Lieberman Software

PRIVILEGED IDENTITY MANAGEMENT NEWS LINE
July 2011

Top of Mind

It's a New...  Release of E/RPM!

Philip  Lieberman, President & CEO
Lieberman Software


Over the last 7 months we have been working on a new version of Enterprise Random Password Manager (ERPM version 4.83.2) and Random Password Manager (RPM, also version 4.83.2). Last week it was finally released to the delight of our customers and partners. It was also a great source of pride for our developers and testers to finally release the build after all of the hard work they put in. Whew!

We had a lot of objectives in this release, but there were a few persistent themes. First, we always listen to customers and their reported bugs and deployment issues. Generally, we fix bugs immediately when we can reproduce them, but when they become Heisenbugs (they disappear when you look for them), we had to bring out the big guns. I am proud to say that we finally fixed every last one.

On the scalability front, we have been working over the last 7 months with very large customers deploying at mind boggling levels of scale and complexity. Imagine managing a company with distribution and sales offices in every major city on the planet that has Internet connectivity and reliable electricity (more or less), and manufacturing also similarly distributed, with the requirement for continuous compliance 7/24 everywhere and the requirement for a full audit-ready deployment in less than one month (including re-architecting and remediation). To describe the challenges best, we were seeing the most powerful database engines simply giving up on some queries due to their complexity and scale. The good news here is that we have rewritten database queries, re-worked some of the table organization, redesigned dialogs with extra filters, added progress indicators, revised web pages for faster loading, and generally reshaped what was necessary to get back to sub-second responses where possible (we can’t break the speed of light). Yes, it is deployed and working great! For normal customers (with less than 100K systems), everything in this release will just seem a little snappier.

We have always been known as the company with great auto-discovery, correlation and propagation and there are a ton of new features to make deployments even faster and more complete. We have added Oracle WebLogic, IBM WebSphere, new directories and shortly SAP NetWeaver support. There is also new support for auto-discovery of SQL Server instances as well as support for SQL Reporting services.

With the recent security breach of the RSA SecurID token system, we got the message loud and clear that having RSA SecurID as the only 2-factor token solution was unacceptable to many of our customers. So, we joined OATH as a coordinating member, developed a complete multi-factor authentication stack to not only support pretty much all of the OATH tokens out there (hardware/software), but also added support for Yubico tokens with a special offer of 3 free YubiKey tokens to get you started. We even added an instant and free multi-factor capability to support email or SMS token codes.

Another goodie in this release, is the OEM licensing of a browser based JAVA component (known as MindTerm from CryptZone) to allow you to do transparent SSH, Telnet, SCOPY, and SFTP from our web interface from any platform and any browser that supports JAVA. The SSH function allows you connect to any SSH device we manage the passwords for, and connect without needing to view the credentials. This is provided at no extra cost to our customers. There are also a ton of new JAVA improvements we made to our SDK.

We also added support for RADIUS authentication, and you can now change the order of authentication providers on the E/RPM web site.  You can also confirm if you are really sure you want to delete a password. There are other improvements in LDAP management and LDAP security as well.

We also added support for IPMI 2.0 and for all of the HP iLO cards (iLO 2 and iLO 3) as well as the ability to seed the list of IPMI passwords for these devices as well as most other platforms.

We have also beefed up our web services interface, and added more interfaces to support both private and public cloud environments with particular attention paid to adding support for bare metal deployment and the management of lights-out cards.

I have to say thanks to everyone on our team as well as to our customers for having the patience to wait for this release (quality takes time), and for giving us the chance to show you that we listen to your suggestions and take your challenges and problems seriously.

Thanks again for your loyalty and try out this latest release (upgrading is easy and free if you are on support). Let me know what you think! Also, let me know what we should be working on for the next release…


Email me at: phil@liebsoft.com. You can also follow me on Twitter: @liebsoft or connect with me via LinkedIn.
 

Tech Tip of the Month

Upgrade to ERPM 4.83.2 or RPM 4.83.2!

If you are an existing Enterprise Random Password Manager (ERPM) or Random Password Manager (RPM) customer, we STRONGLY recommend you upgrade to the new version. There is just so much more functionality and flexibility in this release. Download the new installer package, run it, upgrade the website.

To upgrade, please contact your account manager for the download link.


  Follow us on Twitter!
 
Special Promotion!

With the launch of E/RPM 4.83.2, we are pleased to announce a special promotion for existing E/RPM customers and for those actively evaluating E/RPM products as part of a proof of concept (POC): free YubiKey multi-factor authentication devices. Looking for an alternative to RSA SecurID two-factor authentication? Test drive our new integration with Yubico!

