Monthly Newsletter

Interested in signing up for our monthly newsletter, Privileged Identity Management Newsline? 

Get Newsletter Button

April, 2015 
Today's reality is that cyber warfare is a game of speed, attrition and acceptable loss.  Intrusions will be successful some fraction of time and when successful, they will expose every static credential, hash, cached credential, and ticket on compromised systems that you have used – along with those that have connected to your systems.  The takeover of your environment happens in minutes and typically will persist for hundreds of days undetected."

March, 2015 
SSH configuration information can be used to report on and to determine proper SSH and SSH Key configuration and to identify the security configuration of the systems surrounding the use of SSH Keys. SSH Key details show where the key is and what accounts it is tied to. SSH Keys that are discovered are now being included for potential management and SSH connectivity."

February, 2015 
In most of the cyber attack cases, the prevailing public response has been that the attacks were so complex and overwhelming that no reasonable care could have been taken to protect against them. With that position, many of the hacked companies (prior to the attacks),purchased cyber-warfare insurance and then proceeded to cut IT investment in security under the theory that there was no point spending money for something that does not work and for which you can be insured (force majeure theory)."

January, 2015 
We are happy to announce a joint development program with the RSA Identity Management and Governance team to provide not only attestation of privileged access capabilities, but also privilege management for RSA customers."

November, 2014 
There is no season where criminals and nation states will respect your IT freeze, so continuous improvement and continuous compliance need to occur 365 days a year. If your existing security solutions are taking years to implement, perhaps they need to be discarded rather than stopping and starting a security project based on the time of year."

October, 2014
Cyber-defense today is not about stopping intrusions, it is about creating architectures and processes that minimize the losses and limit how far intruders can go with zero day and other exploits.  This means having fully automated technology that can operate at scale and depth without the need for continuous human interaction."

September, 2014
"The headlines are proof that neither IT nor senior management can ignore the fact that a lack of internal security makes them sitting targets for exploitation. Even the excuses that they did what the analysts recommended or as they were requested by their auditors hold no weight, nor do they provide a safe harbor for the company. Ask Target how well the solutions recommended by their analysts and auditors worked; then ask Home Depot, Goodwill and all the rest."

August, 2014
"More than anything, we believe that the perimeter is porous, the best technology for perimeter protection is useless against nation states, and that the real defense question is about how well a company protects its interior and limits the damage."

July, 2014
"Given that intruders can easily get past the perimeter protections, what are the best practices to protect your corporate network? Let’s start with the assumption that your perimeter defenses will fail some of the time. Next, you have to do a pragmatic analysis of how far an intruder could go after taking control of any one machine in your environment. Here is what you should expect: the compromised machine has a key logger installed that records every user name and password entered on the machine. "

June, 2014
"Over the last year we have been investing in technology to bring scalable privilege management/privileged access management (PAM) to both IT and regular users alike. The goal of the project has been to leverage our secure storage of credentials, SSH keys, certificates and pass phrases with a better performing, industry standard application launch/application virtualization technology to deliver a new chapter in privileged access management."

May, 2014
"Have you ever wanted to automate the logon of all your critical corporate-wide applications in a way that did not disclose the credentials (things that don’t support single-sign-on)? Would you like a recording of transactions on sensitive systems?"

April, 2014
"As we live with the sea of compromised flotsam and jetsam of the Internet caused by the Heartbleed bug, at least I can live in some comfort that Microsoft will patch Internet Explorer and most people will get the patch automatically. On the other hand, there is the issue of all those billions of XP machines running older versions that will never get another patch from Microsoft; automatic or otherwise."

March, 2014
"As a company we are pushing privileged identity management from a point solution that is used to remediate existing poor practices and implement a hard control into the realm of a privileged identity security platform. In essence our product is becoming a platform for cloud providers, MSPs, and government projects that are seeking to secure identities as part of their offering stack."

