Monthly Archives: February 2013
- February 25th, 2013
Time seems to fly by here at Avecto and we can’t believe that twelve months have passed since the last RSA Conference in the US.
For 2013, we’re partnering with Microsoft during RSA, so if you haven’t had a chance to see Privilege Guard v3.6 (Now Defendpoint) as yet then pop by, we’ll be demoing this version and discussing least privilege on Windows desktops and servers on stand.
- February 18th, 2013
At the beginning of this year, the South Carolina House of Representatives decided to increase funding for computer security after almost all the Department of Revenue’s tax records were leaked. While testifying in front of a House committee on 3rd January, the Revenue’s former chief of security, Scott Shealy, claimed that management at the agency hadn’t taken the security of taxpayer’s data seriously and had been more concerned with stopping employees from surfing the Internet and cutting end user security training.
- February 7th, 2013
As the sophistication of malware evolves and organizations face an increasingly tumultuous threat landscape, heavy investments are continually made for new security controls, policies and best practices. Yet, one critical – but avoidable – flaw remains. The human aspect of IT practice is a key weakness for most organizations, and the vast majority of today’s breaches continue to stem from internal end-user error, rather than external attacks In fact, among 308 security breaches examined in the latest Information Security Trends study by CompTIA, 54 percent were caused by human error, and nearly half of those errors were attributed to end-users’ failure to follow company security policies.
- February 4th, 2013
Following on from my previous blog on advanced hyperlink use cases, here is another great use case which I’d like to share.
Alternate execution for On Demand
It is quite common for organizations to implement a general On Demand policy to facilitate access to privileges. This can either be rolled out as a trust based model (backed by auditing), or through helpdesk authorization (with Challenge / Response codes). You may also define a policy that explicitly blocks On Demand admin privileges for specific applications, in which case you would present them with a blocking message: