Lieberman Software

PRIVILEGED IDENTITY MANAGEMENT NEWS LINE
March 2011
Top of Mind

RSA Conference 2011 - Recap
Philip  Lieberman
President & CEO
Lieberman Software

As I settle in from a week-long look at the most pressing issues facing the security industry, I wanted to share my takeaways from RSA Conference 2011. Much of this perspective is based on interactions with IT professionals and industry thought leaders I met during the show.

An interesting takeaway for Lieberman Software is the very positive response we received from customers and analysts regarding our technical integrations that bring privileged identity information into existing SIEM (Security Information & Event Management) frameworks such as ArcSight, RSA enVision and Q1 Labs.

We also heard from a growing number of IT managers who expressed dissatisfaction with the time needed to implement other (non-Lieberman Software) privileged identity management solutions; in many cases these implementations are taking a year or longer and involve costly professional services investments. The good news is that these same companies are finally asking the right questions about how to implement privileged identity management correctly. There was a general tone of willingness to migrate from simplistic check box product comparisons to implementing real security solutions in a reasonable period of time without professional services or one-off customizations.

Finally, a trend that permeated the RSA Conference is the understanding that public cloud security is wholly inadequate. Potential cloud adopters are beginning to read the terms of service and are staying clear of many off-the-shelf offerings.  We are seeing adoption of private clouds hosted by the major cloud vendors but here, too, there appear to be many “special accommodations” to augment security provided the deal is big enough.

Overall, RSA Conference 2011 was well attended and both customers and analysts seem bullish about the future. The show did not disappoint.

What are your takeaways from the RSA Conference? Email me at: phil@liebsoft.com.

You can also follow me on Twitter: @liebsoft or connect with me via LinkedIn.

 
Tech Tip of the Month

VIDEO: Microsoft System Center Service Manager Integration With Privileged Identity Management

Before someone gains access to a sensitive system, ITIL processes require that a trouble ticket be opened. A chain of events occurs prior to someone having access to a sensitive system. That is Microsoft System Center Service Manager (SCSM) functionality. We link in to the trouble ticket workflow, and make sure that a valid ticket exists before credentials to sensitive systems are released. Only authorized admins with valid trouble tickets have the ability to retrieve passwords for systems they need to repair or manage. And, any actions we do to provide access to that sensitive system are logged on that same ticket.

This 11:26 minute video presents and demonstrates how Lieberman Software has integrated its flagship privileged identity management solution - Enterprise Random Password Manager (ERPM) - with SCSM. There is a whiteboard presentation followed by a product demonstration of the integration.
Click here to view!
  Follow us on Twitter!
 
What's New in Identity Week

Featured commentary on our Identity Week blog this month includes:
  • The Surprising Truth About Smartphone App Security
    I recently shared my thoughts on a troubling topic covered in InfoSecurity Magazine, and many other publications. As you’re probably aware, research from a US university undergraduate professor, Dan Wallach, shows that several Android apps, including an approved Facebook application, are sending out all data except for passwords “in the clear”... 
  • Cyber-Attack on Canada
    The Daily Tech reported China’s cyber-attack on Canada in this news story: “China Appears to Have Committed 'Unprecedented' Cyber-Attack on Canada”. The article discusses how Canada appears to have become the latest victim of Chinese cyber-aggression...
  • Not Ready for Online Voting
    Technology, with all its promise of time and cost savings, is often considered a panacea for the ills of our age – whether at the corporate, societal or personal level. I recently participated in a discussion about how technology might resolve an alarming trend in developed nations: the steady decline in voter turnout...
Partner News

RSA enVision Integration: Lieberman Software and RSA have collaborated to provide greater control over access to critical IT resources by removing user anonymity and revealing who has access to sensitive systems, when and for what purpose. The products work together to give IT management a clear view of what is happening within their environments and who specifically is behind the activity.

For details on this integration, please visit our RSA enVision Integration website.

Events / Press / Analysts
  • InfoSec 2011. April 18-20, 2011. Orlando, FL. Visit us at Booth 308. Get 10% off your registration by using the code OS11/VDIS when registering!
  • Infosecurity Europe. 19-21 April 2011. London, UK. Register FREE to attend and join over 12,500 information security professionals for 3 days at Earl's Court. Visit us in Booth F2.
  • Lieberman Software YouTube Channel. Check out the new videos we have uploaded to our YouTube channel: integrations with Microsoft System Center products, ERPM demos, and more.
  • Lieberman Software Joins Cloud Security Alliance. We will work with the Cloud Security Alliance to provide insights gained from our successful track record of managing privileged identities in private, hybrid and public cloud environments. We share the belief that the success of cloud vendors and their customers will only occur when security and transparency are equivalent or better than what can be provided by on-premises solutions.
  • Lieberman Software is Finalist in SC Magazine Awards Europe 2011. We are proud to announce that the company has been nominated as a finalist in the SC Magazine Europe security awards. This prestigious nomination is for  Enterprise Random Password Manager™ (ERPM), the company’s flagship PIM solution. ERPM automates the tasks to locate, inventory, organize and manage the thousands of privileged account passwords dispersed throughout large enterprise environments.
  • Business Technology Perspectives Blog - Top Security Trends for 2011. Windows IT Pro. While some progress has been made towards improving cloud security, many security obstacles remain. Lieberman Software President and CEO Philip Lieberman echoed that sentiment, saying that "Customers have a real reason to be concerned. There's a lack of transparency and consistency when it comes to logs and auditing, to reveal what is truly happening in a cloud environment," Lieberman said.
  • Smartphone Apps Not Secure Says Lieberman CEO. Phones Review. Lieberman Software specializes in security solutions and privileged identity management, and Phil further states… “This is the biggest issue with open source software. Whilst the economic imperative to go open source is clearly very strong, companies that use open source, such as Android, which is based on Linux code, also need to ensure their software is robust on the security front, and this process costs money.”
  • Pervasive memory scraping enables hackers to grab personally identifiable information from users' PCs. SecurityPark.net. The SANS Institute has reported a new trend in hacking techniques, used by hackers to grab personally identifiable information (PII) from users' PCs. Known as ‘pervasive memory scraping,’ the technique relies on the fact that certain areas of Windows memory are only occasionally overwritten, meaning that data from software that has been closed down on the PC, can still remain for some time after.
  • Are outsourcers using in-house knowledge gap as a license to print money? Inside Outsourcing - ComputerWeekly.com. "If Dave had just picked up the phone and given me a call I’d have been able to tell him that manually trying to manage his privileged accounts was just a money trap and wouldn't work. By automating the process, within a week his privileged identities could be under control and managed going forward – without a contract negotiation in sight."
  • Closing the privileged identity visibility gap. Help Net Security. Because SIEM systems were not designed with privileged identities in mind, they have no way to tie security events that are triggered through use of these accounts with the individuals and processes responsible. This lack of visibility can leave IT staff with too little information to make informed decisions and the inability to differentiate between routine security events and potentially damaging – or even criminal – activity.
Lieberman Software Corporation respects your right to privacy, and believes any information you provide us should be protected from disclosure to others. For more information, please read our privacy policy. .
Lieberman Software Corporation
1900 Avenue of the Stars, Suite 425
Los Angeles, CA  90067
                 Liebsoft.com    |    (01) 310-550-8575  |   newsletter@liebsoft.com