BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for April, 2011

IK_RGB_72dpi

IK Investment Partners Selects PowerBroker for Desktops

IK Investment Partners, based in Europe, is a private equity firm that manages 5.7 billion Euros in fund commitments. Their portfolio includes 22 companies across Europe, and they have six dedicated investment teams covering the Benelux countries. They also have over 100 users on machines throughout the company, including laptops and desktops. IK Investment Partners…

Post by Peter McCalister April 29, 2011
BeyondTrust is the expert source of VMware Security LEARN MORE
change

The Only Constant is Change

Best practices in IT corporate security must acknowledge the intersection of technology, processes and people. Yet all too often the focus falls to the technology and processes while the people part of the equation is often overlooked.

Post by Peter McCalister April 27, 2011

Multiple Platform Configuration Compliance

Here is the problem. Most small businesses benefit from picking a standard platform like Microsoft Windows and exclusively using it from laptops to servers. There has always been, even in the smallest companies, some resistance to Windows including the  rogue Mac users. Enterprises tend to pick the platform they need based on business requirements and…

Post by Morey Haber April 27, 2011
pillars

The 3 Pillars of Desktop Vulnerability Protection

Talking to many people last week about our 2010 Microsoft Vulnerability report, I realized just how much most people in IT underestimate the importance of properly limiting administrative privileges in protecting desktops for vulnerabilities. It’s certainly not because of a reduction in the risk from vulnerabilities. Our survey revealed that in 2009, Microsoft published nearly 75 security bulletins documenting and providing patches for nearly 200 vulnerabilities while in 2010 Microsoft published over 100 security bulletins documenting and providing patches for 256 vulnerabilities.

Post by Peter McCalister April 26, 2011
sql-injection

Barracuda Breach and Privileged Users

As technology continues to develop and expand, it’s an unfortunate reality that sensitive information is becoming decreasingly safe. While this isn’t new news (data breaches are becoming as common as a morning bowl of cheerios), for some reason companies aren’t heeding these devastating warning signs. At least Barracuda didn’t.

Post by Peter McCalister April 25, 2011
layoff

Corporate Security Alert: Beware the Terminated Employee’s Wrath

Employee terminations are, unfortunately, a necessary evil in corporate America today. In a time of recession, layoffs are more copious and often leave those affected angry and upset. Albeit in a very small minority of cases, some terminated employee backlash has led to disastrous consequences for former employers.

Post by Peter McCalister April 22, 2011
infosec

Infosec 2011 Survey Reveals Root Password Bad Practice

At Infosec 2011 in London this week (Europe’s largest information security trade show), a survey by BeyondTrust of over 50 first day attendees revealed that root password bad practice continues to be unchecked in many organizations. Of those polled, over 58% said they would be able to steal information from a mission critical server if they wanted…

Post by Peter McCalister April 21, 2011
Abstract clockwork

Unified Vulnerability Management for Healthcare

Today’s businesses are facing greater regulatory demands, increasing vulnerabilities, a rapid shift to digital business processes, and flat budgets.  The healthcare industry is no different and shares the same problems as almost every other vertical; how to keep sensitive data secure. Regardless of patient information, billing and payment data, and historical medical information, protecting an…

Post by Morey Haber April 20, 2011
Win 7 logo

Microsoft Enters the Security Research Arena

This week Microsoft announced important updates to policies around discovering and disclosing third-party software application vulnerabilities. They’ve officially expanded their Coordinated Vulnerability Disclosure (CVD) policy (launched last summer as a replacement/renaming of their “responsible disclosure” policy) and have made public an internal employee policy (launched in November 2010), which requires in-house researchers to adhere to CVD guidelines, and report vulnerabilities in third-party products to the Microsoft Vulnerability Research (MSVR) program. MSVR then reports the vulnerability privately to the vendor and coordinates with the vendor on its investigation progress . In a related gesture, they released inaugural MSVR Advisories on vulnerabilities discovered by Microsoft employees in Chrome and Opera (fixed by the vendors in the latter part of 2010).

Post by Marc Maiffret April 20, 2011
ico-pbmobile

Los Alamos Replaces sudo with PowerBroker for Servers

Los Alamos National Laboratory in New Mexico delivers scientific and engineering solutions for the nation’s most crucial and complex problems. Its primary responsibility is to ensure the safety, security, and reliability of the nation’s nuclear deterrent. Los Alamos employs more than 11,000 employees and contractors, making it one of the largest multi-disciplinary institutions in the world.

Post by Peter McCalister April 20, 2011