Monthly Newsletter 2013

Interested in signing up for our monthly newsletter, Privileged Identity Management Newsline? 

Get Newsletter Button


 
November, 2013

"As cloud vendors have become recognized as mission critical to the nation, there has been an interesting evolution into becoming not only security competent platforms, but ones in which the security resources available for defense can now achieve competence above even the largest corporate entities... In effect, we now see an environment where an attack on one critical national resource is seen as a potential attack on all, and all members react as such with the cooperation of the government to assure national interests are covered."

 
 
October, 2013

"One of the most gratifying experiences for the development team was to see the rapid adoption of our new orchestration interfaces via PowerShell and web services in 4.83.6. We received a lot of feedback and suggestions on the programmatic interfaces and incorporated these recommendations into the current release."

 
 
September, 2013

"Passwords are not going away because they are ingrained into virtually every part of IT infrastructure. Our mission is to make passwords safe by making them unique, infeasible to crack, limited in lifetime, and only accessible for the right reasons, by the right people, and only for as long as they are needed. Even more important, our mission is to make the transition to a world of secure password easy and fast with minimal to no ongoing human effort to keep things secure."

 
 
August, 2013

"If you take a snapshot of identities and how they are being used, how long is that information valid? In most situations, the information should be considered suspect within minutes of its discovery. If your current solution requires that you take manually take usage snapshots and import them by hand, how well do you think that strategy will work against nation-state attacks? Answer: not very well."

 
 
July, 2013

"Those that seek to compromise your security are using automation to find resources and access them, and the only solution is to be even more automated than your attackers at finding holes in your security and securing them faster than they can be exploited."

 
 
June, 2013

"Today we see that cyber-warriors implementing nation-state attacks use automated solutions to probe systems for weaknesses, create phishing attacks, and use automated solutions within the perimeter (once the target is breached) to investigate, inventory and penetrate additional systems. The conclusion of many large organizations is that they have accepted the fact that their perimeter defenses are good, but not perfect, so consequently they know there are always some systems on their network controlled by outside and unauthorized entities."

 
 
May, 2013             

"The challenge we faced at the beginning of this year from one of our largest customers was: how do you build a solution to manage 500,000, 2 million, 20 million or more systems? There is no off-the-shelf software to manage anything that large and there are tons of companies who have deployed that number of systems as part of their businesses. So, how do you do it? More importantly, how do we do it?"

 
 
April, 2013            

"As strange as it may seem, the management of critical national infrastructure is being held hostage by employees who have no skin in the game to improve security. Further, any attempt to implement new work rules, accountability and security technologies to provide defense go up against an impenetrable wall that represent a permanent stalemate at best."

 
 
March, 2013           

"Although it was predicted to occur over a decade ago, we are now seeing the use of cyber-weapons being used by nation states and radical elements to achieve attention, potential physical dominance and access to intellectual property that would boost their economies. What was theoretical and simple probing of security weaknesses has now turned into actual concerted warfare against real targets that affect real citizens of the USA on a daily basis – more or less."

 
 
February, 2013           

"Our public training classes are designed to make it easier for you to get started (if you are a kinetic/verbal learner) and/or don’t want to first read the thousands of pages of documentation. A public class is also a great way to get some of your nagging questions answered as well as learn best practices. Our courses are highly interactive and taught by professional instructors with multiple certifications."

 

     
January, 2013          

"As part of BASEL II, many organizations are now being required to store and retrieve secrets in multiple parts so that no single person maintains certain key secrets alone. The idea is that to unlock something or gain access to something, two (or more) parties must be physically present to provide their part of a secret such as a password. Double safekeeping is similar to the “two-man rule” used for missile launches. In our new implementation, you can break up both static (you upload them) and dynamic (random and automatically generated) passwords in as many different parts as you wish."



Live chat by SightMax