BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for January, 2011

pillars

Prioritizing Vulnerability Assessment and Remediation Steps: A New Users Guide to Getting Started – Part 1

New users to vulnerability assessment often ask the same question: “How do I get started”? While this may sound incredibly generic for a security engineer, many companies have never had a vulnerability management process in place and are trying to comprehend the problems of missing patches, remediation prioritization, and risk acceptance. As a basic recommendation,…

Post by Morey Haber January 31, 2011
Tags:
, , ,
BeyondTrust is the expert source of VMware Security LEARN MORE
The Duke

Least Privilege Legacy Apps and the Desktop “Wild West”: Part 3

This week we report the conclusions of our recent survey of 185 IT Administrators and Help Desk Operatives, in a report ‘Legacy Applications and Least Privilege Access Management’ which reveals the way legacy apps leave Windows desktop environments unnecessarily exposed to attack from malware, as well as providing an open door to insider threats.

Post by Peter McCalister January 31, 2011
Win 7

Microsoft Vulnerabilities & Admin Privileges

Some of you may have already seen the annual report we do each year on vulnerabilities in Microsoft products. Our last report found that in 90% of critical vulnerabilities could be mitigated with the removal of administrative rights.

Post by Peter McCalister January 28, 2011
The Duke

Least Privilege Legacy Apps and the Desktop “Wild West”: Part 2

This week we report the conclusions of our recent survey of 185 IT Administrators and Help Desk Operatives, in a report Legacy Applications and Least Privilege Access Management’ which reveals the way legacy apps leave Windows desktop environments unnecessarily exposed to attack from malware, as well as providing an open door to insider threats.

Post by Peter McCalister January 27, 2011
Team

Password Rotation, Phishing and Authentication Limitations, Oh My!

As we have pointed out in several recent blog posts, getting users to choose effective passwords is hard. This is particularly important to us at BeyondTrust since for our PIM solutions to function correctly we need to accurately authenticate a user to know what access privileges to grant them While new technologies for user authentication are on the way, they aren’t here just yet.

Post by Peter McCalister January 26, 2011
img-mobile

Referential Integrity When Performing a Vulnerability Assessment

James Thurber wrote back in 1959, “When all things are equal, translucence in writing is more effective than transparency, just as glow is more revealing than glare.” The critical aspect of his statement is based on equality. When using multiple distributed applications, regardless of technology, having the same version on all the systems is sometimes…

Post by Morey Haber January 25, 2011
Tags:
, ,
The Duke

Least Privilege Legacy Apps and the Desktop “Wild West”: Part 1

Whenever we hear the phrase “Wild West”, the first words that come to mind are old, insecure, and vulnerable. Any old western featuring Clint Eastwood or John Wayne depicts all of these descriptions. And coincidentally “Wild West” provides the perfect analogy for the way an enterprise’s remaining legacy infrastructure interfaces with a Windows desktops environment….

Post by Peter McCalister January 25, 2011
Tags:
, ,
vista-patch-bandaid-sp1

There is No Patch For Stupidity

No, I’m not talking about a Boy or Girl Scout patch (or merit badge) now awarded for making dumb errors with information technology at work. I’m referring to the ever present vendor tech support cry of “just install the patch” whenever something goes wrong.

Post by Peter McCalister January 24, 2011
PBSE

Care New England Implements Least Privilege on Desktops

Care New England, located in Providence Rhode Island is a non-for-profit healthcare system that offers a continuum of quality care, including two teaching hospitals affiliated with The Warren Alpert Medical School of Brown University, Butler and Women & Infants; a community hospital, Kent; a visiting nurse and home care/hospice agency, Care New England Home Health; and the Care New England Wellness Center. Care New England’s strengths are based on complementary programs and distinctive competencies of our partner hospitals to its partner hospitals and agencies.

Post by Peter McCalister January 21, 2011
pillars

3 Ways to Remediate Misuse of Privilege

In the event that someone in your organization does misuse privilege and causes harm (theft, damage or loss of data), you will have to immediately deal with the aftermath. In today’s security conscious enterprise, there are three level of remediation to consider:

Post by Peter McCalister January 20, 2011