7 Windows 7 Resolutions for 2014

Migrating from XP to 7 offers organizations a good moment to re-assess their security setup. But where to start?

After nearly 13 years, Tuesday 8 April is the day Windows XP reaches the end of the road as Microsoft pulls extended support. Anyone still running XP after that day will be on their own and left exposed to an inevitable wave of malware attacks lured by the pickings to be had from millions of PCs running an unpatched operating system. Continue reading

Posted in Least Privilege, Windows 7 | Tagged , , , | Comments Off

Admin Rights in Windows 7/8: 5 Steps to Make Your Migration a Success

Imagine an OS without security updates, hotfixes or support – being stuck in a world of perpetual zero days in what would effectively be open season for cybercriminals. Come April 8th 2014, this is exactly what many organizations will be facing as Microsoft withdraws it’s free support for the hugely popular Windows XP operating system. Continue reading

Posted in Windows 7, Windows 8 | Tagged , , | Comments Off

Top 5 Security Predictions for 2014

2013 will be remembered as a somewhat turbulent year for cyber and data security. Amongst the numerous high profile data breaches, involving such companies as The New York Times, Adobe and Facebook, was of course Edward Snowden and the NSA scandal, which effectively changed the game in terms of the ‘insider threat’.

However, promising to be just as significant a year for security, we look at the top 5 challenges affecting organizations in 2014. Continue reading

Posted in Cyber Threats | Tagged , , , | Comments Off

Cyber Threats: How modern hackers are waiting to ensnare the User

Hackers have evolved since the days when you would receive an anonymous email with a suspicious attachment. Now cyber-criminals are using ever more sophisticated methods to circumvent system defences and actively pursue an organization’s single biggest weakness, the user. Continue reading

Posted in Cyber Threats, Insider Threat | Tagged , , , , | Comments Off

Turning Concern into Action

Edward Snowden’s data leakage at the NSA has certainly caused a ripple effect across the entire IT landscape, forcing organizations across all industries to take a closer look at their current security defenses. At the McAfee FOCUS conference in October this year, we conducted a survey to examine just how closely security professionals were rethinking their approaches to security as a result of the NSA incident. And just as important – if not more – was determining how many of those professionals were actually converting these attitudes to action. Continue reading

Posted in Desktop Lockdown, Privilege Guard, Privilege Management | Tagged , , , , | Comments Off

Tagged Image File Format (TIFF) – The Latest MS Vulnerability to hit the Market

As the dust settles on the notorious IE zero-day exploit which was fixed in October’s Patch Tuesday, a fresh zero-day utilizing Tagged Image File Format (TIFF) files makes an appearance. Continue reading

Posted in Vulnerabilities | Tagged , , , | Comments Off

10 years of Microsoft Patch Tuesday

To celebrate the 10th anniversary of Patch Tuesday this month, we take a quick look at how Microsoft’s update format changed the IT landscape. Continue reading

Posted in Cyber Threats | Tagged , , | Comments Off

The NSA is Worried About its Sysadmins. But isn’t Everyone?

Plans to reduce admin numbers by 90% have probably been misunderstood

A year ago, few beyond the realms of computer security, politics and journalism had even heard of the US National Security Agency (NSA) let alone could explain what it did. Then the Edward Snowden affair happened and suddenly one of the world’s most secretive organizations overnight turned into one which has had its every action and statement pored over with huge fascination.

Even so, when NSA director General Keith Alexander turned up at the International Conference on Cybersecurity in New York on 8 August to speak at a roundtable discussion, he probably didn’t think he was going to say much that hadn’t already been said in recent weeks.

Then he mentioned plans to reduce the number of NSA IT system administrators by a dramatic-sounding 90 percent, and people’s ears pricked up.  Edward Snowden was a system administrator, of course, one of around 1,000 employed by the Agency itself, or indirectly through consultancy firms. Was this a way of saying that sysadmins at the NSA had too much power and getting rid of them would reduce the risk of another embarrassing breach? Continue reading

Posted in Least Privilege, Privilege Management, Server Administration | Tagged | Comments Off

Whose job is it to watch the Admins?

Why privilege management must apply to everyone

Administrators, privileged network deities or just a type of ordinary network user much the same as anyone else?  Years into an age where IT security has become a mainstream topic, this remains the sort of polarising question that can provoke one of two reactions; shock or relief.

Those in the ‘shock’ camp will probably have grown up used to the traditional divide in which there were only two types of network being; the queen bees at the centre of chaotic and uncertain network who needed absolute power and were called ‘network admins’.  Everyone else was mortal and had to make do with a support number stating the hours of service.  In too many organizations, the power of admins was not only seen as natural so much as necessary, a benign dictatorship of those ‘in the know’.

This model persists, especially in smaller organizations, but it is obsolete because, quite simply, it creates unquantifiable risk.  For anyone who agrees with this analysis, the realization that admins are just a specialized type of user is more likely to elicit the second response…that of relief. Continue reading

Posted in Desktop Lockdown, Least Privilege, Privilege Guard, Privilege Management, Server Administration | Tagged | Comments Off