|Top of Mind
Philip Lieberman, President & CEO
Over the last year we have been investing in technology to bring
scalable privilege management/privileged access management (PAM) to
both IT and regular users alike. The goal of the project has been to
leverage our secure storage of credentials, SSH keys, certificates and
pass phrases with a better performing, industry standard application
launch/application virtualization technology to deliver a new chapter
in privileged access management.
When we started this project about a year ago, we spoke with our own
customers as well as those of our competitors and asked them to
describe their ideal privilege access management platform. We also
asked customers to tell us their biggest complaints with existing
General Customer Dissatisfaction with
Privileged Access Management
The common thread in these discussions on existing privileged access
management solutions was the general lack of scalability (you have to
buy a lot of very expensive appliances), limited application selection
(the box comes with a few applications and integrations), very
expensive deployments, lock-in to vendor provided hardware and support,
and limited configuration options. The other common complaint was that
the core PAM technology was proprietary and in many cases based on open
source technology that was never well documented.
Our Solution: Integrating Microsoft
Platforms with Lieberman Software Security Technologies
In our latest version we have provided customers with the ability to
launch virtually any application that needs automated logon both on
their local machine as well as on a secure bastion host/jump server.
For local launch we implemented a general purpose and customer
configurable local application launcher that can push applications to
the local desktop, check application code validity, provide
credentials, and provide a fast convenient way to launch a wide variety
of applications. Local applications can be recorded with optional
agents that can be installed on the user’s system.
We are particularly proud of our work in developing a flexible
technology to leverage Microsoft’s RemoteApp technology that allows you
to publish applications on Terminal Server, but with our technology you
can also add session recording as well as provide automated credential
Our integration with Microsoft now allows you to publish an icon for an
application within our web portal, and by clicking on it, you can
securely logon to a website without user interaction, launch an
application with credentials automatically provided, with full
Scalability, Flexibility, Transparency
We chose Microsoft Terminal Server and its RemoteApp technology because
most of our customers already own and understand Terminal Server
technology. Customers also know how to scale it up to any application
workload. From a price point of view, most customers already own the
user/device licenses to implement Terminal Server, have the hardware,
and also the staff already in place to use Terminal Server as a secure
bastion host for privileged access management with no significant
As an extra bonus, Microsoft recently announced the support of
RemoteApp in their Azure cloud environment which opens up the
possibility of moving privilege access management workloads to the
What Does This Mean to Customers?
For customers already using Microsoft Terminal Server, they can now get
automated secure application hosting by purchasing our latest version
of Enterprise Random Password Manager (ERPM) with the Application
For those that have been using proprietary bastions for secure SSH
logons and are dissatisfied with the lack of speed and flexibility of
their SSH client support, we have built-in support for PuTTY, MindTerm,
and can support virtually any SSH client you wish, that runs on
Windows. ERPM can provide these SSH clients with username/password, SSH
user keys, and passphrases. It also supports SSH tunneling and SSH
For those seeking a secure Terminal Server Client bastion with
recording, ERPM does that too. The product now supports NLA (Network
Level Authentication) as well as automated direct MSTSC client logon
locally. It also supports RemoteApp launch of MSTSC for an automated
launch on Terminal Server with secure start, recording, and bastion
functionality (direct client connection prohibited, but Terminal Server
is allowed connection to end points).
How Fast to Deploy? Any Vendor Lock-Ins?
Unlike our competitors in the PAM marketplace, we are providing source
code to our application integrations as well as full documentation on
how to move your applications to Terminal Server with their credentials
automatically provided by our technology. You can leverage the full
range of VDI, virtualization, server farms, and other flexible
technologies with our solution.
