BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Privileged Account Management

pbwd rules

How To Leverage MS SharePoint for UVM Reports

Posted September 8, 2011    Morey Haber

One of the most important facets regarding security is escalating data to the proper individuals in a timely manner. This is generally done using reports or some form of email alerts. In the context of reports, securing and proper distribution of the contents is just as important as the data contained within. In other words,…

pizza

Large Pepperoni Pizza With A Side Of Least Privilege

Posted September 7, 2011    Peter McCalister

One of America’s favorite food is pizza and for the household where both parents work, it’s also a favored “take out” salvation for the family dinner. Correspondingly, the average neighborhood pizza parlor can become a prime target for identity and credit card theft.

cloudlock1

Stuxnet? Night Drag0n? Nope,You Got Pwned by a Printer.

Posted September 6, 2011    Mike Puterbaugh

At the recent BlackHat and DefCon conferences, our annual eEye Research Team T-shirt was one of the more memorable ones we’d done in a while (and if you remember 2005, that’s saying something). In keeping with the theme of Security in Context, the shirt parodied the fear that attacks like Stuxnet, NightDragon and Operation Aurora had…

Tags:
goldie locks cover

Goldie Locks And The 3 Least Privilege Desktops

Posted August 31, 2011    Peter McCalister

It’s always fun to catch our competitors pointing to BeyondTrust educational materials as shining examples of the value for least privilege, and recently it came to my attention that just that has occurred yet again.

pci compliance

PCI-DSS And Least Privilege

Posted August 8, 2011    Peter McCalister

The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of comprehensive requirements for enhancing payment account data security in an effort to thwart the theft of sensitive cardholder information. The core group of requirements is as follows:

sql-injection

Treat The Symptom Or Cure The Disease

Posted August 3, 2011    Peter McCalister

When virus outbreaks, data thefts and other security breaches impact an organizations computing systems, most will treat the symptoms instead of curing the disease. Treating the symptoms might include updating security software or policies, adding additional layers of security technology, and possibly locking down users so tightly that their productivity suffers.

Data Governance – Why and How?

Posted July 30, 2011    Morgan Holm

In my first blog post I talked about proving and maintaining compliance for data governance rules defined for file system resources in the enterprise. This post will continue the discussion of data governance, reviewing some of the reasons organizations are implementing these policies and processes as well as the main challenges associated defining the rules…

Tags:
, , , , , , ,
villain trio

Intent Versus Actions And Least Privilege

Posted July 29, 2011    Peter McCalister

Insider threats are a global phenomenon. Every company in every part of the world is subject to some level of insider threat. And guess what? Insider villains are just as unidentifiable in the UK as they are in the US. They appear just as innocuous in Poughkeepsie as they do in Perth.

Data Governance

Posted July 15, 2011    Morgan Holm

Hi my name is Morgan Holm and I am the director of product management. For my first blog post I will focus on a hot button topic for many of our customers and prospects, data governance. A significant portion of the data held by many organizations is in the form of unstructured data in files….

Tags:
, ,
perimeter within

Securing the Perimeter One Privileged User at a Time

Posted July 14, 2011    Peter McCalister

You’ve heard it said before: “To some degree, you just have to trust your employees.” Ideally, yes. Trust between employee and employer is important, even necessary. But when this statement is made in the context of an employee’s access to a company’s most critical IT assets, the risk that accompanies it is simply too great…