BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
charliesheen-winning

Amazon Kindle Winner Announced. Join our January VEF and Win!

Posted December 30, 2011    Sarah Lieber

As you all know, every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your…

Categories:
General
Tags:
, ,
wedding-crashers1-98x98

HashDoS Crashes Your New Year’s Eve Party (and your web server)

Posted December 29, 2011    The eEye Research Team

Microsoft made the last few days of 2011 somewhat exciting by releasing an out -of-band patch, the only time all year they’ve deviated from a normal Patch Tuesday distribution. We’ll update this blog with new developments, so keep checking back for new information. So, what’s all the excitement about?

Categories:
Privileged Account Management
Tags:
,
Virtualization

Is VDI More Secure Than Regular Desktops? I Think Not!

Posted December 29, 2011    Peter McCalister

I’ve made the argument in the past that VDI has a far greater potential for damage than normal desktops, in fact making them less secure in point of fact. If effective security is defined as (security profile) x (risk profile) = (effective operational risk), then the same exact same security profile applied to a standard…

Categories:
General
holiday-98x98

Happy Secure New Year from eEye and Metasploit

Posted December 28, 2011    The eEye Research Team

Since we announced our initial Retina Community integration with Metasploit, we’ve received tremendous positive feedback, both on the integration itself, as well as for delivering a uniquely seamless penetration testing toolset as a community offering. As we look toward 2012, we want to continue on that path and help deliver a Secure New Year, courtesy…

Categories:
General
Tags:
, , ,
goldie locks cover

We Are Now Entering The “Goldilocks Zone”

Posted December 28, 2011    Peter McCalister

Turns out that Goldilocks isn’t just a children’s story, or even a metaphor used by marketing-types extolling the vices of extremeism and the virtues of “just right” privileges. Yep, even astronomers coop Goldilocks to describe the perfect zone for habitable planets. In a recent Associated Press article titled “New Earth-like Planet Discovered Outside Our Solar…

Categories:
General
villain trio

Insider Threats – Are They Just Human Nature?

Posted December 27, 2011    Peter McCalister

This week’s culprit of data misuse: Telstra, Australia’s leading telecommunications and information services company. It was reported that personal and account details of approximately one million customers were available on the Web – in plain sight for any Internet browser to see. While the mess is being called inadvertent, the potential damage to customers is…

Categories:
General
Accidental Harm

The Law Of Unintended Consequences

Posted December 21, 2011    Peter McCalister

It’s been a long while since I’ve logged into a UNIX box at the console or via telnet. But back when I was first learning my way around UNIX in the late 80’s and early 90’s, I vividly remember the nearly universal greeting when logging in as root: ————————————– login: root password: Don’t login as…

Categories:
General
Carl-resized-600

Compliance Considerations For 2012

Posted December 20, 2011    Peter McCalister

As 2011 comes to a close, it’s time to start looking ahead to what 2012 will bring, including compliance considerations for the New Year. All regulations emphasize fraud control, therefore internal automated controls over all access (especially privileged users) will provide assurance; the Ponemon Institute has identified “privileged access” as an area of “higher risk…

Categories:
General
finding money

Hard Versus Soft Cost Of Privilege Misuse

Posted December 19, 2011    Peter McCalister

All costs aren’t completely obvious. Simply stated, the principle of least privilege means that a user must run with the least amount of privilege for the least being performed. And what does this mean for you? It means you should look closely at eliminating administrator rights from users who don’t absolutely need them, and elevate…

Categories:
General
lucy2

Of Saints, Sinners and The Least Privileged

Posted December 16, 2011    Peter McCalister

As I’ve waded through the hundreds of published insider breaches from just the last two years, what is a clear recurring theme is that of the vagaries of human nature. Not meaning to wax poetic, but it is always an individual who misused their own, or some other insider’s, privileged access authorizations to information technology…

Categories:
General