Operations //

Identity & Access Management

5/16/2014
08:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Lieberman Software Enables Audited, Privileged Access for Users from the Cloud to On-Premises

Enterprise Random Password Manager Provides Unified Privilege Management Platform Across Multiple Environments.

(LOS ANGELES, CA – May 13, 2014) Lieberman Software Corporation is introducing new privileged user management (PUM) capabilities in Enterprise Random Password Manager™ (ERPM) at Microsoft TechEd 2014 in Houston, TX this week. The new PUM capabilities allow users to launch cross-platform applications in a secure environment, where elevated operations are automatically authorized, recorded and audited. ERPM now offers connectors for a broad array of cloud provider portals, SAAS vendors and social media platforms.

“With this ERPM upgrade, users who need secure and audited privileged access - whether in the cloud, locally, or on the web - can now have it,” said Philip Lieberman, President and CEO of Lieberman Software. “While other PUM products use proprietary standards, our new offering provides an open integration platform where customers can add systems and applications of their choice – often in less than an hour.”

“ERPM is also easy to scale to large enterprise environments,” Lieberman continued. “This can be accomplished by simply adding Microsoft Server 2012 Terminal Services licenses and Windows machines as needed, or through the recently announced Microsoft Azure RemoteApp.” 

With ERPM’s new application launcher, users can access remote applications and web sites through a secure local server. Access is granted using passwords provided by ERPM’s encrypted credentials vault, and activities are documented through built-in session recording systems.

About ERPM and Privilege Management
ERPM is an established enterprise-level privileged identity management solution that automatically discovers, secures and audits privileged accounts, both on-premises and in the cloud.  With its new privileged user management capabilities, ERPM now also allows users to securely perform tasks that require elevated permissions, with fine-grained control and auditing.

With ERPM, an organization’s powerful privileged accounts are only available to delegated users on a temporary, “need-to-know” basis - preventing unauthorized, anonymous access to critical systems.

According to the 2014 Verizon Data Breach Investigations Report, privilege abuse is today’s top insider threat. This threat emanates from trusted users abusing their own privileges, as well as hacking techniques that allow unauthorized users to gain elevated privileges and bypass security controls.1


ERPM Availability and Roadmap

The new version of ERPM supports integrated use of SSH keys for authentication, discovery and propagation of privileged identities, including support for SSH tunnels.

 

Other new ERPM features include:

·         Integrations with JIRA and OTRS service management systems, to verify trouble tickets and privileged access requirements in real-time.

·         A revised console that provides granular access delegation duties based on specific user roles and responsibilities. 

·         A broader range of RDP experiences, allowing users to take advantage of full remote desktop connection and Network Level Authentication support.

 

Management of VMware accounts will be added in a minor update in the coming weeks. The company upgrades ERPM with new functionality approximately twice per year.


The new ERPM version has been running in customer beta sites since 2013, and is being publicly demonstrated for the first time in booth 1209 at Microsoft TechEd this week.


For more information on ERPM, visit www.liebsoft.com/erpm.

1Verizon, “2014 Data Breach Investigations Report",2014.

About Lieberman Software Corporation
Lieberman Software provides privileged identity management products to more than 1200 enterprise customers worldwide. By automatically locating, securing and continuously auditing privileged accounts, Lieberman Software helps protect access to systems with sensitive data, thereby reducing internal and external security vulnerabilities, improving IT productivity and helping ensure regulatory compliance. The company developed the first solution for the privileged account management space, and its products continue to lead the market. Lieberman Software also provides a line of Windows security management tools. The company is headquartered in Los Angeles, CA, with offices and channel partners located around the world. For more information, visit www.liebsoft.com.

###

 

Product and company names herein may be trademarks of their registered owners. 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Government Shutdown Brings Certificate Lapse Woes
Curtis Franklin Jr., Senior Editor at Dark Reading,  1/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3906
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
CVE-2019-3907
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
CVE-2019-3908
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
CVE-2019-3909
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
CVE-2019-3910
PUBLISHED: 2019-01-18
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.