It's a New... Release of E/RPM!
Lieberman, President & CEO
Over the last 7 months we
have been working on a new version of Enterprise Random
Password Manager (ERPM version 4.83.2) and Random Password Manager
(RPM, also version 4.83.2). Last week it was finally released to the
delight of our customers and partners. It was also a great source of
pride for our developers and testers to finally release the build after
all of the hard work they put in. Whew!
We had a lot of
objectives in this release, but there were a few persistent themes.
First, we always listen to customers and their reported bugs and
deployment issues. Generally, we fix bugs immediately when we can
reproduce them, but when they become Heisenbugs (they disappear when
you look for them), we had to bring out the big guns. I am proud to say
that we finally fixed every last one.
On the scalability front,
we have been working over the last 7 months with very large customers
deploying at mind boggling levels of scale and complexity. Imagine
managing a company with distribution and sales offices in every major
city on the planet that has Internet connectivity and reliable
electricity (more or less), and manufacturing also similarly
distributed, with the requirement for continuous compliance 7/24
everywhere and the requirement for a full audit-ready deployment in
less than one month (including re-architecting and remediation). To
describe the challenges best, we were seeing the most powerful database
engines simply giving up on some queries due to their complexity and
scale. The good news here is that we have rewritten database queries,
re-worked some of the table organization, redesigned dialogs with extra
filters, added progress indicators, revised web pages for faster
loading, and generally reshaped what was necessary to get back to
sub-second responses where possible (we can’t break the speed of
light). Yes, it is deployed and working great! For normal customers
(with less than 100K systems), everything in this release will just
seem a little snappier.
We have always been known
as the company with great auto-discovery, correlation and propagation
and there are a ton of new features to make deployments even faster and
more complete. We have added Oracle WebLogic, IBM WebSphere, new
directories and shortly SAP NetWeaver support. There is also new
support for auto-discovery of SQL Server instances as well as support
for SQL Reporting services.
With the recent security
breach of the RSA SecurID token system, we got the message loud and
clear that having RSA SecurID as the only 2-factor token solution was
unacceptable to many of our customers. So, we joined OATH as a coordinating member,
developed a complete multi-factor authentication stack
to not only support pretty much all of the OATH tokens out there
(hardware/software), but also added support for Yubico tokens with a special offer of 3 free YubiKey tokens
to get you started. We even added an instant and free multi-factor
capability to support email or SMS token codes.
Another goodie in this
release, is the OEM licensing of a browser based JAVA component (known
as MindTerm from CryptZone) to
allow you to do transparent SSH, Telnet, SCOPY, and SFTP from our web
interface from any platform and any browser that supports JAVA. The SSH
function allows you connect to any SSH device we manage the passwords
for, and connect without needing to view the credentials. This is
provided at no extra cost to our customers. There are also a ton of new
JAVA improvements we made to our SDK.
We also added support for
RADIUS authentication, and you
can now change the order of authentication providers on the E/RPM web
site. You can also confirm if you are really sure you want to
delete a password. There are other improvements in LDAP management and
LDAP security as well.
We also added
support for IPMI 2.0 and for all of the HP iLO cards (iLO 2 and iLO 3)
as well as the ability to seed the list of IPMI passwords for these
devices as well as most other platforms.
We have also beefed up
our web services interface, and added more interfaces to support both
private and public cloud environments with particular attention paid to
adding support for bare metal deployment and the management of
I have to say thanks to
everyone on our team as well as to our customers for having the
patience to wait for this release (quality takes time), and for giving
us the chance to show you that we listen to your suggestions and take
your challenges and problems seriously.
Thanks again for your
loyalty and try out this latest release (upgrading is easy and free if
you are on support). Let me know what you think! Also, let me know what
we should be working on for the next release…
me at: firstname.lastname@example.org.
You can also follow me
on Twitter: @liebsoft
or connect with me via LinkedIn.
Tip of the Month
Upgrade to ERPM 4.83.2
If you are an existing
Enterprise Random Password Manager (ERPM) or Random Password Manager
(RPM) customer, we STRONGLY recommend you upgrade to the new version.
is just so much more functionality and flexibility in this release.
Download the new installer package, run it, upgrade
please contact your account manager for the download link.
