BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Security from Data Breaches Start from Within

Posted March 22, 2012    Peter McCalister

Keeping the bad guys out is what comes to mind for a lot of us when we think of securing our companies’ IT environment. And to be honest, this mindsit might very well be the reason we hear about so many data breaches. Companies are getting hit with breach and breach of sensitive information despite the best firewall systems and anti-malware software available. And the reason? The security focus is not in the right place. While keeping intruders out is important, keeping the liabilities and risks (read: people) inside your company at bay is far more critical. It’s no wonder breaches and leaks are still occuring- unmonitored and unmanaged users are running around our organizations with access to sensitive information. If you haven’t already started examining how to keep your information safe from the inside out, it’s time to make it a priority.

According to Mark Diodatti of Gartner, “organizations continue to struggle with excessive user privilege as it remains the primary attack point for data breaches and unauthorized transactions.” It would make sense, then, to allocate appropriate budget and resources to projects surrounding the primary attack point. Technologies like Anti-virus, firewalls, intrustion detection and prevention, email security, and web security are obviously important. Billions of dollars are spent each year in security budget to secure the outside perimeter from hostile intent…and I’m not saying that’s a bad thing. It just seems to me that more focus should be allocated to the primary point of attack. With the majority of organizations still struggling with excessive user privileges, it’s clear priorities aren’t jiving with needs.

Now, more than ever, there is a strong need to evaluate the security inside our environments. Ensuring privilege identity management as well as data security and leak prevention are becoming corporate “need-to-haves” in order to prevent the insider threat from effecting your organization. Click here to learn how to get started.

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,