BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
lucy2

Of Saints, Sinners and The Least Privileged

Posted December 16, 2011    Peter McCalister

As I’ve waded through the hundreds of published insider breaches from just the last two years, what is a clear recurring theme is that of the vagaries of human nature. Not meaning to wax poetic, but it is always an individual who misused their own, or some other insider’s, privileged access authorizations to information technology…

Categories:
General
patch-tuesday

Microsoft Patch Tuesday – December 2011

Posted December 13, 2011    Chris Silva

To wish IT administrators everywhere a happy holiday, Microsoft today released 13 security bulletins. Microsoft had initially planned to release 14 bulletins, but a bulletin related to the BEAST vulnerability was held back for not behaving well with other other software. Assuming it can be whipped into shape, it will most likely make an appearance…

Categories:
Security Research
bret-michaels1-98x98

Security Predictions: All Hat, No Cattle

Posted December 13, 2011    Marc Maiffret

This is the time of the year where holiday parties are had, gifts are exchanged, and everyone and their brother in the security industry write blog posts and press releases about their predictions for the coming year. This time of the year reminds me of how important eEye’s message of “Security in Context” is given…

Categories:
General
Tags:
,
annie

Accident Prone Annie Unintentionally Helps Hacker

Posted December 13, 2011    Peter McCalister

Marriott International Corporation became the latest victim to an interesting twist on an insider attack. According to Dark Reading, a prospective employee named Attila Nemeth, “pilfered sensitive documents from the hotel chain and then attempted to use the stolen intelligence to blackmail it for employment.” Who would think that blackmailing a potential employer would lead…

Categories:
General
villain trio

SMBs Need Least Privilege Too

Posted December 12, 2011    Peter McCalister

Depending on which area of information technology you hail from, SMB could mean System Management Bus, Server Message Block, or Small and Medium Business. For the purposes of today’s blog it is the latter. Smaller companies seem to believe, on average, that they aren’t as susceptible to insider attacks and security breaches as large fortune…

Categories:
General
president

Government Tech Leaders Carefully Embracing the Cloud

Posted December 9, 2011    Peter McCalister

What organizations have the biggest data security needs of all? Financial institutions? Technology companies with highly-sensitive proprietary code? Depending on who you ask, you’ll get a variety of answers. One type of insititution, however, seems to trump them all: Government. A recent blog post titled Cloud Security: Better Than We Think? on Information Week takes…

Categories:
General
restricted groups 2

Removing Users From The Local Administrators Group

Posted December 8, 2011    Peter McCalister

When embarking on a project to remove administrator rights from users, it is important to understand all of the options available for modifying local group membership on your clients. If you have hundreds or even thousands of desktops, it is not feasible to do this manually. Fortunately, Microsoft provides two mechanisms in Group Policy to…

Categories:
General
blowfish-98x98

Honey, Does this Installer Make Me Look Fat?

Posted December 7, 2011    The eEye Research Team

I remember the days when I used download.com to grab utilities and shareware, never really questioning why I used download.com. All I knew is that it was safe and fast, usually appearing as a top search result in Google and it was always available. Unfortunately, CBS Interactive found that it would be monetarily advantageous to bundle downloads in…

Categories:
Vulnerability Management
Tags:
, ,
needle

Looking For A Needle In A Haystack Without Least Privilege

Posted December 7, 2011    Peter McCalister

Ever use the phrase that looking for something was like “finding a needle in a haystack”? If you’ve ever seen (or especially played in) a haystack then you understand the magnitude of that challenge. This also applies to IT security when trying to uncover who or what was able to access confidential information and either steal, damage or delete it altogether.

Categories:
Privileged Account Management
maiffret_cnn-680x375

It Takes More Than a Decoder Ring

Posted December 6, 2011    Marc Maiffret

This week I was invited to lend my “expert thoughts” on a recent news piece on a UK intelligence agency which has opened up their hiring practices to include an online code cracking competition.  The team over at CNN’s Situation Room thought this was an interesting concept and invited me in for a quick discussion….

Categories:
General
Tags:
, , ,