By way of speed, we can show you how to automate the logon to a new
website for your users in less than 20 minutes (including research and
client deployment). We have also included a great many different
website integrations, in source code format, so you'll have a head
Just to clarify, some of our competitors try to get you to accept a
single proprietary web logon control that is supposed to automate the
logon to your web common sites. If you have tried these products, you
know that they don't work except in the most trivial cases because each
website is subtly different and changes over time. As a result,
competing solutions leave you waiting for each vendor to update their
proprietary integrations. In contrast, our solution allows you to
tailor web logons in minutes and to handle even the most unconventional
websites. We give you the training and technology to easily handle the
job yourself…without having to wait for us.
that any technology you purchase from us should be non-proprietary,
scalable, fully documented, and put you in the driver seat to control
Recorders, Recorders, Recorders…
With our competitor’s solutions, you are locked into their single
recorder technology. With our release we give you a selection of
different session recording technologies of which two are free,
commercially supported products. We also provide integrations to
additional commercial recorders as well as offer the ability to use
open source recorder solutions. This means that session recording is
available out-of-the-box, free, and without a lock-in to a proprietary
For added flexibility, we also include support for an optional free
multi-format video transcoder that can convert your video recordings
into multiple formats for multiple playback devices. This means you can
playback your session recordings on Android, Apple and other devices.
We also leverage Microsoft’s smooth video streaming technologies in IIS
for high performance video. This is the same technology Microsoft uses
for the NBC Olympic event playbacks, so it is certainly scalable.
Cash for Clunkers
For those that are tired of the inflexibility of their existing
appliance based bastions, we now offer a “Cash for Clunkers” program
where we can provide you with a negotiated credit for your old
privileged access management platform. Contact your sales
representative to see how much you can get back by trading in your old
Get a Demo
for a demo of our new version. If you are an existing ERPM customer,
this new functionality is available to you at a very reasonable
incremental cost. Contact your representative for details.
What do you think? Email me at: email@example.com.
You can also follow me on Twitter: @liebsoft or connect with me via LinkedIn.
|What's New in Identity Week
commentary on our Identity
Week Blog this
Silent Cyber Killer. It is generally acknowledges that
Advanced Persistent Threats (APTs) represent the biggest concern for
companies today when it comes to the use of cyber-space. No company can
function without Internet access, and virtually all information is in
Privileged Access to Restrict Spyware Voyeurs. Someone
once said, “the powers of hell feed on the best instincts in man”.
Take, for example, the case of Andrew Meldrum, who was recently
convicted of three counts of unauthorized access to computer material
and two counts of voyeurism...
What Have We
Learned from the Snowden Affair? Edward Snowden is once
again in the headlines. Not that he’s necessarily ever left the news
cycle, but last week’s televised interview of Mr. Snowden by Brian
Williams of NBC seems to have reignited the debate around the former
Events / Press / Analysts
Hacker puts 'full
redundancy' code-hosting firm out of business. PC World. A
code-hosting and project management services provider was forced to
shut down operations indefinitely after a hacker broke into its cloud
infrastructure and deleted customer data, including most of the
International Exposures an Increasing Concern of Tech Companies.
Wall Street Journal. More than 13% of the IT security
professionals asked by Lieberman Software Corp. said they are still
able to access previous employers’ systems using their old credentials.
Poor password policies are killing
companies: 10 ways to fix it. IT Manager Daily. A
recent survey shows that when it comes to password policies and
revoking credentials, many companies are getting a failing grade – and
some of the worst offenders out there are in the IT department.
News Scan: Former IT
security pros seen as significant security risk. FierceCIO.
Insider threats remain one of the greatest concerns to IT security, but
a new study finds that former IT security pros make up a significant
risk to many organizations.
password fatigue, More EU passports for Gemalto, SecureKey at hackathon.
SecureIDNews. Results from
Lieberman’s 2014 report suggest a general lack of password security and
privileged access control.
of Ex-employees Can Still Access Privileged Information. InfoSecurity.
Cavalier attitudes to password
management, even for ex-employees, pave the way to a new era of data
Tech Tip of the Month
Although it can seem nearly impossible to detect and eliminate
unauthorized software in large enterprise environments, with the right
tool it can be done. Did you know that User Manager Pro Suite uses
patented technology to find and block malicious or unauthorized
programs? Learn More.