IT Security Articles from Lieberman Software

Lieberman Software frequently contributes bylined articles to leading IT publications to promote security best practices for the enterprise. A selection of published articles is below. 

 

Beyond Compliance: Why We Need to Move Past Tick-box Security
Information Age
Chris Stoneff
 

61% of IT professionals have deployed IT security products purely to meet compliance regulations rather than to increase security. But simply complying with IT security regulations doesn’t necessarily make you more secure. - See more at: http://www.information-age.com/it-management/risk-and-compliance/123460524/beyond-compliance-why-we-need-move-past-tick-box-security#sthash.3Jm4NEcc.dpuf
61% of IT professionals have deployed IT security products purely to meet compliance regulations rather than to increase security. But simply complying with IT security regulations doesn’t necessarily make you more secure. - See more at: http://www.information-age.com/it-management/risk-and-compliance/123460524/beyond-compliance-why-we-need-move-past-tick-box-security#sthash.3Jm4NEcc.dpuf
61% of IT professionals have deployed IT security products purely to meet compliance regulations rather than to increase security. But simply complying with IT security regulations doesn’t necessarily make you more secure.
61% of IT professionals have deployed IT security products purely to meet compliance regulations rather than to increase security. But simply complying with IT security regulations doesn’t necessarily make you more secure. - See more at: http://www.information-age.com/it-management/risk-and-compliance/123460524/beyond-compliance-why-we-need-move-past-tick-box-security#sthash.3Jm4NEcc.dpuf
61% of IT professionals have deployed IT security products purely to meet compliance regulations rather than to increase security. But simply complying with IT security regulations doesn’t necessarily make you more secure. - See more at: http://www.information-age.com/it-management/risk-and-compliance/123460524/beyond-compliance-why-we-need-move-past-tick-box-security#sthash.3Jm4NEcc.dpuf
61% of IT professionals have deployed IT security products purely to meet compliance regulations rather than to increase security. But simply complying with IT security regulations doesn’t necessarily make you more secure. - See more at: http://www.information-age.com/it-management/risk-and-compliance/123460524/beyond-compliance-why-we-need-move-past-tick-box-security#sthash.3Jm4NEcc.dpuf
61% of IT professionals have deployed IT security products purely to meet compliance regulations rather than to increase security. But simply complying with IT security regulations doesn’t necessarily make you more secure. - See more at: http://www.information-age.com/it-management/risk-and-compliance/123460524/beyond-compliance-why-we-need-move-past-tick-box-security#sthash.3Jm4NEcc.dpuf

Cybersec Guidelines for Electric Utilities Get It Mostly Right
Energy Central
Jonathan Sander

There are large scale, automated ways to deal with administrative users and rights which can be applied. Privileged users and rights are also items that should be touched at provisioning times - when users join, move or leave the organization. The link between Identity and Access Management and Privileged Identity Management is strong.

Privileged Identities Are At the Core of Today's Cyber Attacks
SC Magazine
Philip Lieberman

Privileged access is vital for launching cyber-attacks; whether it's to install malware or key loggers, steal or corrupt data, or disable hardware. Hence why, privileged account credentials are in such high-demand by attackers. As a matter of fact, a study by Mandiant found that 100 percent of the attacks they examined involved stolen credentials.

The Insider vs. The Outsider: Who Poses the Biggest Security Risk? 
HelpNet Security
Chris Stoneff

One of the main objectives for an external cyber attacker is to extract credentials that allow the intruder to move laterally throughout the environment. Once the intruder achieves full access to a network, he can easily steal confidential data. Many skilled cybercriminals have an arsenal of advanced tools, like zero-days, which they can continuously launch at organizations. This puts immense pressure on IT teams as they are often fighting sophisticated cyber attacks that they’ve never seen before.

Secure Privileged Accounts Faster Than Hackers Can Strike
Microsoft Channel 9
Chris Stoneff

In recent months, we've witnessed a series of devastating data breaches affecting some of the world's most renowned businesses, with each breach inflicting staggering costs in terms of financial and reputational damage. But what's lesser known is many of those breaches began when a cyber attack exploited a single, unsecured privileged account and eventually gained control over the network. 

