BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Logs – A Gold Mine of Information

Posted May 4, 2011    Peter McCalister

In an earlier post I talked about tapping in to the power of the information in our privileged identity management system to improve productivity. Those detailed compliance logs you have been generating are a gold mine of information.

Analyzing large amounts of data is a growing trend. From Google to WalMart companies are building their strategies on complex models and algorithms.

Systems logs can be used not just to look for patterns that indicate a security threat, but those same patterns can show where security and other procedures such as improper configurations of new systems are hurting productivity. Finding those patters can help uncover opportunities to better train, simplify procedures, and uncover best practices that not everyone is following. And once those best practices are discovered you can use controls to ensure that best practices are being followed.

Realizing that value requires a data analysis strategy and a strategy for how to engage the organization in using that analysis. Your data analysis strategy needs to consider the roles of monitoring, logging and reporting, as well as when and how to combine data from different sources. Single silos of data are simpler to use but correlating data across silos provides more powerful insights. Ultimately you will need both, but your data analysis strategy needs to focus on providing insights your organization can act on. And that’s where you need to consider your how to engage your people in using the data. More on that next week.

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,