Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.


September, 2010

Attention Auditors! Visit ISACA Today at Caesar’s Palace in Las Vegas, NV

Posted September 28, 2010    Peter McCalister

Don’t forget to stop by ISACA Booth # 25 today to learn how PIM ensures auditors meet compliance risks & satisfy audits.

More from VMWorld on Virtualization Security

Posted September 28, 2010    Peter McCalister

VMWorld we had the pleasure of meeting with Jon Brodkin from Network World, who published what might be the best-written explanation of how IT administrators can take advantage of the hypervisor yet. Naturally, as Jon absorbed what our very own Principal Systems Engineer Jordan Bean showed him in a live demonstration and walked it over…

BeyondTrust Survey at VMWorld Shows What it Takes to Get Attendees in a Tutu

Posted September 28, 2010    Peter McCalister

44% of attendees said their colleagues could steal sensitive information from mission critical servers if they wanted to and another third of respondents said their colleagues “might” be able to 37% of attendees say “most” of their mission-critical servers are virtualized and 61% said at least some were. When asked what their colleagues would do…

eEye Technology Partnership: RedSeal

Posted September 24, 2010    Morey Haber

A traditional approach to minimizing the risk associated with vulnerabilities has been to utilize firewalls to block access or prevent a hacker from using a port, service, application, or protocol based vulnerability to penetrate the network. Most large organizations identify a plethora of vulnerabilities every time they conduct a vulnerability assessment. But scanning for vulnerabilities…


New eEye Zero-Day Tracker Site is Up!

Posted September 22, 2010    Marc Maiffret

We are excited to announce the re-launch of our Zero-Day Tracker service. The Zero-Day Tracker, or ZDT, is your one-stop resource for an at-a-glance view of existing Zero-Day vulnerabilities. This includes descriptions of the extent and impact of the vulnerability and any potential mitigation that your IT team could take against a given Zero-Day vulnerability….

, , , ,

ASP.NET Viewstate Padding Information Disclosure

Disclosed September 17, 2010    Fully Patched
Vendors: Microsoft
Vulnerability Severity: Medium
Exploit Impact:
Exploit Availability:


Posted September 16, 2010    Brad Hibbert

Yes its PCI time again. PCI DSS 2.0 has just completed final review and is expected to come out next month. As indicated in the summary of changes document , there are no major changes expected. Refinements to better align standards, provide clarifications, increase merchant flexibility, and additional guidance on specific technologies including virtualization and…

, , , ,

Microsoft Patch Tuesday – September 2010

Posted September 14, 2010    Chris Silva

Well, our friends in Redmond have been busy these past few months.  Not only did they release 15 security bulletins in August, but they followed up with an additional 9 bulletins this month. From this month’s bulletins, administrators should pay particular notice to MS10-061, MS10-063 and MS10-068.  Note that MS10-061 is being used in the…


Adobe Flash Unspecified 0-day Vulnerability

Disclosed September 13, 2010    Fully Patched
Vendors: Adobe
Vulnerability Severity: High
Exploit Impact:
Exploit Availability:

The Retina Protection Agent Part II

Posted September 10, 2010    Morey Haber

Part of being a good product manager is keeping an eye on your competition with a lifecycle development approach in mind. This considers whether the competition is expanding their product line outside of the solutions core competency and if the maturity requires rapid development and feature releases. At the end of lifecycle, the solution becomes…