BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
img-mobile

A Snapshot in Time: Looking at the Bigger Picture Around Vulnerability Assessment Data

Posted June 2, 2011    Jerome Diggs

Recently I had the pleasure of exhibiting at the Secure World conference in both the Atlanta and Philadelphia venues and had many interesting conversations with various CISO, CIO’s, Security Managers, Information Assurance Engineers and Auditors.  We talked about various subjects from some of the latest threats (i.e. the Playstation Network debacle) to vulnerability assessment.  One…

Categories:
Vulnerability Management
lock

6 Questions To Determine if you Should Give a DAM

Posted June 2, 2011    Peter McCalister

Yes this is a play on Database Activity Monitoring and yes I am writing this blog late at night so a few puns are intended but the seriousness of the message should not be glossed over.

Categories:
Vulnerability Management
cloud-security-img

Who’s In Charge of Cloud Security?

Posted June 1, 2011    Peter McCalister

As we have discussed before much of the way we define and implement security is driven by compliance. But despite a wide number of frameworks from COBIT to PCI those compliance standards aren’t very clear, leaving ample room for every auditor to interpret them differently.

Categories:
Vulnerability Management
Team

Upcoming Standards – SCAP ARF Support

Posted May 31, 2011    Morey Haber

The Assessment Results Format (ARF) language is a general Security Content Automation Protocol (SCAP) results reporting language developed by the US Department of Defense (DoD) in conjunction with NIST and members of the SCAP vendor community. If you are unfamiliar with it, it provides a structured language for exchanging and exporting detailed, per-device assessment data…

Categories:
General, Vulnerability Management
IT-security

HR and IT – How Data Security Can Make for Strange Bedfellows

Posted May 31, 2011    Peter McCalister

Yes, you read my lead correctly. I am going to talk about how HR and IT can team up to improve Network Security in the Cloud. So bear with me…

Categories:
Vulnerability Management
Tags:
, ,
kindle

Tablets at the Office: Friend or Foe?

Posted May 27, 2011    Peter McCalister

According to Gartner, worldwide media tablet spending is projected to reach $29.4 billion in 2011, up from $9.6 billion in 2010. Gartner also predicts that by 2013, 80 percent of the workforce will be using tablet devices. Whether workers are being issued tablets by their employers, or bringing in their personal devices, embracing tablet computers is very attractive for many enterprises looking to keep their employees connected, while reducing costs.

Categories:
Vulnerability Management
cloud

The Demands of Compliance vs. the Ease of sudo

Posted May 26, 2011    Peter McCalister

Ah, sudo! What better way for administrators to eliminate the proliferation of the root password throughout IT and development organizations? What better alternative to using root accounts to perform routine maintenance on Unix and Linux systems? Just grant users the proper permissions in the local sudoers files and you’re in business. Oh, and the utility is free. What’s not to love?

Categories:
Vulnerability Management
database

Databases Need Least Privilege Too

Posted May 25, 2011    Peter McCalister

The most sensitive information assets for any size company larger or small tends to be buried inside a database sitting on a server. It doesn’t matter if that server is physical, virtual or cloud based. Some organizations choose to protect the database and some the server. The best solution would be to protect both according to their intrinsically different requirements.

Categories:
Vulnerability Management
Win 7

1 In 14 Could Cost You $129 Without Least Privilege

Posted May 24, 2011    Peter McCalister

Yep, this is a pretty esoteric title for today’s blog, but blame the late hour and the recent article in PC World about malicious code and downloaded software. According to this article, “about one out of every 14 programs downloaded by Windows users turns out to be malicious.” This didn’t come from some random blogger…

Categories:
Vulnerability Management
gear6-98x98

Generic Third Party Integration

Posted May 24, 2011    Morey Haber

There is an inherent value to vulnerability assessment and attack data beyond the security team. Making relevant data available to other solutions, departments, and team members can streamline the vulnerability management process and ensure the workflow is seamless between departments and management. In addition, having tight data integration makes it easier to document workflow processes…

Categories:
General, Vulnerability Management