BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
DeLorean-on-ebay

Why Back to the Future Doesn’t Help Corporate Security

Posted August 29, 2011    Peter McCalister

I was recently at a convention where the DeLorian (the real one from Back to the Future!) was on display. With the doors up and open, the lights flashing, and the radio blaring, it took me right back to the movie and how awesome it would be if we could do what Marty McFly did. Although inadvertently, he went back in time and was able to influence actions and decisions that significantly improved his future. It would be awesome to go back, alter some pivotal decisions in my life, nip some bad habits in the bud, and make my future that much better. But personal life aside, think of how impactful it would be if companies were allowed to do the same.

Categories:
Security Research
PBIS-resized-600

1999 Called, It Wants Its Morto Worm Back

Posted August 28, 2011    Marc Maiffret

I had to do a double take on my Google Alerts this weekend when I saw the first of discussions around a worm dubbed “Morto” infecting systems via weak password brute forcing of Windows accounts over the Remote Desktop Protocol (“RDP”). These automated worms take me back, to the old days of CodeRed, Slammer, Sasser,…

Categories:
Vulnerability Management
Tags:
, ,
i-see-dead-people

I See Dead People- and All Database Activity

Posted August 26, 2011    Peter McCalister

Remember The Sixth Sense, that movie where Haley Joel Osmond’s character can see ghosts are if they were living people? It’s an interesting premise to give a character such a unique and special capability- to see and communicate with ghosts, whether benign or hostile, is clearly something out of the ordinary. Knowledge is power, and…

Categories:
Vulnerability Management
android4.2

HP TouchPad Frenzy — Another Reason to Put Security in Context

Posted August 26, 2011    Marc Maiffret

I recently watched IT administrator mailing lists buzzing with conversations about where everyone could buy an HP TouchPad – with the almost free price, now that HP has discontinued the product. It was not only IT people looking to cash in on the sweet deal, but consumers also, which means employees (maybe at your company!), who…

Categories:
Vulnerability Management
cloud sec

2 Reasons Not To Build New Cloud Security Infrastructure

Posted August 25, 2011    Peter McCalister

Last week I talked about the challenges of managing privileged identities in the cloud. As I have highlighted in an earlier post the recent report by the Ponemon Institute on the Security of Cloud Computing Providers shows that when it comes to security cloud providers are “least confident in their ability to restrict privileged user access to sensitive data”.

Categories:
Vulnerability Management
Lockdown

Mid-Market Security Strategies, Focus Areas, and Feature Favorites

Posted August 25, 2011    Alejandro DaCosta

The more conversations I have with security professionals, the more I see them strategizing how to best secure their networks with lower operating budgets.  I see more and more individuals having to deal with security issues as well as other aspects of their IT department during daily operations.  Their strategy has been condensed to acquire…

Categories:
General
skywalker

How to Use the Force to Secure Your Enterprise

Posted August 24, 2011    Peter McCalister

In the Star Wars Trilogy, there are two very clear sides of the moral spectrum. First, we have the rebel forces, keepers of the Force and warriors fighting against the evil Emperor. The Emperor, and the imperial forces that fight for him, are the evil masterminds who want to destroy the Force and the source of all goodness. While other battles may not seem quite as grand, there are parallels from Star Wars that apply to a multitude of other situations. One of these situations is the risk of insider threat in your organization. There are lessons to be learned from Darth Vader, the Emperor, Luke Skywalker, and others. Here are the three we like the best:

Categories:
Vulnerability Management
smartphone4-resized-600.jpg

It’s an Insecure Mobile World Without Least Privilege

Posted August 23, 2011    Peter McCalister

It’s hardly a stretch in this day and age to say that every one of your employees has a mobile device, whether it is company issued or personal, but either way these devices can be the culprit of accidental insider threats more easily than ever before.

Categories:
General
Break in

Enterprise Security and Risk Management

Posted August 23, 2011    Morey Haber

Searching the internet finds a plethora of definitions, services, products, solutions, and even training classes for Enterprise Security and Risk Management. The topic is so broad that almost every security vendor falls into this category. At the middle of almost all the definitions (excluding physical security theft) is the protection of an organizations most treasured…

Categories:
Vulnerability Management
rockybalboa

Enterprise Security Lessons from Rocky Balboa

Posted August 22, 2011    Peter McCalister

It’s amazing the effect songs have on us. Take, for example, Eye of the Tiger. If you’re like me, this brings you right back to Rocky, the Italian Stallion that won the hearts of America as he trained and fought his way to victory. That song elicits images of strategy and dedication, the two key traits to Rocky’s success. Why, you ask, do I bring this up here, on an Information Technology blog? Because the same elements that drove Rocky to success in the movie can ensure a data security victory in your IT environment.

Categories:
Security Research