BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
annie

Accident Prone Annie Requires New Policies For Control

Posted August 19, 2011    Peter McCalister

I introduced you to Accident Prone Annie as an archetype for the type of insider villain who may already be infiltrating your extended enterprise a couple of weeks ago and guess what? Almost every day I see an article that represents “Dave” as manifesting in another company with some measurable harm that was newsworthy.

Categories:
General
apache

Apache httpd Remote Denial of Service (Memory Exhaustion)

Disclosed August 19, 2011    Fully Patched
Vendors: Apache Software Foundation
Vulnerability Severity: High
Exploit Impact: Denial of Service
Exploit Availability:
Categories:
Zeroday Tracker
cropcircle

Is Public Cloud Security As Mysterious As Crop Circles?

Posted August 18, 2011    Peter McCalister

There are many of you out there who have seen pictures of crop circles and believe that they are truly a mystery that no one will ever get to the bottom of. For those of us in the information security field, I think we are starting to believe that the key to security in public clouds may be as elusive as the secret to crop circles.

Categories:
Vulnerability Management
dave2

Disgruntled Dave Snoops Your Healthcare Records

Posted August 17, 2011    Peter McCalister

I introduced you to Disgruntled Dave as an archetype for the type of insider villain who may already be infiltrating your extended enterprise a couple of weeks ago and guess what? Almost every day I see an article that represents “Dave” as manifesting in another company with some measurable harm that was newsworthy.

Categories:
Vulnerability Management
MMPC

Why Less is More with Admin Rights

Posted August 16, 2011    Peter McCalister

A recent blog post at Microsoft Malware Protection Center warns that disabling the User Account Control (UAC) tool increases the likelihood of malware threats. According to Microsoft’s Joe Faulhaber who published the entry, the Sality virus family, Alureon rootkits, Rogue antivirus like FakePAV, Autorun worms, and the Bancos banking Trojans all have variants for turning UAC off.

Categories:
Vulnerability Management
irene2

Identity Thief Irene Hijacks Customer Database At Travelodge

Posted August 15, 2011    Peter McCalister

I introduced you to Identity Thief Irene as an archetype for the type of insider villain who may already be infiltrating your extended enterprise a couple of weeks ago and guess what? Almost every day I see an article that represents “Irene” as manifesting in another company with some measurable harm that was newsworthy.

Categories:
Vulnerability Management
cloud

What Comes After Discovery – Rediscovery and Scan

Posted August 15, 2011    Jerome Diggs

Over the next few blog posts I’ll show you ways to leverage your investment in Retina CS to help automate and streamline various scenarios I run into in the field. One common scenario I see quite often happens when customers are first implementing a vulnerability management solution into their organization. I call this the ‘What…

Categories:
Vulnerability Management
bigdata-98x98

Learning from the Ghosts of Data Breaches Past

Posted August 12, 2011    Peter McCalister

Data breaches are unfortunately becoming a staple in the ever-changing world of information technology. As this environment continues to shift, it would be nice if malicious insiders and trouble-causing outsiders would shift right out of reality. This, however, is not a likely reality, therefore we must examine carefully ways to mitigate the effects of these…

Categories:
Vulnerability Management
patch-tuesday

Microsoft Patch Tuesday – August 2011

Posted August 9, 2011    Chris Silva

True to form for the even months of 2011, Microsoft released thirteen security bulletins today. Of the most interest are MS11-057 (Internet Explorer) and MS11-058 (DNS Server). While it has become fairly commonplace for Microsoft to release an Internet Explorer patch every other month, this release also patches IE9 – the second time a critical…

Categories:
Security Research
cloud sec

Cloud Security Fears an Exaggeration? We Think Not.

Posted August 9, 2011    Peter McCalister

According to a recent Computerworld article, outgoing Federal CIO Vivek Kundra was quoted as saying that cloud security fears are being exaggerated. Let’s take a brief look at some of the top government cloud service providers approved by the General Services Administration and see how they have fared in security, just in terms of malicious insiders.

Categories:
Vulnerability Management