BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Beware The Risk Of The Vulnerable Corporate Desktop

Posted February 10, 2012    Peter McCalister

Anyone who has spent any time at all in the cyber-security space knows that hackers and creators of malware don’t rest for an instant. The harder the IT security world works to stay ahead of the cyber-criminals (or, more accurately, to keep pace or catch up to them), the faster increasingly sophisticated attacks burst into corporate networks, infecting servers and endpoints and running IT teams ragged as they chase the threats and remediate the resultant carnage.

Why, with all the efforts IT organizations put forth to stop these external threats, do these attacks continue to rampage corporate infrastructures? Even if a company is spared the uncomfortable action of publicly acknowledging the loss of sensitive data through a breach, IT managers routinely sweat the close calls, the bullets dodged, the inevitable dalayed another day.

It’s no surprise that many of these attacks prey on the desktop, where a single mistake in user behavior can bring upon a malicious attack in an instant. Laptops turned to botnet hosts. Trojan horses transported stealthily to corporate servers, poised to steal customer data. Viruses and worms launched and spreading through networks like wildfire. So IT teams (over 99% of them) religiously deploy anti-virus software and keep it updated. And that stops a lot of attacks – but not nearly all of them, or the worst of them.

Perhaps that’s why more and more IT organizations are coming to a critical realization: that these attacks, while external in nature, often are brought on by internal people – often completely unknown to them. Just a single mistake in user behavior is all it takes.

When it comes to protecting employees from making such mistakes (preventing good people from doing bad things, you might say), it pays to consider a programmatic approach: adopt a least privilege strategy, granting users only standard rights but permitting elevation of privileges as required to enable them to do their jobs effectively. When you combine such privilege management with fine-grained application control (whitelisting), you add yet another layer of protection. After all, cyber-criminals are pros at getting people to do things they shouldn’t. What better defense is there than removing the opportunity to take a risky action in the first place?

Leave a Reply

Additional articles

Dark Reading

2014: The Year of Privilege Vulnerabilities

Posted December 18, 2014    Chris Burd

Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of “least privilege” could limit the impact of malware and raise the bar of difficulty for attackers.

Tags:
, , , , ,
dave-shackleford-headshot

Looking back on information security in 2014

Posted December 16, 2014    Dave Shackleford

Dave Shackleford is a SANS Instructor and founder of Voodoo Security. Join Dave for a closer look at the year in security, and learn what you can do to prepare for 2015, with this upcoming webinar. 2014 has been one heck of an insane year for information security professionals. To start with, we’ve been forced…

Tags:
, ,
patch-tuesday

December 2014 Patch Tuesday

Posted December 9, 2014    BeyondTrust Research Team

This month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is that for once there is not some…

Tags:
,