BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

New Integration of Retina CS & Powerbroker Windows to Provide Context-Aware Privilege Management

Posted October 1, 2012    Jerome Diggs

Every day there are new vulnerabilities being discovered that can be used to compromise your organizations computing environment. Crucial to properly protecting is not only good configuration and vulnerability management but the overall management of your users and their privileges within your environment. One of the most commonly recommended security best practices is to make sure your users are not running as Administrator where they do not need to be.

The reason that it is important to make sure users to do not run as Administrator is because of the exponential effects that malware can have on systems where Administrator access is gained. The difference between malware executing as an unprivileged user vs. an Administrator can mean the difference of potentially a single system being compromised or your entire network and confidential data.

That is why at BeyondTrust we have focused on creating a robust line of products for helping Administrators properly manage user privileges and rights. Our PowerBroker line of products gives you granular controls for Windows and UNIX/Linux to be able to decrease your attack surface and increase productivity. This happens through a process of removing Administrator rights from every day users and providing limited access Administrator rights only to specific users and only for specific applications. For example you no longer need your finance department all running as administrator just because a single financial app requires it. Now these users can run with least privileges while still accessing the financial application with the administrative privileges that are require. This can mean a major difference in a web based browser attack, such as the recent Internet Explorer 0day, and the level at which malware can successfully embed itself into a system to further an attacker’s access within your business.

At BeyondTrust we are dedicated to continually innovating our solutions to better meet today’s security challenges. One of the challenges we have seen with privilege management is the need to take a systems overall risk into context when deciding what level of privileges a user or system should be given. We have heard from customers that there are times when the notification or revocation of privileged rights should be reflected based on a systems risk level. This is important because sometimes a systems risk profile can be that of which allowing increased user rights may lead to further risk and threat of system compromise. Taking the mapping of risk and privileges into context can better help our customers make smarter decisions about their security.

To that end we are pleased to announce the integration of PowerBroker Windows, for Privilege Management, with Retina CS for Vulnerability and Risk Management. With the integration of these two technologies we are bringing to market the first instance of Privilege Management based on the context of a systems security risk profile. This allows for customers to now make decisions based on which users, systems and applications can have increased privileges based on a systems overall risk and susceptibility to attacks.

One great example of this integration is in the new ability for IT administrators to be alerted when a system has increased privileges and is susceptible to something such as a zeroday (unpatchable) Internet Explorer attack or really any number of risk and vulnerability related items.

contextawareprivilege-1

By leveraging our Smart Rules technology an Administrator can create real-time alerting to be kept abreast of any newly found systems that can be compromised or systems that have been mitigated from certain risks and are therefore no longer needing additional levels of restrictions on privileges.

This is just one example of more to come as we more closely integrate Privilege and Risk Management to better provide the much needed security context to better drive IT operational security. Stay tuned as our roadmap is full of a lot of extremely beneficial innovations to Privilege Management and solving complex security challenges that your organization is facing.

Tags:
, , , , , ,

Leave a Reply

Additional articles

6

A Quick Look at MS14-068

Posted November 20, 2014    BeyondTrust Research Team

Microsoft recently released an out of band patch for Kerberos.  Taking a look at the Microsoft security bulletin, it seems like there is some kind of issue with Kerberos signatures related to tickets. Further information is available in the Microsoft SRD Blogpost So it looks like there is an issue with PAC signatures.  But what…

Tags:
, , , ,
Password Game Show

Managing Shared Accounts for Privileged Users: 5 Best Practices for Achieving Control and Accountability

Posted November 20, 2014    Scott Lang

How do organizations ensure accountability of shared privileged accounts to meet compliance and security requirements without impacting administrator productivity? Consider these five best practices…

Tags:
, , , , , ,
Triggering MS14-066

Triggering MS14-066

Posted November 17, 2014    BeyondTrust Research Team

Microsoft addressed CVE-2014-6321 this Patch Tuesday, which has been hyped as the next Heartbleed.  This vulnerability (actually at least 2 vulnerabilities) promises remote code execution in applications that use the SChannel Security Service Provider, such as Microsoft Internet Information Services (IIS). The details have been scarce.  Lets fix that. Looking at the bindiff of schannel.dll, we see a…

Tags:
, , , , ,