BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
cloudlock1

Stuxnet? Night Drag0n? Nope,You Got Pwned by a Printer.

Posted September 6, 2011    Mike Puterbaugh

At the recent BlackHat and DefCon conferences, our annual eEye Research Team T-shirt was one of the more memorable ones we’d done in a while (and if you remember 2005, that’s saying something). In keeping with the theme of Security in Context, the shirt parodied the fear that attacks like Stuxnet, NightDragon and Operation Aurora had…

Categories:
Privileged Account Management
Tags:
irene2

The New Twist On Insider Threats

Posted September 6, 2011    Peter McCalister

Just when an insider breach couldn’t be any worse for all parties involved – the data has been compromised, customers are upset, the company is embarrassed, it’s a lose-lose for everyone – the Financial Industry Regulatory Authority (FINRA) steps in with a new twist. A fine.

Categories:
Vulnerability Management
Accidental Harm

Top 10 Reasons To Bridge UNIX, Linux And Mac To Active Directory

Posted September 2, 2011    Peter McCalister

In the spirit of keeping blog posts informative, short and fun, this one takes a cue from David Letterman in format. So without further fanfare or wasted space… as David Letterman would say, “Here’s today’s top ten”… zingers related to securing your Linux, Unix, and Mac systems with Active Directory. Funny on a blog but not very funny if they happen in your IT environment!

Categories:
General
apple

Apple Mac OS X Keychain Certificate Security Bypass

Disclosed September 2, 2011    Fully Patched
Vendors: Apple
Vulnerability Severity: Medium
Exploit Impact:
Exploit Availability:
Categories:
Zeroday Tracker

Appliance, Software, or SaaS: Choosing the Best Deployment Option

Posted September 1, 2011    Morey Haber

Businesses tend to prefer appliances or software for new solution deployments. There are many reasons why from ease of deployment, to complete ownership of the host and the application.  Unfortunately, sometimes departmental whims are not always the best solution for the company. There are several factors from deployment to security policies that may warrant a…

Categories:
General, Vulnerability Management
goldie locks cover

Goldie Locks And The 3 Least Privilege Desktops

Posted August 31, 2011    Peter McCalister

It’s always fun to catch our competitors pointing to BeyondTrust educational materials as shining examples of the value for least privilege, and recently it came to my attention that just that has occurred yet again.

Categories:
Privileged Account Management
dave2

Red Flags Are Not Enough to Thwart Insider Attacks

Posted August 30, 2011    Peter McCalister

KPMG recently released a report titled, “Who is the typical fraudster?,” indicating that companies were not seeing the red flags when it came to insider threats. According to KPMG’s analysis of 348 cases across 69 countries from 2008 to 2010 that they investigated on behalf of its clients, the typical “fraudster” is described as:

Categories:
Vulnerability Management
cloud

Mid-Market Security and Risk Management

Posted August 30, 2011    Morey Haber

I find it utterly amazing that security vendors believe that one size of product and solution can fit in any size organization. Some have had even major summer releases that address scalability and performance in this one-product- fits-all approach. Point and shoot scanners as standalone products can operate in any size environment, but without a…

Categories:
General
DeLorean-on-ebay

Why Back to the Future Doesn’t Help Corporate Security

Posted August 29, 2011    Peter McCalister

I was recently at a convention where the DeLorian (the real one from Back to the Future!) was on display. With the doors up and open, the lights flashing, and the radio blaring, it took me right back to the movie and how awesome it would be if we could do what Marty McFly did. Although inadvertently, he went back in time and was able to influence actions and decisions that significantly improved his future. It would be awesome to go back, alter some pivotal decisions in my life, nip some bad habits in the bud, and make my future that much better. But personal life aside, think of how impactful it would be if companies were allowed to do the same.

Categories:
Security Research
PBIS-resized-600

1999 Called, It Wants Its Morto Worm Back

Posted August 28, 2011    Marc Maiffret

I had to do a double take on my Google Alerts this weekend when I saw the first of discussions around a worm dubbed “Morto” infecting systems via weak password brute forcing of Windows accounts over the Remote Desktop Protocol (“RDP”). These automated worms take me back, to the old days of CodeRed, Slammer, Sasser,…

Categories:
Vulnerability Management
Tags:
, ,