BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

New Integration of Retina CS & Powerbroker Windows to Provide Context-Aware Privilege Management

Posted October 1, 2012    Jerome Diggs

Every day there are new vulnerabilities being discovered that can be used to compromise your organizations computing environment. Crucial to properly protecting is not only good configuration and vulnerability management but the overall management of your users and their privileges within your environment. One of the most commonly recommended security best practices is to make sure your users are not running as Administrator where they do not need to be.

The reason that it is important to make sure users to do not run as Administrator is because of the exponential effects that malware can have on systems where Administrator access is gained. The difference between malware executing as an unprivileged user vs. an Administrator can mean the difference of potentially a single system being compromised or your entire network and confidential data.

That is why at BeyondTrust we have focused on creating a robust line of products for helping Administrators properly manage user privileges and rights. Our PowerBroker line of products gives you granular controls for Windows and UNIX/Linux to be able to decrease your attack surface and increase productivity. This happens through a process of removing Administrator rights from every day users and providing limited access Administrator rights only to specific users and only for specific applications. For example you no longer need your finance department all running as administrator just because a single financial app requires it. Now these users can run with least privileges while still accessing the financial application with the administrative privileges that are require. This can mean a major difference in a web based browser attack, such as the recent Internet Explorer 0day, and the level at which malware can successfully embed itself into a system to further an attacker’s access within your business.

At BeyondTrust we are dedicated to continually innovating our solutions to better meet today’s security challenges. One of the challenges we have seen with privilege management is the need to take a systems overall risk into context when deciding what level of privileges a user or system should be given. We have heard from customers that there are times when the notification or revocation of privileged rights should be reflected based on a systems risk level. This is important because sometimes a systems risk profile can be that of which allowing increased user rights may lead to further risk and threat of system compromise. Taking the mapping of risk and privileges into context can better help our customers make smarter decisions about their security.

To that end we are pleased to announce the integration of PowerBroker Windows, for Privilege Management, with Retina CS for Vulnerability and Risk Management. With the integration of these two technologies we are bringing to market the first instance of Privilege Management based on the context of a systems security risk profile. This allows for customers to now make decisions based on which users, systems and applications can have increased privileges based on a systems overall risk and susceptibility to attacks.

One great example of this integration is in the new ability for IT administrators to be alerted when a system has increased privileges and is susceptible to something such as a zeroday (unpatchable) Internet Explorer attack or really any number of risk and vulnerability related items.

contextawareprivilege-1

By leveraging our Smart Rules technology an Administrator can create real-time alerting to be kept abreast of any newly found systems that can be compromised or systems that have been mitigated from certain risks and are therefore no longer needing additional levels of restrictions on privileges.

This is just one example of more to come as we more closely integrate Privilege and Risk Management to better provide the much needed security context to better drive IT operational security. Stay tuned as our roadmap is full of a lot of extremely beneficial innovations to Privilege Management and solving complex security challenges that your organization is facing.

Tags:
, , , , , ,

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,