September 1st, 2015
This blog is meant as a rallying cry for anyone who has a vested interest in their organization’s security. My aim is to spearhead a new era where all companies take a proactive approach to their security. No longer will historic methods of blocking and defense after the event be the only tenets of a security strategy.
- November 20th, 2015
Here in the Avecto Support Team we come across various issues with customers that wish to allow their users to perform elevated tasks in Windows once their Administrator rights have been removed; this can vary from changing Windows settings or allowing a legacy app to run with admin rights for compatibility reasons, to installing complex application suites.
- November 20th, 2015
A potential privilege escalation around unquoted service paths has been around for over fifteen years now, but it still continues to catch people out.
- November 13th, 2015
Twenty-eight percent of security spending is wasted on shelfware, according to CSO’s news article earlier this year.
Shelfware, in case you don’t have any of your own, and aren’t familiar with the term, is a word coined by the technology industry to refer to something that is purchased but is never put in to production.
- November 12th, 2015
There is very rarely progress without some cost. I was reminded of this recently by the news that a new piece of railway line – the Ordsall Chord – will cut off the world’s first passenger railway station, Manchester Liverpool Road, from the main line and affect 30 other “heritage assets”.
While changes to user’s experience of software products is rarely as substantial or irreversible as this, the same concept applies: even improvements have a cost. And that cost is, very often, to your current users.
- November 9th, 2015
In light of the recent data breach at TalkTalk I started to think about why breaches are becoming so common and why there appears to be such a gap between corporate priorities and cyber security. Then something dawned on me, I spend a lot of time speaking with members of the C-suite and articulating the benefits of key security foundations and defense in depth. At lot of the time the members of the C-suite lack the requisite skills to really grasp the importance of cyber security. Through no fault of their own, they do not come from technology backgrounds, but from sales, finance and marketing. In addition, many corporates have not appointed a Chief Security Offer.