BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Privileged Account Management

img-oracle-logo

BeyondTrust & Oracle, The Perfect Partnership

Posted April 8, 2013    BeyondTrust Product Management

No one will dispute that Oracle is a heavyweight when it comes to the relational database market, but Oracle is far more than a one trick pony.  Oracle has a plethora of enterprise products and hardware solutions that will fit the needs of almost any business.  However the key to success for many of the…

Tags:
, , , , , , , ,
lucy2

Least Privilege and South Korea

Posted March 26, 2013    BeyondTrust Research Team

No, this isn’t some editorial piece about the interrelationships of varying social strata in South Korean society and Gangnam Style. Despite how interesting that may be, we are instead taking a quick look at the latest “wiper” malware to strike fear in the hearts of CTOs and IT admins alike – DarkSeoul (or Jokra or…

Tags:
, , , ,
retinacs-img9

Creating a Gold Image SCAP Template for Windows

Posted March 21, 2013    Bill Tillson

One of the challenges of Benchmark Configuration management is creating or modifying SCAP OVAL content to match your business policies and requirements. The following procedure is recommended to create custom Windows benchmarks for the Retina Network Security Scanner and Retina CS via local system policy, Local GPO, and Microsoft Security and Compliance Manager. For starters,…

Tags:
, , , ,
university-winchester

University of Winchester secures its applications with the help of BeyondTrust

Posted March 20, 2013    Sarah Lieber

A PowerBroker for Windows customer, University of Winchester, was recently highlighted in the Spring 2013 Government and Public Sector Journal (GPSJ). GPSJ is a great source for professionals in the government & public sectors, and informs them of the latest breaking news and exclusive footage. We are very happy and proud of our customer being…

Tags:
, , ,
java_update_screen

Oracle’s Java Hates Least-Privilege

Posted March 8, 2013    Marc Maiffret

Recently, there has been a lot of commentary and discussions about what to do about the state of security and the seemingly endless attacks that we are facing. There are, of course, many recommendations that are being made at a governmental level of how best to approach this problem through the use of information sharing…

Tags:
, , ,
clock-reset

sudo authentication bypass when clock is reset

Posted March 7, 2013    Rod Simmons

A recent discovery by a German researcher, Marco Schoepl, found that it is possible for a user to bypass sudo authentication by resetting the clock. To read more about this vulnerability see the articles on seclist.org and threatpost.com. What we have found is that many highly secure customers have already adopted the timestamp_timeout=0 setting which…

Tags:
, , , ,
EventStream-Reports

PowerBroker for Windows Rule Creation with Retina CS

Posted February 20, 2013    Morey Haber

For any enterprise solution, manually creating rules can be a daunting task and repetitive exercise. This problem is even more complex when working with solutions that potentially touch every application within your environment. Consider the complexity of identifying every application that requires escalated privileges for a least privilege project. How can you identity every user application…

Tags:
, , , ,
United States Health Department

United States Health Department Updates HIPAA Guidelines

Posted January 25, 2013    Morey Haber

It comes as no surprise to information technology security professionals that data leaks and privacy issues can occur at virtually any level of an organization including business associates, contractors, subs-contractors and outsourced firms like payroll and billing. With this, it is has been a long time coming that the U.S. Department of Health and Human…

Tags:
, , , , , , ,
contextawareprivilege-1

New Integration of Retina CS & Powerbroker Windows to Provide Context-Aware Privilege Management

Posted October 1, 2012    Jerome Diggs

Every day there are new vulnerabilities being discovered that can be used to compromise your organizations computing environment. Crucial to properly protecting is not only good configuration and vulnerability management but the overall management of your users and their privileges within your environment. One of the most commonly recommended security best practices is to make…

Tags:
, , , , , ,
gear6-98x98

Configuration Mistakes Make for Costly Security Gaps

Posted May 25, 2012    Daniel Jacobowitz

Earlier this week, Brian Prince over at Security Week posted an article on a subject that we’ve always been passionate about here at eEye, now BeyondTrust, Research – and that’s configuration.  More specifically, the incredible impact that smart, effective configuration can have on reducing attack surface for any size organization.

Tags:
, , ,