BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

How to Use the Force to Secure Your Enterprise

Posted August 24, 2011    Peter McCalister

In the Star Wars Trilogy, there are two very clear sides of the moral spectrum. First, we have the rebel forces, keepers of the Force and warriors fighting against the evil Emperor. The Emperor, and the imperial forces that fight for him, are the evil masterminds who want to destroy the Force and the source of all goodness. While other battles may not seem quite as grand, there are parallels from Star Wars that apply to a multitude of other situations. One of these situations is the risk of insider threat in your organization. There are lessons to be learned from Darth Vader, the Emperor, Luke Skywalker, and others. Here are the three we like the best:

Use the Force
While you may not have the actual Force, you do have decision-making power. Decide now to secure your enterprise against the threat of insider data breachers. You don’t want to look back with regrets (like Vodafone had to). Use your force for good before it’s too late.

Call in Your Allies
Defeating the Empire wasn’t a job for just Luke Skywalker. Sure, he was the one chosen to lead the charge, but he had plenty of help from his friends, fellow fighter pilots, Ewoks, and a host of other political leaders working towards the same goal. The same goes for you in your company. You don’t have to do it alone. Use your dedicated team and even outside software vendors to make your IT infrastructure compliant and secure.

Beware of Human Nature
Every company in existence is subject to insider threat. Because human nature is so volatile and inconsistent, this fact will never change. The key is to set up a least privilege solution and implement rules to keep precious information secure from those who don’t absolutely need it. It’s not enough to simply trust people to remain loyal and do what you ask- look how that worked out for the Emperor. He trusted Darth Vader completely, but Vader ultimately threw him to his death! Even those we think will never betray us need least privilege.

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,