Privileged Identity Management News Line January 2011

Top of Mind

Things That Make Me Crazy...

Philip Lieberman President & CEO
Lieberman Software

HAPPY NEW YEAR!

I wanted to start out the new year talking about a few of the things that make me crazy... when it comes to information security (or a lack thereof).

Almost every week we run into security scenarios that make me slap my head in disbelief. Everything from companies putting all of their administrator passwords onto a spreadsheet and then sharing it on a publicly visible share, to companies buying competitive solutions that are appliance-based with the clear intention of never implementing the solution. In the latter case, the only goal is to point to the device when the auditors come back to show them that some sort of action has been taken since they failed their IT audit.

We see companies that don't change their passwords, have no controls, are fined by regulators regularly, and consider it harder to spend money and time to fix their problems, than to pay the fines. Apparently it is easier to pay the money as fines than it is to fix their behavioral problems.

One scenario we saw was the selection of a competitor's product and our postmortem discussion with the IT manager where we were told that the CIO selected the other solution sight unseen based on an analyst recommendation. The IT management staff knew it would never work, but the IT manager who made the purchase would be leaving the department before the revelation of incompetence of the company's purchase became apparent.

From the point of view of security in general, from both insider threats as well as national security incidents, the one common theme I see is that most intrusions and compromises are found by accident, and usually because the attacker becomes both bold and unrestrained in behavior and arrogance. Unfortunately, the damage is usually done and only then do the money and resources flow to solve the problem. Even then, the half-life of attention seems to last only weeks before security once again drops down into the noise level and its funding is cut. Sigh.

What things make you crazy? Email me at: phil@liebsoft.com.

Tech Tip of the Month

Managing AT Tasks

Task Scheduler Pro is a handy tool for IT administrators who need to manage Windows tasks across all of their systems as a set. But did you know that it’s also one of the only ways to create and run new AT tasks?
Here’s how.

Events / Press / Analysts

U.S. Department of Defense Cyber Crime Conference. January 21-28, 2011. Atlanta, GA. Philip Lieberman will present "The Common Credentials Dilemma" on Thursday, January 27 at 4:00pm.

RSA Conference. February 14-17, 2011. San Francisco, CA. Stop by our booth: # 529.

Microsoft Management Summit. March 21-25, 2011. Las Vegas, NV.

InfoSec 2011. April 18-20, 2011. Orlando, FL. Visit us at Booth 308. Get 10% off your registration by using the code OS11/VDIS when registering!

Microsoft Tech-Ed North America. May 16-19, 2011. Atlanta, GA.

10 Expert Predictions For Business Computing and Enterprise IT Trends in 2011. Enterprise Features. In-house and internal threats will be a big element of 2011 as organizations begin to understand that anti-virus/malware/phishing software is no longer effective.

Lieberman Software Joins BMC Trouble Ticket System to Automatically Identify and Resolve Privileged Account Security Vulnerabilities. TMCnet.com. Lieberman Software Corp... announced integrations between its privileged identity management (PIM) solutions and BMC Remedy to record privileged account usage as part of the trouble ticket lifecycle.

Anti-Virus, Malware, And Phishing Software Is No Longer Effective. Business Computing World. In-house and internal threats will be a big element of 2011 as organizations begin to understand that anti-virus, malware, and phishing software is no longer effective.

Is anyone in control of cloud security? Help Net Security. There are those who argue that the age of cloud computing is merely in the minds of the more far-sighted IT visionaries. I have even met those whose businesses are indifferent to the cloud. This indifference may cost them dearly – and soon.

Security Is About Compliance, Not Trust. Virtual Strategy Magazine. The word “trust” appears in the tagline for a great many security products and services. But in the business world what we often tout as trust simply boils down to an acceptance of risk and the expectation that we can transfer liability to other parties should that trust be broken.

Tackling The Threat Of Negligent Insiders. eWeek Europe. According to many security experts, the most prevalent IT security threat arises from negligent insiders. Malicious hackers prey upon enterprise users...

Too much access? Privileged Identity Management to the rescue. CSO Magazine. "Compliance is the big issue for us," says an information security analyst for a large federal credit union that uses Lieberman Software. "We had open audit issues associated with service accounts, passwords that hadn't been changed since dirt was clean."

Rogue e-mail makes Swiss bank lose millions? Help Net Security. Reports that a rogue e-mail generated by a Swiss bank employee has cost the organization around £6.2 million in lost business highlights the problem of data leakages caused by email errors, says Lieberman Software.

Lieberman Software Tackles Privileged-Account Security Holes. Enterprise Systems Journal. Lieberman Software Corporation has released a solution with out-of-the-box integration between the company's privileged identity management (PIM) solutions and Microsoft System Center Service Manager (SCSM).

Lieberman Identity Management For Dell Servers. Darkreading. "Lieberman Software is the first member of the Dell PartnerDirect ISV Program to be certified for managing the privileged identities that control access to DRAC devices," said Kevin Noreen, Senior Product Manager for Systems Management, Dell Enterprise Product Group.