BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

November, 2011

zero-gap1

On False Senses of Security

Posted November 16, 2011    Mike Puterbaugh

Customer conversations are the best part of my job. I really enjoy talking with users and buyers of security technology, especially in today’s hyperactive threat and attack climate. Most often these conversations are with customers proactively planning updates to their security strategy, or with prospects that have matured to a level where their tools need to be upgraded to enterprise solutions. However, there is small percentage of organizations we speak with who have come to eEye as a result of breach or a failed audit. One of *those* conversations was the impetus for this post.

Tags:
annie

Size Doesn’t Matter When it Comes to Insider Threats

Posted November 15, 2011    Peter McCalister

Rogue employees can be found at Fortune 500 companies down to small businesses with less than ten employees. If there is one thing we know, insider threats don’t discriminate based on size. Many small businesses unfortunately suffer from the “it won’t happen to me” denial syndrome. Yet according to the Association of Certified Fraud Examiners Report to the Nation, the median loss suffered by organizations with fewer than 100 employees was $200,000.

State chart

Public Sector Faces Insider Threats Too

Posted November 14, 2011    Peter McCalister

Good people do bad things in the public as well as the private sector. It doesn’t matter the type or industry of an organization when sensitive information networks are breached.

mozilla

Firefox 8.0 Null Pointer Dereference Vulnerability

Disclosed November 14, 2011    Fully Patched
Vendors: Mozilla
Vulnerability Severity: Medium
Exploit Impact: Denial of Service
Exploit Availability:
cloudlock-1

It’s 11.11.11 Is Your Cloud More Secure?

Posted November 11, 2011    Peter McCalister

As more and more of you drive to cloud-based applications and infrastructure because you are experiencing the pressures from management who seem to buy every single bit of hype generated by the press, it becomes clear where the biggest concerns arise. Namely security.

shot1

Group Policy Delegation and PowerBroker Desktops

Posted November 10, 2011    Peter McCalister

Group Policy provides powerful controls over desktop configuration, and it includes full delegation capabilities to allow network administrators to delegate Group Policy configuration tasks to others. Since Group Policy has so many powerful capabilities, it is critical to delegate certain tasks to other network administrators, without giving them Domain Admin rights or full edit rights over the entire Group Policy Object (GPO).

apple

Apple OS X Sandbox Predefined Profile Bypass Vulnerability

Disclosed November 10, 2011    Fully Patched
Vendors: Apple
Vulnerability Severity: Medium
Exploit Impact:
Exploit Availability:
os lion

Time for IT to Support–and Secure–the Mac

Posted November 9, 2011    Peter McCalister

It seems that the tides have changed again with regard to Macs in the workplace, as covered by the Apple 2.0 blog on CNN Money. As noted in the post, “Hell freezes over: Forrester urges IT to support the Mac,” A new report from Forrester Research, Inc. urges IT departments to depart from their old…

patch-tuesday

Microsoft Patch Tuesday – November 2011

Posted November 8, 2011    Chris Silva

This month Microsoft released four security bulletins, patching a total of four vulnerabilities. Included in this month’s bulletins is a particularly ugly vulnerability in tcpip.sys (MS11-083). This vulnerability involves sending a large amount of UDP packets to a closed port. While the amount of work to exploit seems great and Microsoft feels that exploitation will…

lucy2

In a Perfect World, Trust Is All You Need

Posted November 8, 2011    Peter McCalister

This week I had an interesting exchange with a full-time Linux administrator. What started out as a discussion about PowerBroker Servers Linux Edition, quickly became a heated debate about trust. After much back and forth, he said this: “At the end of the day, employers need to trust the employees. Relying on technological solutions to ‘keep honest people honest’ is putting the cart before the horse. If you can’t trust your employees, you shouldn’t have hired them.”