5. USE CASES & BEST PRATICES Stock Exchange SingapureAutomatizarprocessosManuaise ReduzirCustos. Brazilian Telecom Company Controle dos Desktops (System Center, Anti-virus, Configuração, Local Admin, Grupos) US Datacenter Hosting ServicesAmbienteDinâmico, MudançasRápidas e tempo paraexecutá-las e identificá-las Germany IT Services Responder ao SLA (forma que é contabilizida) BancoEUACompliance, RelatóriosparaProvar (de facto) o Controle Militar Organization Complexidade de Gerenciar 70.000 devices Profitable Education Discovery Many Others…
6. Lieberman Software Fundadaem 1978, com focoem Privileged Identity Management Parceiros: Cisco, HP, IBM, Microsoft, Novell, Oracle, Red Hat, RSA, Sybase ImportantesClientes no Brasil e Mundo
7. Porque? Privileged Account Password Management “… shared account password management tools will be used by more than 50% of large enterprises by year end 2010 to manage passwords for shared accounts.” Market Overview: Shared-Account/Software-Account Password Management Tools “In any organization, the use of every platform and device ultimately relies on superuser accounts, which are the most powerful in the organization.“ Best Practices for Managing Shared Superuser and Firecall Accounts “SAPM tools enable organizations to manage passwords for shared and software accounts more effectively and efficiently than manual processes.” Market Overview: Shared-Account/Software-Account Password Management Tools
8. Analyst & Media Coverage “The Enterprise Random Password Manager from Lieberman Software is an extremely powerful tool which automatically discovers, updates, stores and allows secure recovery of every privileged account password throughout the enterprise.“ SC Magazine Group Test: Password Management - August 2009
9. Contas de PrivilégioElevadoTudonaEmpresa Servers & Workstations Todososhardwares TodososS.O.s Banco de Dados Datacenter Appliances Routers & switches Aceleradores Securança Aplicações Line-of-business Web services Database & middleware Backup Gerenciamento de Identidade e Acesso Gerenciamento de Sistemas
10. Contas de PrivilégioElevadoOndeAplicar ? MudançasPlanejadasMudançasnão-Planejadas Rollouts de Aplicações Hardware Deploy Corporate mergers Outsourcing Guest Accounts Mudanças de Funções (Employment) Delegação e Overlap de Funções MudançaPessoas Falhas de defaults Falta de Expiração Complexidade AtaquesSociais Ataques de “Nomes” Serv1, Serv2, Serv3
11. Contas de PrivilégioElevadoComo Resolver? Identificae documentatodososativos de TI, privileged accounts e interdependências. Delegaapenasosacessos de privileged accounts de forma temporal (time basis), usandomínimo de privilege, com propósito de documentação. Fortaleceregras de tamanho, unicidade e frequência de mudanças, sincronizando as mudanças e dependências. Monitorae alerta, além de documentartodososacessos: usuais e não.
20. Password Change Synchronization Prevents Lockouts and Service DisruptionsApplications IIS, ASP.NET, SharePoint, scripts, configuration files, … Databases MS SQL Server, Oracle, MySQL, Sybase ASE, IBM DB2 SMB, SSH, … OleDB Directories MS Active Directory, Oracle Internet Directory and all LDAP-compliant directories LDAP ManagementConsole Windows Computers Windows Server 2008, 2003, 2000, NT4, Windows 7, Vista, XP SMB SSH Linux, UNIX, and Mainframe Sun Solaris, HP-UX, IBM AIX, Red Hat Linux, IBM AS/400, OS/390, … SSH Network Devices Cisco IOS devices and other routers, switches, firewalls, …
32. Ajuda a Colaboradores Executive Management Controle dos Ativos Corporativos Requerimentos Regulatórios Melhorar a Agilidade, sem correr riscos Diretor de TI Aumentar Eficiência Alinar Processos de TI com Política Controle das Mudanças: Planejadas e Não Administrador Automatiza tarefas tediosas e propensa a erros Controle com Discovery Contínuo Eliminar a conformidade “incerta”
34. Lieberman & Microsoft Product Development Relationship Recognized innovator and leader in Privileged Password Protection and Random Password Management “Managed” Gold Certified Partner since 1999 System Center Strategic Alliance Partner Most Microsoft Windows Product Certifications of Any Management Vendor Six certified products with nearly 20 Windows 7, Server 2008, Hyper-V, Vista, XP & 2000 certifications Industry Focus Public Sector Financial Services Healthcare
Lieberman Software was founded in 1978 and had its roots as a software consultancy. We are literally the pioneers of Privileged Identity Management, having released the first software solution to this problem more than 10 years ago.Our company is based in Los Angeles with a support and marketing office in Austin, Texas, and satellite sales offices across the United States.We’re entirely owned by our US-based management team, and you’ll find that we have a track record of delivering products that are focused on long-term customer value.Our software integrates with the industry leaders in directory services, data access and management frameworks including Cisco, HP, IBM, Microsoft, Novell, Oracle, and others.And, according to Gartner Group…
