BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for August, 2011

smartphone4-resized-600.jpg

It’s an Insecure Mobile World Without Least Privilege

It’s hardly a stretch in this day and age to say that every one of your employees has a mobile device, whether it is company issued or personal, but either way these devices can be the culprit of accidental insider threats more easily than ever before.

Post by Peter McCalister August 23, 2011
Break in

Enterprise Security and Risk Management

Searching the internet finds a plethora of definitions, services, products, solutions, and even training classes for Enterprise Security and Risk Management. The topic is so broad that almost every security vendor falls into this category. At the middle of almost all the definitions (excluding physical security theft) is the protection of an organizations most treasured…

Post by Morey Haber August 23, 2011
rockybalboa

Enterprise Security Lessons from Rocky Balboa

It’s amazing the effect songs have on us. Take, for example, Eye of the Tiger. If you’re like me, this brings you right back to Rocky, the Italian Stallion that won the hearts of America as he trained and fought his way to victory. That song elicits images of strategy and dedication, the two key traits to Rocky’s success. Why, you ask, do I bring this up here, on an Information Technology blog? Because the same elements that drove Rocky to success in the movie can ensure a data security victory in your IT environment.

Post by Peter McCalister August 22, 2011
cloudlock1

The Value of Attack and Malware Data in Prioritizing Remediation

Here at eEye, we’ve been discussing in great depth, the value of various risk scoring mechanisms, attack vectors, and exploit intelligence. Considering all the various standards that are being used to derive risk scores (proprietary, CVSS, PCI (based on CVSS with conditions), DoD Categories, etc.) and how organizations are currently prioritizing remediation efforts, we found a…

Post by Morey Haber August 19, 2011
annie

Accident Prone Annie Requires New Policies For Control

I introduced you to Accident Prone Annie as an archetype for the type of insider villain who may already be infiltrating your extended enterprise a couple of weeks ago and guess what? Almost every day I see an article that represents “Dave” as manifesting in another company with some measurable harm that was newsworthy.

Post by Peter McCalister August 19, 2011
cropcircle

Is Public Cloud Security As Mysterious As Crop Circles?

There are many of you out there who have seen pictures of crop circles and believe that they are truly a mystery that no one will ever get to the bottom of. For those of us in the information security field, I think we are starting to believe that the key to security in public clouds may be as elusive as the secret to crop circles.

Post by Peter McCalister August 18, 2011
dave2

Disgruntled Dave Snoops Your Healthcare Records

I introduced you to Disgruntled Dave as an archetype for the type of insider villain who may already be infiltrating your extended enterprise a couple of weeks ago and guess what? Almost every day I see an article that represents “Dave” as manifesting in another company with some measurable harm that was newsworthy.

Post by Peter McCalister August 17, 2011
MMPC

Why Less is More with Admin Rights

A recent blog post at Microsoft Malware Protection Center warns that disabling the User Account Control (UAC) tool increases the likelihood of malware threats. According to Microsoft’s Joe Faulhaber who published the entry, the Sality virus family, Alureon rootkits, Rogue antivirus like FakePAV, Autorun worms, and the Bancos banking Trojans all have variants for turning UAC off.

Post by Peter McCalister August 16, 2011
irene2

Identity Thief Irene Hijacks Customer Database At Travelodge

I introduced you to Identity Thief Irene as an archetype for the type of insider villain who may already be infiltrating your extended enterprise a couple of weeks ago and guess what? Almost every day I see an article that represents “Irene” as manifesting in another company with some measurable harm that was newsworthy.

Post by Peter McCalister August 15, 2011
cloud

What Comes After Discovery – Rediscovery and Scan

Over the next few blog posts I’ll show you ways to leverage your investment in Retina CS to help automate and streamline various scenarios I run into in the field. One common scenario I see quite often happens when customers are first implementing a vulnerability management solution into their organization. I call this the ‘What…

Post by Jerome Diggs August 15, 2011