Logs in the Cloud – Why Cloud Security is More of the Same
One of the blogs we like to read is the so called “Security Warrior”, who recently wrote a great summary and counterargument to a discussion on logging in the cloud that includes links to some of the industry’s back and forth.
Rogue Asset Detection
A few weeks ago in my blog, I mentioned a critique regarding targeted vulnerability assessment and its ability to not identify rogue devices. Anytime you have definitive host list (by host name or from Active Directory for example), or a fixed set of IP addresses (versus ranges) you can potentially miss devices connected to your…
Kernel Versus User Mode? – It’s a Question of Security
In the great debate of how to secure the desktop from the misuse of privilege, nothing is more contested then the approach: kernel versus user mode. Every vendor will postulate on their approach as the best methodology for eliminating desktop admin rights and fostering a least privilege environment, but how do you separate the marketing BS from the technical realities?
The Man Who Sold The World
Depending on your generation (read “age”), you either know this as a classic David Bowie song and album (yes, vinyl did exist once) or an incrediblesong by Nirvana during their MTV Unplugged performance. Since I’m on a classic rock roll (pun intended) and just saw yet another article on an insider selling corporate assets, I thought I should write a bit more about the temptations of the “over privileged”.
There Go My Files…To the Cloud!
One of the many challenges that every IT administrator faces is ensuring that confidential company information stays within the corporate network. The network is scanned for vulnerabilities, patches are deployed, perimeter firewalls are in place, and endpoint protection products are installed – all in the battle to maintain a secure infrastructure. With all these measures…
He Who Holds the ‘Over-Privileged’ Ladder is as Bad as a Thief
Last year in a survey conducted at VMWorld, we established that while some respondents were willing to wear a tutu ( or even cut off their arm) for $20 million, far more (35% of those polled) were willing to leak information to a competitor. So, what happens when insiders misuse their privilege? Just ask Microsoft.
Gimme Shelter … From Governance, Risk & Compliance Issues
In the on-going debate of best rock band ever between the Beatles and the Rolling Stones, I have, and will ever, fall into the Stones camp. With that said, this is a least privilege forum so I need to endeavor to stick to the subject at hand as Keith’s guitar wails in the background and Mick’s vocal starts “Oh, a storm is threatening.”
Use Me (Or My Password)
Wednesday’s car ride prompts a Classic Rock play list on the iPod and what do you know… Bill Wither’s “Use Me” spawns yet another blog courtesy of the line “Cause I sure am using you to do the things you do.” Without privilege identity management, your users will be used to do the things you don’t want them (or anyone) to do.
Top VM Reports for Healthcare
Every few weeks, I find myself on the road visiting clients, working at tradeshows, and reviewing the latest solutions in security. eEye’s solutions touch almost every vertical market and some of them recognize the need for better vulnerability assessment solutions and reporting over others. When I visit clients in the Healthcare industry, I find a level…
The Difference with Insiders
The online security hacking group Anonymous has been making a lot of headlines recently. They committed denial of service attacks on companies like Mastercard, VISA and Paypal – companies who cut off Wikileaks from their services.