Lieberman Software was founded in 1978 and had its roots as a software consultancy. We are literally the pioneers of Privileged Identity Management, having released the first software solution to this problem more than 10 years ago.Our company is based in Los Angeles with a support and marketing office in Austin, Texas, and satellite sales offices across the United States.We’re entirely owned by our US-based management team, and you’ll find that we have a track record of delivering products that are focused on long-term customer value.Our software integrates with the industry leaders in directory services, data access and management frameworks including Cisco, HP, IBM, Microsoft, Novell, Oracle, and others.And, according to Gartner Group…
Lieberman Software was founded in 1978 and had its roots as a software consultancy. We are literally the pioneers of Privileged Identity Management, having released the first software solution to this problem more than 10 years ago.Our company is based in Los Angeles with a support and marketing office in Austin, Texas, and satellite sales offices across the United States.We’re entirely owned by our US-based management team, and you’ll find that we have a track record of delivering products that are focused on long-term customer value.Our software integrates with the industry leaders in directory services, data access and management frameworks including Cisco, HP, IBM, Microsoft, Novell, Oracle, and others.And, according to Gartner Group…
Lieberman Software was founded in 1978 and had its roots as a software consultancy. We are literally the pioneers of Privileged Identity Management, having released the first software solution to this problem more than 10 years ago.Our company is based in Los Angeles with a support and marketing office in Austin, Texas, and satellite sales offices across the United States.We’re entirely owned by our US-based management team, and you’ll find that we have a track record of delivering products that are focused on long-term customer value.Our software integrates with the industry leaders in directory services, data access and management frameworks including Cisco, HP, IBM, Microsoft, Novell, Oracle, and others.And, according to Gartner Group…
Lieberman Software was founded in 1978 and had its roots as a software consultancy. We are literally the pioneers of Privileged Identity Management, having released the first software solution to this problem more than 10 years ago.Our company is based in Los Angeles with a support and marketing office in Austin, Texas, and satellite sales offices across the United States.We’re entirely owned by our US-based management team, and you’ll find that we have a track record of delivering products that are focused on long-term customer value.Our software integrates with the industry leaders in directory services, data access and management frameworks including Cisco, HP, IBM, Microsoft, Novell, Oracle, and others.And, according to Gartner Group…
Lieberman Software was founded in 1978 and had its roots as a software consultancy. We are literally the pioneers of Privileged Identity Management, having released the first software solution to this problem more than 10 years ago.Our company is based in Los Angeles with a support and marketing office in Austin, Texas, and satellite sales offices across the United States.We’re entirely owned by our US-based management team, and you’ll find that we have a track record of delivering products that are focused on long-term customer value.Our software integrates with the industry leaders in directory services, data access and management frameworks including Cisco, HP, IBM, Microsoft, Novell, Oracle, and others.And, according to Gartner Group…
As you probably know, privileged identities are accounts that have elevated permission to access potentially sensitive data, run programs, or change configuration settings. To put it simply, privileged accounts like the keys to the kingdom of IT.And, privileged accounts are found virtually everywhere…On every server and workstation platform…On networking and datacenter appliances like routers and switches, load balancers, security appliances…And on almost every type of software you can name, including line-of-business applications, Web services, databases and middleware.Not only are privileged accounts powerful and widespread, but if not controlled these credentials become accessible to more and more personnel over time…
New application rollouts and hardware deployments, changes in corporate structure (say, mergers), outsourcing to independent contractors, and changes in employee roles are examples of ways that access can spread in planned ways.There are also unplanned ways that access can spread. For example, as people leave the company they often take password secrets with them. Or, if passwords aren’t changed frequently enough, lack adequate complexity, or are reused across independent hardware and software assets they become more vulnerable over time.As we’ll discuss next, failure to adequately control privileged account access carries a number of risks…
