Dataproof Communications

Many of the recent high-profile data security breaches were made by trusted insiders. They are often database administrators (DBAs) who are highly privileged and trusted insiders with access to sensitive data. In this blog post, I will discuss the inherent risk introduced by highly privileged administrators who are required to support production databases, the challenge of ensuring they are not...

The Centrify Zero Trust Security model is effective because it allows organizations to remove trust from the equation entirely. Based on the assumption that untrusted actors already exist inside and outside the network, Zero Trust leverages powerful identity services to secure every user’s access to apps and infrastructure. Only after identity is authenticated and the integrity of the device...

Today, data breaches are a threat to every organization. According to a report from Risk Based Security covering the first half of 2017, over 6 billion records were exposed through 2,227 publicly-disclosed data breaches. The number of exposed records is already higher than the previous all-time high at the end of 2016. An organization’s database servers are often the primary targets of...

RSA 2018 Digital Guardian will be exhibiting at RSA 2018. Discover all the things happening at our booth and beyond! - Read more

With about four months to go before the GDPR becomes effective many companies are still struggling with where to start.  You’re not alone.  According to this survey, the majority of companies are slow off the mark. On top of that, companies require resources and budget to prepare for and comply with the GDPR. I fully understand the challenge. It starts...

Recently, we started receiving suspicious events from our internal sandbox Exploit Checker plugin. Our heuristics for supervisor mode code execution in the user address space were constantly being triggered, and an executable file was being flagged for further analysis. At first, it looked like we’d found a zero-day local privilege escalation vulnerability for Windows, but the sample that was...

Many Australian businesses need to rethink their approach to security to prepare for their nation’s new mandatory data breach notification law which take effect this month. The Privacy Amendment (Notifiable Data Breaches) Act 2017 enacts the Notifiable Data Breaches (NDB) scheme in Australia from February 22 this year. The NDB scheme mandates that organizations suffering lost or breached data must...

A few months ago, while undertaking unrelated research into online connected devices, we uncovered something surprising and realized almost immediately that we could be looking at a critical security threat. What we found was a simple purple web interface that was in fact a link to a real-life gas station, and we suspected this link made the station remotely...

Countless companies globally are trapped in data breach Groundhog Day, unable to escape a repeating cycle of cyber attacks. In the 2018 Thales Data Threat Report, produced by 451 Research, the key theme is that while spending in IT Security is increasing, breaches are increasing at a faster pace and becoming more costly. As in past years, the 451 Group...

Since its founding in 2001, the Open Web Application Security Project (OWASP) has become a leading resource for online security best practices. In particular, its list of the top 10 “Most Critical Web Application Security Risks” is a de facto application security standard. The recently released 2017 edition of the OWASP Top 10 marks its first update since 2013 and...