BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Marc Maiffret: I’m Back at eEye

Posted July 12, 2010    Marc Maiffret

As you now know, I’m back at the company I co-founded, serving as CTO of eEye. It has been a few years, but my heart never left this company. To me, eEye has always been an idea greater than any product. It is the idea that modern societies will become increasingly dependent on technology, not just as something nice to have, but as a foundation for a way of life. Without a doubt, technology creates a better world through openness of information and access, which brings down barriers and allows for amazing advancements in many fields. As with all advancements and progress, however, there are going to be hurdles.

One hurdle is finding a balance between progress/innovation and security/reliability. This is compounded by the fact that now more than ever, security threats are not driven by teenage pranksters but by foreign governments and extremely well-funded criminal organizations. Make no mistake that when my colleagues and I show up to eEye every day, we feel not simply a part of a successful company, but part of a larger fight to protect a current and future way of life.

Having lived and breathed vulnerabilities for more than 13 years, my return to eEye continues my commitment to helping IT Security Professionals win the difficult battle of protecting their critical IT assets. Whether it was holding Microsoft accountable back in the day and seeing their dramatic shift into becoming one of the most secure software development companies or providing IT folks free tools to help combat the rampant computer worms of yester years – my passion has remained the same and my commitment to IT unwavering.

eEye will continue to lead through innovation. Some of today’s foundational vulnerability management concepts, such as the ability to perform non-intrusive scanning, were our innovations and appeared first in our products. It took years for our competitors to catch up and offer non-intrusive scanning. Today, eEye is the only major provider to offer a robust host-based VM agent that not only performs local active scans for security weaknesses, but also prevents zero-day attacks attempting to leverage vulnerabilities that do not yet have a patch.

We’ve innovated and led the way, but this doesn’t mean we sit back and rest on our successes. We have an aggressive plan to continue to pioneer this space. I’m thrilled to be back on the eEye team again and look forward to continuing the conversation. Good things to come for sure…

Tags:
,

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,