It takes just four, basic steps to regain control of privileged identities. These steps are easy to remember because they’re abbreviated as I.D.E.A….First, it’s essential to identify all of the privileged identities that are present on critical IT assets in your infrastructure, whether on server or desktop operating systems, network appliances, line-of-business applications, and so on. And, you’ve got to understand which of these identities are interdependent, so that when you change the credentials of one account you know to update the dependent accounts to avoid lockouts and service disruptions.Next, you’ll want to delegate access to these accounts so that only appropriate personnel can login to critical IT assets, always in a timely manner whenever needed, over a secure communication channel, using the least privilege required (to reduce the potential for damaging errors), with a documented purpose, only during designated times.It’s also essential to enforce rules for password strength, uniqueness (so that a password isn’t reused except where absolutely necessary) and change frequency, synchronizing all of those changes across dependent processes.Finally, having right auditing and alerting processes makes individuals accountable for privileged access, sets the right organizational tone, and alerts management to any unusual events. Let’s take a closer look at how Enterprise Random Password Manager, the privileged identity management solution from Lieberman Software, makes it possible to accomplish these four steps…
Enterprise Random Password Manager is distinguished for its ability to discover privileged accounts throughout your infrastructure……on a wide range of server and desktop operating systems; on databases including SQL Server, Oracle, Sybase, and DB2; on Web services platforms, line-of-business applications, network and security appliances, backup systems, and more.After you install Enterprise Random Password Manager, whenever authorized users need access to these systems they get unique passwords, issued on-demand for one-time use, over a secure Web console…
… Access is role-based, time-controlled so that the passwords expire and are changed after a configured period, audited and alert-generating so that there’s full accountability, and there’s full support for industry-standard, two-factor authentication like RSA SecurID.Enterprise Random Password Manager generates each new password…
… according to configured rules for complexity, uniqueness (to avoid reuse), and change frequency, and it stores these passwords in a secure vault.All password changes are synchronized…
… according to configured rules for complexity, uniqueness (to avoid reuse), and change frequency, and it stores these passwords in a secure vault.All password changes are synchronized…
… these are examples of how Enterprise Random Password Manager helps our customers comply with PCI-DSS standards.As you can imagine, Enterprise Random Password Manager provides value to many different job roles within IT. For example, we help executive management…
… these are examples of how Enterprise Random Password Manager helps our customers comply with PCI-DSS standards.As you can imagine, Enterprise Random Password Manager provides value to many different job roles within IT. For example, we help executive management…
For example, we help executive management…… protect corporate assets by ensuring that only the right personnel have access to sensitive data and can make changes to IT assets that could impact critical business processes…… and, as we’ve discussed, we help assure compliance with critical industry initiatives like Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley, and many others…… and, as was the case the financial institution that needed an immediate, decisive response when its domain credentials were exposed online, we help our customers to be more agile in the face of new security threats.For IT directors and other managers……we help improve the efficiency of IT staff so they’re spending less time granting access, changing passwords, and documenting the result….… we provide the reporting features they need to show that IT processes are working to support the company’s security policies…… and, we help these managers to mitigate the risks that privileged accounts otherwise introduce in the organization’s day-to-day business as new systems and applications are brought online, changes are made in the infrastructure, or employees join and leave the company.Finally, for the IT administrator…… our products eliminate so many of the cumbersome, error-prone tasks that they face in administering and documenting account access, allowing them to focus on more strategic work that can further their careers…… the products improve security and accountability so that administrators can react more quickly and avoid the blame for service disruptions and security issues…… and, they make it far easier for administrators to provide their managers the detailed information they need, without impacting day-to-day productivity.With that, let’s move on to a live demonstration of Enterprise Random Password Manager.