February, 2014

"The recently announced NIST framework is a lot of useless and redundant verbiage that collects existing standards that have existed for at least a decade. There is nothing fundamentally new, revolutionary or even effective in the framework. One should ask the question: was Target compliant with all of these standards? The answer is most probably yes..."

January, 2014

"We have been preaching the use of fully automated password randomization of all end points for years and have developed technology to accomplish this at massive scale with little need for human labor. Had Target deployed our solutions, they would not have had this massive breach. Further, they could have deployed our solution to all stores in less than one day."

November, 2013

"As cloud vendors have become recognized as mission critical to the nation, there has been an interesting evolution into becoming not only security competent platforms, but ones in which the security resources available for defense can now achieve competence above even the largest corporate entities... In effect, we now see an environment where an attack on one critical national resource is seen as a potential attack on all, and all members react as such with the cooperation of the government to assure national interests are covered."

October, 2013

"One of the most gratifying experiences for the development team was to see the rapid adoption of our new orchestration interfaces via PowerShell and web services in 4.83.6. We received a lot of feedback and suggestions on the programmatic interfaces and incorporated these recommendations into the current release."

September, 2013

"Passwords are not going away because they are ingrained into virtually every part of IT infrastructure. Our mission is to make passwords safe by making them unique, infeasible to crack, limited in lifetime, and only accessible for the right reasons, by the right people, and only for as long as they are needed. Even more important, our mission is to make the transition to a world of secure password easy and fast with minimal to no ongoing human effort to keep things secure."

August, 2013

"If you take a snapshot of identities and how they are being used, how long is that information valid? In most situations, the information should be considered suspect within minutes of its discovery. If your current solution requires that you take manually take usage snapshots and import them by hand, how well do you think that strategy will work against nation-state attacks? Answer: not very well."

July, 2013

"Those that seek to compromise your security are using automation to find resources and access them, and the only solution is to be even more automated than your attackers at finding holes in your security and securing them faster than they can be exploited."

June, 2013

"Today we see that cyber-warriors implementing nation-state attacks use automated solutions to probe systems for weaknesses, create phishing attacks, and use automated solutions within the perimeter (once the target is breached) to investigate, inventory and penetrate additional systems. The conclusion of many large organizations is that they have accepted the fact that their perimeter defenses are good, but not perfect, so consequently they know there are always some systems on their network controlled by outside and unauthorized entities."

May, 2013             

"The challenge we faced at the beginning of this year from one of our largest customers was: how do you build a solution to manage 500,000, 2 million, 20 million or more systems? There is no off-the-shelf software to manage anything that large and there are tons of companies who have deployed that number of systems as part of their businesses. So, how do you do it? More importantly, how do we do it?"

April, 2013            

"As strange as it may seem, the management of critical national infrastructure is being held hostage by employees who have no skin in the game to improve security. Further, any attempt to implement new work rules, accountability and security technologies to provide defense go up against an impenetrable wall that represent a permanent stalemate at best."

March, 2013           

"Although it was predicted to occur over a decade ago, we are now seeing the use of cyber-weapons being used by nation states and radical elements to achieve attention, potential physical dominance and access to intellectual property that would boost their economies. What was theoretical and simple probing of security weaknesses has now turned into actual concerted warfare against real targets that affect real citizens of the USA on a daily basis – more or less."

February, 2013           

"Our public training classes are designed to make it easier for you to get started (if you are a kinetic/verbal learner) and/or don’t want to first read the thousands of pages of documentation. A public class is also a great way to get some of your nagging questions answered as well as learn best practices. Our courses are highly interactive and taught by professional instructors with multiple certifications."

January, 2013          

"As part of BASEL II, many organizations are now being required to store and retrieve secrets in multiple parts so that no single person maintains certain key secrets alone. The idea is that to unlock something or gain access to something, two (or more) parties must be physically present to provide their part of a secret such as a password. Double safekeeping is similar to the “two-man rule” used for missile launches. In our new implementation, you can break up both static (you upload them) and dynamic (random and automatically generated) passwords in as many different parts as you wish."