With the launch of E/RPM 4.83.2, we are
pleased to announce a special promotion for existing E/RPM customers
and for those actively evaluating E/RPM products as part of a proof of
multi-factor authentication devices. Looking for an alternative to
RSA SecurID two-factor authentication? Test drive our new integration
Get 3 free black YubiKeys
(including free shipping) when you use the following Coupon Code upon
ordering on the Yubico
online store: liebsoft
New in Identity Week
commentary on our Identity Week blog this month includes:
- Your SIEM Blind Spot. I recently had
the opportunity to contribute an article that appeared in
Computerworld. My inspiration for writing the article was the
ever-increasing number of data breaches occurring across some of the
biggest names in their respective industries: Morgan Stanley, Sony,
WellPoint, RSA… the list goes on...
- Recognizing and Avoiding Scareware is no
Simple Task. As a veteran of the IT security industry I was
recently asked for tips on how to recognize and avoid scareware. This
problem came to light not long ago when law enforcement agencies in the
United States and seven other nations seized computers running a
scareware scheme that tricked consumers into spending more than $72
million on fake anti-virus software...
Lieberman Software Partner Program
an NTT DATA Company, will resell the entire Lieberman Software product
line throughout Italy and southern Europe, helping customers secure
privileged identities, protect access to sensitive data, and more
easily achieve regulatory compliance.
"Our clients span the range of major vertical markets, including
banking, insurance, manufacturing and telecommunications," said Giorgio
Scarpelli, Vice President, Value Team. "One thing that all of our
customers have in common is the need to control and audit access to the
powerful privileged identities in the enterprise. Our channel
partnership with Lieberman Software helps our clients to achieve this
level of security and governance."
Value Team is one of the leading ICT players in Italy, Latin America
and Turkey with a specific focus on IT business-critical applications,
which draws on nearly 3,000 professionals worldwide. With a complete
and structured offering covering consulting, system integration and
outsourcing, Value Team provides support to companies in all major
Events / Press /
USA 2011. August
Las Vegas, NV. The Black Hat Briefings remains the
biggest and the most important technical security conference series in
the world. Come visit us in booth # 312!
Protect 11 Conference. September 11-14,
2011. Gaylord National Hotel, National Harbor, MD. This
is the HP enterprise software and cybersecurity event of the year. This
year will be bigger, better and badder than ever! As the Diamond
sponsor, Lieberman Software will have a major presence so please visit
us if you plan on attending this event.
Simple Steps to Safeguard Your Voicemail. eSecurity Planet.
The London press is in an uproar. And rightfully so. Employees of the
now shuttered Rupert Murdoch-owned tabloid News of the World apparently
hacked into the voicemail (VM) of many hundreds of targets, ranging
from leading politicians, royals, and many tragic victims... Security
experts offer nightmare scenarios where, for instance, every VM
received by the CEO of a take-over target is overheard by the acquiring
You Trust Your Cloud Data Center Security? Data Center Post. The
fact that so many cloud providers – large and small – have no interest
in managing privileged identities and segregating duties to limit
access to sensitive data and systems should give customers pause before
putting their most precious data and resources in the hands of many
accounts are your SIEM blind spot. Computerworld. Data
breaches often involve the unauthorized use of highly privileged
accounts, and when this happens most organizations are powerless to
identify the individuals or processes responsible. The best that can be
done is to change a few passwords and wait for the cycle to repeat
itself. It's a Groundhog Day experience that's seen in far too many
RSA SecurID Breach – Where Do We Go From Here? Infosecurity.
The ripples of the recent RSA SecurID compromise event go far and wide
and can cause us to question some of the fundamental beliefs we have in
vendors and their business models.
Five Golden Rules for Success in Outsourcing. The Datacenter
Journal. Outsourcing has worked well for some companies, but it
can also lead to business-damaging disasters. The problem is that if
outsourcers fail, you're left holding the baby without the resources to
care for it. There is little margin for error in choosing an
outsourcer, as Lieberman Software found in our recent survey at
InfoSecurity 2011. We discovered that 77% of IT professionals surveyed
said their outsourcers had made up work to earn extra money... Here are
my five golden rules to ensure your outsourcing lifeboat doesn’t sink
- Five Tips for Not
Getting Fired. British Computing Society. 2011
has indeed unleashed a wave of unprecedented security breaches that
have left many people reeling: Epsilon, Sony, WikiLeaks, PBS.org, RSA
Security and HBGary Federal to mention only some of the victims. So to
put this all in context, and provide a cautionary tale of the
challenges facing IT security professionals, I have drafted a
fictitious scenario to illustrate the five best ways to get yourself
fired, so that hopefully you never do! Happy reading.