Privileged Identity Management News Line - June 2014
Top of Mind

Privilege Management
Philip Lieberman, President & CEO
Lieberman Software

Over the last year we have been investing in technology to bring scalable privilege management/privileged access management (PAM) to both IT and regular users alike. The goal of the project has been to leverage our secure storage of credentials, SSH keys, certificates and pass phrases with a better performing, industry standard application launch/application virtualization technology to deliver a new chapter in privileged access management.

When we started this project about a year ago, we spoke with our own customers as well as those of our competitors and asked them to describe their ideal privilege access management platform. We also asked customers to tell us their biggest complaints with existing solutions.

General Customer Dissatisfaction with Privileged Access Management

The common thread in these discussions on existing privileged access management solutions was the general lack of scalability (you have to buy a lot of very expensive appliances), limited application selection (the box comes with a few applications and integrations), very expensive deployments, lock-in to vendor provided hardware and support, and limited configuration options. The other common complaint was that the core PAM technology was proprietary and in many cases based on open source technology that was never well documented.

Our Solution: Integrating Microsoft Platforms with Lieberman Software Security Technologies

In our latest version we have provided customers with the ability to launch virtually any application that needs automated logon both on their local machine as well as on a secure bastion host/jump server.

For local launch we implemented a general purpose and customer configurable local application launcher that can push applications to the local desktop, check application code validity, provide credentials, and provide a fast convenient way to launch a wide variety of applications. Local applications can be recorded with optional agents that can be installed on the user’s system.

We are particularly proud of our work in developing a flexible technology to leverage Microsoft’s RemoteApp technology that allows you to publish applications on Terminal Server, but with our technology you can also add session recording as well as provide automated credential provisioning.

Our integration with Microsoft now allows you to publish an icon for an application within our web portal, and by clicking on it, you can securely logon to a website without user interaction, launch an application with credentials automatically provided, with full recording.

Scalability, Flexibility, Transparency

We chose Microsoft Terminal Server and its RemoteApp technology because most of our customers already own and understand Terminal Server technology. Customers also know how to scale it up to any application workload. From a price point of view, most customers already own the user/device licenses to implement Terminal Server, have the hardware, and also the staff already in place to use Terminal Server as a secure bastion host for privileged access management with no significant incremental costs.

As an extra bonus, Microsoft recently announced the support of RemoteApp in their Azure cloud environment which opens up the possibility of moving privilege access management workloads to the cloud.

What Does This Mean to Customers?

For customers already using Microsoft Terminal Server, they can now get automated secure application hosting by purchasing our latest version of Enterprise Random Password Manager (ERPM) with the Application Launcher option.

For those that have been using proprietary bastions for secure SSH logons and are dissatisfied with the lack of speed and flexibility of their SSH client support, we have built-in support for PuTTY, MindTerm, and can support virtually any SSH client you wish, that runs on Windows. ERPM can provide these SSH clients with username/password, SSH user keys, and passphrases. It also supports SSH tunneling and SSH gateways out-of-the-box.

For those seeking a secure Terminal Server Client bastion with recording, ERPM does that too. The product now supports NLA (Network Level Authentication) as well as automated direct MSTSC client logon locally. It also supports RemoteApp launch of MSTSC for an automated launch on Terminal Server with secure start, recording, and bastion functionality (direct client connection prohibited, but Terminal Server is allowed connection to end points).

How Fast to Deploy? Any Vendor Lock-Ins?

Unlike our competitors in the PAM marketplace, we are providing source code to our application integrations as well as full documentation on how to move your applications to Terminal Server with their credentials automatically provided by our technology. You can leverage the full range of VDI, virtualization, server farms, and other flexible technologies with our solution.

By way of speed, we can show you how to automate the logon to a new website for your users in less than 20 minutes (including research and client deployment). We have also included a great many different website integrations, in source code format, so you'll have a head start.

Just to clarify, some of our competitors try to get you to accept a single proprietary web logon control that is supposed to automate the logon to your web common sites. If you have tried these products, you know that they don't work except in the most trivial cases because each website is subtly different and changes over time. As a result, competing solutions leave you waiting for each vendor to update their proprietary integrations. In contrast, our solution allows you to tailor web logons in minutes and to handle even the most unconventional websites. We give you the training and technology to easily handle the job yourself…without having to wait for us.

