BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Security Research

MR

Predicting Insider Threats

Posted July 19, 2011    Peter McCalister

In the movie Minority Report, police have created a system which predicts crime before it happens in a nightmarish Orwellian scenario. But what if companies could predict who would attack their most valuable assets? What kinds of ethical considerations would arise? While insider threats are less in number, when they do happen the damage is…

Sam2

Insider Hero Introduced: Secure Sam

Posted July 18, 2011    Peter McCalister

In order to put a face on the depth and breadth of potential insiders that can be found throughout your enterprise, I will introduce you to three insider villains and three insider heroes. Each villain will represent one of the key misuse of privileges and each hero will represent key values delivered by least privilege. This fourth introduction will be of the most visible hero.

annie

Insider Villain Introduced: Accident ProneAnnie

Posted July 15, 2011    Peter McCalister

In order to put a face on the depth and breadth of potential insiders that can be found throughout your enterprise, I will introduce you to three insider villains and three insider heroes. Each villain will represent one of the key misuse of privileges and each hero will represent key values delivered by least privilege. This third introduction will be of the most unlikely villain.

patch-tuesday

Microsoft Patch Tuesday – July 2011

Posted July 12, 2011    Chris Silva

I’m really starting to enjoy the “odd” months, Microsoft kept to their pattern and released only four security bulletins today. A welcome reprieve from last month’s sixteen bulletins. The only “Critical” rated vulnerability released today affects the Windows Bluetooth 2.1 stack. This particular vulnerability is somewhat interesting due to the attack vector. As you know,…

Lockdown

Corporate Security: The People’s Problem

Posted July 12, 2011    Peter McCalister

Last week reports of a study done by the U.S. Department of Homeland Security were flying around the Internet, highlighting that if you simply drop a bunch of USB drives in your corporate parking lot, approximately 60 percent of your employees will pick up the drives, take them into the office and plug them into their computer. While the results of this study are being disputed, this tells us one thing definitively: employees are a huge security risk.

cross bridge

We’ll Cross that Active Directory Bridge When We Come to it

Posted July 8, 2011    Peter McCalister

It seems like you can’t turn on the news or surf the web without hearing about yet another data breach or information security attack, all of which lead to further consumer unrest and corporate concern about the protection of their own sensitive data. The security structure within most organizations generally provides a multitude of security mechanisms designed to provide protection of sensitive information, but with so many different aspects of security to consider, IT administrators and security officers need to be sure not to overlook the Active Directory.

ID Keys

SUPM, SAPM And The Keys To Your Enterprise

Posted July 7, 2011    Peter McCalister

Industry analysts have classified the privilege identity management space into Super User Privileged Management (SUPM) and Shared Account Password Management (SAPM). When it comes to crashing your enterprise systems, destroying data, deleting or creating accounts and changing passwords, it’s not just malicious hackers you need to worry about.

sweep-under-rug

Transgression Tuesday: Ways to Avoid a Data Breach

Posted June 28, 2011    Peter McCalister

We’ve talked a lot about change, and how it’s one of the only things in the IT world that remains the same. Another constant is human nature- specifically our reactions when we do something we shouldn’t. People have this funny tendency to hide their wrong-doings: sweep them under a proverbial rug. The problem is that those rugs can turn into uncontrollable problems, and in the IT world mean the dreaded “D” word: Data Breach. Hiding bad habits and improper actions never cloak the issue, but allows the problem to compound until one day it becomes a raging war.

thumb_default

What Do You Think About eEye’s Zero-Day Tracker?

Posted June 15, 2011    The eEye Research Team

What Do You Think About eEye’s Zero-Day Tracker (www.eeye.com/zdt)?

patch-tuesday

Microsoft Patch Tuesday – June 2011

Posted June 14, 2011    Chris Silva

Another even month, another huge security bulletin release by Microsoft. Those who took my advice and convinced their bosses to let them take vacation this month avoided 16 security bulletins – hopefully your co-workers will have them fully tested and deployed before you return. For those of us not sitting on a beach somewhere, there…