Five Biggest Cyber Security Mistakes That Show the Need for Automated Defenses
TechWeek Europe
Philip Lieberman

Setting all workstations and/or server administrator accounts to the same password is a convenience for IT – but also for hackers.  If one machine is compromised and the password discovered, all the machines with that same password become compromised. 

Force Majeure - insurance for cyber-warfare?
SC Magazine UK
Philip Lieberman

 
As we look back on the cyber-attacks of 2014, one of the recurring themes presented by so-called security experts and the CEOs of hacked companies was that there was no way they could have expected nor prevented the consequences of the attacks that hit them. In legal parlance, the concept of reasonably unexpected and unstoppable events that disrupt a business and its contracts is called force majeure. 

Do Retailers Care About Their Customers' Data Security? 
Chain Store Age
Chris Stoneff

 
I think that most consumers would be horrified with the state of IT security at many retailers – especially given that these companies handle millions of payment card transaction daily, and collect a startling depth of private data for targeted marketing campaigns.

Detect and Respond
Help Net Security
Philip Lieberman

 
I have made the analogy that many corporate networks are like pieces of candy with a hard, thin shell and a big gooey interior. Organizations' common misconception is that they can protect the network interior by making the exterior a little harder – but this never works. The best strategy (and the most challenging politically) is to change the consistency of the interior network into a series of concentric layers of protection and trust – limiting access, accepting that some data loss is inevitable, and vastly reducing the potential consequences.

The Top 8 Ways That Privileged Accounts Are Exploited
SC Magazine
Chris Stoneff

 
Large organisations typically have thousands of privileged accounts, which are often left unmanaged. Rogue insiders, former employees, criminal hackers and sophisticated state-sponsored attackers can exploit these unmanaged privileged accounts to anonymously access and extract an organisation's most critical data using these common attack vectors.

Privileged Identity Management in the Cloud 
Cloud Computing Journal
Jess Richter

 
Cloud Service Providers are faced with significant security challenges when managing privileged identities, certificates and other file-based secrets on a massive scale in large and elastic environments. In the world's largest multi-tenant organizations, the number of systems that need to be managed can extend into the hundreds of thousands. A truly secure environment requires all identities on all systems to be discovered and managed.

The SCADA Security Challenge 
Help Net Security
Philip Lieberman

 
SCADA systems should never, ever, be connected directly to the Internet, because they are simply not resilient enough to hook up to the public network. They require the use of advanced layers of security – firewalls, privileged identity management, secure proxies – to be implemented as soon as possible for their defense.

Privileged Identity 101: Digging for God-Like Accounts
Tek-Tips Forum
Philip Lieberman

 
When I think about managing identities and privileges within an organization, one of my favorite analogies for the whole privileged identity lifecycle is biblical. Everything starts ‘in the beginning’ with a super user.  Whether someone starts with a server or a workstation, creates on-premise solutions for their network infrastructure or builds out a cloud, they’ll always have to start out with an account with god-like power that will control all other accounts accessing that resource going forward in the future.

Security Training Alone Won't Solve the Negligent Insider Threat  
SC Magazine

Philip Lieberman
 
Today, if your organization runs a network, you're a target for attack. We may never eliminate the threat but with a sound, layered security approach we can do much to reduce its potential impact. And when it comes to mitigating the risks of negligent insiders, organizations need to move beyond basic training and look for ways to limit the damage. 

Understanding Shared Account Password Management
TechNet Magazine
Chris Stoneff
 
The issue of shared account password management must be addressed. This means you should obtain a method of reliably and regularly changing your passwords. The solution must be scalable and flexible. It must also provide secured access to the passwords, and it needs to audit every action taken by the tool as well as every action taken by every user of the tool. In addition, the passwords generated need to be unique on every system in order to avoid a break-in due to shared account information.