Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Benchmarks as a Point of Reference

I have been reading Stephen Hawking’s new book, “The Grand Design” and am completely stunned by the analogies he uses to simplify perception, measurements, and even quantum physics. This book is not light reading and has had me looking up terms using old college textbooks and Google multiple times. The one thing that fascinates me…

Post by Morey Haber November 3, 2010
, , , , , , , ,

Security is a Team Sport

In organizations that aren’t sophisticated with measuring the value of risk, getting budget for security can be a tough gig. SC Magazine has an entire blog dedicated to an active running list of publicly known breaches, yet no matter how many examples you show, sometimes the logic that it will never be you is just…

Post by Peter McCalister November 2, 2010

eEye @ CSI 2010

I just returned from the Computer Security Institute CSI 2010 conference in National Harbor, Maryland. While there, I spoke on the topic of Logic Bombs using modern examples like Aurora and Stuxnet. This was my first time attending a CSI conference and I must honestly state, I was thoroughly impressed with the quality of the…

Post by Morey Haber November 1, 2010

Misuse of Privilege in Virtualized Environments

A key factor to consider when approaching virtualization security is that the hypervisor is always going to be a high-value target due to its control over the entire virtual environment.

Post by Peter McCalister November 1, 2010

What’s a Superuser and Why Should I Care?

Organizations have fundamentally granted too many individuals or automated processes with permanent superuser privileges allowing them complete access to do as they please.

Post by Peter McCalister October 29, 2010

Five Things NOT to Fear this Halloween

“Courage is not the absence of fear, but rather the judgment that something else is more important than fear.“   – James Hollingworth The scariest Halloween party I ever attended was a few years ago when some eEye co-workers and friends got together for an October 31st costume themed bar crawl. This was an especially scary…

Post by Marc Maiffret October 28, 2010
, , , ,

Achieving Secure Multi-tenancy in Public and Private Clouds

According to an IDC Enterprise Panel survey, the number one concern of companies moving into cloud computing environments is security. Silos of dedicated IT infrastructure built around specific applications, customers, business units, operations, and regulatory compliance are often the result of the dramatic growth in scale and complexity of enterprise IT environments.

Post by Peter McCalister October 28, 2010

Indirect Misuse of Privilege and a Response to Adobe Vulnerability

If you didn’t notice from my previous post on Google’s breach, I’m on a mission to demonstrate that almost every major breach or vulnerability is tied to administrative privileges. The truth is, whether it’s malware, hackers or a vulnerability, chances are it’s very difficult for anyone to deal serious damage without admin rights. So when…

Post by Peter McCalister October 27, 2010

3 Ways to Reduce Help Desk Costs

It doesn’t matter if your organization’s IT help desk requirements are satisfied in-house or outsourced, there are very tangible costs directly related to the misuse of privilege.

Post by Peter McCalister October 26, 2010

The Value of a Zero-Day Vulnerability Assessment Scanner

Let’s assume your business is near perfect. You have a proven and reliable vulnerability management lifecycle in place and identification of vulnerabilities and patch remediation happens like clockwork. Finding lingering threats or missing patches is a rarity and even your endpoint protection solution never fails catching the latest malware. Like I said, a near perfect…

Post by Morey Haber October 26, 2010
, , , , , ,