Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.


Vulnerability Management


Organizations Must Evolve as Vulnerabilities Have Evolved to Combat Today’s Threats

Posted August 10, 2015    Derek A. Smith

In order to be more security-conscious, companies must evolve as the sophistication of vulnerabilities, attacks and attackers have evolved. Your organization must have more than the good firewall, antivirus software and spam filtering of old to stave off today’s attackers.

Patch Tuesday MS15-078

Microsoft Patches a Critical Vulnerability in Adobe Type Manager Font Driver

Posted July 20, 2015    BeyondTrust Research Team

Today, Microsoft released the MS15-078 bulletin containing a patch for yet another flaw in the Adobe Type Manager Font Driver (atmfd.dll). This patch, coming just shy of a week after Microsoft’s monthly Patch Tuesday event, fixes a kernel pool overflow vulnerability (CVE-2015-2426), which can allow remote code execution with full system rights. The vulnerability lies…


Black Hat Survey: Gap Between Security Concerns and Resources – a Maturity Problem

Posted July 16, 2015    Scott Lang

In advance of the upcoming Black Hat conference, the organization released a first-ever research report based on results of a survey to prior conference attendees. The report, titled, “2015: Time to Rethink Enterprise IT Security”, “reveals a significant gap between the priorities and concerns as well as the actual expenditure of security resources in the average enterprise.”

, , ,

The Current State of the Cyber Insurance Market and its Role in Managing Cyber Risk

Posted July 14, 2015    Tracie Grella

Cyber insurance is the fastest growing insurance product today, it’s development spurred on by several large data breaches covered in the news the past year and a half. As with any new product/service, there is a lot of variation and evolution in the coverage; here is what you need to know.

, , ,

Stopping the Skeleton Key Trojan

Posted June 29, 2015    Robert Auch

Earlier this year Dell’s SecureWorks published an analysis of a malware they named “Skeleton Key”. This malware bypasses authentication for Active Directory users who have single-factor (password only) authentication. The “Skeleton Key” attack as documented by the SecureWorks CTU relies on several critical parts.

, , , , ,

On Demand Webinar: 10 Steps to Building an Effective Vulnerability Management Program

Posted June 26, 2015    BeyondTrust Software

In this on demand webinar, Cybersecurity Expert, Derek A.Smith will take you through his 10 steps for a successful vulnerability management program and how to get started now.

, ,

Vulnerability Overload: Threat Analytics Can Help

Posted June 11, 2015    Brian Chappell

This blog post is republished with the permission of Network Computing. The increasing range of security information sources can be overwhelming. Brian Chappell, Director of Technical Services for BeyondTrust suggests that analytics may offer assistance.

, , ,

Tales from the Datacenter: Vulnerability Management Nightmares

Posted May 27, 2015    Dave Shackleford

Vulnerability scanning, threat management, risk analysis, patching, and configuration management are some of the major activities usually associated with vulnerability management, and none of these are new…so why are we failing so badly at many of them?

, ,

May 2015 Patch Tuesday

Posted May 13, 2015    BeyondTrust Research Team

This month’s Patch Tuesday is massive, to say the least, with a total of 13 bulletins, affecting many products and all versions of Windows. Earlier this month, Microsoft announced that the upcoming Windows 10 will not follow the typical Patch Tuesday cycle and updates will be provided when they become available.

, ,

On Demand Webinar: Have electronic health records made America more vulnerable?

Posted May 7, 2015    BeyondTrust Software

On Demand Webinar: Our latest webinar featured Dr. Mansur Hasib, CISSP, PMP, CPHIMS, in a discussion on electronic health records and the modern cyber criminal. Electronic health records are far more valuable to the modern cyber criminal. For the hacker, they fetch more value over a much longer period of time. For the victim – many who are still children — the repercussions could last decades!

, , ,