John E Dunn
August 6th, 2015
Windows 10′s security overhaul offers a lot but beware its complexities and limitations
With the arrival of Windows 10 in late July, businesses must once again pose many of the same questions that presented themselves at the time of the launch of Windows 8 in 2012, Windows 7 in 2009 and, for those with long enough memories, Windows XP in 2001.
- June 5th, 2015
The biggest security threat of 2015?
Microsoft’s support programme for Windows Server 2003 (WS2003) is currently in the extended support phase, which is scheduled to cease on 14 July 2015. After that date, if a new security vulnerability is discovered, there is no commitment that a fix will be produced and released by Microsoft, nor will it address non-security defects or assist customers that encounter problems.
- May 1st, 2015
Last week I was talking to a customer about whitelisting policies. Having rolled out least privilege, application control and sandboxing to their estate they had gone from hundreds of security incidents per week to virtually none. This has caused the security team to become more proactive by shifting from constant firefighting and reacting to incidents to thinking strategically and planning ahead.
- April 27th, 2015
Last week saw the start of RSA 2015, the annual gathering of security professionals and vendors from across the world in San Francisco. In the opening session, Amit Yoran, president of RSA, declared that InfoSec needed to escape the dark ages.
- April 14th, 2015
Last year, Avecto released its first Microsoft Vulnerabilities Report celebrating 10 years of “Patch Tuesdays” with analysis of the vulnerabilities from 2013. Following on from the success of the original report Avecto have crunched the numbers to analyze the 2014 Microsoft vulnerabilities, revealing how the removal of admin rights is more important than ever.
- April 1st, 2015
If we take just a handful of the high-profile security breaches over the past few years, where cyber criminals obtained administrator rights as a way into the corporate network, the approximate total number of customers affected reaches almost 300 million, a figure just shy of the total population of the United States! There’s no doubt that the figures are eye-opening, but what is more alarming is the fact that many organizations are still resisting fundamental security best practise – the need to remove admin rights across their estate.