Lieberman Software
  Follow us on Twitter  Follow us on LinkedIn  Blog  Lieberman Software on
                            YouTube  Google Plus
March 2014      

Top of Mind

Report from RSA - Today was Yesterday’s Worst Case Scenario

Philip Lieberman, President & CEO
Lieberman Software

RSA 2014 was an exciting and exhausting experience filled with new partnerships, new technology and a general reset on what security means today (what works and what doesn’t).

In our presentation at RSA we discussed the general assumption that password and certificate maximum age standards for compliance are now irrelevant. We now see password ages for privileged accounts limited to hours rather than the conventional 30 to 90 days maximum. In the case of certificate lifetimes of years or decades, we are now seeing certificate lifetimes in minutes to days. In both cases, there is a realization that privileged credentials and the components for encryption are being captured, and the goal is to limit the value of compromised credentials.

The general wisdom of a defense being 100% effective has come to an end. We see the realization of a new reality where at least one or more systems within an environment are compromised, and now the job of IT Security is to minimize damage, and to discover and neutralize intruders after they have entered the environment.

Target’s breach was also a common wakeup call for many at the conference confirming that even at the largest companies in the world, the basics of simply having different random passwords on each device and server was not being done. The Target breach pointed out that many breaches are not from the lack of technology, but from the lack of corporate competence. Concurrent with the disclosure of the fundamental incompetence of IT security at Target, their CIO left in March 2014.

As a company we are pushing privileged identity management from a point solution that is used to remediate existing poor practices and implement a hard control into the realm of a privileged identity security platform. Our latest versions are being deployed in a headless configuration (no console or web GUI needed) and being driven by PowerShell and Web Service APIs. These APIs orchestrate the discovery, randomization and release of credentials for a limited amount of time as a baked in feature of each machine (virtual and physical) and application’s lifetime. In essence our product is becoming a platform for cloud providers, MSPs, and government projects that are seeking to secure identities as part of their offering stack.

We have also seen our product move from a compliance requirement to being part of a cyber-warfare strategy to minimize the surface area of the entire environment. The product is used by both Red (offence) and Blue (defense) cyber warriors to find weaknesses and to minimize them (depending on which team is using the platform). The evolution from basic compliance, to core security, and then to cyber-warfare/defense and what it means to product development has been one of the most interesting areas we have been working on these days.

The other evolution has been the requirement from many customers for a hard SLA for security coverage in strict periods of time, every day, with no down times or unscheduled outages. Certainly this is in line with the move from point-in-time compliance to handling real threats that are occurring every hour of every day (yes, hackers and nation states attack after the auditor leaves).

RSA was quite a show, and with it we have all seen that the worst case scenarios of the “future” are “today’s” reality. The general wisdom of compliance having any lasting value has been dropped as a valid concept, and those CIOs that cling to it should be looking for another job. RSA taught us that there are no perfect solutions, only mitigations to minimize risk and damage and the duration an intruder can move around in your environment.

What do you think? Email me at:
. You can also follow me on Twitter: @liebsoft or connect with me via LinkedIn.

What's New in Identity Week

Featured commentary on our
Identity Week blog this month includes:
  • Cyber Espionage is Nothing New. Cyber espionage has been prominent in the headlines recently, with the Snowden affair in particular garnering much publicity. However, for anyone who has been tracking the growth of malware over the years, Snowden’s disclosure that security agencies use malware did not come as a surprise...
  • IS IT Security Training a Liability? One of the fundamental problems with most businesses today is that they are not investing in providing IT staff with basic information security training. Many companies have compartmentalized in such a way that security and operations don’t meet. And, in fact, quite a few organizations have fostered an environment where IT actually views security as a hindrance to productivity!...

Events / Press / Analysts
  • Lieberman Software has been named The Innovation Leaders in Privilege Management by analyst firm KuppingerCole - "Lieberman Software is ahead of the competition."
  • You're hacked - get over it. CSO. Here's a sobering thought. Phil Lieberman, the President of Lieberman Software, says, "Every day you wake up, you know somebody is in your network. You just don’t know where they are, what they're getting and what you can do to stop them". The overwhelming theme of this year's RSA Conference has been that border protection, while an important layer in our security, is not enough. The distribution of end points, characterised today by increased numbers of mobile devices but expanding rapidly as the Internet of Things becomes a reality, and the distribution of critical systems out of private data centres into shared service providers has changed the nature of our information systems and infrastructure.
  • Pass the Hash: Segment Your Environment to Contain Security Breaches. Computer Technology Review. There was a time many moons ago when, in an age of innocence, the term, “pass the hash” had an entirely different meaning. For some of us old enough to remember, or still have our wits about us, “pass the hash” was something you did at the back of the school on a Friday night. But times move on, and suddenly it seems that “pass the hash” is in vogue again.

Tech Tip of the Month

Get a Registry Values Report in Real-Time with User Manager Pro Suite

This report will discovery the contents of registry keys on all machines selected. Choose to report on only a particular key value, or all values in a key and all its sub-keys.

This report can be used for a large number of things. For example, use the report to determine what will be automatically run at startup on each machine. If a program/virus creates a particular key or value, you can test for the presence of that program/virus on all targeted systems. The registry report enables systems administrators to check for versions of applications (which store their version information in the registry) on every system on the network, and order by version. This report can also detect the presence of specific applications installed on individual workstations. In short, the usefulness of this feature is only limited by the data which is stored in the registry

Lieberman Software Corporation respects your right to privacy, and believes any information you provide us should be protected from disclosure to others. For more information, please read our privacy policy. You are receiving this email because you have granted us permission to contact you. If you do not wish to receive email messages from Lieberman Software in the future, please click here.

Lieberman Software Corporation
1900 Avenue of the Stars, Suite 425
Los Angeles, CA  90067
           |    (01) 310-550-8575  |