Interested in signing up for our monthly newsletter, Privileged Identity Management News Line?
Get monthly newsletter
"It is a tragedy that the Executive Branch as well as NIST and the NSA have been preaching the gospel of security by design, segmentation of data and control, proper identity management, and effective monitoring. Here with OPM we have an agency entrusted with the defense of its government employees ignoring the guidance given by the government, and outright failing to implement off-the-shelf technologies that are common in the commercial realm. A fix for the problem was a phone call away to virtually any of the defense contractors in the beltway who have been dealing with these types of attacks for decades."
"The fundamental concept is that cyber-warfare has now reached the level that intrusions and credential/privilege misuse can be impossible to detect. Therefore, strong medicine is necessary to treat patients of diseases that are fatal if left untreated, but undetectable in many cases. Our latest technology makes the assumption that intruders are in your environment, undetected. You have to decide how long you are willing to allow them to nest and have access to your systems."
"Today's reality is that cyber warfare is a game of speed, attrition and acceptable loss. Intrusions will be successful some fraction of time and when successful, they will expose every static credential, hash, cached credential, and ticket on compromised systems that you have used – along with those that have connected to your systems. The takeover of your environment happens in minutes and typically will persist for hundreds of days undetected."
"SSH configuration information can be used to report on and to determine proper SSH and SSH Key configuration and to identify the security configuration of the systems surrounding the use of SSH Keys. SSH Key details show where the key is and what accounts it is tied to. SSH Keys that are discovered are now being included for potential management and SSH connectivity."
| February, 2015
"In most of the cyber attack cases, the prevailing public response has been that the attacks were so complex and overwhelming that no reasonable care could have been taken to protect against them. With that position, many of the hacked companies (prior to the attacks),purchased cyber-warfare insurance and then proceeded to cut IT investment in security under the theory that there was no point spending money for something that does not work and for which you can be insured (force majeure theory)."
| January, 2015
"We are happy to announce a joint development program with the RSA Identity Management and Governance team to provide not only attestation of privileged access capabilities, but also privilege management for RSA customers."