In the News: 2015

Network World, November 2015
The core of the Lieberman solution is its Enterprise Random Password Manager (ERPM), a powerful tool which can randomize thousands of passwords in just a few minutes as a result of an alert or simply on a set schedule to ensure that even in the event of a captured password, it won’t be valid for very long.
CIO, November 2015
Speed is a crucial factor; 76 per cent of IT experts surveyed by Lieberman Software at the 2015 RSA Security Conference think their IT security teams simply can’t keep up with the rapid pace at which security threats are evolving. Red tape is also blamed, with 61 per cent saying they installed a security product to satisfy regulations rather than to improve security.
SC Magazine UK, October 2015
Lieberman Software CEO Philip Lieberman argues that despite the prevalence of cyber-attacks and the difficult task of stopping them, malware and APTs do have a weakness. Lieberman specifies that, to be able to do their worst, APTs need privileged credentials to gain elevated access to a system. “Ultimately, if they can't install something, they can't attack,” he said.
Computer Business Review, October 2015
“When it comes to passwords, it's bad news all round, with Lieberman Software finding that 40% of passwords do not get changed in more than a year. But it gets worse. 58% of admin passwords, the passwords which could be viewed as the keys to the kingdom, don't get refreshed for at least 90 days."
Pro Security Zone, October 2015
“Lieberman Software’s adaptive privileged identity management platform, Enterprise Random Password Manager (ERPM), achieved a major milestone recently by passing a million managed endpoints in a single customer deployment."
Softpedia, October 2015
“According to the same survey, Lieberman also found out that 64% of infosec professionals cannot immediately identify a breach of their system, not even in a month after the incident took place. On the opposite end of the spectrum, only 3% of respondents felt secure enough to claim that they can immediately tell when they are being attacked."
TechWeek Europe, October 2015
“The Lieberman survey also found that majority (84 percent) of respondents think that unmanaged privileged credentials are the biggest cyber security vulnerability in their organisation."
Infosecurity Magazine, October 2015
“Executive management should assume that intruders are already inside their networks,” Lieberman said. “They should ensure that their organizations can contain cyber-attacks by securing privileged access, and by removing shared and long-lived credentials that intruders exploit to move around the network. This will mitigate damage and protect the company’s reputation when a cyber-attack does occur.”, September 2015
..."the Lieberman Software study of 2014 found that over 13 percent of all former employees could still access their old professional system, utilizing the same credentials."
Information Security Buzz, September 2015
"Leveraging Azure’s global deployment of data centers and the scalability of SQL Server, ERPM can provide an organization with an enterprise-grade privileged identity management solution worldwide in less than an hour."
IT Pro Portal, September 2015
"A new survey from Lieberman Software Corporation revealed that 83 per cent of IT security professionals are still confident that their perimeter security tools, like firewalls, can react quickly enough to defend against today’s sophisticated cyber attacks. This assumption could ultimately be putting consumer and business data at risk."
Computing, July 2015
"Perhaps United Airlines should reconsider its choice of technologies and vendors that provide controls for privileged access to their systems and databases," said Philip Lieberman, president and CEO of security management firm Lieberman Software, who argued the US government should act to punish those responsible.
Third Certainty, July 2015
I agree with the survey respondents that the changes will provide much-needed relief for U.S. companies victimized by state-sponsored cyber attacks, as well as clarify for U.S. government agencies tasked with enforcing laws and treaties,” says Philip Lieberman, CEO of Lieberman Software Corp., which provides privilege-management and security-management products to clients worldwide.
BlackHat, July 2015
" cannot steal what is not there and you cannot laterally move within an environment if you cannot exploit the credentials that provide lateral access. To achieve these objectives, we have designed technologies and processes to clean machines of cached credentials, reduce the lifetime of privileged identities to hours, and require users to use local escalation on the machine(s) they need to access -- and only for a limited amount of time."
Wall Street Journal, July 2015
Phil Lieberman, CEO of security software maker Lieberman Software Corp., said OPM’s lack of uniform multi-factor authentication was “shocking.” According to the OIG’s report, OPM added multi-factor authentication for 95% of its workstations, but none of its 47 major applications used it as of last year. Mr. Lieberman said that security gap may have made it easier for perpetrators to move around the OPM’s network, once they got past perimeter defenses.
USA Today, July 2015
The irony is that as originally developed by the military, the Internet "was designed to survive a nuclear attack," says cyber-security expert Phil Lieberman, CEO of Lieberman Software. "But today, that system has been co-opted by players that include everyone from "nation-states to criminal enterprises as well as anarchists and crazy people." Lieberman's advice? "You should expect to be compromised and you need to ask the question: And then what?"
eWeek, July 2015
"The common attack as well as the land and expand methods of intruders depend on moving within the network via stolen credentials," Lieberman said. "To minimize this consequence, companies must change the way they use privileged identities from the IT perspective—no use of domain admin accounts—and the removal of users having local administrator rights on their own machines."
Spiceworks, July 2015
"Even still, Lieberman believes that this will only lessen the risk of attacks. With 30% of respondents citing their lack of confidence in the ability of their security teams to detect an attack, perhaps a more proactive defense is the best bet."
InfoSecurity Magazine, June 2015
“The fact that IT professionals believe that data breaches are occurring more frequently than reported is revealing,” said Philip Lieberman, CEO of Lieberman Software. “Due to today’s advanced cyber-attacks, intruders are already within most IT environments, are undetectable, and have access to credentials on every compromised machine.”
TechWeek Europe, June 2015
"A survey from Lieberman Software Corporation revealed that 87 percent of IT professionals believe large financial hacks are happening more often than reported, and right under the nose of security auditors."
