Microsoft Patch Tuesday – November 2010
Finally a reprieve from the barrage of Microsoft Patches. This month, Microsoft only released 3 security bulletins, patching a total of 11 vulnerabilities. Good news for IT server admins, as the patches only affected Microsoft Office and Microsoft Forefront Unified Access Gateway. This means that most of you won’t need to reboot your servers this…
Top 10 Reasons To Implement Least Privilege on Windows Desktops
In the spirit of keeping blog posts informative, short and fun, this one takes a cue from David Letterman in format.
The 6 Things You Should Know Before Migrating to Windows 7
Microsoft has done a great deal of exceptional work in improving Windows 7 from its predecessor, Windows Vista.
5 Things You Should Know About Microsoft AppLocker
Microsoft AppLocker has also been touted as the next best thing in desktop security (in addition to UAC) but does it really satisfy all you need in order to ensure security, compliance and productivity?
Simplified Vulnerability Management – Mission Statement
Almost every company has a mission statement. Some companies make them public and a part of their marketing campaigns, tag lines, and actual products. Others keep their mission statements internal, almost like a prized position, and keep them for only training and hallway posters. One thing I have learned at eEye as the Product Manager,…
Health Care Data Requires Sensitive User Access Control
Of the many recently reported data breaches from hospitals and health care organizations
Control Virtual Sprawl With Privilege Identity Management
Virtual sprawl is the new plague of IT.
Benchmarks as a Point of Reference
I have been reading Stephen Hawking’s new book, “The Grand Design” and am completely stunned by the analogies he uses to simplify perception, measurements, and even quantum physics. This book is not light reading and has had me looking up terms using old college textbooks and Google multiple times. The one thing that fascinates me…
Security is a Team Sport
In organizations that aren’t sophisticated with measuring the value of risk, getting budget for security can be a tough gig. SC Magazine has an entire blog dedicated to an active running list of publicly known breaches, yet no matter how many examples you show, sometimes the logic that it will never be you is just…
eEye @ CSI 2010
I just returned from the Computer Security Institute CSI 2010 conference in National Harbor, Maryland. While there, I spoke on the topic of Logic Bombs using modern examples like Aurora and Stuxnet. This was my first time attending a CSI conference and I must honestly state, I was thoroughly impressed with the quality of the…
