Time seems to fly by here at Avecto and we can’t believe that twelve months have passed since the last RSA Conference in the US.
For 2013, we’re partnering with Microsoft during RSA, so if you haven’t had a chance to see Privilege Guard v3.6 as yet then pop by, we’ll be demoing this version and discussing least privilege on Windows desktops and servers on stand. Continue reading
At the beginning of this year, the South Carolina House of Representatives decided to increase funding for computer security after almost all the Department of Revenue’s tax records were leaked. While testifying in front of a House committee on 3rd January, the Revenue’s former chief of security, Scott Shealy, claimed that management at the agency hadn’t taken the security of taxpayer’s data seriously and had been more concerned with stopping employees from surfing the Internet and cutting end user security training. Continue reading
As the sophistication of malware evolves and organizations face an increasingly tumultuous threat landscape, heavy investments are continually made for new security controls, policies and best practices. Yet, one critical – but avoidable – flaw remains. The human aspect of IT practice is a key weakness for most organizations, and the vast majority of today’s breaches continue to stem from internal end-user error, rather than external attacks In fact, among 308 security breaches examined in the latest Information Security Trends study by CompTIA, 54 percent were caused by human error, and nearly half of those errors were attributed to end-users’ failure to follow company security policies. Continue reading
Following on from my previous blog on advanced hyperlink use cases, here is another great use case which I’d like to share.
Alternate execution for On Demand
It is quite common for organizations to implement a general On Demand policy to facilitate access to privileges. This can either be rolled out as a trust based model (backed by auditing), or through helpdesk authorization (with Challenge / Response codes). You may also define a policy that explicitly blocks On Demand admin privileges for specific applications, in which case you would present them with a blocking message: Continue reading
It’s made the Internet a better place. But like all wonderful things, Java needs careful oversight
Java, what’s it good for? If the depressing zero day flaw parade of recent weeks is anything to go by, not a lot.
A quick description of the mess; on 10 January, exploits started circulating for a serious flaw in Java 7 Update 10 (itself a major overhaul, released mid-December), prompting an unusual ‘disable immediately’ warning from the US Department of Homeland Security (DHS) no less.
After a rapid but partial patch from Oracle, Update 11, attention turned to further zero day flaws that remained, including one reportedly sold in recent days on the criminal underworld for at least $5,000. One particularly enterprising group of criminals even started impersonating the Java update to sneak malware on to computers. Continue reading
We introduced the hyperlink feature into Privilege Guard messages back in version 2.8, which allows IT admins to supply users with a link to information on an intranet or extranet. Although Privilege Guard messages are highly configurable, both in terms of display text and visual styles, there is only so much you can fit into a message, so having the ability to break out into a web page has proven very successful in making sure users are kept well informed as to why they are being prompted.
I wanted to write this post to highlight a few advanced use cases that you may want to try in your own Privilege Guard implementations, that may help you deliver a better experience to your end users, all using the message hyperlink option. Continue reading
At the 2012 McAfee FOCUS conference in Las Vegas in October, Avecto conducted a survey that revealed some serious concerns IT professionals have about their companies’ privilege control policies. In addition to pointing out the wide disparity that exists between organizations’ future security goals and their existing (and often, lacking) best practices, the survey also shed some light on what the future holds for Bring-Your-Own-Device (BYOD) within the enterprise.
Of the 365 surveyed participants, comprised of IT professionals in attendance at the show, 84 percent held least privilege in high regard, emphasizing an organizational need for better control of user privileges on company machines. The majority of these respondents (45 percent) pointed to malware attack mitigation as the primary reason for establishing better privilege control, followed by 18 percent who attributed this to either combating insider threats (9 percent) or external compliance (9 percent). Continue reading
While forecasting the security culprits of the coming year has become a clichéd annual technology tradition, there is definite value in preparing for what may lurk ahead. Take for instance, how quickly the threat landscape has shifted. It’s hard to believe that movements, like Bring Your Own Device (BYOD) or cloud computing, have only recently emerged, yet they have become ingrained in our security posture and threat landscape. Considering this speed of change, taking a moment to reflect on the security risks ahead is not only prudent, but could save your organization from being blindsided. From my view, here’s what I’d recommend organizations, from SMBs to the enterprise, prepare for 2013. Continue reading
If Christmas is a time for reflection and tradition, then the New Year is a time when many of us make those New Year resolutions. My New Year’s resolution this year is to keep a positive attitude, but I doubt that will last long.
On a serious note, one aspect of the New Year that has always intrigued me is the media publication of elements contained within Old Moores Almanack. This annual publication produced today by W. Foulsham & Company Limited, offers predictions of world and sporting events, as well as more conventional data such as tide tables. It’s been going since 1697 originally written by the self-taught physician and astrologer Francis Moore, a member of the court of Charles II. Continue reading
A great song writer once wrote “So this is Christmas and a Happy New Year…”* and now is the time to wish everyone Seasons’ Greetings from all of us at Avecto.
One of the topics of discussion round the office this past week has been family Christmas traditions. And with the European team in town for our festive party it’s been really interesting to hear how our colleagues celebrate. One of my family traditions is to have a discussion (usually quite heated) on what we want to do in the incoming year and decide what has been the one thing each one of us is most proud of achieving in the previous year. Continue reading