BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
laptop-password3

What to Look for in a Privileged Password Management Solution: Frost & Sullivan’s Review of PowerBroker Password Safe

Posted June 11, 2014    Gail Ferreira

It wasn’t long ago that most organizations focused their privileged password management efforts on small subsets of critical servers and applications. Today, given the ever-present need to secure information, applications and assets, we’re seeing expansion of the password management footprint across servers at both smaller firms and larger enterprises alike. Whether to meet regulatory requirements, tighten…

Categories:
Privileged Account Management
Tags:
, , , , , , , , ,
patch-tuesday

June 2014 Patch Tuesday

Posted June 10, 2014    BeyondTrust Research Team

This June we are greeted with 7 different Microsoft Security bulletins for Patch Tuesday. MS14-030 covers a vulnerability within Remote Desktop that could allow for tampering with RDP session data. The sky is not falling here though as in order for an attacker to perform this tampering they need to already be on the same network…

Categories:
Security Research
Tags:
, , ,
enter-here-computer

Accounting for Vulnerability “States” in Your Risk Assessments

Posted June 9, 2014    Morey Haber

Vulnerability management (VM) processes have had to evolve exponentially in recent years. Most of this evolution has occurred in terms network coverage, as scanners have moved beyond conducting sequential assessments to advanced agent, connector and credentialing technologies. However, most VM applications are still unable to provide meaningful data for prioritizing vulnerabilities in terms of real…

Categories:
Privileged Account Management, Vulnerability Management
Tags:
, , , , ,
pass-hash-img1

How to Stop Pass-the-Hash Attacks on Windows Desktops

Posted June 2, 2014    Morey Haber

One of the most talked about presentations at Microsoft TechEd was Pass-The-Hash: How Attackers Spread and How to Stop Them by Mark Russinovich and Nathan Ide of Microsoft. This presentation demonstrated how simple it is to collect hashes from one machine and leverage them to compromise the entire infrastructure. The publication of attack techniques and lack…

Categories:
Privileged Account Management
Tags:
, , , , , , , , ,
darren-mar-elia

Webcast Recap: Leveraging Active Directory as a Unified Identity Store with Microsoft MVP, Darren Mar-Elia

Posted May 29, 2014    Chris Burd

With over 15 years of history, Active Directory (AD) is the original source of authentication and authorization as a service, providing businesses with a trusted way to consolidate and manage identity. But how and why companies use AD – from an OS directory to an identity store – has constantly evolved. BeyondTrust recently partnered with…

Categories:
Network Security
Tags:
, , , , , , ,
PBW-Authorization

A New Twist on Secure Computing

Posted May 28, 2014    Morey Haber

Secure Computing is one of those overused terms that gracefully died on the vine. During a recent customer meeting, we discussed a new context for Secure Computing that’s worth sharing with our blog readers. Here it is in a nutshell: Consider Secure computing in the context of PowerBroker for Windows Risk Compliance. If you’re not…

Categories:
Privileged Account Management, Vulnerability Management
Tags:
, , , , , , ,
Retina CS vulnerability management interface

BeyondInsight Evolution is Paving the Way for a Revolution in IT Risk Management

Posted May 27, 2014    Morey Haber

2008: Unifying Vulnerability Management + Endpoint Protection It all started in 2008, when eEye Digital Security transformed its REM management platform into Retina CS, a solution that could do more than just vulnerability management. Retina CS (short for “Compliance and Security” – or, as we joke internally, for “Chris Silva” our Chief Architect) merged the…

Categories:
Privileged Account Management, Vulnerability Management
Tags:
, , , , , , ,

Webcast Recap: Surviving the Vulnerability Data Maelstrom with Dave Shackleford

Posted May 21, 2014    Chris Burd

If your vulnerability management (VM) processes are like most, you’re drowning in information and wondering whether your scanning and reporting tools are revealing true risks or sending every tiny issue your way for review. Unfortunately, getting alerts for low-level vulnerabilities and false positives is still considered a standard best practice. But to free themselves from…

Categories:
Vulnerability Management
Tags:
, , , , ,
RCS-Mobile-Blog-IMG

Identifying Android Phone Vulnerabilities that Threaten Your Corporate Network

Posted May 20, 2014    Morey Haber

According to a recent McKinsey survey, more than 80% of employees now use personal smartphones for work-related purposes. Vulnerable smartphones can spread malware to business infrastructure via emailed attachments and to corporate networks through bots. Assessing mobile devices for vulnerabilities that could lead to infections and data manipulation is therefore a real concern for data…

Categories:
Vulnerability Management
Tags:
, , , , , , ,
PCI-Approved-Scanning Vendor

Vulnerability Scanning for PCI DSS Compliance with BeyondTrust Retina

Posted May 19, 2014    Morey Haber

I’m pleased to announce that BeyondTrust’s Retina Enterprise Vulnerability Management has successfully completed PCI Scanning Vendor Compliance Testing. This means that Retina meets all PCI Security Standards Council requirements to perform PCI data security scanning. This also marks the fifth year that BeyondTrust is an Approved Scanning Vendor (ASV). Where Vulnerability Scanning Comes into Play…

Categories:
Vulnerability Management
Tags:
, , , , , , ,