SANS Institute Recommends Least Privilege Security Model to Reduce Impact of Zero-Day Attacks

BeyondTrust Supports SANS Updates to the Top 20 Attack Targets

Portsmouth, NH - November 17, 2006 – The SANS Institute, the largest source for information security training and certification in the world, announced on Wednesday the 2006 update to the Top 20 Internet Security Vulnerabilities, this year dubbed the Top 20 Attack Targets. The first major trend noted was a surge in zero-day vulnerabilities. SANS recommends that companies implement a Least Privilege environment to reduce the impact of these attacks.

“A zero-day vulnerability is a known flaw in software that does not have a patch available. In 2006 we've seen a significant rise in attacks that take advantage of zero-day vulnerabilities, leaving a user or system unable to defend against the attack since no patch is available,” said Marc Sachs, Director, SANS Internet Storm Center, and SRI International. “This type of application-level attack is very hard to prevent with traditional flow-based schemes such as IDSs and firewalls. Likewise, consumer-oriented security solutions such as anti-virus software usually cannot detect the initial outbreak of a zero-day exploit attack.”

Marco Peretti, CTO of BeyondTrust and architect of the first product to enable the security best practice of Least Privilege in Windows environments, agrees with SANS’ findings. "When users and applications are given more privileges than necessary, organizations expose themselves to threats such as malware and data theft no matter what defense they have in place,” said Peretti. “BeyondTrust Privilege Manager helps our customers eliminate security breaches that result from incorrect privilege assignment by allowing security administrators to restrict user privileges by setting the permission levels and privileges of selected applications through Group Policy."

The SANS Top 20 Attack Targets states that protecting against zero day vulnerability exploitation is a matter of great concern for most system administrators. According to the 2006 Annual Update, SANS recommend the following best practices to reduce the impact of a zero day attack:

• Follow the Principle of Least Privilege in setting user access controls, permissions, and rights
• Restrict or limit the use of active code such as Java script or ActiveX in browsers
• If you use Microsoft's Active Directory, take maximum advantage of Group Policy Objects to control user access
• Do not rely on antivirus protection alone since zero-day attacks are often not detectable until new signatures are released

“A huge security problem that Windows enterprises face is that many users must be given administrative privileges in order to run required applications. However, as we have seen, administrative privileges are easily exploited by zero-day threats and malicious users. So you have to ask yourself if you trust your existing security defenses,” said John Moyer, CEO of BeyondTrust. “BeyondTrust helps customers move beyond the state of trusting users and systems with excess privileges to implement a Least Privilege security model. All users can be restricted users by securely elevating the privileges of selected applications.”

About BeyondTrust

BeyondTrust Privilege Manager was the first product to allow administrators to assign permissions to applications and tasks, enabling the security best practice of Least Privilege in Windows environments. BeyondTrust Privilege Manager has won many prestigious awards, including "Excellence in Management of Least Privilege - Customer Trust 2006" (Info Security Products Guide), "Best of TechEd 2006 - Security Finalist "(Windows IT Pro/SQL Server Magazine), and "Best Product of 2005 - Policy Management" (MSD2D People’s Choice Security Award).

For more information, visit www.beyondtrust.com.