BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
cross bridge

We’ll Cross that Active Directory Bridge When We Come to it

Posted July 8, 2011    Peter McCalister

It seems like you can’t turn on the news or surf the web without hearing about yet another data breach or information security attack, all of which lead to further consumer unrest and corporate concern about the protection of their own sensitive data. The security structure within most organizations generally provides a multitude of security mechanisms designed to provide protection of sensitive information, but with so many different aspects of security to consider, IT administrators and security officers need to be sure not to overlook the Active Directory.

Categories:
Security Research
microsoft

Microsoft Internet Explorer Drag and Drop Information Disclosure Vulnerability

Disclosed July 8, 2011    Fully Patched
Vendors: Microsoft
Vulnerability Severity: Medium
Exploit Impact: Information Disclosure
Exploit Availability:
Categories:
Zeroday Tracker
ID Keys

SUPM, SAPM And The Keys To Your Enterprise

Posted July 7, 2011    Peter McCalister

Industry analysts have classified the privilege identity management space into Super User Privileged Management (SUPM) and Shared Account Password Management (SAPM). When it comes to crashing your enterprise systems, destroying data, deleting or creating accounts and changing passwords, it’s not just malicious hackers you need to worry about.

Categories:
Security Research
BT Home2

BeyondTrust Launches New Website

Posted July 6, 2011    Peter McCalister

I have tried to purposely keep this blog away from anything even remotely BeyondTrust sales-oriented and focus instead on the information, education and proof-points that examine the whys and hows of implementing least privilege across your extended enterprise. Today will be an exception.

Categories:
General
Break in

Looking At Security From The Inside Out With Least Privilege

Posted July 5, 2011    Peter McCalister

Many organizations have invested heavily in perimeter security, helping to protect against hackers and outside threats, but very few have addressed the weak link in the security chain. Users with excessive privileges are that weak link, and allowing users to make security decisions can have disastrous consequences.

Categories:
Privileged Account Management
Potect With Confidence

Top 10 Reasons To Implement Least Privilege For Appls & Databases

Posted July 1, 2011    Peter McCalister

In the spirit of keeping blog posts informative, short and fun, this one takes a cue from David Letterman in format. So without further fanfare or wasted space… the Top 10 Reasons to Implement Least Privilege for Applications and Databases. How may of these have you seen throughout your organization?

Categories:
Privileged Account Management
sox

The Cost Of SOX Is Declining?

Posted June 30, 2011    Peter McCalister

No, I’m not talking about socks that protect your feet, I’m talking about the government regulation that most of you are worried about. Protiviti just released a new study on the effectiveness and costs of Sarbanes-Oxley compliance with a number of interesting insights for IT managers who are concerned about the effectiveness and costs of their IT controls. The overall results are encouraging.

Categories:
General
priceless

When Misuse Of Privilege Is Priceless

Posted June 29, 2011    Peter McCalister

Sometimes the abuse of IT admin power doesn’t involve a price tag. Take for instance, Walter Powell, a disgruntled IT manager who hacked his former employer’s computer and replaced the CEO’s digital presentation to instead display a lewd pornographic image on the 64-inch screen that the CEO was presenting to his board of directors. While we have documented extensively the costs that this kind of calculated attack can cost an organization, in this case, the cost could almost seem priceless.

Categories:
General
sweep-under-rug

Transgression Tuesday: Ways to Avoid a Data Breach

Posted June 28, 2011    Peter McCalister

We’ve talked a lot about change, and how it’s one of the only things in the IT world that remains the same. Another constant is human nature- specifically our reactions when we do something we shouldn’t. People have this funny tendency to hide their wrong-doings: sweep them under a proverbial rug. The problem is that those rugs can turn into uncontrollable problems, and in the IT world mean the dreaded “D” word: Data Breach. Hiding bad habits and improper actions never cloak the issue, but allows the problem to compound until one day it becomes a raging war.

Categories:
Security Research
Accidental Harm

Top 10 Reasons To Implement Least Privilege For Your Clouds

Posted June 27, 2011    Peter McCalister

In the spirit of keeping blog posts informative, short and fun, this one takes a cue from David Letterman in format. So without further fanfare or wasted space… the Top 10 Reasons to Implement Least Privilege for Public, Private and Hybrid Clouds are:

Categories:
Privileged Account Management