November, 2012         

"If you have been tasked with changing credentials on a regular basis, but have given up because these changes have caused outages due to the complexity and scope of not only changing credentials, but also where they are being used;  there is an automated solution that does the job quickly and at scale with minimal to no human interaction: Enterprise Random Password Manager (ERPM)."

October, 2012        

"To successfully change the password of an account, you must not only change it where it is being stored, you must also change every place that references that account. If you miss any of the places that have a stored password, the wrong password will be used and that service will fail to work properly. In some cases, the use of an incorrect password by a service can cause the operating system to think that the account is under attack and lock out the account.  This last scenario means that every service that uses that locked out account will now fail too."

September, 2012       

"Changing local administrator credentials on both Windows and non-Windows systems is a very easy thing to set up and execute within E/RPM and most changes can be accomplished enterprise-wide in a day or less..."

August, 2012       

"Last month I described how you can convert spreadsheets with passwords into our secure storage system of E/RPM. For those that have to deal with the real world, any conversion of process or access to data has political implications, no matter how poor or insecure the existing processes are."

July, 2012      

"We have had customers import over 500 existing password spreadsheets into the product and put this into production in less than 4 hours, so it can be done quickly."

June, 2012     

"As a privately held company, we have the freedom to reinvest the money you give us in R&D, development and testing of our products to enhance your experience and to better protect your systems. This strategy is exciting for us, motivating for our brilliant development staff, and a pleasure for our systems engineers and sales staff because they always have new, cool things to show you."

May, 2012    

"One of my favorite things about Server-to-Server Password Synchronizer is that it automatically fixes bad passwords and passwords that are out of synch without a user having to change their password to force synchronization. In other words, it creates order autonomously out of a horribly chaotic set of passwords for users."

April, 2012   

"Like every other product we make, going deep into the needs of the help desk, auditors, and regulators is where we shine. In Account Reset Console, we have implemented automated warnings to users that their password ages are excessive and their accounts will be disabled if they don’t change them in time. Warnings go out not only to the users, but also to the managers."

March, 2012 

"Over the last few years we have implemented all sorts of authentication and authorization mechanisms within our products to match the needs of our corporate and government users. Our integrated authentication solutions include LDAP servers, Kerberos, NTLM, RADIUS, as well as a very rich OATH implementation for multi-factor authentication (in addition to RSA SecurID)."

February, 2012 

"About two years ago Lawrence Pingree of Gartner and I had a great conversation at the RSA show in San Francisco about our products and about the huge amount of security and configuration data we collect and show. Mr. Pingree challenged us to unlock this treasure trove of information for customers by providing flexible access to the data in a variety of formats besides columnar reports. That single conversation at our booth sparked a development effort over the last two years to create a new dashboard and visualization system for our privileged identity management products..." 

January, 2012 

"Although we are well known for our sophisticated technology for privileged identity management with features like auto-discovery, correlation and propagation; sometimes just getting rid of an out-of-control information proliferation problem is just what the doctor ordered."

November, 2011 

We all know that the number one password management solution is the trusty sticky note. You write down your complex password on the sticky note, and then hide the note in a place you can find it (hopefully not on your monitor). The second most popular way to store commonly used credentials is to put them all on a spreadsheet and then share that spreadsheet with those that need access to the credentials on the spreadsheet. So, why is this a security problem and what can be done to remedy it? Find out in the November issue of
Privileged Identity Management Newsline.
October, 2011 

Survey after survey has revealed that security is the top concern voiced by prospective customers about cloud computing and its outsourced, on-demand business model. So how do you ensure that your IT outsourcing project doesn't lead to a whole new set of security challenges? Follow our 5 rules for a secure cloud migration in this month's newsletter.
September, 2011 

Here at Lieberman Software we often talk about the security risks of too many people having too much access to sensitive data for too long. The recent highly publicized data breach at Shionogi is a great example. This story vividly demonstrates what can happen when companies blindly trust the members of their internal IT departments and fail to control access to sensitive data. As we discuss in this month's Privileged Identity Management Newsline, what happened at Shionogi is certain to reoccur again and again.
August, 2011 

