BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
Tucks

The Outside Insider Threat

Posted July 26, 2011    Peter McCalister

Gone are the days when insider threats meant you either had a malicious employee or someone made a mistake; in today’s world the insider threat is far more complex, often starting from the outside and working its way in.

Categories:
Vulnerability Management
os lion

How To Truly Support Mac OS X Lion

Posted July 25, 2011    Peter McCalister

Supporting Mac OS X 10.7 Lion means more than just checking a box on a list of supported platforms. It means that you’ve engineered your product to take full advantage of the features of Lion, and deliver a seamless end-to-end experience for users and administrators.

Categories:
Vulnerability Management
apple

Mac OS X Lion OpenLDAP Security Bypass

Disclosed July 25, 2011    Fully Patched
Vendors: Apple
Vulnerability Severity: High
Exploit Impact:
Exploit Availability:
Categories:
Zeroday Tracker
Carl-resized-600

Insider Hero Introduced: Compliance Carl

Posted July 22, 2011    Peter McCalister

In order to put a face on the depth and breadth of potential insiders that can be found throughout your enterprise, I will introduce you to three insider villains and three insider heroes. Each villain will represent one of the key misuse of privileges and each hero will represent key values delivered by least privilege. This sixth and final introduction will be of the most unlikely hero.

Categories:
General
sticky

Can You Put a Yellow Sticky on Your Cloud?

Posted July 21, 2011    Peter McCalister

Brian Anderson and I have written several blog posts on user ID’s. Brian concluded that the average user seems to either have a relaxed sense of security, a love for Abbott and Costello-like humor, or are just lazy when it comes to identity-related security. Our new colleague Luke Dieker, who focuses on Identity Services, has blogged about the importance of yellow sticky notes to password management. He observes that it’s a challenge to change the habits of the many users who adorn their screens with Post-it notes listing various passwords, or for the more security conscious among them, sticking passwords under their keyboards.

Categories:
Vulnerability Management
irene2

Insider Villain Introduced: Identity Thief Irene

Posted July 20, 2011    Peter McCalister

In order to put a face on the depth and breadth of potential insiders that can be found throughout your enterprise, I will introduce you to three insider villains and three insider heroes. Each villain will represent one of the key misuse of privileges and each hero will represent key values delivered by least privilege. This fifth introduction will be of the craftiest villain.

Categories:
Security Research
lock

Why Exploitability Matters

Posted July 19, 2011    Morey Haber

The most common vulnerability scoring system used by vendors and regulatory initiatives is CVSS (the Common Vulnerability Scoring System). It provides a vendor agnostic open scoring standard to model vulnerability severity and provide guidance on prioritization of remediation efforts. The basic metrics allows for rating a vulnerability based on the severity of its components like…

Categories:
Vulnerability Management
cloudlock1

Security Is Not One-Size-Fits-All

Posted July 19, 2011    Morey Haber

When it comes to security, specifically when it comes to vulnerability management, one size doesn’t fit all. Organizations need to customize their tools based on a wide variety of business requirements. These include everything from scan windows, frequently changing credentials, report distribution and most importantly the architecture and volume of data that needs to be…

Categories:
Vulnerability Management
MR

Predicting Insider Threats

Posted July 19, 2011    Peter McCalister

In the movie Minority Report, police have created a system which predicts crime before it happens in a nightmarish Orwellian scenario. But what if companies could predict who would attack their most valuable assets? What kinds of ethical considerations would arise? While insider threats are less in number, when they do happen the damage is…

Categories:
Security Research
Sam2

Insider Hero Introduced: Secure Sam

Posted July 18, 2011    Peter McCalister

In order to put a face on the depth and breadth of potential insiders that can be found throughout your enterprise, I will introduce you to three insider villains and three insider heroes. Each villain will represent one of the key misuse of privileges and each hero will represent key values delivered by least privilege. This fourth introduction will be of the most visible hero.

Categories:
Security Research