Category: All

Why IBM for Privileged Access Management – Get scalable, enterprise-grade security solutions, backed by unmatched service and support.

When you deploy IBM Security Secret Server and IBM Security Privilege Manager across your organization, you unlock the full potential of PAM with solutions that are:

Partner with IBM for incredible service and benefits

  • 24/7 access to IBM support
  • Unlimited feature set within IBM Secret Server
  • Simple pricing and packaging options
  • Quick time-to-value—install in minutes and see value immediately
  • Supports large-scale distributed environments from on-premise to cloud environments
  • Integration with the IBM Security portfolio including IBM Cloud Identity, QRadar®, Guardium® Data Protection, and IBM Security Identity Governance & Intelligence.
  • Access to IBM Security PAM Professional Services
  • Access to IBM Security Expert Labs for deployment and configuration

Protect privileged accounts to reduce your attack surface. Sign up for a free trial of IBM Security Secret Server now.


Top 8 IAM Challenges with your SaaS Apps

The Importance of Identity for SaaS Applications

The enterprise cloud revolution is here. IT organizations everywhere, from small and mid-sized businesses to Fortune 500 companies, are moving from on-premises software to on-demand, cloud-based services. As enterprise IT makes this transition to a new hybrid on-demand/on-premises configuration, controlling who is granted access to which applications becomes increasingly important. This presents CIOs and their teams with a whole new set of identity management challenges. In addition, users must keep track of multiple URLs, user names, and passwords to get access to their applications. IT’s role is also fundamentally changing. As the steward of these new services, IT must provide insight and advice about Software-as-a-Service (SaaS) products to ensure the company is maximizing the business value of their investments.

There are eight main identity and access management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, as well as best practices for addressing each of them.

About IG
About AM
About Okta



IBM Security Privilege Manager – Remove excess privileges from endpoints and use policy-based controls to block malware attacks.

Least Privilege Policy

Security regulations call for a least privilege policy, which means limiting access to reduce your attack surface. Least privilege requires that every user, application and system account have the minimum access to resources needed to do their job. Many customers, users or applications have admin or root privileges with access to sensitive data/operating systems. Under a least privilege model, administrative accounts with elevated privileges are given only to people who really need them. All others operate as standard users with an appropriate set of privileges.

Regulations like PCI DSS, HIPAA, SOX, and NIST and CIS security controls recommend or require implementing a least privilege model as part of a compliance solution. During an audit, you may have to demonstrate how the principle of least privilege is applied and enforced in your organization to control administrative accounts.

To successfully comply with a least privilege policy, you must know which privileges you need to manage. That means finding out which endpoints and local users have admin or root credentials, identify which apps are in use and if they require admin rights to run and understand your risk level for service accounts and apps with an elevated set of privileges.

Imagine how much damage and risk you will take away if you remove your business users from local admin groups, yet provide them with a way to install approved applications. IBM Privilege Manager helps with just that.

Get started with IBM’s free endpoint application and least privilege discovery tools.

To successfully comply with at least privilege policy, you must know which privileges you need to manage. Find out which endpoints and local users have admin or root credentials, identify which apps are in use and if they require admin rights to run and understand your risk level for service accounts and apps with an elevated set of privileges.

Can you imagine how much damage and risk you will take away if you can remove your business users from local admin groups – yet provide them with a way to install approved applications? IBM Privilege Manager helps with just that.

Secure your largest attack surface with a single agent

IBM Privilege Manager can communicate with hundreds of thousands of machines at once. You can check policies and execute 24/7 control across every device and application under your purview through a single, streamlined dashboard.

You can discover which users and endpoints have local administrative rights, including hidden or hardcoded privileges across domain and non-domain machines, and automatically remove these rights as needed. This helps you control the exact membership of all local groups and users to reduce the risk of backdoor accounts.

Define flexible policies that ensure a frictionless user experience

IBM Privilege Manager automatically elevates the applications and data that users across your organization need—without requiring credentials or forcing users to request IT support. It provides granular policy-based controls that determine and maintain access to trusted applications and processes.

Through advanced real-time threat intelligence, the solution whitelists, blacklists or graylists your applications according to flexible policies you define.

  • Whitelisting – Trusted applications are whitelisted and elevated, so users can easily access them without IT support.
  • Blacklisting – Blacklisted applications are blacklisted based on real-time threat intelligence and are blocked from running.
  • Graylisting – Potential threats are graylisted, meaning they’ve moved to an isolated sandbox environment for further testing.

Additionally, any application can be quarantine and “sandboxed” at any time, as you deem necessary, regardless of its list designation. A quarantined application can be safely executed and tested without the risk of exposing system folders or underlying OS configurations.

Easily manage and remove local administrative rights

Determine which accounts are members of any local group, including system administrators. If necessary, you can quickly reset all endpoints to a “clean slate” by removing all local administrative privileges at once.

Boost productivity for users and support staff

Since policy-based controls are enacted on the application level, users can access the trusted applications, systems and data they need without local administrative rights or the hassle of submitting tickets to IT support.

