Multiple Platform Configuration Compliance
Here is the problem. Most small businesses benefit from picking a standard platform like Microsoft Windows and exclusively using it from laptops to servers. There has always been, even in the smallest companies, some resistance to Windows including the rogue Mac users. Enterprises tend to pick the platform they need based on business requirements and…
The 3 Pillars of Desktop Vulnerability Protection
Talking to many people last week about our 2010 Microsoft Vulnerability report, I realized just how much most people in IT underestimate the importance of properly limiting administrative privileges in protecting desktops for vulnerabilities. It’s certainly not because of a reduction in the risk from vulnerabilities. Our survey revealed that in 2009, Microsoft published nearly 75 security bulletins documenting and providing patches for nearly 200 vulnerabilities while in 2010 Microsoft published over 100 security bulletins documenting and providing patches for 256 vulnerabilities.
Barracuda Breach and Privileged Users
As technology continues to develop and expand, it’s an unfortunate reality that sensitive information is becoming decreasingly safe. While this isn’t new news (data breaches are becoming as common as a morning bowl of cheerios), for some reason companies aren’t heeding these devastating warning signs. At least Barracuda didn’t.
Corporate Security Alert: Beware the Terminated Employee’s Wrath
Employee terminations are, unfortunately, a necessary evil in corporate America today. In a time of recession, layoffs are more copious and often leave those affected angry and upset. Albeit in a very small minority of cases, some terminated employee backlash has led to disastrous consequences for former employers.
Infosec 2011 Survey Reveals Root Password Bad Practice
At Infosec 2011 in London this week (Europe’s largest information security trade show), a survey by BeyondTrust of over 50 first day attendees revealed that root password bad practice continues to be unchecked in many organizations. Of those polled, over 58% said they would be able to steal information from a mission critical server if they wanted…
Unified Vulnerability Management for Healthcare
Today’s businesses are facing greater regulatory demands, increasing vulnerabilities, a rapid shift to digital business processes, and flat budgets. The healthcare industry is no different and shares the same problems as almost every other vertical; how to keep sensitive data secure. Regardless of patient information, billing and payment data, and historical medical information, protecting an…
Microsoft Enters the Security Research Arena
This week Microsoft announced important updates to policies around discovering and disclosing third-party software application vulnerabilities. They’ve officially expanded their Coordinated Vulnerability Disclosure (CVD) policy (launched last summer as a replacement/renaming of their “responsible disclosure” policy) and have made public an internal employee policy (launched in November 2010), which requires in-house researchers to adhere to CVD guidelines, and report vulnerabilities in third-party products to the Microsoft Vulnerability Research (MSVR) program. MSVR then reports the vulnerability privately to the vendor and coordinates with the vendor on its investigation progress . In a related gesture, they released inaugural MSVR Advisories on vulnerabilities discovered by Microsoft employees in Chrome and Opera (fixed by the vendors in the latter part of 2010).
Los Alamos Replaces sudo with PowerBroker for Servers
Los Alamos National Laboratory in New Mexico delivers scientific and engineering solutions for the nation’s most crucial and complex problems. Its primary responsibility is to ensure the safety, security, and reliability of the nation’s nuclear deterrent. Los Alamos employs more than 11,000 employees and contractors, making it one of the largest multi-disciplinary institutions in the world.
Video Demo: Retina / Metasploit Integration
Marc and I have been having a little fun lately with third-party integrations. We support a wide variety of tools from Network Management Systems, Call Centers, Security Information Managers, and all the way through Network Access Control, and Governance Risk and Compliance solutions. We have been exploring other tools that can gain value from our…
Putting Mobile Security in a Different Light
The increasingly popular bring your own computer to work model seems like a good deal for everyone. You get to carry one device that fits you best and IT saves a lot of work buying and provisioning hardware. But the highly publicized problems with Droid Dream malware highlighted the vulnerability of the Android platform and raises some fundamental questions about who controls employee owned devices that may contain or have access to sensitive company data.
