BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for August, 2011

goldie locks cover

Goldie Locks And The 3 Least Privilege Desktops

It’s always fun to catch our competitors pointing to BeyondTrust educational materials as shining examples of the value for least privilege, and recently it came to my attention that just that has occurred yet again.

Post by Peter McCalister August 31, 2011
BeyondTrust is the expert source of VMware Security LEARN MORE
dave2

Red Flags Are Not Enough to Thwart Insider Attacks

KPMG recently released a report titled, “Who is the typical fraudster?,” indicating that companies were not seeing the red flags when it came to insider threats. According to KPMG’s analysis of 348 cases across 69 countries from 2008 to 2010 that they investigated on behalf of its clients, the typical “fraudster” is described as:

Post by Peter McCalister August 30, 2011
cloud

Mid-Market Security and Risk Management

I find it utterly amazing that security vendors believe that one size of product and solution can fit in any size organization. Some have had even major summer releases that address scalability and performance in this one-product- fits-all approach. Point and shoot scanners as standalone products can operate in any size environment, but without a…

Post by Morey Haber August 30, 2011
DeLorean-on-ebay

Why Back to the Future Doesn’t Help Corporate Security

I was recently at a convention where the DeLorian (the real one from Back to the Future!) was on display. With the doors up and open, the lights flashing, and the radio blaring, it took me right back to the movie and how awesome it would be if we could do what Marty McFly did. Although inadvertently, he went back in time and was able to influence actions and decisions that significantly improved his future. It would be awesome to go back, alter some pivotal decisions in my life, nip some bad habits in the bud, and make my future that much better. But personal life aside, think of how impactful it would be if companies were allowed to do the same.

Post by Peter McCalister August 29, 2011
PBIS-resized-600

1999 Called, It Wants Its Morto Worm Back

I had to do a double take on my Google Alerts this weekend when I saw the first of discussions around a worm dubbed “Morto” infecting systems via weak password brute forcing of Windows accounts over the Remote Desktop Protocol (“RDP”). These automated worms take me back, to the old days of CodeRed, Slammer, Sasser,…

Post by Marc Maiffret August 28, 2011
Tags:
, ,
i-see-dead-people

I See Dead People- and All Database Activity

Remember The Sixth Sense, that movie where Haley Joel Osmond’s character can see ghosts are if they were living people? It’s an interesting premise to give a character such a unique and special capability- to see and communicate with ghosts, whether benign or hostile, is clearly something out of the ordinary. Knowledge is power, and…

Post by Peter McCalister August 26, 2011
android4.2

HP TouchPad Frenzy — Another Reason to Put Security in Context

I recently watched IT administrator mailing lists buzzing with conversations about where everyone could buy an HP TouchPad – with the almost free price, now that HP has discontinued the product. It was not only IT people looking to cash in on the sweet deal, but consumers also, which means employees (maybe at your company!), who…

Post by Marc Maiffret August 26, 2011
cloud sec

2 Reasons Not To Build New Cloud Security Infrastructure

Last week I talked about the challenges of managing privileged identities in the cloud. As I have highlighted in an earlier post the recent report by the Ponemon Institute on the Security of Cloud Computing Providers shows that when it comes to security cloud providers are “least confident in their ability to restrict privileged user access to sensitive data”.

Post by Peter McCalister August 25, 2011
Lockdown

Mid-Market Security Strategies, Focus Areas, and Feature Favorites

The more conversations I have with security professionals, the more I see them strategizing how to best secure their networks with lower operating budgets.  I see more and more individuals having to deal with security issues as well as other aspects of their IT department during daily operations.  Their strategy has been condensed to acquire…

Post by Alejandro DaCosta August 25, 2011
skywalker

How to Use the Force to Secure Your Enterprise

In the Star Wars Trilogy, there are two very clear sides of the moral spectrum. First, we have the rebel forces, keepers of the Force and warriors fighting against the evil Emperor. The Emperor, and the imperial forces that fight for him, are the evil masterminds who want to destroy the Force and the source of all goodness. While other battles may not seem quite as grand, there are parallels from Star Wars that apply to a multitude of other situations. One of these situations is the risk of insider threat in your organization. There are lessons to be learned from Darth Vader, the Emperor, Luke Skywalker, and others. Here are the three we like the best:

Post by Peter McCalister August 24, 2011