Lieberman Software
  Follow us on Twitter  Follow us on LinkedIn  Blog  Lieberman Software on
   July 2013   

Top of Mind

Staying Ahead of Attackers (Part 1)

Philip Lieberman, President & CEO
Lieberman Software

If you have been following our evolution over the last year, you can see that we have been pouring a lot of effort into R & D to make our solutions more automated at every stage to achieve faster and more complete security coverage of your environment with less and less human interaction each year. Our latest version is designed to provide virtually total machine-to-machine automation via programmatic access using PowerShell and Web Services.

Our mantra is “the less human interaction needed, the faster the product can be deployed and the more comprehensive the implementation.”  As environments get bigger and bigger, we have seen situations where there are simply not enough humans or time available to handle some privileged identity management scenarios manually or via scripts.

Your Attackers Are Automated – Shouldn’t You Be Too?

Those that seek to compromise your security are using automation to find resources and access them, and the only solution is to be even more automated than your attackers at finding holes in your security and securing them faster than they can be exploited.

Worst case – rightly assume that one or more of your machines is owned by an outsider (i.e. successful phishing attack).  Using automation as your defense limits how far an attacker can go in your environment as well as mitigate how long any captured credential can be used.

Consider the vulnerability known as pass-the-hash and automation. If every domain administrator and elevated account is changed every 8 to 24 hours without fail, any hash associated with such a credential is limited to less than 24 hours of validity. Is it possible to change every elevated account in your enterprise automatically and unattended? Yes – we do it every day for customers all over the world.

Speed = Security

The bottom line is: the faster you can deploy our solution and the quicker it reaches all your systems, the better your situation is. Because speed to deployment means speed to reduction of risk for your business, we have tried to get our deployment times for large enterprises down to hours.

Get it Done Now

Our vision is to walk up to a new environment, install our software on a workstation or server, point the solution at your environment, get a cup of coffee, and come back later to find a complete map of systems, identities and where they being used. The discovery process also identifies identities that are being misused (Step 1).

Step 2 is immediate mitigation of problems in minutes. The solution should allow a one click change of any password and have the change flow through and propagate to every place the identity is being used without the need for someone to configure all of the dependencies for different objects, operating systems, etc.

Step 3 is complete randomization of all sensitive credentials and a system to release a limited number of credentials to only those who need them and only for a limited amount of time.

The Bottom Line

Just as an attacker would use automation to characterize your environment and spread their access, we believe that our automation can provide you with the same type of technology except designed to secure your environment and keep it secured by constantly discovering and remediating flaws – such as common credentials and static privileged accounts – before attackers can use them for access.

(Part 2 of this article to come next month...)

What do you think? Email me at: You can also follow me on Twitter: @liebsoft or connect with me via LinkedIn.
What's New in Identity Week

Featured commentary on our
Identity Week blog this month includes:
  • Key Security Concerns for Cloud Service Providers. Every cloud infrastructure can be home to potentially hundreds of thousands of vulnerable privileged accounts. The presence of automated hacking tools means improperly secured privileged logins are almost certain to give hackers free reign on the network and access to customers’ private data, within minutes of an incursion...

Partner News

Lieberman Software Expands Channel Partner Program to Venezuela

C.G.S.I., C.A. is an IT security solutions and services provider based in Caracas. It is the first authorized partner for Lieberman Software in Venezuela, a country often cited as an emerging market for IT products and services.

"As a company 100% focused in information security solutions and services, we are very motivated about this new business relationship with Lieberman Software," said Paul Ledermann, VP of Commercial Planning at C.G.S.I., C.A.  "According to our knowledge of the market, this is an excellent opportunity for Lieberman Software and C.G.S.I., C.A. to grow together offering to our customers and prospects in Venezuela the best privileged identity management solution on the market."

Events / Press / Analysts
  • Contactless payments: the future for consumers? Engineering and Technology Magazine. The way consumers pay for goods has evolved for years, and contactless payment is the latest in convenience, but will it ever gain full acceptance? 
  • Privileged access management in the cloud. Pro Security Zone. As the IT infrastructures for today’s large Cloud Service Providers, Managed Service Providers and Internet Service Providers expand beyond hundreds of thousands of systems, the ability to manage and secure these dynamic environments grows increasingly complex.
  • 5 ways to further your IT security career. IT Pro Portal. While UK unemployment figures seem to be falling slightly, times are still difficult and few are opting to change. This makes both securing a new position and subsequently climbing the corporate ladder very difficult indeed. 

Tech Tip of the Month

Upgrade to the latest version of Enterprise/Random Password Manager 4.83.6

If you are a current ERPM customer, you should definitely upgrade to the latest version - 4.83.6. Get programmatic access to all ERPM functionality via SOAP, WSDL and Powershell CMDLets. For a full list of new features and updates please visit the appropriate page:

Lieberman Software Corporation respects your right to privacy, and believes any information you provide us should be protected from disclosure to others. For more information, please read our privacy policy. You are receiving this email because you have granted us permission to contact you. If you do not wish to receive email messages from Lieberman Software in the future, please click here.

Lieberman Software Corporation
1900 Avenue of the Stars, Suite 425
Los Angeles, CA  90067
           |    (01) 310-550-8575  |