Lieberman Software
PRIVILEGED IDENTITY MANAGEMENT NEWS LINE
  Follow us on Twitter  Follow us on LinkedIn  Blog  Lieberman Software on YouTube
March 2013       

Top of Mind

Catch Me If You Can

Philip Lieberman
President & CEO
Lieberman Software

If you have been following the news over the last 6 months or so, you may have noticed an uptick in the number of articles related to critical national infrastructure legislation. You may have seen more reports of cyber-attacks against a wider variety of targets by entities other than criminal elements seeking financial gains.

Although it was predicted to occur over a decade ago, we are now seeing the use of cyber-weapons being used by nation states and radical elements to achieve attention, potential physical dominance and access to intellectual property that would boost their economies. What was theoretical and simple probing of security weaknesses has now turned into actual concerted warfare against real targets that affect real citizens of the USA on a daily basis – more or less. For proof, pick up any local paper or Internet news source and the victims of these cyber-attacks run the full gamut of financial, government as well as providers of life safety infrastructures.

What Has Changed?

From our perspective we see the methods used to attack ratcheted up to the nation-state level. At this level of opponent competence, existing anti-virus/anti-malware products as well as firewalls and intrusion detection solutions are a waste of time and money as they are totally ineffective.

Toady’s attacks are crafted on a per-user basis on a mass scale designed to regularly compromise some subset of systems within an organization. The objective of the attacks are to gain access to the internal network with a set of valid credentials (the higher privileged the better), and then try to jump around from machine to machine gathering more and more credentials and access.

It appears that the attackers have a good understanding of common weaknesses in IT shop processes such as default passwords, blank passwords, common passwords, shared passwords, and the use of publicly publishing password spreadsheets on shares. The other technique used is the compromise of servers and their services to discover powerful credentials that are widely used (many services using the exact same credential). We also see the use of the pass-the-hash technique to allow attackers to use in-memory credentials to achieve connectivity to other systems.

What Do We Offer? Simple: Speed and Scope.

If an organization regularly changes passwords, keeps credentials unique per system, and can automate the management of privileged credentials and secrets (and where they are used) so that that there is minimal disclosure for a limited amount of time for a specific purpose, then this threat is minimized.

With this in mind, we have seen some very interesting outcomes from our customers. First, some of our customers who are under active 7/24 attack have begun to rotate all passwords every 8 to 24 hours. This has created a nasty problem for attackers: not only are they limited to only one compromised system, but even this access is terminated automatically.

One great differentiator we offer to customers is our total automation of the machines, accounts and usage. This technology means that we can keep up with the attacker’s foot printing scanners and secure new resources as quickly as the enemy can detect them.

Just to be clear, I am not suggesting that all of our customers switch to this strategy of continuous high-frequency password changes. For some of our customers, the ability to keep nation-state attackers at bay by frustrating their attempts has been a very satisfying outcome for all of us.

What do you think? Email me at: Phil@liebsoft.com. You can also follow me on Twitter: @liebsoft or connect with me via LinkedIn.
What's New in Identity Week

Featured commentary on our
Identity Week blog this month includes:
  • Evernote Data Breach and Securing Access to Your Systems. Last week’s data breach of online information storage firm Evernote caused quite a stir in the IT security world. Of course, when you have 50 million users whose names, email addresses and encrypted passwords may have been accessed, you have to expect to see your company’s name in the headlines...
  • Compartmentalizing and Segmenting Privileged Passwords. If you’re a fan of old war movies – and especially if you’re a child of the Cold War – then you no doubt recall watching scenes where prior to launching a nuclear missile, two operators will turn their launch keys simultaneously in order to initiate the launch...

Events / Press / Analysts
  • Government intervention scares users from using the cloud. SC Magazine UK. A fear of government snooping is deterring IT departments from using the cloud. According to a survey of 300 IT managers, 48 per cent said that the potential for government and legal interference puts them off from entering information into the cloud environment.
  • Obama meets with CEOs to push cyber-security legislation. Los Angeles Times. President Obama met with more than a dozen corporate chief executives to seek their support for stalled cyber-security legislation amid increasing evidence that government agencies, businesses and individuals are vulnerable to computer network break-ins. 
  • 5 Hot Security Trends Overheard at RSA 2013. Point2Security. For more than 20 years, security professionals from all over have gathered annually for the RSA Security Conference. The five-day event draws its share of industry pundits and luminaries. This morning, however, I wanted to share the best observations that I heard on the show floor in one-on-one conversations.
  • Cloud use grows, and so does security threat. MercuryNews.com. Holding everything from highly personal medical and social media material to confidential financial and corporate documents, Internet-based cloud services are gathering an enormous trove of information -- already a quarter of the world's business data -- that is proving a powerful lure for hackers. 
  • Lieberman Addresses the Two-man Rule. GRC Daily. Double safekeeping, or the two-man rule, has long been an established control mechanism for ensuring high levels of security during critical operations because the process requires the involvement of two or more authorized personnel when accessing sensitive resources. Now Lieberman Software Corporation is extending double safekeeping to privileged identity management in the latest version of its Enterprise Random Password Manager (ERPM) product.

Tech Tip of the Month

Retrieve admin passwords directly from the
Microsoft® System Center Configuration Manager interface

Enterprise Random Password Manager (ERPM) and Random Password Manager (RPM) customers can get all the benefits of deep, out-of-the-box
integration with Microsoft® System Center Configuration Manager through the E/RPM Snap-In for Configuration Manager. Thanks to this deep integration, authorized users can quickly retrieve administrator and root account passwords directly from the Configuration Manager interface. Here's how.

Lieberman Software Corporation respects your right to privacy, and believes any information you provide us should be protected from disclosure to others. For more information, please read our privacy policy. You are receiving this email because you have granted us permission to contact you. If you do not wish to receive email messages from Lieberman Software in the future, please click here.
Lieberman Software Corporation
1900 Avenue of the Stars, Suite 425
Los Angeles, CA  90067
                 www.Liebsoft.com    |    (01) 310-550-8575  |   newsletter@liebsoft.com