Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.


In Denial Over Insider Threats?

Ever felt like if you could just ignore something, it would go away, disappear, self-correct? Guess what? The good news is you’re not alone. The bad news is that the company you’re keeping happens to be the majority of IT security professionals responsible for protecting corporate information assets.

Post by Peter McCalister September 19, 2011

Déjà Vu All Over Again

Several months ago I commented on the 3 Pillars of Desktop Security – patch management, virus protection and least privilege. Reviewing our 2010 Microsoft Vulnerability report, I realized just how much most people in IT underestimate the importance of properly limiting administrative privileges in protecting desktops for vulnerabilities.

Post by Peter McCalister September 16, 2011

Automating Scanner Updates

Software is written by people and inevitably has mistakes and requires maintenance. This maintenance can be in the form of security updates to patch vulnerabilities, service packs and hot fixes to correct functional problems, and general maintenance to cover required updates for signatures and other time-dependent functions. When working with security solutions, detection methods often…

Post by Morey Haber September 15, 2011

The US Government Wants to Secure Your Data. Well, Sort Of.

Earlier today, George Hulme reported on a recently-introduced piece of legislation, the Personal Data Protection and Breach Accountability Act of 2011 (or PDPBAA for short, which sounds like how my last is pronounced sometimes), geared toward protecting customer data from theft or loss. Senator Richard Blumenthal (D-CT) hopes that this new bill will “prevent and…

Post by Mike Puterbaugh September 14, 2011

Microsoft Patch Tuesday – September 2011

Quite unsurprisingly (as they accidentally leaked them last Friday), Microsoft released 5 security bulletins today. This month is fairly moderate, with none of the bulletins rating a critical rating.

Post by Chris Silva September 14, 2011

Insider Threats Exist in Virtualized Environments Too!

Disgruntled Dave is at it again! What happens when a disgruntled IT administrator deletes the contents of 15 virtual hosts (roughly equivalent to 88 different computer servers)? According to a recent eWeek article highlighting the incident – quite a bit! For the Japanese pharmaceutical company, the attack was so damaging that it froze operations for “a number of days, leaving employees unable to ship products, to cut checks or even communicate via email,” according to court documents. Estimated damages cost the company $800,000. For the disgruntled employee, he’s looking at the possibility of serving 10 years in prison when he is sentenced in November.

Post by Peter McCalister September 13, 2011

An Ounce of Least Privilege Is Worth A Pound Of Compliance

If an ounce of prevention is worth a pound of cure then an ounce of least privilege is worth a pound of compliance for your extended enterprise.

Post by Peter McCalister September 9, 2011
pbwd rules

How To Leverage MS SharePoint for UVM Reports

One of the most important facets regarding security is escalating data to the proper individuals in a timely manner. This is generally done using reports or some form of email alerts. In the context of reports, securing and proper distribution of the contents is just as important as the data contained within. In other words,…

Post by Morey Haber September 8, 2011

Large Pepperoni Pizza With A Side Of Least Privilege

One of America’s favorite food is pizza and for the household where both parents work, it’s also a favored “take out” salvation for the family dinner. Correspondingly, the average neighborhood pizza parlor can become a prime target for identity and credit card theft.

Post by Peter McCalister September 7, 2011

Stuxnet? Night Drag0n? Nope,You Got Pwned by a Printer.

At the recent BlackHat and DefCon conferences, our annual eEye Research Team T-shirt was one of the more memorable ones we’d done in a while (and if you remember 2005, that’s saying something). In keeping with the theme of Security in Context, the shirt parodied the fear that attacks like Stuxnet, NightDragon and Operation Aurora had…

Post by Mike Puterbaugh September 6, 2011