Staying Ahead of Attackers
Philip Lieberman, President
have been following our evolution over the last year, you can see that
we have been pouring a lot of effort into R & D to make our
solutions more automated at every stage to achieve faster and more
complete security coverage of your environment with less and less human
interaction each year. Our latest version is designed to provide
virtually total machine-to-machine automation via programmatic access
using PowerShell and Web Services.
Our mantra is “the less
human interaction needed, the faster the product can be deployed and
the more comprehensive the implementation.” As environments get
bigger and bigger, we have seen situations where there are simply not
enough humans or time available to handle some privileged identity
management scenarios manually or via scripts.
Attackers Are Automated – Shouldn’t You Be Too?
Those that seek to
compromise your security are using automation to find resources and
access them, and the only solution is to be even more automated than
your attackers at finding holes in your security and securing them
faster than they can be exploited.
Worst case – rightly
assume that one or more of your machines is owned by an outsider (i.e.
successful phishing attack). Using automation as your defense
limits how far an attacker can go in your environment as well as
mitigate how long any captured credential can be used.
vulnerability known as pass-the-hash and automation. If every domain
administrator and elevated account is changed every 8 to 24 hours
without fail, any hash associated with such a credential is limited to
less than 24 hours of validity. Is it possible to change every elevated
account in your enterprise automatically and unattended? Yes – we do it
every day for customers all over the world.
The bottom line is: the
faster you can deploy our solution and the quicker it reaches all your
systems, the better your situation is. Because speed to deployment
means speed to reduction of risk for your business, we have tried to
get our deployment times for large enterprises down to hours.
Our vision is to walk up
to a new environment, install our software on a workstation or server,
point the solution at your environment, get a cup of coffee, and come
back later to find a complete map of systems, identities and where they
being used. The discovery process also identifies identities that are
being misused (Step 1).
Step 2 is immediate
mitigation of problems in minutes. The solution should allow a one
click change of any password and have the change flow through and
propagate to every place the identity is being used without the need
for someone to configure all of the dependencies for different objects,
operating systems, etc.
Step 3 is complete
randomization of all sensitive credentials and a system to release a
limited number of credentials to only those who need them and only for
a limited amount of time.
Just as an attacker would
use automation to characterize your environment and spread their
access, we believe that our automation can provide you with the same
type of technology except designed to secure your environment and keep
it secured by constantly discovering and remediating flaws – such as
common credentials and static privileged accounts – before attackers
can use them for access.
(Part 2 of this
article to come next month...)
you think? Email me at: Phil@liebsoft.com.
You can also follow me on Twitter: @liebsoft
or connect with me via LinkedIn.
New in Identity Week
Featured commentary on our Identity
Week blog this month includes:
Security Concerns for Cloud Service Providers. Every cloud
infrastructure can be home to potentially hundreds of thousands of
vulnerable privileged accounts. The presence of automated hacking tools
means improperly secured privileged logins are almost certain to give
hackers free reign on the network and access to customers’ private
data, within minutes of an incursion...
Lieberman Software Expands Channel Partner
Program to Venezuela
C.G.S.I., C.A. is an
IT security solutions and services provider based in Caracas. It is the
first authorized partner for Lieberman Software in Venezuela, a country
often cited as an emerging market for IT products and services.
"As a company 100% focused in information security solutions and
services, we are very motivated about this new business relationship
with Lieberman Software," said Paul Ledermann, VP of Commercial
Planning at C.G.S.I., C.A. "According to our knowledge of the
market, this is an excellent opportunity for Lieberman Software and
C.G.S.I., C.A. to grow together offering to our customers and prospects
in Venezuela the best privileged identity management solution on the
Events / Press /
access management in the cloud. Pro Security Zone. As the
IT infrastructures for today’s large Cloud Service Providers, Managed
Service Providers and Internet Service Providers expand beyond hundreds
of thousands of systems, the ability to manage and secure these dynamic
environments grows increasingly complex.
ways to further your IT security career. IT Pro Portal.
While UK unemployment figures seem to be falling slightly, times are
still difficult and few are opting to change. This makes both securing
a new position and subsequently climbing the corporate ladder very
Tech Tip of the Month
Upgrade to the
latest version of Enterprise/Random Password Manager 4.83.6
If you are a current ERPM or RPM customer, you
should definitely upgrade to the latest version - 4.83.6. Get
programmatic access to all E/RPM functionality via SOAP, WSDL and
Powershell CMDLets. For a full list of new features and updates please
visit the appropriate page: