Enterprise Random Password Manager™ (ERPM) can reliably discover privileged accounts out-of-the-box, and secure them against cyber attacks and insider threats.
Only ERPM offers True Discovery™ to safeguard more of your network and save IT staff time. ERPM’s rapid, comprehensive discovery helps you avoid leaving accounts exposed – including privileged logins present in newly-deployed hardware and applications, legacy software, developer “back doors,” undiscovered services or any other type of IT asset – that would otherwise make your network vulnerable to today’s sophisticated hacking techniques.
ERPM is unique for its ability to reliably discover and secure the widest range of privileged accounts, right out-of-the-box:
- Windows accounts such as named accounts, built-in administrator and guest
- Database accounts such as Microsoft SQL Server, Oracle, DB2, MySQL and Sybase logins
- Midrange and mainframe accounts on Linux, UNIX, OpenVMS, AS/400, OS/390, OSX and TN3270
- Privileged logins on out-of-band server management cards found on HP, Dell, and other IPMI compliant servers
- Active Directory and LDAP-Compliant directory services accounts
- Privileged accounts used in web services such as ASP.NET config files and SharePoint; and in middleware tiers such as Oracle WebLogic, IBM WebSphere, and SAP NetWeaver
- Interdependent process and service accounts in clustered environments that must be thoroughly discovered and properly changed to avoid service disruptions
- Shared account passwords that would be otherwise maintained in employees’ spreadsheets and data files
- Application-to-application and application-to-database credentials in web application tiers, packaged software programs, line-of-business applications, custom programs and more
ERPM gives you comprehensive, out-of the box ability to discover privileged accounts, without the need for customization and added-cost services. You also gain the assurance of support for an expanding list of targets with each new release.
Techniques to Discover Privileged Accounts
ERPM accommodates a broad range of system and account discovery techniques, giving you the flexibility to configure the solution once, with a minimum of interaction thereafter. ERPM adds and then automatically tracks systems found in:
- Domain systems lists
- Network browse lists
- Active Directory/Other LDAP-Compliant Directories
- Scanned IP address ranges
- ODBC query results from configuration management databases (CMDBs) and other sources
In addition, ERPM makes it easy for you to bulk-import system lists from text files, and to make ad-hoc entries through the management console. Only ERPM instantly enrolls new systems as they’re brought online, with zero operator intervention.
Service and process accounts passwords are especially difficult to change manually because first you have to identify everywhere the service account is in use (discovery), and then you must change the password everywhere it is in use (propagation). ERPM automatically takes care of this for you.
A unique capability of ERPM is the dynamic discovery of every location throughout the environment that an account is referenced by a Windows service, task, COM/DCOM object, or AT account. Discovering where service accounts are used is half the battle. You can’t change service account passwords if you don’t know where they are in use. ERPM dynamically discovers service account enumeration prior to changing service account passwords every time it executes a password change job.
In dynamic environments, with hundreds or thousands of service accounts, ERPM removes the need to dedicate massive amounts of time and resources to manually maintain a catalog of managed services.
Contact us to learn more about how Lieberman Software can help you secure your organization’s privileged accounts.