Achieve audit compliance through transparency

Share an easy-to-understand auditable trail of all application policies, administration credentials and privilege elevation activities with auditors. You’ll provide a clear picture of your compliance levels and what actions, if any, should be taken.

Read the last part tomorrow!


Privileged Access Management and Identity Governance – Integrate with identity governance capabilities for continuous user lifecycle management and compliance.

IBM Security Identity Governance and Intelligence (IGI) integrates with IBM Secret Server for automated lifecycle management. Implementing PAM can’t be treated as a standalone project. It requires automated identity governance capabilities to prevent issues that would otherwise emerge over time: entitlement aggregation; users with an ever-expanding collection of access to privileged accounts as they change roles, jobs and departments; limited visibility into shared passwords; and so on. Integrating IBM Secret Server and IBM IGI helps prevent toxic combinations of access through a holistic view across both privileged credentials and normal business user accounts. IBM Secret Server securely stores and monitors privileged credentials in an encrypted vault, while IBM IGI ensures that users’ access levels are compliant with regulations and free of SoD violations.

Avoid access combinations that lead to risk

While PAM solutions give you a simple way to know who can access and use privileged accounts, you still need visibility and insight into the unique combination of privileged access each user has. A user with a “toxic” combination of access presents a risk to your organization.

Imagine that one of your users has access to an application that uses a database to store its data. What if that user—unknown to you—also had access to the privileged account necessary to manage the database? They would have the ability to edit the database, thereby circumventing the business and authorization controls of the application. And if the user had privileged credentials to manage the OS, then the auditable trail could be cleared.

Automate recertification campaigns

IBM IGI lets you run certifications to automatically trigger access reviews and gives managers business-friendly information to help with the attestation processes, free from cryptic IT jargon that could otherwise result in bulk approvals.

Integrating IBM IGI with IBM Secret Server extends certification controls to include privileged users as well as non-privileged business users. You can replace error-prone manual processes with an automated recertification process that makes it easy for approvers to better understand what it is they’re actually approving.

Recertification campaigns will help you prove compliance while maintaining clean, healthy and appropriate access to privileged and non-privileged applications.

The benefits of integration

When you integrate IBM Secret Server with IBM IGI, you:

  • Avoid entitlement aggregation and ensure continuous access management
  • Easily prove compliance through recertification campaigns
  • Avoid risks and toxic access combinations through SoD controls across privileged and non-privileged users

Read more tomorrow!


SUPPLY CHAIN RISK AND THE RESULTING CUSTOMER CONSEQUENCES

There is no doubt that supply chain breaches have become a major concern in nearly every business, especially where electronic transactions are taking place. Hacking that can result in supply chain breaches makes businesses vulnerable to theft of confidential data, along with real life theft of goods that are in transit.  For a hacker, the information obtained by gaining access to secure computer data can lead to the theft of millions of shopper’s credit card and account information, leaving a business liable for a fortune in fraudulent charges.

A glaring example of this is the recent major hack of discount retailer Target, which occurred on Black Friday of 2015. Over 40 million customer accounts were illegally accessed, giving the thieves credit and debit card data, along with security codes which are found on the back of the cards.  Luckily, no social security numbers or other vital information was stolen. 

Hackers can use this type of highly sensitive information to make electronic purchases online or sell to the highest bidder.  As a result of this enormous security breach, many major banks and other financial institutions have announced that they are much more thoroughly monitoring their customer accounts.  JPMorgan Chase (JPM) said it would limit the amount of cash that cardholders could withdraw from ATMs in a given period of time, along with enforcing a spending limit for electronic purchases in stores.

Chuck Schumer has demanded a report from the Consumer Financial Protection Bureau as to whether encryption of customer data should be required by law, while Richard Blumenthal called for a Federal Trade Commission probe.

What do I do if my card was hacked? 

“Customers typically aren’t liable for unauthorized purchases on their accounts that they report promptly. Major banks and credit card companies — including American Express (AXP), Discover(DFS), Bank of America (BAC), Wells Fargo (WFC) and PNC (PNC) — said they were monitoring customer accounts.  J.P. Morgan Chase said it was temporarily limiting ATM withdrawals to $100 a day and purchases to $300 a day for customers whose accounts were at risk.”

Wallace

How does this type of security breach occur?

Unfortunately, many of these hackers are extremely adept at covering their trails.  Many of the details of these crimes remain unsolved. In relation to the recent Hacking of Target, it is believed by security experts to have been a breach from point-of-sale-data. Basically, a HVAC vendor was allowed access to information on the same server that held customers’ credit card and other financial information. The bad guys obtained passwords from this vendor and were able to get onto Target’s server.  This is a major blow for both Target and their participating financial institutions, as they are forced to cover all fraudulent charges in order to retain shopper confidence.

“The recent, unprecedented cyberattacks have disrupted business for leading global companies, infiltrated governments and shaken confidence among security practitioners,” said Tenable CEO Ron Gula, in a press release. “With so much at stake, organizations need to know whether their security programs are effective or if they are falling short.”

