BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Privileged Account Management

needle

Looking For A Needle In A Haystack Without Least Privilege

Posted December 7, 2011    Peter McCalister

Ever use the phrase that looking for something was like “finding a needle in a haystack”? If you’ve ever seen (or especially played in) a haystack then you understand the magnitude of that challenge. This also applies to IT security when trying to uncover who or what was able to access confidential information and either steal, damage or delete it altogether.

annie

You And I: The Not So Obvious Insider Threat

Posted December 6, 2011    Peter McCalister

Remember the scene in Jerry Maguire where he has returned to his office to collect his stuff, after learning he has been let go, and he has a bit of a freak-out on the way out the door, grabbing the goldfish and making bold claims about the company he is going to build that will…

dave2

Black Market For Server Data Is Prevelant And Profitable

Posted December 5, 2011    Peter McCalister

The economy of cyber-crime is all too real—and too enticing. No longer sequestered to dark alleys and seedy bars, data thieves have almost unlimited options to market their ill-gotten wares to potential buyers. What this means to employers and organizations: the temptation to access and “appropriate” sensitive data may be too great for some to resist.

virus

The Confluence Of Influenza, 0Day Viruses and Least Privilege

Posted December 2, 2011    Peter McCalister

What does influenza, 0day viruses and least privilege have in common you may ask? Besides just being a cool title to get you to read this blog, it turns out that natural mutations, the fear of the unknown and reducing attack surfaces is the short answer. The long answer is best understood by first reading…

least privilege architecture

Least Privilege Windows Architecturally Speaking

Posted November 30, 2011    Peter McCalister

We’ve talked about least privilege throughout thisblog over the past two years at length, but why should a desktop user care? Ultimately, a user needs admin rights on the desktop to

mandm-1

M&M Security Bound To Be Eaten Without Least Privilege

Posted November 28, 2011    Peter McCalister

No, I’m not talking about the Mars candy, funny characters pervasive on your TV, or even the legendary brown ones from a Van Halen concert rider.

Windows Server 2008 R2 Recycle Bin

Posted November 26, 2011    Morgan Holm

Microsoft has included recovery capabilities with every release Active Directory (AD) from Windows Server 2000 on. There is a saying that has been around in IT for a long time, “An administrator is only as good as their last backup”. This is because accidental deletions of a single user object to the removal of hundreds…

Tags:
, , , , , , , ,
austinlogo[1]

Austin Powder uses PowerBroker to Implement Least Privilege

Posted November 18, 2011    Peter McCalister

Austin Powder, a manufacturing firm based in Ohio, faced an interesting challenge of taking their company to a least privilege model. They also needed to reduce malware threats within the organization. At the start of the project, the company knew little about the least privilege model. They began to develop an in-house solution, a wrapped…

zero-gap1

On False Senses of Security

Posted November 16, 2011    Mike Puterbaugh

Customer conversations are the best part of my job. I really enjoy talking with users and buyers of security technology, especially in today’s hyperactive threat and attack climate. Most often these conversations are with customers proactively planning updates to their security strategy, or with prospects that have matured to a level where their tools need to be upgraded to enterprise solutions. However, there is small percentage of organizations we speak with who have come to eEye as a result of breach or a failed audit. One of *those* conversations was the impetus for this post.

Tags:
lucy2

In a Perfect World, Trust Is All You Need

Posted November 8, 2011    Peter McCalister

This week I had an interesting exchange with a full-time Linux administrator. What started out as a discussion about PowerBroker Servers Linux Edition, quickly became a heated debate about trust. After much back and forth, he said this: “At the end of the day, employers need to trust the employees. Relying on technological solutions to ‘keep honest people honest’ is putting the cart before the horse. If you can’t trust your employees, you shouldn’t have hired them.”