Pwned” (HIBP) Breach Dictionary in StealthINTERCEPT Enterprise Password Enforcer and StealthAUDIT ALERT: If you are NOT a StealthINTERCEPT Enterprise Password Enforcer or StealthAUDIT customer, view this blog for…

Read more →

Read the original article: What is Sensitive Data? Sensitive data is a term that we hear quite often these days, especially as it relates to the plethora of data privacy laws that have been introduced over the past several years.…

Read more →

Read the original article: Windows Remote WMI Security Primer for the Faint-Hearted StealthAUDIT, a best in its class Data Access Governance (DAG) tool utilizes Windows Management Instrumentation (WMI) extensively to gather various pieces of information from the targeted Windows servers. …

Read more →

Read the original article: Auditing Administrator Access Rights Identifying Administrative Privileges Across IT Resources Accounts with administrative and elevated privileges are necessary for both business and IT functions, but also represent a significant risk to your organization. Privileged credentials in…

Read more →

Read the original article: Auditing Administrator Access Rights Identifying Administrative Privileges Across IT Resources Accounts with administrative and elevated privileges are necessary for both business and IT functions, but also represent a significant risk to your organization. Privileged credentials in…

Read more →

Read the original article: Improving the Accuracy of Detecting Deleted Resources In the File Systems Data Collector for StealthAUDIT, we collect various types of information about files and folders including permissions, file size, activity data, sensitive data, etc. One of…

Read more →

Read the original article: Improving the Accuracy of Detecting Deleted Resources In the File Systems Data Collector for StealthAUDIT, we collect various types of information about files and folders including permissions, file size, activity data, sensitive data, etc. One of…

Read more →

Read the original article: Stealthbits Named Innovation Leader in New KuppingerCole Leadership Compass for PAM The privileged access management (PAM) market is heating up! According to the 2020 KuppingerCole Leadership Compass for PAM there are roughly 40 vendors in the…

Read more →

Read the original article: Stealthbits Named Innovation Leader in New KuppingerCole Leadership Compass for PAM The privileged access management (PAM) market is heating up! According to the 2020 KuppingerCole Leadership Compass for PAM there are roughly 40 vendors in the…

Read more →

Read the original article: Migrating Azure Information Protection (AIP) Classic Labels to Unified Labels Azure Information Protection (AIP) is Microsoft’s cloud-based solution for classifying and, optionally, protecting sensitive documents and emails in both cloud and on-prem environments. AIP is a…

Read more →

Read the original article: Reduce PAM Switching Costs With Bring-Your-Own-Vault – Leverage Your Existing Password Vault Why Do Many PAM Deployments Fail or Fall Short of Expectations? Complexity and optimism of scalability. Fail may be too strong of a word,…

Read more →

Read the original article: Reduce PAM Switching Costs With Bring-Your-Own-Vault – Leverage Your Existing Password Vault Why Do Many PAM Deployments Fail or Fall Short of Expectations? Complexity and optimism of scalability. Fail may be too strong of a word,…

Read more →

Read the original article: Announcing StealthAUDIT 10.0 – Mitigating Security Risks On-Premises and in the Cloud Let’s face it – security professionals struggle to keep up with and defend their organizations against the wide variety of tactics, techniques, and procedures…

Read more →

Read the original article: An Amazon Macie Alternative If you’re storing data in Amazon S3 (Simple Storage Service) buckets, it’s highly likely you’ve taken a look at Amazon Macie. If you’re new to the AWS ecosystem, Macie is a tool…

Read more →

Read the complete article: An Amazon Macie Alternative If you’re storing data in Amazon S3 (Simple Storage Service) buckets, it’s highly likely you’ve taken a look at Amazon Macie. If you’re new to the AWS ecosystem, Macie is a tool…

Read more →

Read the complete article: Announcing StealthAUDIT 10.0 – Mitigating Security Risks On-Premises and in the Cloud Let’s face it – security professionals struggle to keep up with and defend their organizations against the wide variety of tactics, techniques, and procedures…

Read more →

Multi-factor Authentication (MFA) is a great way to increase security on web applications, remote desktop sessions, VPN, and virtually anywhere a user can log into. By introducing one or more additional factors into the authentication process you can prove somebody actually…

Read more →

Data breach. There are fewer times that two simple words invoke so many fearful thoughts in the mind of a C-level executive. How did it happen? What was taken? What are we going to do? Who was responsible? There are…

Read more →

Data breach. There are fewer times that two simple words invoke so many fearful thoughts in the mind of a C-level executive. How did it happen? What was taken? What are we going to do? Who was responsible? There are…

Read more →

As part of a sound security structure, one of the most basic things a company can do is implement a principle of least privilege model within their organization. This blog will explain what this means and how this security model…

Read more →

As part of a sound security structure, one of the most basic things a company can do is implement a principle of least privilege model within their organization. This blog will explain what this means and how this security model…

Read more →

The industrial revolution began in the late 18th century and revolutionized the manufacturing process; in a similar manner, the digital revolution happening now is fundamentally changing the way that organizations conduct business. The Digital revolution is all about the digital…

Read more →

If you have ever surfed the web, you have almost certainly encountered browser cookies among your digital travels. Although for some they may be a nuisance, for the majority browser cookies are an essential part of the internet experience, often…

