What are DCSync and DCShadow Active Directory attacks?

As you probably know already, a domain controller is a server that responds to security authentication requests within a Windows Server domain. A DC will host the Active Directory Domain Services (AD DS) database, which is used to manage users and computers and authenticate them to other services on the same domain. Both DCSync and DCShadow attacks are what are referred to as “late-stage … [Read more...]

Controlling the Blast Radius of an Attack

It should come as no surprise to hear that the faster you can identify and contain a security incident, the less costly it will be, hence why it is crucial that any organization that stores large amounts of valuable data has a tried and tested incident response plan (IRP) in place. Yet, as much as 77% of companies don’t have a formal IRP, according to a recent IBM survey. Of … Read … [Read more...]

Why Transparency and Traceability Are Important Traits for Data Security

Knowing what data we have, where it is located, how it is being accessed, and by who, is crucial to ensure that we are able to adequately protect it. We need as much transparency as possible into the security controls that are in place, and whether or not those security controls are effective. Having visibility into all areas of our system, enables us to be more proactive, rather than reactive. … [Read more...]

13 Compliance Requirements for Criminal Justice Information Services (CJIS)

The Criminal Justice Information Services (CJIS) is the largest division of the United States Federal Bureau of Investigation (FBI), and is comprised of several departments, including the National Crime Information Center (NCIC), Integrated Automated Fingerprint Identification System (IAFIS) and the National Instant Criminal Background Check System (NICS). CJIS provides law enforcement agencies … [Read more...]

COVID19 Is Playing Havoc with Anomaly Detection

Normally, if an organization deployed a Data Security Platform with some sort of anomaly detection capabilities, usually backed by machine learning or artificial intelligence, they could leave it running for a few weeks to learn what normal behavior looks like. After the learning period, anything that went against this “normal” could be called an anomaly and be addressed accordingly. Companies … [Read more...]

Why Business Email Compromise is a Huge Risk to Data Security in 2020

Business Email Compromise (BEC), formally known as the “man-in-the-email” scam, is a type of cyber-attack whereby the attackers use fraudulent emails to trick unsuspecting victims into transferring money to their bank account. In some cases, the attacker may seek to obtain sensitive data instead, which they can use for other criminal activities. The average daily volume of BEC emails … [Read more...]

What is the New York SHIELD Act? How to Be Compliant

Since the advent of the GDPR, a number of data protections laws have started to spring up that are following a similar type of theme. Of course, given that 4.1 billion records were breached during the first half of 2019, it was really just a matter of time until the authorities were forced to step up their game. On the 28th of June, 2018, we saw the California Consumer Privacy … Read … [Read more...]

Key Data Privacy Issues and Trends for 2020

Data privacy is undoubtedly going to become more of a priority for consumers in 2020, and it should therefore be on the top of your list of priorities to address. Government regulations have already forced many businesses to take a long hard look at how they approach data privacy, at it’s likely that newer, more stringent regulations will be implemented over the next decade. In this article, we … [Read more...]

Complying with Data Security Regulations Doesn’t Mean Your Data is Secure

Data protection regulations such as HIPAA, PCI-DSS and SOX, have unquestionably made an impact on the way organizations protect their sensitive data. However, unlike the GDPR, the average person has probably never heard of them. Since the advent of the EU General Data Protection Regulation (GDPR), business executives have been under increasing pressure to get their house in order and clean up … [Read more...]

How Lepide Addresses the Gartner Top 10 Security Projects for 2019

In February of 2019, Gartner published their list of the top 10 security projects for 2019 – a list of security projects that security and risk management leaders need to consider implementing in order to reduce risk and achieve compliance. As organizations grow and become more complex, the prospect of introducing new security projects whilst maintaining existing ones can be daunting. Brian Reed, … [Read more...]