BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
Mcafee report

McAfee Report Implies We’re Still Focused Externally

Posted April 12, 2011    Peter McCalister

You may have already seen the results of a 1,000+ person survey conducted recently by McAfee and wrapped up in a crisp report. They estimate that businesses have lost more than $1 trillion in 2008 as a result of data leaks. With the help of SAIC and international research firm Vanson Bourrne, the company has added some meaty authority to what would otherwise be seen as a vendor-biased report.

Categories:
General
cloud

Cause and Effects of Not Running with Least Privilege

Posted April 11, 2011    Peter McCalister

Building an enterprise on least privilege is not just a concept that applies to Microsoft. While Microsoft does contribute to the security issues associated with letting all users run with administrator rights (or no rights at all), it is a situation every operating system is plagued with.

Categories:
Privileged Account Management
microsoft

Microsoft Internet Explorer Shift JIS Character Encoding Vulnerability

Disclosed April 9, 2011    Fully Patched
Vendors: Microsoft
Vulnerability Severity: Medium
Exploit Impact: Information Disclosure
Exploit Availability:
Categories:
Zeroday Tracker
Team

Confessions of an Informed IT Director

Posted April 8, 2011    Peter McCalister

Hi, my name is Barney, I’m an IT Director at a multi-national telecommunications company and it’s been 2 years, 4 months, 1 week, 3 days and 11 hours since my last failed audit. (All together now) HI BARNEY!

Categories:
Vulnerability Management
Break in

Scanning Problems through a Firewall

Posted April 7, 2011    Morey Haber

Vulnerability assessment scanning through a network or host-based firewall can create an unknown level of complexity, uncertainty into the quality of scan results, and a change control process that essentially decreases the security posture of the network and / or host in order to perform a vulnerability assessment scan.

Categories:
General, Vulnerability Management
Tags:
, ,
nasa

NASA Vulnerability and Admin Rights

Posted April 7, 2011    Peter McCalister

A report came out recently highlighting vulnerabilities in NASA’s IT that could have impaired critical space missions or leaked sensitive information.

Categories:
General
database

Confessions of a Paranoid IT Director

Posted April 6, 2011    Peter McCalister

Hi, my name is Betty, I’m an IT Director at a large utility company and it’s been 1 week since my VP of Software Development complained that security was locked down too tight to get anything done. (All together now) HI BETTY!

Categories:
General
Abstract clockwork

Do Systems Really Fail, Or the Over-Privileged People Running Them?

Posted April 5, 2011    Peter McCalister

According to a recent Symantec sponsored survey, system failure has replaced negligence as the single biggest source of data breach involving UK firms, for the third successive year. However, that depends on how you interpret the data.

Categories:
Privileged Account Management

Confessions of an Apathetic IT Director

Posted April 4, 2011    Peter McCalister

Hi, my name is Bob, I’m an IT Director at a mid-sized financial company and it’s been 11 months since my last insider attack…that I know of. (All together now) HI BOB!

Categories:
General
bigdata-98x98

Top Vulnerability Management Trending and Delta Reports

Posted April 1, 2011    Morey Haber

Every organization wants to know where they are going and where they have been.  Performing an analysis on the here and now only gives a snapshot that gives little perspective into how things have progressed or patterns for the future. For vulnerability assessment, many clients rely on delta reports to compare scan jobs and data…

Categories:
General, Vulnerability Management