BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

September 11th – Lest We Forget.

Posted September 11, 2012    Marc Maiffret

Today marks the 11 year anniversary of the “September 11th” attacks. It is on these days of remembrance that our memory serves as a tool to heal us, to free us from the emotional burdens that can keep us from moving forward. This happens not by allowing these memories to fade from our consciousness, but by the juxtaposition between our past and present as a way to learn how we might grow.

Often times when extreme tragedy strikes, we search for answers of why it happened and how it could have been prevented. Much debate is given to these topics as it relates to 9/11, but at the core of such discussions is the simplicity that evil can sometimes prevail and we must fight against complacency, at all costs, in order to keep a balance of good in this world.

I often think of the balance between evil and complacency in my own profession within the computer security industry. I say this not to build the importance of one’s life work vs. an incomparable tragedy, but rather as a parallel that I might take something from the events of 9/11 to put actions of good back into this world: to find my own meaning and sense of healing like many others whom lost a friend or loved one on 9/11 or the wars thereafter which are still fought even now.

You see, the business of security is one that is truly a fight against complacency. Security is an intricate dance of not simply the forces of good and evil but of both fear-mongering rhetoric and oft ignored warnings of real dangers. So much of what a security professional does is a process of filtering out the signal from the noise. It is no doubt a taxing effort day in and out to try to make sense of the events unfolding around us and make decisions that can be proactive in preventing future disasters.

I cannot speak to the events prior to 9/11 and what could have been prevented. I say this now, not as rhetoric, but based on a career having been hired to legitimately test and compromise the security of major corporations across all major sectors of industry within the United States: it is with unmistakable belief that societies built upon a technological dependence should heed a warning that we are simply waiting for our 9/11 moment where this machine comes to a halt. Not in terms of loss of life but that of a shock and awe technological failing that cuts to the very core of the culture and economy we continue to make our keeper.

Some would say that the deadlock in Washington affects all manner of policy decisions including those on cyber security. As with so many things in life we need not wait for Washington in order to move forward. As a collective of technologists, developers, security and IT professionals, researchers and most importantly Hackers in the original, un-bastardized, definition of the word, we have but a choice to wake up each day and continue to push this fight forward regardless of this race having no end.

To those in the United States government, military, and intelligence agencies who fight tirelessly every day for the good of humanity and not party politics: we thank you.

Stay relentless,
Marc Maiffret

Tags:
, , , , , , ,

Leave a Reply

Additional articles

Dark Reading

2014: The Year of Privilege Vulnerabilities

Posted December 18, 2014    Chris Burd

Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of “least privilege” could limit the impact of malware and raise the bar of difficulty for attackers.

Tags:
, , , , ,
dave-shackleford-headshot

Looking back on information security in 2014

Posted December 16, 2014    Dave Shackleford

Dave Shackleford is a SANS Instructor and founder of Voodoo Security. Join Dave for a closer look at the year in security, and learn what you can do to prepare for 2015, with this upcoming webinar. 2014 has been one heck of an insane year for information security professionals. To start with, we’ve been forced…

Tags:
, ,
patch-tuesday

December 2014 Patch Tuesday

Posted December 9, 2014    BeyondTrust Research Team

This month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is that for once there is not some…

Tags:
,