BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for April, 2011

bigdata-98x98

Video Demo: Retina / Metasploit Integration

Marc and I have been having a little fun lately with third-party integrations. We support a wide variety of tools from Network Management Systems, Call Centers, Security Information Managers, and all the way through Network Access Control, and Governance Risk and Compliance solutions.  We have been exploring other tools that can gain value from our…

Post by Morey Haber April 20, 2011
kindle

Putting Mobile Security in a Different Light

The increasingly popular bring your own computer to work model seems like a good deal for everyone. You get to carry one device that fits you best and IT saves a lot of work buying and provisioning hardware. But the highly publicized problems with Droid Dream malware highlighted the vulnerability of the Android platform and raises some fundamental questions about who controls employee owned devices that may contain or have access to sensitive company data.

Post by Peter McCalister April 19, 2011
Lockdown

Securing the Perimeter Within

Now that we’ve exhausted securing the network and IT resources from outsiders, it’s time to look at a different perimeter and ensure that insider threats don’t pose a problem for today’s enterprise.

Post by Peter McCalister April 18, 2011
gear6-98x98

DCI Selects PowerBroker Safe to Meet Regulatory Compliance

DCI, a developer of core bank processing software, is a privately owned company founded in 1963. The corporation delivers technology solutions that allow banks to prosper and thrive. Because of the nature of the company and the services it provides, heavy IT support is necessary for the deletion, migratino, and back-up of large amounts of sensitive data.

Post by Peter McCalister April 15, 2011
guy tie

…But I’ve Always Had Admin Rights!

USER: “What’s that you say? You’re going to lock down my computer and make me a standard user? But I’ve always had admin rights! I NEED them to do my job effectively!” ADMIN: “…but do you really?”

Post by Peter McCalister April 14, 2011
cloudlock1

Privilege Identity Management Provides Essential Protection

Tying the record for the most security bulletins issued at one time, Microsoft released 17 bulletins addressing 64 vulnerabilities this week in Microsoft Windows, Microsoft Office, Internet Explorer, Visual Studio, .NET Framework and the Graphics Device Interface (GDI+).

Post by Peter McCalister April 13, 2011
patch-tuesday

Microsoft Patch Tuesday – April 2011

Well, Microsoft is nothing if not predictable these days. After a nice, light March, they dropped a ton of security bulletins this month – 17 to be exact. That ties their record set just a few months ago (back in December 2010), and gives them a total of 34 so far this year. Today’s release…

Post by Chris Silva April 13, 2011
bigdata-98x98

Building a Better Assessment Process

One of the fundamental problems with vulnerability assessment scanning technologies is targeting devices for assessment. Every vendor in the space uses lists of host names, address groups, or computers from an Active Directory OU to build a scan policy and target list. This technique, while incredibly valuable for initial assessment and discovery, wastes precious time accessing devices that may not even be relevant to an assessment based on operating system or even installed applications during future scans. Vulnerability Assessment vendors in general fail to consider the history of a target in performing new scans and allow their technology to become stale based on traditional targeting philosophies.

Post by Morey Haber April 12, 2011
Mcafee report

McAfee Report Implies We’re Still Focused Externally

You may have already seen the results of a 1,000+ person survey conducted recently by McAfee and wrapped up in a crisp report. They estimate that businesses have lost more than $1 trillion in 2008 as a result of data leaks. With the help of SAIC and international research firm Vanson Bourrne, the company has added some meaty authority to what would otherwise be seen as a vendor-biased report.

Post by Peter McCalister April 12, 2011
cloud

Cause and Effects of Not Running with Least Privilege

Building an enterprise on least privilege is not just a concept that applies to Microsoft. While Microsoft does contribute to the security issues associated with letting all users run with administrator rights (or no rights at all), it is a situation every operating system is plagued with.

Post by Peter McCalister April 11, 2011