BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

eEye for the Win

Posted February 7, 2011    Marc Maiffret

At the start of every year employees of eEye gather for our yearly company kick-off. We discuss what we did right in the previous year and ways that we can improve in this New Year. We talk about our product roadmap and the sales and marketing strategies for the year. We also answer the question that is probably more important than anything: “What type of company do we want to be?”

Anyone that knows me knows I am an extremely passionate person, but asking a question about the core of what a company is striving for is not an exercise in passion but rather an exercise in the morality of trying to do something good and right by our customers. You see the security industry is unlike a lot of other industries in that the products we create are not just nice to have, but rather are a critical part of defending organizations, governments and individuals from an ever increasing threat.

Too many times businesses in the security industry forget this unique difference and resort to the same sort of sales and marketing tactics you will see on late night infomercials trying to hawk the latest gizmo. The debates and conversations turn away from that of being constructive and based in fact, but rather to say anything to win a customer and “close a deal.”

As analysts and product reviewers recognized our achievements and wrote about our great technology releases and as we continued to beat out the competition across a variety of accounts and market verticals, we saw the rhetoric from some competitors climb to an all-time high to the point that some competitors would outright make things up about eEye in a last ditch effort to do anything to “win a deal.”

I remember one of our new younger sales representatives asking if it bothered me that competitors would resort to such tactics to win at any cost. I explained to him it is the second greatest form of flattery…next to imitation. More importantly I let this sales rep know what we would not do, that we would not lower ourselves to such levels as that is not what this industry needs and certainly not what customers need to manage an ever increasingly complex world of vulnerabilities.

At eEye we have always strived to win based on having the best technology and research for helping organizations manage vulnerabilities. This has been engrained in our corporate DNA since eEye’s inception and continues on strong through today. Our unwavering focus on our core values have led to great success in becoming a trusted advisor and solution provider to some of the largest organizations in the world.

When I look back to 2010,  our biggest success at eEye was not simply having one of our best years ever, with some of our strongest product releases ever, but more so that through all of the great success we did it in a way that we can all be proud of.

Signed,
Marc Maiffret
Co-Founder/CTO

P.S.   While there have been numerous press and analysts saying great things about our recent technology releases I do have to give SC Magazine credit for calling our product “a beast”, in a good way of course. You can read more about what a beast our technology is and how it might be “all one needs for vulnerability management” in the SC Magazine 5 star review of Retina CS.

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,