BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

cross bridge

Walk On The Wild Side … Of a Failed Audit

I couldn’t resist one last homage to classic rock. This time Lou Reed sings “everybody had to pay and pay; a hustle here and a hustle there…hey babe, take a walk on the wild side” while we chat about the right, wrong and wild side of the dreaded audit.

Post by Peter McCalister March 7, 2011
cloud sec

Logs in the Cloud – Why Cloud Security is More of the Same

One of the blogs we like to read is the so called “Security Warrior”, who recently wrote a great summary and counterargument to a discussion on logging in the cloud that includes links to some of the industry’s back and forth.

Post by Peter McCalister March 4, 2011
broken chain

Rogue Asset Detection

A few weeks ago in my blog, I mentioned a critique regarding targeted vulnerability assessment and its ability to not identify rogue devices.  Anytime you have definitive host list (by host name or from Active Directory for example), or a fixed set of IP addresses (versus ranges) you can potentially miss devices connected to your…

Post by Morey Haber March 3, 2011
hands

Kernel Versus User Mode? – It’s a Question of Security

In the great debate of how to secure the desktop from the misuse of privilege, nothing is more contested then the approach: kernel versus user mode. Every vendor will postulate on their approach as the best methodology for eliminating desktop admin rights and fostering a least privilege environment, but how do you separate the marketing BS from the technical realities?

Post by Peter McCalister March 3, 2011
kurt

The Man Who Sold The World

Depending on your generation (read “age”), you either know this as a classic David Bowie song and album (yes, vinyl did exist once) or an incrediblesong by Nirvana during their MTV Unplugged performance. Since I’m on a classic rock roll (pun intended) and just saw yet another article on an insider selling corporate assets, I thought I should write a bit more about the temptations of the “over privileged”.

Post by Peter McCalister March 2, 2011
cloud-security-img

There Go My Files…To the Cloud!

One of the many challenges that every IT administrator faces is ensuring that confidential company information stays within the corporate network.  The network is scanned for vulnerabilities, patches are deployed, perimeter firewalls are in place, and endpoint protection products are installed – all in the battle to maintain a secure infrastructure. With all these measures…

Post by Chris Silva March 1, 2011
Tags:
, ,
sharing-300x273

He Who Holds the ‘Over-Privileged’ Ladder is as Bad as a Thief

Last year in a survey conducted at VMWorld, we established that while some respondents were willing to wear a tutu ( or even cut off their arm) for $20 million, far more (35% of those polled) were willing to leak information to a competitor. So, what happens when insiders misuse their privilege? Just ask Microsoft.

Post by Peter McCalister March 1, 2011
stones

Gimme Shelter … From Governance, Risk & Compliance Issues

In the on-going debate of best rock band ever between the Beatles and the Rolling Stones, I have, and will ever, fall into the Stones camp. With that said, this is a least privilege forum so I need to endeavor to stick to the subject at hand as Keith’s guitar wails in the background and Mick’s vocal starts “Oh, a storm is threatening.”

Post by Peter McCalister February 28, 2011
IT-security

Use Me (Or My Password)

Wednesday’s car ride prompts a Classic Rock play list on the iPod and what do you know… Bill Wither’s “Use Me” spawns yet another blog courtesy of the line “Cause I sure am using you to do the things you do.” Without privilege identity management, your users will be used to do the things you don’t want them (or anyone) to do.

Post by Peter McCalister February 25, 2011
pillars

Top VM Reports for Healthcare

Every few weeks, I find myself on the road visiting clients, working at tradeshows, and reviewing the latest solutions in security. eEye’s solutions touch almost every vertical market and some of them recognize the need for better vulnerability assessment solutions and reporting over others. When I visit clients in the Healthcare industry, I find a level…

Post by Morey Haber February 24, 2011