We believe that any technology you purchase from us should be non-proprietary, scalable, fully documented, and put you in the driver seat to control your deployment.

Recorders, Recorders, Recorders…

With our competitor’s solutions, you are locked into their single recorder technology. With our release we give you a selection of different session recording technologies of which two are free, commercially supported products. We also provide integrations to additional commercial recorders as well as offer the ability to use open source recorder solutions. This means that session recording is available out-of-the-box, free, and without a lock-in to a proprietary format.

For added flexibility, we also include support for an optional free multi-format video transcoder that can convert your video recordings into multiple formats for multiple playback devices. This means you can playback your session recordings on Android, Apple and other devices. We also leverage Microsoft’s smooth video streaming technologies in IIS for high performance video. This is the same technology Microsoft uses for the NBC Olympic event playbacks, so it is certainly scalable.

Cash for Clunkers

For those that are tired of the inflexibility of their existing appliance based bastions, we now offer a “Cash for Clunkers” program where we can provide you with a negotiated credit for your old privileged access management platform. Contact your sales representative to see how much you can get back by trading in your old solution.

Get a Demo

Contact us for a demo of our new version. If you are an existing ERPM customer, this new functionality is available to you at a very reasonable incremental cost. Contact your representative for details.

What do you think? Email me at: You can also follow me on Twitter: @liebsoft or connect with me via LinkedIn.
What's New in Identity Week

Featured commentary on our Identity Week Blog this month includes:

APTs: The Silent Cyber Killer. It is generally acknowledges that Advanced Persistent Threats (APTs) represent the biggest concern for companies today when it comes to the use of cyber-space. No company can function without Internet access, and virtually all information is in digital format...

Lock Down Privileged Access to Restrict Spyware Voyeurs. Someone once said, “the powers of hell feed on the best instincts in man”. Take, for example, the case of Andrew Meldrum, who was recently convicted of three counts of unauthorized access to computer material and two counts of voyeurism...

What Have We Learned from the Snowden Affair? Edward Snowden is once again in the headlines. Not that he’s necessarily ever left the news cycle, but last week’s televised interview of Mr. Snowden by Brian Williams of NBC seems to have reignited the debate around the former NSA employee...
Events / Press / Analysts

Hacker puts 'full redundancy' code-hosting firm out of business. PC World. A code-hosting and project management services provider was forced to shut down operations indefinitely after a hacker broke into its cloud infrastructure and deleted customer data, including most of the company’s backups.

Survey Roundup: International Exposures an Increasing Concern of Tech Companies. Wall Street Journal. More than 13% of the IT security professionals asked by Lieberman Software Corp. said they are still able to access previous employers’ systems using their old credentials.

Poor password policies are killing companies: 10 ways to fix it. IT Manager Daily. A recent survey shows that when it comes to password policies and revoking credentials, many companies are getting a failing grade – and some of the worst offenders out there are in the IT department.

News Scan: Former IT security pros seen as significant security risk. FierceCIO. Insider threats remain one of the greatest concerns to IT security, but a new study finds that former IT security pros make up a significant risk to many organizations.

Lieberman on password fatigue, More EU passports for Gemalto, SecureKey at hackathon. SecureIDNews. Results from Lieberman’s 2014 report suggest a general lack of password security and privileged access control.

Significant Percentage of Ex-employees Can Still Access Privileged Information. InfoSecurity. Cavalier attitudes to password management, even for ex-employees, pave the way to a new era of data breaches.

Tech Tip of the Month

Remove Unwanted Software

Although it can seem nearly impossible to detect and eliminate unauthorized software in large enterprise environments, with the right tool it can be done. Did you know that User Manager Pro Suite uses patented technology to find and block malicious or unauthorized programs? Learn More.

Lieberman Software Corporation
1900 Avenue of the Stars​, Suite 425​
Los Angeles, CA 90067 USA​
Phone: +1 (310) 550-8575​

Copyright © 2014​, All rights reserved.