Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

AFITC 2010

August 31, 2010

  • Blog
  • Archive
If your organization has never considered, or taken, IT security seriously, a keynote speech given by Maj. Gen. Richard Webbers at the Air Force Information Technology Conference 2010 in Montgomery, AL would have certainly changed your mind. The General went through a brief history of the 24th Air Command, its role in supporting cyber threats, and how this new division is combating modern threats to our military’s infrastructure. Even though the conference is closed to the general public, his speech defined how seriously the Air Force and United States Government are taking the concept of cyber intelligence and cyber-attacks. For the US Air Force, this command represents an entire division focused on protecting Air Force information technology and providing a consolidated technology forum for the cyber war fighter. His speech outlined the amount of dedicated resources to combat the problem and was justification alone to anyone on how seriously the Government is taking the threat of cyber threats. If the government is taking IT security this seriously, shouldn’t most organizations at least bring attention to their own security problems? His speech was a blunt reminder that we all need to consider security for our computing devices. I have heard grumblings through the media that we will soon run out of IPv4 addresses. A second keynote from Dr. Tom Leighton, Co-Founder and Chief Scientist for Akamai confirmed this in the most unusual way. He indicated that companies that own large quantities of IPv4 addresses, that are commercially “inexpensive” to acquire, are being purchased by third parties just for their IPv4 addresses and nothing related to their business or technology. Amazing that we have come down to this. In addition, the second part of Dr. Leighton’s presentation focused on how data is cached in the cloud via Akamai servers verses direct connections from every source to every web service. With the limitations of IPv4 and now only the emergence of IPv6, Akamai developed their own proprietary address schemes and routing protocols to manage the caching of data in the cloud. In essence, Akamai provides cloud services of their own in the cloud that are completely transparent to virtually everyone. In watching his demonstration on security threats to Akamai’s network, it became apparently clear the threats to the cloud will not necessary benefit from IPv6 (yes there will be some), but even IPv4 installation of cloud services could learn some lessons from Akamai’s infrastructure:

• Keep your cloud (and data center) operational communications “out of view” from normal traffic • Never allow a single point of failure (not even a cable) to allow for your infrastructure to fault • When possible, distribute components of the workload with redundancy.

Realistically this is cost prohibited for most applications and businesses, but as lessons learned goes, Akamai has succeed in making the internet “always” available even when outages and cyber attacks occur using this strategy. I hope many emerging cloud service vendors look at companies like Akamai and learn from their infrastructure and management of security threats. So, after a long day at AFTIC 2010, it has become apparent that even the most basic IT services take security and vulnerabilities very seriously. Vendors and the Air Force recognize the importance of building security into every process and every piece of technology deployed. It is my hope that everyone takes a piece of this to their homes and businesses and learn that protections as simple as passwords can protect against even some of the most basic cyber threats.

Morey J. Haber, Chief Technology Officer and Chief Information Security Officer at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

A Zero Trust Approach to Secure Access

Webcasts

Rising CISOs: Ransomware, Cyber Extortion, Cloud Compromise, oh my!

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.