BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Security Research

villain trio

A Risk Worth Taking?

Posted September 20, 2011    Peter McCalister

It’s bad enough when an accidental insider threat compromises an organization’s security, but there’s something worse when it’s the result of a malicious past, or current employee, and according to the results of a recent survey, that’s something all employers should be worried about.

Carl-resized-600

In Denial Over Insider Threats?

Posted September 19, 2011    Peter McCalister

Ever felt like if you could just ignore something, it would go away, disappear, self-correct? Guess what? The good news is you’re not alone. The bad news is that the company you’re keeping happens to be the majority of IT security professionals responsible for protecting corporate information assets.

dave2

Insider Threats Exist in Virtualized Environments Too!

Posted September 13, 2011    Peter McCalister

Disgruntled Dave is at it again! What happens when a disgruntled IT administrator deletes the contents of 15 virtual hosts (roughly equivalent to 88 different computer servers)? According to a recent eWeek article highlighting the incident – quite a bit! For the Japanese pharmaceutical company, the attack was so damaging that it froze operations for “a number of days, leaving employees unable to ship products, to cut checks or even communicate via email,” according to court documents. Estimated damages cost the company $800,000. For the disgruntled employee, he’s looking at the possibility of serving 10 years in prison when he is sentenced in November.

DeLorean-on-ebay

Why Back to the Future Doesn’t Help Corporate Security

Posted August 29, 2011    Peter McCalister

I was recently at a convention where the DeLorian (the real one from Back to the Future!) was on display. With the doors up and open, the lights flashing, and the radio blaring, it took me right back to the movie and how awesome it would be if we could do what Marty McFly did. Although inadvertently, he went back in time and was able to influence actions and decisions that significantly improved his future. It would be awesome to go back, alter some pivotal decisions in my life, nip some bad habits in the bud, and make my future that much better. But personal life aside, think of how impactful it would be if companies were allowed to do the same.

rockybalboa

Enterprise Security Lessons from Rocky Balboa

Posted August 22, 2011    Peter McCalister

It’s amazing the effect songs have on us. Take, for example, Eye of the Tiger. If you’re like me, this brings you right back to Rocky, the Italian Stallion that won the hearts of America as he trained and fought his way to victory. That song elicits images of strategy and dedication, the two key traits to Rocky’s success. Why, you ask, do I bring this up here, on an Information Technology blog? Because the same elements that drove Rocky to success in the movie can ensure a data security victory in your IT environment.

patch-tuesday

Microsoft Patch Tuesday – August 2011

Posted August 9, 2011    Chris Silva

True to form for the even months of 2011, Microsoft released thirteen security bulletins today. Of the most interest are MS11-057 (Internet Explorer) and MS11-058 (DNS Server). While it has become fairly commonplace for Microsoft to release an Internet Explorer patch every other month, this release also patches IE9 – the second time a critical…

governance

If You Can’t Change It, You Can’t Govern It

Posted July 27, 2011    Peter McCalister

Corporate governance ensures accountability across the extended enterprise. It facilitates staying competitive and satisfying ever-changing government regulations while providing mechanisms and controls to reduce the inefficiencies that arise when individuals misuse privileges granted to them.

irene2

Insider Villain Introduced: Identity Thief Irene

Posted July 20, 2011    Peter McCalister

In order to put a face on the depth and breadth of potential insiders that can be found throughout your enterprise, I will introduce you to three insider villains and three insider heroes. Each villain will represent one of the key misuse of privileges and each hero will represent key values delivered by least privilege. This fifth introduction will be of the craftiest villain.

MR

Predicting Insider Threats

Posted July 19, 2011    Peter McCalister

In the movie Minority Report, police have created a system which predicts crime before it happens in a nightmarish Orwellian scenario. But what if companies could predict who would attack their most valuable assets? What kinds of ethical considerations would arise? While insider threats are less in number, when they do happen the damage is…

Sam2

Insider Hero Introduced: Secure Sam

Posted July 18, 2011    Peter McCalister

In order to put a face on the depth and breadth of potential insiders that can be found throughout your enterprise, I will introduce you to three insider villains and three insider heroes. Each villain will represent one of the key misuse of privileges and each hero will represent key values delivered by least privilege. This fourth introduction will be of the most visible hero.