CSO, June 2015
"If someone breaks into your house, and you have the keys to the Porsche and the Mercedes sitting on the kitchen counter, they'll steal your cars," he said. In enterprise terms, this means changing operations so that there are no credentials sitting on machines, waiting to be stolen.
Information Security Buzz, June 2015
“Lieberman Software released a new whitepaper this week called “Cyber Defense Review of Mandiant and Verizon Threats: How to Immediately Limit Attack Consequences.”  In it, they lay out a step-by-step analysis, repudiating recent claims made by Mandiant and Verizon, and offer solutions for protecting organizations from the common phases of most cyber attacks.”
 USA Today, June 2015 
 “Let's be honest here, it's not as if MLB teams have national security-level experts guarding their computer systems. Even the MLB waiver wire can be accessed by thousands of front office executives and scouts on their computers, iPads or cell phones. Why, in a recent study by Lieberman Software, nearly 23% of IT security professionals admitted they can access their previous two employers' systems simply using their old credentials.”
 Vigilance Security, June 2015
 “It is a tragedy that the Executive Branch as well as NIST and NSA have been preaching the gospel of security by design, segmentation of data and control, proper identity management, and effective monitoring. Here with OPM we have an agency entrusted with the defence of its government employees ignoring the guidance given by the government as well as failing to implement off-the-shelf technologies that are common to the commercial realm.”
Wall Street Journal, May 2015
 “A survey of 170 IT professionals by Lieberman Software found 76% of respondents said the evolution of cyberattacks is occurring too quickly for IT departments to keep up...”
InfoSecurity, May 2015
 “As zero-day attacks and other cyber threats evolve at a steady pace, many organizations are searching for new IT security solutions to defend against the latest wave of attacks,” said Philip Lieberman, president of Lieberman Software. “Unfortunately, these organizations often discover too late that the products they purchase cannot scale to large enterprise environments, or be deployed quickly enough to provide real defense. That creates a significant security deficit that leaves organizations at risk.”
TechWeek Europe, May 2015
"Both government and commercial enterprises can defend themselves from the actions of hacktivists, but it usually requires more focus and resources than many organisations are willing to provide. At least until they find themselves victims of a cyber attack.”
SC Magazine, April 2015
“There is an assumption that if a person or group have the ‘keys to the kingdom' with full admin rights across an enterprise, that this is a viable and effective way to apply security policies. Anyone who has full admin rights and no accountability has the opportunity to effect an insider attack with a low risk of being detected. Without privilege admin controls there is no way of controlling this security blind spot.”
InfoSecurity, April 2015
"Roy Duckles, EMEA channel director at Lieberman Software, argued that many firms remove internal safeguards in order to maintain staff productivity levels. “Anyone who has full admin rights and no accountability has the opportunity to effect an insider attack with a low risk of being detected. Without privileged admin controls there is no way of controlling this security blind spot. Add to this the fact that many companies fail to enforce a strong password policy, and many passwords are replicated and known throughout an IT team, then it becomes just too easy for a person to find the access they require.”
SC Magazine UK, March 2015
 "Indeed, Lieberman describes the attack as an excellent example of how ineffective firewalls and end-point protection is in the real world. 'The only mitigation is to accept the new reality and toughen the interior of the environment with changes in network design (air gaps), aggressive proactive identity management to implement privilege access and least privilege so as to survive these attacks' Lieberman insists."
Consumers Digest, March 2015
"Consumers who didn’t purchase an Internet protocol, or IP, camera that encrypts data should change the default password on their camera to something that's difficult to guess, says Philip Lieberman, who is the president of security-management company Lieberman Software."
Dark Reading, March 2015
“As with most failed security scenarios, the core problem is not technology, but is in fact a lack of leadership and culture," says Philip Lieberman, president of Lieberman Software. "The refusal to allow the OIG to scan their systems should have been a warning flag that OIG should have publicly published as a public service to Anthem customers."
InfoSecurity, March 2015
"However, Phil Lieberman, CEO of Lieberman Software, cautioned that the [FREAK] attack is a “more or less a hypothetical threat” requiring a “a sophisticated attacker with a set of tools and technology not in common use.”
Vigilance, March 2015
"The interoperable solution...will help organizations manage, control and enforce both privileged and end user access to applications, systems and data across the enterprise and the cloud, all in a single unified platform."
Entrepreneur, February 2015
"The Lieberman Password Manager finds and strengthens server passwords, encrypts themand stores them in a database. Not only does it create complex passwords that staff don’t need to memorize and support common multi-factor authentication tools, it’s surprisingly easy to maintain once installed."
Pro Security Zone, January 2015
"With the new pooled service account rotation feature in Lieberman Software’s Enterprise Random Password Manager (ERPM), users can reliably configure privileged password changes on a continuous basis. This feature significantly lowers the risk of lockouts and cascading system failures caused when password updates for service and process accounts don’t reach every place on the network where those accounts are referenced."
Vigiliance Security Magazine, January 2015
"Skeleton key malware shows the need for privileged access management and session recording technology."
TechWorld, January 2015
"A recent survey of attendees of August’s Black Hat Show by Lieberman Software found that 58 percent believe enterprises are “losing the battle” against state-sponsored attacks. Seventy-four percent were not sure their own networks hadn’t already been breached by such foes." A recent survey of attendees of August’s Black Hat Show by Lieberman Software found that 58 percent believe enterprises are “losing the battle” against state-sponsored attacks. Seventy-four percent were not sure their own networks hadn’t already been breached by such foes.
Computing, January 2015
" is easy to modify malware to contain attribution addresses - proper tradecraft uses only anonymous proxies within embedded malware."The real question, said Lieberman, is "whether national security assets reveal intercepted IP traffic (i.e. packets) from North Korea exists regarding these events, that show positive command and control being initiated by North Korea".