Our thoughts, industry views and technology trends


Paul Kenyon
September 1st, 2015

Prevention is possible

This blog is meant as a rallying cry for anyone who has a vested interest in their organization’s security. My aim is to spearhead a new era where all companies take a proactive approach to their security. No longer will historic methods of blocking and defense after the event be the only tenets of a security strategy.


Continue Reading

RunOnce to the hills

Here in the Avecto Support Team we come across various issues with customers that wish to allow their users to perform elevated tasks in Windows once their Administrator rights have been removed; this can vary from changing Windows settings or allowing a legacy app to run with admin rights for compatibility reasons, to installing complex application suites.

Continue Reading

Path of enlightenment part 1

A potential privilege escalation around unquoted service paths has been around for over fifteen years now, but it still continues to catch people out.

Continue Reading

Take a long hard look at your shelfware

Twenty-eight percent of security spending is wasted on shelfware, according to CSO’s news article earlier this year.

Shelfware, in case you don’t have any of your own, and aren’t familiar with the term, is a word coined by the technology industry to refer to something that is purchased but is never put in to production.

Continue Reading

Striking the right chord: Don’t make your users incompetent

There is very rarely progress without some cost. I was reminded of this recently by the news that a new piece of railway line – the Ordsall Chord – will cut off the world’s first passenger railway station, Manchester Liverpool Road, from the main line and affect 30 other “heritage assets”.

While changes to user’s experience of software products is rarely as substantial or irreversible as this, the same concept applies: even improvements have a cost. And that cost is, very often, to your current users.

Continue Reading

Boards fall short on cyber security and technological knowledge

In light of the recent data breach at TalkTalk I started to think about why breaches are becoming so common and why there appears to be such a gap between corporate priorities and cyber security. Then something dawned on me, I spend a lot of time speaking with members of the C-suite and articulating the benefits of key security foundations and defense in depth. At lot of the time the members of the C-suite lack the requisite skills to really grasp the importance of cyber security. Through no fault of their own, they do not come from technology backgrounds, but from sales, finance and marketing. In addition, many corporates have not appointed a Chief Security Offer.

Continue Reading