Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for February, 2011


Live from RSA 2011

It is another cold and windy week in San Francisco and RSA 2011 is more impressive this year than recent events. With the economy finally beginning to recover, trade show events are feeling the impact with more floor space, higher attendance,  cooler giveaways, and quality of new solutions presented by companies highlighting investments in development. …

Post by Morey Haber February 16, 2011

Does Compliance = Security?

Since it’s hard to analyze the tradeoffs between security and productivity, IT organizations can fall back on gut feel, rules of thumb and past practices in making these decisions. The easiest answer is frequently to just follow the rules and regulations so you remain in compliance with industry regulations or current policies. As a result, compliance becomes a substitute for security. But are they really equal? Does being in compliance mean you have a secure IT environment?

Post by Peter McCalister February 15, 2011
eye in the sky_smaller-resized-600.jpg

Top VM Reports for Daily Security

Like most security professionals I subscribe to a plethora of email lists from Dark Reading to Threat Post.  Every day I receive their news and review the titles in their daily summary emails and drill into a few that may catch my eye.  The thing I like about this approach is that I receive a…

Post by Morey Haber February 15, 2011
, ,
ipad pic

Visit BeyondTrust Booth at RSA 2011 and Win an iPad

If you are going to San Francisco for RSA this week (with or without a flower in your hair), then you should stop by the BeyondTrust booth #945 and check out the latest greatest privilege identity management solutions to eliminate admin rights across desktop, server and network devices as well as virtual and cloud environments.

Post by Peter McCalister February 14, 2011

Rock the Cradle of Root Access Gently

The hand that rocks the cradle rules the world. This is an absolute truth. Although originally referring to motherhood, there is an especially poignant application from an enterprise point of view. As long as the hand (your IT manager with root access) handles that cradle gently (your server and the sensitive information therein), your world will remain a secure place.

Post by Peter McCalister February 11, 2011
monster under bed

Scary Night Dragons Fall from Sky

Reading the headlines today one could not help but notice the latest installment of “scary Chinese hacker press” making the headlines. And who can blame the news media for latching on to this story as it has all the right ingredients: foreign governments targeting U.S. interests, catchy nicknames like Night Dragon, connections to a previous scary threat “Operation Aurora” and a timely announcement leading up to one of the security industry’s biggest conferences in San Francisco next week, RSA. Wait, what?

Post by Marc Maiffret February 10, 2011

Black Swans and Tough Trade-offs For Privilege Identity Management

Recently we talked about the difficult trade-off between security and productivity in regard to designing effective password policies. Managing these difficult exchanges is a major challenge for many IT decision makers. Security is time consuming and complicated, which almost always means extra work for someone. So IT must decide: is reduced security risk worth the extra work?

Post by Peter McCalister February 10, 2011
guy laptop

Add an Identity Management Stitch to Your Enterprise and Save Nine

I have a friend who, at any given moment, can recount any of the old wives tales he grew up hearing. Most of them I just roll my eyes at, but every now and then there’s a little gem that makes life a little easier. Take “a stitch in time saves nine.” That’s legitimate advice. The concept of taking certain actions before a large-scale problem evolves transcends all aspects of the human existence, and even spreads to the security of your enterprise. One particularly useful stitch comes in the form of preventing the misuse of privileges within the walls of your company.

Post by Peter McCalister February 9, 2011

Microsoft Patch Tuesday – February 2011

Microsoft is back at it with a fairly large release today, including 12 security bulletins which patch a total of 22 vulnerabilities. Six of the bulletins address zero-day vulnerabilities (MS11-003, MS11-004, MS11-005, MS11-006, MS11-011, and MS11-013) including two (MS11-003, MS11-006) that have public exploit code circulating. MS11-013 (Kerberos) is most likely similar to vulnerabilities that…

Post by Chris Silva February 8, 2011

Wikileaks Could be You Without Privilege Identity Management

Those that follow this blog have probably seen us write on Wikileaks before. We covered it here and eWeek invited us to cover the topic for their knowledge center here. Our message is that Wikileaks isn’t just for government or military organizations. Half of the leaked information on Wikileaks is on private organizations and Julian has suggested that corporations are next on the chopping block.

Post by Peter McCalister February 8, 2011