BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Carl-resized-600

Compliance Considerations For 2012

As 2011 comes to a close, it’s time to start looking ahead to what 2012 will bring, including compliance considerations for the New Year. All regulations emphasize fraud control, therefore internal automated controls over all access (especially privileged users) will provide assurance; the Ponemon Institute has identified “privileged access” as an area of “higher risk…

Post by Peter McCalister December 20, 2011
finding money

Hard Versus Soft Cost Of Privilege Misuse

All costs aren’t completely obvious. Simply stated, the principle of least privilege means that a user must run with the least amount of privilege for the least being performed. And what does this mean for you? It means you should look closely at eliminating administrator rights from users who don’t absolutely need them, and elevate…

Post by Peter McCalister December 19, 2011
lucy2

Of Saints, Sinners and The Least Privileged

As I’ve waded through the hundreds of published insider breaches from just the last two years, what is a clear recurring theme is that of the vagaries of human nature. Not meaning to wax poetic, but it is always an individual who misused their own, or some other insider’s, privileged access authorizations to information technology…

Post by Peter McCalister December 16, 2011
patch-tuesday

Microsoft Patch Tuesday – December 2011

To wish IT administrators everywhere a happy holiday, Microsoft today released 13 security bulletins. Microsoft had initially planned to release 14 bulletins, but a bulletin related to the BEAST vulnerability was held back for not behaving well with other other software. Assuming it can be whipped into shape, it will most likely make an appearance…

Post by Chris Silva December 13, 2011
bret-michaels1-98x98

Security Predictions: All Hat, No Cattle

This is the time of the year where holiday parties are had, gifts are exchanged, and everyone and their brother in the security industry write blog posts and press releases about their predictions for the coming year. This time of the year reminds me of how important eEye’s message of “Security in Context” is given…

Post by Marc Maiffret December 13, 2011
Tags:
,
annie

Accident Prone Annie Unintentionally Helps Hacker

Marriott International Corporation became the latest victim to an interesting twist on an insider attack. According to Dark Reading, a prospective employee named Attila Nemeth, “pilfered sensitive documents from the hotel chain and then attempted to use the stolen intelligence to blackmail it for employment.” Who would think that blackmailing a potential employer would lead…

Post by Peter McCalister December 13, 2011
villain trio

SMBs Need Least Privilege Too

Depending on which area of information technology you hail from, SMB could mean System Management Bus, Server Message Block, or Small and Medium Business. For the purposes of today’s blog it is the latter. Smaller companies seem to believe, on average, that they aren’t as susceptible to insider attacks and security breaches as large fortune…

Post by Peter McCalister December 12, 2011
president

Government Tech Leaders Carefully Embracing the Cloud

What organizations have the biggest data security needs of all? Financial institutions? Technology companies with highly-sensitive proprietary code? Depending on who you ask, you’ll get a variety of answers. One type of insititution, however, seems to trump them all: Government. A recent blog post titled Cloud Security: Better Than We Think? on Information Week takes…

Post by Peter McCalister December 9, 2011
restricted groups 2

Removing Users From The Local Administrators Group

When embarking on a project to remove administrator rights from users, it is important to understand all of the options available for modifying local group membership on your clients. If you have hundreds or even thousands of desktops, it is not feasible to do this manually. Fortunately, Microsoft provides two mechanisms in Group Policy to…

Post by Peter McCalister December 8, 2011
blowfish-98x98

Honey, Does this Installer Make Me Look Fat?

I remember the days when I used download.com to grab utilities and shareware, never really questioning why I used download.com. All I knew is that it was safe and fast, usually appearing as a top search result in Google and it was always available. Unfortunately, CBS Interactive found that it would be monetarily advantageous to bundle downloads in…

Post by The eEye Research Team December 7, 2011
Tags:
, ,