Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.


Microsoft Patch Tuesday – July 2011

I’m really starting to enjoy the “odd” months, Microsoft kept to their pattern and released only four security bulletins today. A welcome reprieve from last month’s sixteen bulletins. The only “Critical” rated vulnerability released today affects the Windows Bluetooth 2.1 stack. This particular vulnerability is somewhat interesting due to the attack vector. As you know,…

Post by Chris Silva July 12, 2011

Corporate Security: The People’s Problem

Last week reports of a study done by the U.S. Department of Homeland Security were flying around the Internet, highlighting that if you simply drop a bunch of USB drives in your corporate parking lot, approximately 60 percent of your employees will pick up the drives, take them into the office and plug them into their computer. While the results of this study are being disputed, this tells us one thing definitively: employees are a huge security risk.

Post by Peter McCalister July 12, 2011

Right-click Metasploit Integration

At eEye we have been continuing an aggressive release schedule of major product updates that simplify your vulnerability management and compliance process. One of the ways that we continue to simplify vulnerability management is through new capabilities and reporting that allow for better prioritization of vulnerabilities from an overall risk management perspective. While other products…

Post by Marc Maiffret July 12, 2011

Insider Villain Introduced: Disgruntled Dave

In order to put a face on the depth and breadth of potential insiders that can be found throughout your enterprise, I will introduce you to three insider villains and three insider heroes. Each villain will represent one of the key misuse of privileges and each hero will represent key values delivered by least privilege. This first introduction will be of the most impactful and prevalent villain.

Post by Peter McCalister July 11, 2011
cross bridge

We’ll Cross that Active Directory Bridge When We Come to it

It seems like you can’t turn on the news or surf the web without hearing about yet another data breach or information security attack, all of which lead to further consumer unrest and corporate concern about the protection of their own sensitive data. The security structure within most organizations generally provides a multitude of security mechanisms designed to provide protection of sensitive information, but with so many different aspects of security to consider, IT administrators and security officers need to be sure not to overlook the Active Directory.

Post by Peter McCalister July 8, 2011
ID Keys

SUPM, SAPM And The Keys To Your Enterprise

Industry analysts have classified the privilege identity management space into Super User Privileged Management (SUPM) and Shared Account Password Management (SAPM). When it comes to crashing your enterprise systems, destroying data, deleting or creating accounts and changing passwords, it’s not just malicious hackers you need to worry about.

Post by Peter McCalister July 7, 2011
BT Home2

BeyondTrust Launches New Website

I have tried to purposely keep this blog away from anything even remotely BeyondTrust sales-oriented and focus instead on the information, education and proof-points that examine the whys and hows of implementing least privilege across your extended enterprise. Today will be an exception.

Post by Peter McCalister July 6, 2011
Break in

Looking At Security From The Inside Out With Least Privilege

Many organizations have invested heavily in perimeter security, helping to protect against hackers and outside threats, but very few have addressed the weak link in the security chain. Users with excessive privileges are that weak link, and allowing users to make security decisions can have disastrous consequences.

Post by Peter McCalister July 5, 2011
Potect With Confidence

Top 10 Reasons To Implement Least Privilege For Appls & Databases

In the spirit of keeping blog posts informative, short and fun, this one takes a cue from David Letterman in format. So without further fanfare or wasted space… the Top 10 Reasons to Implement Least Privilege for Applications and Databases. How may of these have you seen throughout your organization?

Post by Peter McCalister July 1, 2011

The Cost Of SOX Is Declining?

No, I’m not talking about socks that protect your feet, I’m talking about the government regulation that most of you are worried about. Protiviti just released a new study on the effectiveness and costs of Sarbanes-Oxley compliance with a number of interesting insights for IT managers who are concerned about the effectiveness and costs of their IT controls. The overall results are encouraging.

Post by Peter McCalister June 30, 2011