BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Insider Villain Introduced: Accident ProneAnnie

Post by Peter McCalister July 15, 2011

In order to put a face on the depth and breadth of potential insiders that can be found throughout your enterprise, I will introduce you to three insider villains and three insider heroes. Each villain will represent one of the key misuse of privileges and each hero will represent key values delivered by least privilege. This third introduction will be of the most unlikely villain.

Accidental misuse of privilege is commonplace throughout your organization. Why? Because human nature dictate that we will make mistakes and if your employees are over privileged on their IT resources then that can lead to costly mistakes. To better examine this type of privilege misuse I’d like to introduce you to “Accident Prone Annie.”

Annie is your typical business user who accidental may be misusing their privileges to do things that are against corporate policy (i.e. downloading software off the web or upgrading applications before IT approves) and reeking havoc on the help desk.

Accidental misuse of privileges on desktops and servers does happen, and it does have a measurable impact on the organization as a whole. For example, desktop configuration errors cost companies an average of $120/PC, according to IDC report, “The Relationship between IT Labor Costs and Best Practices for IAM.”

As one famous hacker said, “The weakest link in any network is its people.” The most fortified network is still vulnerable if users can be tricked into undermining its security — for example, by giving away passwords or other confidential data over the phone, or performing some activity that allows malware to hijack admin rights on desktops.

Leave a Reply

Additional articles

BI-5.1-user-asset-visibility-img

Understanding Who Has Access to What with BeyondInsight v5.1

Today, it’s my pleasure to introduce you to BeyondInsight version 5.1, the latest release of our IT Risk Management platform, which unifies several of our solutions for Privileged Account Management and Vulnerability Management. BeyondInsight v5.1 embodies BeyondTrust’s mission to give our customers the visibility they need to make smart decisions and reduce risk to their…

Post by Morey Haber April 15, 2014
Tags:
, , , , , , , , , , , ,

PowerBroker for Unix & Linux Now Available via Web Services

This week BeyondTrust released a fully functional Web Services interface (REST API) for its PowerBroker for Unix & Linux product.  With this new feature users of the solution will now be able to remotely and securely configure and retrieve data via the API.  The Web Services interface implemented by BeyondTrust is an industry standard that…

Post by Paul Harper April 10, 2014
Tags:
, , , , ,

Heartbleed – When OpenSSL Breaks Your Heart

You’ve likely heard about the recent OpenSSL vulnerability, CVE-2014-0160, dubbed Heartbleed. The main takeaway of this vulnerability is that attackers can use this to obtain things like secret keys used for X.509 certificates, user names and passwords, instant messages, emails, and other highly sensitive information. For a technical analysis of the bug, check out this…

Post by BeyondTrust Research Team April 8, 2014
Tags:
, , ,