Read more →

If you have ever surfed the web, you have almost certainly encountered browser cookies among your digital travels. Although for some they may be a nuisance, for the majority browser cookies are an essential part of the internet experience, often…

Read more →

Just-in-time (JIT) is the latest new buzz word in the world of Privileged Access Management (PAM). ‘Just-In-Time Access’, ‘Just-In-Time Privilege’, ‘Just-In-Time Privilege Access’ an internet search brings up a multitude of vendors offering clickbait as to why their solution is…

Read more →

Typically, security is improved at the expense of convenience. Two-factor Authentication disrupts a user for another authentication factor in addition to a password. Signing-in and getting a guest badge with the lobby security guard before meeting a prospective client may be secure but is not very convenient. I…

Read more →

Microsoft Azure offers different variations of the SQL databases that can be deployed based on the workload and complexity requirements as follows: Azure SQL Databases – This is a fully managed SQL database engine created using the latest version of…

Read more →

SMBGhost What Happened? This week, Microsoft accidentally published information around a newly identified vulnerability in SMBv3, which is being dubbed SMBGhost. This vulnerability can lead to remote code execution on the server, which is always a major concern as far…

Read more →

StealthAUDIT for Oracle can monitor database user activity in all your Oracle databases. In addition, it can also enumerate and report on user permissions, database configuration, conduct a vulnerability assessment and can help you discover and report on sensitive data…

Read more →

What is Changing? In March, Microsoft will be releasing a patch that includes new audit events, additional logging, and some changes to group policy settings. Later in 2020, Microsoft will be changing the behavior of the default values for LDAP…

Read more →

What is Changing? In March, Microsoft will be releasing a patch that includes new audit events, additional logging, and some changes to group policy settings. Later in 2020, Microsoft will be changing the behavior of the default values for LDAP…

Read more →

In parts 1 and 2 of this blog series, we introduced the key elements of a storage reclamation program and dove deeply into 5 key capabilities that would be needed.  In this last blog, we pull all of the guidance…

Read more →

In part 1 of this series, we explained that there are 5 key capabilities needed for a successful file cleanup project, and discussed Capability 1 – File Discovery, and 2 – Sensitive data discovery.  In this second blog we pick…

Read more →

In part 1 of this series, we explained that there are 5 key capabilities needed for a successful file cleanup project, and discussed Capability 1 – File Discovery, and 2 – Sensitive data discovery.  In this second blog we pick…

Read more →

Discovery Solution for Microsoft’s March 2020 Update Lightweight Directory Access Protocol (LDAP) – How did we get here? 20 years ago, I embarked on the fantastical journey that was migrating from NT4 to Active Directory. This is also when I…

Read more →

Data Access Governance (DAG) has many different types of use cases, with most falling into three main categories: data security, regulatory compliance, and operational efficiency.  There has been a lot written about security due to the increasing frequency of ransomware…

Read more →

Data Access Governance (DAG) has many different types of use cases, with most falling into three main categories: data security, regulatory compliance, and operational efficiency.  There has been a lot written about security due to the increasing frequency of ransomware…

Read more →

Eternally Affected What is SMB? Server Message Block (SMB) is a protocol used primarily for sharing files, printer services, and communication between computers on a network. The history of SMB is long, so I’ll try to keep this short and…

Read more →

Eternally Affected What is SMB? Server Message Block (SMB) is a protocol used primarily for sharing files, printer services, and communication between computers on a network. The history of SMB is long, so I’ll try to keep this short and…

Read more →

In this post, I will continue the series for how to do a service account clean up in Active Directory by going into details of common locations in a Windows OS that can be used to configure service accounts as…

Read more →

Why is Active Directory (AD) so Important to Protect? The health and operational integrity of AD has a direct impact on the overall security of your organization. The capability to rollback and recover from unwanted changes is a critical requirement…

Read more →

Kerberos Delegation Recap Previously, I gave an overview of all of the various types of Kerberos delegation, how they’re configured, and how they can potentially be abused. Prior to that, I wrote about abusing resource-based constrained delegation and Jeff Warren…

Read more →

Nearly everyone uses Microsoft’s Active Directory (AD), over 90% in fact[1], to manage user accounts and provide authentication and access to the majority of organizational resources. Microsoft tells us that 95 million AD accounts are under attack every day[2]. The…

Read more →

I have had the benefit of visiting a number of customers to understand how they use our products. Specifically, how they use the breach password dictionary in StealthINTERCEPT Enterprise Password Enforcer. Many actively manage their breach password database to prevent…

Read more →

In today’s world, it is quite common for companies to use more than one type of relational database platform to host enterprise applications.  If you are an old-time Oracle DBA like me and are asked to administer Microsoft SQL Servers…

Read more →

What is a Service Account? In this blog post, I won’t go too much into the details of service accounts but will class a service account as a user, Managed Service Account or a Group Managed Service Account which is…

Read more →

Kerberos Delegation and Usage Kerberos delegation has been around for a long time (Windows Server 2000 to be exact), but more often than not, when speaking to engineers who manage or work with Active Directory, they’re not familiar with all…

Read more →