Lieberman Software
  Follow us on Twitter  Follow us on LinkedIn  Blog  Lieberman Software on
June 2013       

Top of Mind

Are You Even in the Race?

Philip Lieberman, President & CEO
Lieberman Software

June has been a whirlwind of tradeshows for us including Microsoft TechEd and the Gartner Security and Risk Management Summit. We look forward to these events because it gives us the ability to share our latest technology releases as well as get feedback from our customers regarding how well they are defending against those that are trying to infiltrate and damage their organizations.

Over the last year we have been working on ever larger customer environments including a few that require we take our auto-discovery to the next level. Conceptually, the idea of auto-discovery is that a solution will automatically discover accounts, where they are used, how they are used, and will be able to change credential passwords on a regular basis without causing outages. This, in itself, is a useful and needed capability for most IT shops, but a key differentiator between our solutions and those of our competitors is the amount of automation implemented in each stage of the discovery process and how well the solution scales.

As it turns out, even with the very best auto-discovery, the human element represents the core limitation in implementing security. We believe that by minimizing the need for humans in the process, security is better because the time to implement and manage the system is minimized.

We recently demonstrated to analysts and customers at Microsoft TechEd, the Gartner Summit and Kuppinger-Cole’s European Identity Conference, our ability to go beyond auto-discovery, because for some customers it is not always enough to stay in the race.


Today we see that cyber-warriors implementing nation-state attacks use automated solutions to probe systems for weaknesses, create phishing attacks, and use automated solutions within the perimeter (once the target is breached) to investigate, inventory and penetrate additional systems. The conclusion of many large organizations is that they have accepted the fact that their perimeter defenses are good, but not perfect, so consequently they know there are always some systems on their network controlled by outside and unauthorized entities.

If we start with an understanding that there are always one or more intruders within the interior of our network, what can be done to minimize the consequences of this assumption? Obviously you want to limit the scope of how far an intruder can go which means unique credentials on each system as well as regular rotation of domain administrator credentials on a schedule that assumes they were compromised within the last 24-48 hours.

Total Automation / Orchestration

The obvious conclusion of the preceding section is that to protect against such persistent attacks, your solution must be completely automated, and not just a simple single point-in-time discovery done by an IT administrator on their schedule.

What happens when your environment is so big and complex that you could never hire enough people to manage it via GUI or web applications? The answer (and the topic of our analyst presentations) is the introduction of a new paradigm in identity management where we assume that every machine, identity and password may be privileged, and the management of certificates is just as important as credentials based on shared secrets (passwords). To keep up with nation-state foes, we have introduced a fully documented API that allows the programmatic high level management of identity security. So what does this mean to an organization? This API allows an organization, within the space of 5-10 lines of code to automate the continuous management of thousands of systems using a choice of web services or Microsoft PowerShell.

Critical National Infrastructure (CNI)

This year we have been focusing some of our advanced development on the needs of large organizations that have upwards of 20 million systems. It's understood that these entities cannot manage so many machines using a web browser, nor from an appliance. We also realize that to defend against serious foes, the entire architecture needs to be distributed, n-tier, and subject to penetration testing on every layer. The solution also needs to be able to sustain compromise at various tiers and have a “plan-B” to recover via re-encryption and re-securing identities rapidly.

Until now, large CNI organizations have been faced with the creation of their own home-grown solutions, hiring armies of contractors, and/or ignoring the big problem of keeping up with the other side. Our mission and our latest solutions are designed to give these organizations new and viable options to fully automate identity security.

Our Goal

We understand how competent the other side is in penetrating your environment. The goal of everyone here at Lieberman Software is to create solutions that not only keep you in the race but ahead of the game.

What do you think? Email me at: You can also follow me on Twitter: @liebsoft or connect with me via LinkedIn.
What's New in Identity Week

Featured commentary on our
Identity Week blog this month includes:

Events / Press / Analysts
  • Lieberman Software Launches First Security-As-A-Service PIM Platform. Dark Reading. In its new evolution as a service platform, ERPM now provides full automation and programmatic orchestration of privileged credentials, certificates, pin codes, passcodes and other sensitive data generated on a massive scale by large multi-tenant organizations.
  • Products of the week 6.10.13. Network World. ERPM is the first privileged identity management solution capable of enabling secure check-in/check-out of privileged credentials directly from the McAfee ePolicy Orchestrator web-based interface, providing identity and configuration data enrichment for McAfee ePO.
  • Doing more with less in the age of sequester. Government Security News. How can federal agencies maintain regulatory compliance and stay abreast of the latest security threats while operating with a reduced IT staff? And how can these agencies secure access to their most sensitive files and applications from former employees and contractors recently furloughed or laid off?
  • EIC Award Winner! University Medical Center Hamburg / Eppendorf wins European Identity Award 2013 for the best approach to improving governance and reducing risks by implementing Lieberman Software's Enterprise Random Password Manager.

Tech Tip of the Month

Get Rid of Passwords in Spreadsheets

If you're still relying on spreadsheets to keep track of your privileged account passwords it's time to move to a more secure solution. Replace all of your unaudited password spreadsheets with an encrypted and audited online password safe.
Here's how.

Lieberman Software Corporation respects your right to privacy, and believes any information you provide us should be protected from disclosure to others. For more information, please read our privacy policy. You are receiving this email because you have granted us permission to contact you. If you do not wish to receive email messages from Lieberman Software in the future, please click here.

Lieberman Software Corporation
1900 Avenue of the Stars, Suite 425
Los Angeles, CA  90067
           |    (01) 310-550-8575  |