BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

May, 2011

Team

Upcoming Standards – SCAP ARF Support

Posted May 31, 2011    Morey Haber

The Assessment Results Format (ARF) language is a general Security Content Automation Protocol (SCAP) results reporting language developed by the US Department of Defense (DoD) in conjunction with NIST and members of the SCAP vendor community. If you are unfamiliar with it, it provides a structured language for exchanging and exporting detailed, per-device assessment data…

IT-security

HR and IT – How Data Security Can Make for Strange Bedfellows

Posted May 31, 2011    Peter McCalister

Yes, you read my lead correctly. I am going to talk about how HR and IT can team up to improve Network Security in the Cloud. So bear with me…

Tags:
, ,
kindle

Tablets at the Office: Friend or Foe?

Posted May 27, 2011    Peter McCalister

According to Gartner, worldwide media tablet spending is projected to reach $29.4 billion in 2011, up from $9.6 billion in 2010. Gartner also predicts that by 2013, 80 percent of the workforce will be using tablet devices. Whether workers are being issued tablets by their employers, or bringing in their personal devices, embracing tablet computers is very attractive for many enterprises looking to keep their employees connected, while reducing costs.

cloud

The Demands of Compliance vs. the Ease of sudo

Posted May 26, 2011    Peter McCalister

Ah, sudo! What better way for administrators to eliminate the proliferation of the root password throughout IT and development organizations? What better alternative to using root accounts to perform routine maintenance on Unix and Linux systems? Just grant users the proper permissions in the local sudoers files and you’re in business. Oh, and the utility is free. What’s not to love?

database

Databases Need Least Privilege Too

Posted May 25, 2011    Peter McCalister

The most sensitive information assets for any size company larger or small tends to be buried inside a database sitting on a server. It doesn’t matter if that server is physical, virtual or cloud based. Some organizations choose to protect the database and some the server. The best solution would be to protect both according to their intrinsically different requirements.

Tags:
Win 7

1 In 14 Could Cost You $129 Without Least Privilege

Posted May 24, 2011    Peter McCalister

Yep, this is a pretty esoteric title for today’s blog, but blame the late hour and the recent article in PC World about malicious code and downloaded software. According to this article, “about one out of every 14 programs downloaded by Windows users turns out to be malicious.” This didn’t come from some random blogger…

gear6-98x98

Generic Third Party Integration

Posted May 24, 2011    Morey Haber

There is an inherent value to vulnerability assessment and attack data beyond the security team. Making relevant data available to other solutions, departments, and team members can streamline the vulnerability management process and ensure the workflow is seamless between departments and management. In addition, having tight data integration makes it easier to document workflow processes…

president

Obama’s New CyberSecurity Legislation

Posted May 23, 2011    Peter McCalister

On Monday, May 16 the White House revealed language on new legislation directing private industry to improve computer security voluntarily and have those standards reviewed by the Department of Homeland Security. By increasing and clarifying the penalties for federal and enterprise computer crimes, the administration hopes to temper the perception that the consequences for cyber attacks and data theft are comparatively trivial.

img-mobile

Playing Russian Roulette With Your Auditor

Posted May 20, 2011    Peter McCalister

Who could forget the image of Christopher Walken’s Academy Award winning performance in The Deer Hunter? Anyone who has seen that movie can not help but understand the ultimate penalty for losing at Russian Roulette. Even though the penalties aren’t quite as “life threatening” when the compliance auditor comes around, they can be “career threatening” to the IT executive who plays the same game with meeting regulatory requirements.

smartphone4-resized-600.jpg

Better Security Management with a Consolidated View of AV and Vulnerabilities

Posted May 19, 2011    Alejandro DaCosta

We expect our smart phones to handle all of our business needs: phone calls, voicemail, email, and calendar functionality, at the very least. Why not expect the same consolidated approach with your security products? Take for example the relationship between vulnerabilities and malware. Most of the malware, trojans, worms, etc., get into a system by exploiting vulnerabilities in applications such as Adobe, IE, Firefox, etc. Vulnerabilities and malware really have a strong correlation and so should the products that manage each one.