BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for September, 2011

cloud

Déjà Vu All Over Again

Several months ago I commented on the 3 Pillars of Desktop Security – patch management, virus protection and least privilege. Reviewing our 2010 Microsoft Vulnerability report, I realized just how much most people in IT underestimate the importance of properly limiting administrative privileges in protecting desktops for vulnerabilities.

Post by Peter McCalister September 16, 2011
cloudlock-1

Automating Scanner Updates

Software is written by people and inevitably has mistakes and requires maintenance. This maintenance can be in the form of security updates to patch vulnerabilities, service packs and hot fixes to correct functional problems, and general maintenance to cover required updates for signatures and other time-dependent functions. When working with security solutions, detection methods often…

Post by Morey Haber September 15, 2011
president

The US Government Wants to Secure Your Data. Well, Sort Of.

Earlier today, George Hulme reported on a recently-introduced piece of legislation, the Personal Data Protection and Breach Accountability Act of 2011 (or PDPBAA for short, which sounds like how my last is pronounced sometimes), geared toward protecting customer data from theft or loss. Senator Richard Blumenthal (D-CT) hopes that this new bill will “prevent and…

Post by Mike Puterbaugh September 14, 2011
patch-tuesday

Microsoft Patch Tuesday – September 2011

Quite unsurprisingly (as they accidentally leaked them last Friday), Microsoft released 5 security bulletins today. This month is fairly moderate, with none of the bulletins rating a critical rating.

Post by Chris Silva September 14, 2011
dave2

Insider Threats Exist in Virtualized Environments Too!

Disgruntled Dave is at it again! What happens when a disgruntled IT administrator deletes the contents of 15 virtual hosts (roughly equivalent to 88 different computer servers)? According to a recent eWeek article highlighting the incident – quite a bit! For the Japanese pharmaceutical company, the attack was so damaging that it froze operations for “a number of days, leaving employees unable to ship products, to cut checks or even communicate via email,” according to court documents. Estimated damages cost the company $800,000. For the disgruntled employee, he’s looking at the possibility of serving 10 years in prison when he is sentenced in November.

Post by Peter McCalister September 13, 2011
types-of-bone-fractures

An Ounce of Least Privilege Is Worth A Pound Of Compliance

If an ounce of prevention is worth a pound of cure then an ounce of least privilege is worth a pound of compliance for your extended enterprise.

Post by Peter McCalister September 9, 2011
pbwd rules

How To Leverage MS SharePoint for UVM Reports

One of the most important facets regarding security is escalating data to the proper individuals in a timely manner. This is generally done using reports or some form of email alerts. In the context of reports, securing and proper distribution of the contents is just as important as the data contained within. In other words,…

Post by Morey Haber September 8, 2011
pizza

Large Pepperoni Pizza With A Side Of Least Privilege

One of America’s favorite food is pizza and for the household where both parents work, it’s also a favored “take out” salvation for the family dinner. Correspondingly, the average neighborhood pizza parlor can become a prime target for identity and credit card theft.

Post by Peter McCalister September 7, 2011
cloudlock1

Stuxnet? Night Drag0n? Nope,You Got Pwned by a Printer.

At the recent BlackHat and DefCon conferences, our annual eEye Research Team T-shirt was one of the more memorable ones we’d done in a while (and if you remember 2005, that’s saying something). In keeping with the theme of Security in Context, the shirt parodied the fear that attacks like Stuxnet, NightDragon and Operation Aurora had…

Post by Mike Puterbaugh September 6, 2011
Tags:
irene2

The New Twist On Insider Threats

Just when an insider breach couldn’t be any worse for all parties involved – the data has been compromised, customers are upset, the company is embarrassed, it’s a lose-lose for everyone – the Financial Industry Regulatory Authority (FINRA) steps in with a new twist. A fine.

Post by Peter McCalister September 6, 2011