Get 3 free black YubiKeys (including free shipping) when you use the following Coupon Code upon check-out when ordering on the Yubico online store:  liebsoft


What's New in Identity Week

Featured commentary on our
Identity Week blog this month includes:
  • Your SIEM Blind Spot. I recently had the opportunity to contribute an article that appeared in Computerworld. My inspiration for writing the article was the ever-increasing number of data breaches occurring across some of the biggest names in their respective industries: Morgan Stanley, Sony, WellPoint, RSA… the list goes on...
  • Recognizing and Avoiding Scareware is no Simple Task. As a veteran of the IT security industry I was recently asked for tips on how to recognize and avoid scareware. This problem came to light not long ago when law enforcement agencies in the United States and seven other nations seized computers running a scareware scheme that tricked consumers into spending more than $72 million on fake anti-virus software...

Partner News

Value Team Joins Lieberman Software Partner Program

Value Team
, an NTT DATA Company, will resell the entire Lieberman Software product line throughout Italy and southern Europe, helping customers secure privileged identities, protect access to sensitive data, and more easily achieve regulatory compliance.

"Our clients span the range of major vertical markets, including banking, insurance, manufacturing and telecommunications," said Giorgio Scarpelli, Vice President, Value Team. "One thing that all of our customers have in common is the need to control and audit access to the powerful privileged identities in the enterprise. Our channel partnership with Lieberman Software helps our clients to achieve this level of security and governance."

Value Team is one of the leading ICT players in Italy, Latin America and Turkey with a specific focus on IT business-critical applications, which draws on nearly 3,000 professionals worldwide. With a complete and structured offering covering consulting, system integration and outsourcing, Value Team provides support to companies in all major vertical markets.


Events / Press / Analysts
  • 4 Simple Steps to Safeguard Your Voicemail. eSecurity Planet. The London press is in an uproar. And rightfully so. Employees of the now shuttered Rupert Murdoch-owned tabloid News of the World apparently hacked into the voicemail (VM) of many hundreds of targets, ranging from leading politicians, royals, and many tragic victims... Security experts offer nightmare scenarios where, for instance, every VM received by the CEO of a take-over target is overheard by the acquiring firm.
  • Can You Trust Your Cloud Data Center Security? Data Center Post. The fact that so many cloud providers – large and small – have no interest in managing privileged identities and segregating duties to limit access to sensitive data and systems should give customers pause before putting their most precious data and resources in the hands of many providers.
  • Generic accounts are your SIEM blind spot. Computerworld. Data breaches often involve the unauthorized use of highly privileged accounts, and when this happens most organizations are powerless to identify the individuals or processes responsible. The best that can be done is to change a few passwords and wait for the cycle to repeat itself. It's a Groundhog Day experience that's seen in far too many enterprises.
  • Comment: RSA SecurID Breach – Where Do We Go From Here? Infosecurity. The ripples of the recent RSA SecurID compromise event go far and wide and can cause us to question some of the fundamental beliefs we have in vendors and their business models.

  • The Five Golden Rules for Success in Outsourcing. The Datacenter Journal. Outsourcing has worked well for some companies, but it can also lead to business-damaging disasters. The problem is that if outsourcers fail, you're left holding the baby without the resources to care for it. There is little margin for error in choosing an outsourcer, as Lieberman Software found in our recent survey at InfoSecurity 2011. We discovered that 77% of IT professionals surveyed said their outsourcers had made up work to earn extra money... Here are my five golden rules to ensure your outsourcing lifeboat doesn’t sink mid-stream.
  • Five Tips for Not Getting Fired. British Computing Society. 2011 has indeed unleashed a wave of unprecedented security breaches that have left many people reeling: Epsilon, Sony, WikiLeaks, PBS.org, RSA Security and HBGary Federal to mention only some of the victims. So to put this all in context, and provide a cautionary tale of the challenges facing IT security professionals, I have drafted a fictitious scenario to illustrate the five best ways to get yourself fired, so that hopefully you never do! Happy reading.

Lieberman Software Corporation respects your right to privacy, and believes any information you provide us should be protected from disclosure to others. For more information, please read our privacy policy. You are receiving this email because you have granted us permission to contact you. If you do not wish to receive email messages from Lieberman Software in the future, please click here.
Lieberman Software Corporation
1900 Avenue of the Stars, Suite 425
Los Angeles, CA  90067
                 Liebsoft.com    |    (01) 310-550-8575  |   newsletter@liebsoft.com