PowerBroker for Windows (PBW) is designed to integrate directly into your corporate Active Directory (AD) structure without modifying your existing schema. In the asset labeled “1” below, an administrator simply loads a Group Policy Option (GPO) snap-in onto an asset that uses the Microsoft Management Console (MMC). The administrator can then create policies and rules that are stored in the AD domain labeled “2”. An administrator can also access the management console (Retina CS labeled “3”) via a web interface to run reports or create additional rules based on collected events from the environment.
One of the best-known secrets about PowerBroker for Windows is the ability to logically group rules into Collections. This Best Practice allows you to organize rules based on almost any criteria and treat multiple rules as a single entity. This feature is most useful when:
- Rules require the same item-level targeting
- Organizing rules into physical groupings for ease of maintenance or review
- Creating rule groups based on abstract terms like department, application, or even denied applications or websites
- Enforcing that all sub-groups or rules inherentthe same action
- Storing obsolete or temporary rules
- Staging rules that are used for testing before inserting them into production. (This works best with Item Level Targeting).
Microsoft has released a Security Advisory for the upcoming patch to increase minimum bit levels of certificates to 1024 bit security advisory 2661254. The expected release date for this patch is Oct 9th at which time the update will be available through Windows Update. This change to the minimum bits level of certificates will change the Windows certificate system and will cause it to stop accepting certificates that are less than 1024 bits as those keys are considered ‘weak’. This change will affect all Windows operating systems above Windows XP SP3 and Windows 8 already implements the tighter certificate check.
In today’s ever expanding virtualized data center it’s critical to ensure hypervisors/host systems are properly secured and patched to prevent bleed over into often dense populations of the corporate infrastructure. According to a recent blog post on Threatpost, French research firm VUPEN security has revealed exploit code that takes advantage of a vulnerability in Xen 4.1.2 based on advisory CVE-2012-0217. Although the vulnerability was reported in June there are many firms that may have not implemented the patch or worse haven’t identified whether or not they are vulnerable yet.
Blackhole is a popular exploit kit used to inject malware onto PCs that visit an exploited site, or are redirected to such a site from another, compromised website. As hackers get bolder they use these types of toolkits to compromise computer networks. This allows less sophisticated individuals and organizations to compromise computer networks since these kits are relatively easy to attain and leverage.
It’s been a very busy July here at BeyondTrust, especially the last two weeks! We’ve just returned from the annual BlackHat conference, where we had tremendous response to demonstrations of our Context Aware Security Intelligence solutions. BlackHat, as many of you know, is the industry’s most well respected technical security conference, so we were very excited to participate in and speak with customers and prospects about our latest security technologies. More [...]
What do you get when you cross industry leading vulnerability assessment with a SaaS based mobile device management (MDM) solution? You get a mobile device solution that incorporates the top features of security, configuration, and compliance management with seamless integration into Retina CS. You gain complete visibility into corporate and “bring your own device” (BYOD) mobile assets. You find a mobile solution that is easy to deploy and manage allowing you to do more with less. More [...]
In a recent article on Dark Reading, The Compliance Officer’s Dirty Little Secret, the topic of how Chief Compliance Officers (CCO) form their decision making process(es) around compliance was brought to light. One major decision CCOs are responsible for making is whether to pay the fines associated with non-compliance versus the cost of achieving compliance. I’m sure there are many debates that can go back and forth of the efficacy of either case depending on industry, regulatory requirements, the degree of a breach, etc. but in MANY cases the former is far more costly than the latter when you think of legal risks from class action lawsuits (incurred following a breach), cost of notification to customers, brand image, potential stock price fallout not to mention the cost of consultants and technology to remediate the problem.
Yet another first for BeyondTrust and eEye Digital Security. Our combined companies are proud to release our first new direct integration from Retina CS into RSA Archer eGRC. The business value provides comprehensive vulnerability management data directly into Archer’s Threat Management system. Using direct database access from Archer’s Integration System, the eGRC platform harvests asset and vulnerability data directly from Retina CS to provide a snapshot view of Threat Management health based on any data Retina collects for vulnerabilities regardless of server, desktop, infrastructure, cloud or even mobile device. The managed data feed can be setup to import data at almost any periodic frequency and will continually update Archer with the latest Threat Management data based on findings contained within Retina CS regardless of scan job. In addition, this data is completely exposed down to the most granular level to see how assets and vulnerabilities fair against current process and policies.