Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

windows of opp-img1

Seizing Windows of Opportunity for Vulnerability Assessment

The change control process for many organizations dictates that vulnerability assessment scanning can only occur during predefined scan windows. During these times, teams are notified that an assessment will be conducted and that alerts from IDS/IPS sensors, SIEMS, and local AV agents should be ignored or whitelisted from the scanners. This is a very typical…

Post by Morey Haber April 1, 2014
, , , , ,

The Growing Government Interest in Cyber R&D

Both US and International governments have been shifting their focus to the research and development of technology to protect critical cyber assets. At the recent AFCEA Homeland Security Conference, cyber security was one of the main topics covered by keynote speakers and exhibitors. We’ve compiled some of the latest endeavors taking place on behalf of…

Post by BeyondTrust Software March 26, 2014
, , , , , , ,

Microsoft Word Zeroday – Set to expire?

Researchers at Google have notified Microsoft of a new Word zeroday vulnerability. This attack is currently being leveraged in the wild to target systems running Microsoft Word 2010. The attack can be successful simply by a user opening a maliciously crafted RTF file within Microsoft Word. The full extent of the breaches caused by this…

Post by BeyondTrust Research Team March 25, 2014
, , , ,

Getting Retina Data into Splunk

SIEM products do a great job correlating information from a laundry list of security and operational solutions in order to gain visibility and context within an IT environment. Today we are going to show how to forward Retina Network security data into Splunk to help improve visibility and decision making. This integration can be completed…

Post by Jason Williams March 21, 2014
, , , , , ,

Auditing Privileged Access on Windows

When a user is given privileged access to a Windows host, they gain access to a wide variety of tools to control the system. Everything from the GUI and Start Menu to PowerShell and command line allow system alteration and software installation. In truly secure world, no end users would have administrative privileges. However, we…

Post by Morey Haber March 20, 2014
, , , , , , , ,

March VEF Participant Wins a Apple iPad mini

Every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your organization and a…

Post by Qui Cao March 20, 2014

CVE-2014-0301 Analysis

This blog post will demonstrate how to leverage binary diffing in order to identify a recently patched Microsoft security flaw leveraging only public data. This is a common practice in the security researcher and attacker space but is a useful reminder for those working in IT how straight forward vulnerability identification can be. For this…

Post by BeyondTrust Research Team March 19, 2014
BI Analytics Reporting

The Best Vulnerability Management Reporting and Analytics

The number one reason why our customers choose BeyondTrust for enterprise vulnerability management is simple: The BeyondInsight Reporting and Analytics capabilities included with Retina CS Enterprise Vulnerability Management exceed the capabilities of every single competitor combined. Retina CS with BeyondInsight is the only vulnerability management solution that ships with an integrated, structured big data warehouse…

Post by Morey Haber March 13, 2014
, , , , , ,

Addressing the MAS Technology Risk Management Guidelines with Privilege and Vulnerability Management

The Monetary Authority of Singapore (MAS) is Singapore’s central bank and financial regulatory authority. The MAS frequently releases guidelines that address emerging technologies and evolving threat landscape. In June 2013, the MAS created an updated set of guidelines for Internet Banking and Technology Risk Management (IBTRM). This addendum mandates certain requirements for Technology Risk Management…

Post by Morey Haber March 12, 2014
, , , , ,

March 2014 Patch Tuesday

March’s Patch Tuesday brings five patches to us, fixing Internet Explorer, DirectShow, Silverlight, kernel-mode drivers, and the Security Account Manager Remote Protocol. MS14-012 fixes 18 unique vulnerabilities, one of which has been publicly disclosed: CVE-2014-0322. This vulnerability has been exploited as early as January 20, 2014, being used in targeted attacks against visitors to the…

Post by BeyondTrust Research Team March 11, 2014
, , ,