Recently a potential customer asked me to explain the difference between our solution and a competitor’s. After providing what I thought was a well thought out and compelling explanation, I was confronted with the conundrum of the customer not understanding my responses. So what was the reason for the disconnect? And what does set Lieberman Software apart from other vendors? Read the August, 2011 issue of Privileged identity Management News Line to find out.
July, 2011 

Over the last seven months we have been working on a new version of Enterprise Random Password Manager (ERPM version 4.83.2) and Random Password Manager (RPM, also version 4.83.2). We had a lot of objectives in this release, but there were a few persistent themes, not the least of which are enhanced scalability and even more auto-discovery capabilities. But there's much more in the new versions of E/RPM. Find out in the July, 2011 edition of Privileged Identity Management News Line.  

June, 2011 

At the beginning of June, Lieberman Software was a sponsor at a major analyst and CIO summit in London, England. During this summit, one of the roundtable discussions revolved around the topic of the relationship between CIOs and auditors. To say the least, this topic created heated responses that really hit a sensitive nerve for many of the CIOs in attendance. Find out what was discussed in the June, 2011 newsletter.

May, 2011 

The Sony data breach has made international headlines and has already been called the fifth largest breach in history. It's also spurred a lot of conjecture from IT security pundits about where and when the next breach will occur. Fortunately, there are five things you can do now to protect yourself from future security failures. Learn how you can secure yourself in May's newsletter.

April, 2011 

Security information and event management (SIEM) solutions have become a must-have in IT environments because the technology helps make sense of the vast quantities of data provided by security software and appliances across the network. But for all the advantages of SIEM, until now the solutions had one troubling blind spot. Find out what's been missing in the latest issue of Privileged Identity Management Newsline.  

March, 2011 

RSA Conference 2011 was well attended and both customers and analysts seem bullish about the future. The show did not disappoint. An interesting takeaway for Lieberman Software was the very positive response we received from customers and analysts regarding our technical integrations that bring privileged identity information into existing SIEM (Security Information & Event Management) frameworks. Learn more about our RSA Conference 2011 experience in this month's Privileged Identity Management Newsline.  

February, 2011 

As valued members of your organization, IT administrators work every day to keep your infrastructure up and available. But in today’s rush to contain operational costs, your IT administrators could be taking more shortcuts than you’d expect. And perhaps no aspect of IT suffers more from cutting corners than security. Read this month's newsletter to learn five secrets about IT security your administrators might not be telling you.

January, 2011 

As a software security vendor almost every week we run into security scenarios that make us slap our heads in disbelief. Everything from companies putting all of their administrator passwords onto a spreadsheet and then sharing it on a publicly visible share, to companies buying competitive solutions that are appliance-based with the clear intention of never implementing the solution. And these are only two examples. Find out other information security gaffes we've witnessed in this month's newsletter.

November, 2010 

At a recent CIO conference for insurance executives, I gave a presentation on improving the relationships between CIOs and IT management. I received exasperated responses from some of the CIOs; they told me there was little need to enhance these relationships since they had long ago outsourced much of their IT staff and there was effectively no “relationship” to improve. What brought these former market leaders to such a state? Find out in our November, 2010 newsletter.

October, 2010  

A year can make a big difference in technology – and in politics. A year ago, the federal government was failing badly at establishing a leadership position in cybersecurity. The politicians were thinking about anything but the defense of our nation’s computing infrastructure. And the attacks kept rolling in. Fortunately, things for the good guys have improved. How so? Find out in the October, 2010 issue of Privileged Identity Management News Line.

September, 2010  

Today, virtually all of your IT staff has anonymous, unaudited, 24/7 access to your data center applications, computers, and appliances through use of privileged account credentials. To ensure that this lack of accountability doesn’t bring you out of compliance with key industry mandates like SOX, PCI-DSS and HIPAA, in this month's newsletter we present four questions you should be considering.

Live chat by SightMax