Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for April, 2012


Manage Privileged Access for UNIX/Linux with Microsoft Active Directory

In my discussions with IT teams, I am continually reminded that managing access to UNIX and Linux systems and doing so in a least cost manner is important for IT. IT must do more with less. There is a constant need to drive down the costs of operations and deliver more to the business. Failure…

Post by Peter McCalister April 27, 2012
BeyondTrust is the expert source of VMware Security LEARN MORE

Breaches, Breaches Everywhere, It Seems that Insiders Just Don’t Care!

Let’s take a look at a few of the breaches being reported this week alone – all at the hand of insiders. The Utah Department of Health reported that about 780,000 claims had been accessed by a hacker. Then they added that 280,000 people’s social security numbers were stolen and 500,000 people had less-sensitive personal…

Post by Peter McCalister April 24, 2012

Call it Genius. Our Smart Groups Make Vulnerability Management Simple for Security Teams

eEye R&D has been hard at work on optimizing how our enterprise clients can manage and schedule assessments within Retina CS. These efforts will increase the efficiency of how our clients perform assessments across their IT infrastructure – be it their traditional server or desktop assets, or new technologies like mobile, virtual and cloud.

Post by Morey Haber April 20, 2012
, , , , , ,

The Key to Controlling Privileged User Activity? Centralize!

Those of you who follow my blogs know that sudo – and the issues it presents IT organizations – is one of my favorite discussion topics. I suppose that’s because there is no shortage of stories that surface on a regular basis on the problems that can arise with sudo, and I feel compelled to…

Post by Peter McCalister April 18, 2012

Insider Threats: What Can Be Done?

IT security tends to focus on securing the network from external attacks, but little attention is given to malicious activity and human error within the company. According to InformationWeek’s 2012 Strategic Survey, company employees pose just as much of a threat as cyber thieves. How can this be addressed? A recent article by Dark Reading…

Post by Peter McCalister April 17, 2012

eEye’s Patch Tuesday Assessment Now Available On Demand

Miss our live VEF webinar earlier this week? In case you did, I’ve put all of the content together for you below. Enjoy!

Post by Sarah Lieber April 13, 2012
, , , , ,

March VEF Participant Wins a Kindle Fire

As you all know, every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to…

Post by Sarah Lieber April 11, 2012
, , , , ,

Microsoft Patch Tuesday – April 2012

April is upon us, and for Patch Tuesday Microsoft delivered six security bulletins, patching a total of eleven vulnerabilities. MS12-027 is the most urgent, as Microsoft has rated it critical and has stated that there are targetted attacks leveraging this vulnerability – patch this one first.

Post by Chris Silva April 10, 2012

People are Less Forgiving of Insider Threats than Outside Hacks

A new study says that people are more likely to file a lawsuit against a company that experienced a data breach if that breach was the result of unauthorized disclosure or disposal of data than if the breach happened due to an outside hack. The study, titled Empirical Analysis of Data Breach Litigation, says “plaintiffs…

Post by Peter McCalister April 6, 2012

Firewalls Not Preventing Data Breaches? Try a Dose of Least Privilege

An article was published last month indicating a malware-infected computer at ConnecticutCollege was the cause of the breach of 18,000 social security numbers of teachers, employees, and student workers. According to the report, “a computer in the CCSU business office was infected in December, and sat on the system for eight days before it was…

Post by Peter McCalister April 4, 2012