Our thoughts, industry views and technology trends

Are admin rights the biggest threat to enterprise security?

Last week saw the launch of the latest Microsoft Vulnerabilities Report, Avecto’s leading research project into the security bulletins issued by the software giant over the past 12 months. Now in its third year, the report has consistently provided intriguing insight into today’s threat landscape, the common attack vectors and the products within the Microsoft portfolio that cause IT departments the most sleepless nights.

Continue Reading


Nothing comes for free: Just say no

Sometimes when you’re involved in developing software, a developer offers you a feature or an option “for free”. Most typically, this is part of a framework, plugin, or library that offers this functionality anyway: they view it as easier to leave in than to take out.

Continue Reading


Why elevating the issue won’t always alleviate it

“We’ve done it!” – The majority of your users have admin rights removed, meaning your environment is far more secure than it was before and you’ve successfully mitigated 85% of critical vulnerabilities in Windows. But are you as secure as you think? A surprisingly common pitfall that we come across in the support team are those who, either intentionally or unwittingly, elevate everything. Everything.

Continue Reading


Microsoft Vulnerabilities Report 2015 – What you need to know

Now in its third year, the 2015 Microsoft Vulnerabilities Report analyses the data from Security Bulletins issued by Microsoft throughout 2015. Typically issued on the second Tuesday of each month, these “Patch Tuesday” bulletins contain fixes for vulnerabilities affecting Microsoft products. With the launch of Windows 10, this approach changed slightly, with patches being released as soon as they are available.

Continue Reading


The Cyber Pyramid Scheme

In a previous blog I discussed why it is important to focus on the endpoint first when it comes to security. This generated some really interesting discussions with people arguing the case for product X and Y or asking “what about detection on the endpoint?”

Continue Reading