BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
users-graphic-0614

Statistics, Claims, Marketing and Leadership in IT Risk Management

Posted June 12, 2014    Morey Haber

Good marketing plans and effective technology can place unmovable stakes in the ground in terms of statistics and claims. You see these every day in the form of ROI calculations, customer results, performance figures … the list goes on. The intention, to put it bluntly, is to point out differentiators that help customers select one…

Categories:
Network Security
Tags:
, , , , , ,
patch-tuesday

Retina Vulnerability Audits – June 2014 Patch Tuesday

Posted June 11, 2014    BeyondTrust Research Team

The following is a list of Retina vulnerability audits for this June 2014 Patch Tuesday.

Categories:
Security Research, Vulnerability Management
Tags:
, , ,
laptop-password3

What to Look for in a Privileged Password Management Solution: Frost & Sullivan’s Review of PowerBroker Password Safe

Posted June 11, 2014    Gail Ferreira

It wasn’t long ago that most organizations focused their privileged password management efforts on small subsets of critical servers and applications. Today, given the ever-present need to secure information, applications and assets, we’re seeing expansion of the password management footprint across servers at both smaller firms and larger enterprises alike. Whether to meet regulatory requirements, tighten…

Categories:
Privileged Account Management
Tags:
, , , , , , , , ,
patch-tuesday

June 2014 Patch Tuesday

Posted June 10, 2014    BeyondTrust Research Team

This June we are greeted with 7 different Microsoft Security bulletins for Patch Tuesday. MS14-030 covers a vulnerability within Remote Desktop that could allow for tampering with RDP session data. The sky is not falling here though as in order for an attacker to perform this tampering they need to already be on the same network…

Categories:
Security Research
Tags:
, , ,
enter-here-computer

Accounting for Vulnerability “States” in Your Risk Assessments

Posted June 9, 2014    Morey Haber

Vulnerability management (VM) processes have had to evolve exponentially in recent years. Most of this evolution has occurred in terms network coverage, as scanners have moved beyond conducting sequential assessments to advanced agent, connector and credentialing technologies. However, most VM applications are still unable to provide meaningful data for prioritizing vulnerabilities in terms of real…

Categories:
Privileged Account Management, Vulnerability Management
Tags:
, , , , ,
pass-hash-img1

How to Stop Pass-the-Hash Attacks on Windows Desktops

Posted June 2, 2014    Morey Haber

One of the most talked about presentations at Microsoft TechEd was Pass-The-Hash: How Attackers Spread and How to Stop Them by Mark Russinovich and Nathan Ide of Microsoft. This presentation demonstrated how simple it is to collect hashes from one machine and leverage them to compromise the entire infrastructure. The publication of attack techniques and lack…

Categories:
Privileged Account Management
Tags:
, , , , , , , , ,
darren-mar-elia

Webcast Recap: Leveraging Active Directory as a Unified Identity Store with Microsoft MVP, Darren Mar-Elia

Posted May 29, 2014    Chris Burd

With over 15 years of history, Active Directory (AD) is the original source of authentication and authorization as a service, providing businesses with a trusted way to consolidate and manage identity. But how and why companies use AD – from an OS directory to an identity store – has constantly evolved. BeyondTrust recently partnered with…

Categories:
Network Security
Tags:
, , , , , , ,
PBW-Authorization

A New Twist on Secure Computing

Posted May 28, 2014    Morey Haber

Secure Computing is one of those overused terms that gracefully died on the vine. During a recent customer meeting, we discussed a new context for Secure Computing that’s worth sharing with our blog readers. Here it is in a nutshell: Consider Secure computing in the context of PowerBroker for Windows Risk Compliance. If you’re not…

Categories:
Privileged Account Management, Vulnerability Management
Tags:
, , , , , , ,
Retina CS vulnerability management interface

BeyondInsight Evolution is Paving the Way for a Revolution in IT Risk Management

Posted May 27, 2014    Morey Haber

2008: Unifying Vulnerability Management + Endpoint Protection It all started in 2008, when eEye Digital Security transformed its REM management platform into Retina CS, a solution that could do more than just vulnerability management. Retina CS (short for “Compliance and Security” – or, as we joke internally, for “Chris Silva” our Chief Architect) merged the…

Categories:
Privileged Account Management, Vulnerability Management
Tags:
, , , , , , ,

Webcast Recap: Surviving the Vulnerability Data Maelstrom with Dave Shackleford

Posted May 21, 2014    Chris Burd

If your vulnerability management (VM) processes are like most, you’re drowning in information and wondering whether your scanning and reporting tools are revealing true risks or sending every tiny issue your way for review. Unfortunately, getting alerts for low-level vulnerabilities and false positives is still considered a standard best practice. But to free themselves from…

Categories:
Vulnerability Management
Tags:
, , , , ,