(Fox News)

Data breaches are a rapidly rising area of concern globally, and in particular financial services where large areas of money are transferred both physically and electronically between different parties.  On the more passive side, hackers can find extremely confidential business information and disperse it into a public realm, usually through online avenues, and can seriously damage or inhibit the operational capacity of the entity.  Information such as bank account transactions, business trade secrets, and material production/sourcing information can be leaked to competitors in a way that gives them an advantage in the sales market, or in some cases even damaging the victimized company to a point that recovery is difficult or even impossible.


IBM Security Secret Server -Easily discover, control, change and audit privileged accounts.

The first step in managing privileged accounts is finding the accounts you don’t know exist. Manual processes and errors can lead to accounts that are unknown and unmanaged by IT. With IBM Security Secret Server, you can automatically scan your entire IT infrastructure to discover privileged, shared, and service accounts. This sensitive information is then stored in an encrypted centralized vault to ensure proper protection using advanced encryption standards. Password policies can be implemented and enforced on every account. You’ll gain full visibility and control over every privileged account in your environment.

Curb privileged access sprawl

When you discover all privileged accounts across your infrastructure using IBM Secret Server, you identify all service, application, administrator and root accounts. This means you gain total visibility and control over privileged credentials that previously went undetected.

Get started with IBM’s free interactive Privileged Account Discovery tool.

Generate, store, rotate and manage SSH Keys

Bring the generation, rotation, control and protection of SSH keys directly into IBM Secret Server. SSH Keys are similar to usernames and passwords but are used for automated processes and for implementing single sign-on by system administrators. With Role-Based Access Control and permission sets, you can control who has access to which sets of keys, regardless of location or IP address.

Monitor and record privileged sessions

Know every keystroke a user takes. IBM Secret Server enables real-time session monitoring and allows you to terminate a session if risky behaviour is detected. It also allows you to record privileged user activity. This provides an audit trail from when the user checks out a secret, to what they did on the system, to when they finally log off. Gain full insight into what’s going on in your most critical accounts.

Change passwords automatically when they expire

Privileged passwords should be changed regularly. IBM Secret Server’s built-in password changing and expiration schedules ensure that critical passwords are changed automatically, without manual intervention.

Delegate access to all privileged accounts

Maintain accountability and provide better context to approvers, so they know exactly why a user needs access. You can also set up role-based access control (RBAC) and an approval workflow that enables transparent access, time restrictions and other parameters of that access and password approval for third parties.

With IBM Secret Server you’ll gain full visibility and control over every privileged account.

You’ll know if someone adds backdoor access or makes an unauthorized configuration change.

You can identify who accesses a system, review the actions they take and react accordingly. Session monitoring and recording also gives you a complete audit trail.

Enhanced auditing and reporting

Utilize dozens of out-of-the-box reports for better insight into system health and compliance. You can generate full reports on password vault activity and create custom reports from database queries as needed.

Integrate IBM Secret Server for enhanced security

IBM Secret Server integrates seamlessly with critical IBM Security solutions, including IBM Cloud Identity, QRadar®, Guardium® Data Protection and IBM Security Identity Governance & Intelligence.

Read more tomorrow!


A Pressing Imperative: Privileged credentials are the targets of choice for cyber attackers.

A Pressing Imperative: Privileged credentials are the targets of choice for cyber attackers. 8

It makes sense for privileged accounts to be the most vulnerable because compromised accounts can grant unfettered access to your organization’s IT infrastructure. That’s why many high-profile breaches have resulted from unmanaged and unmonitored privileged accounts. The attackers responsible often gain administrative control through a single endpoint—and always leave substantial damage in their wake.

Locking out threats with Privileged Access Management

Ensuring your enterprise can appropriately protect, manage and monitor privileged rights mitigates the risk of unwelcome guests to your IT infrastructure.

Privileged Access Management (PAM) is a critical element of a broader Identity Governance & Administration strategy. It enables you to secure passwords, protect endpoints and keep privileged accounts safe and out of the hands of would-be impostors.

By 2022, 70% of organizations will have PAM practices for all use cases in the enterprise, reducing overall risk surface.1

Putting Privileged Access Management into practice

The latest Gartner survey responses suggest that 90% of organizations will recognize that mitigation of privileged access risk is fundamental to security control by 2022.2 However, 70% of organizations would fail an access controls audit today.3 That means while the vast majority of organizations will come to understand the importance and value of PAM in the near future, they currently lack the PAM software, controls and knowledgeable support required to put it into practice.

Locking out threats with Privileged Access Management

Ensuring your enterprise can appropriately protect, manage and monitor privileged rights mitigates the risk of unwelcome guests to your IT infrastructure.

Privileged Access Management (PAM) is a critical element of a broader Identity Governance & Administration strategy. It enables you to secure passwords, protect endpoints and keep privileged accounts safe and out of the hands of would-be impostors.

By 2022, 70% of organizations will have PAM practices for all use cases in the enterprise, reducing overall risk surface.1

Putting Privileged Access Management into practice

The latest Gartner survey responses suggest that 90% of organizations will recognize that mitigation of privileged access risk is fundamental to security control by 2022.2 However, 70% of organizations would fail an access controls audit today.3 That means while the vast majority of organizations will come to understand the importance and value of PAM in the near future, they currently lack the PAM software, controls and knowledgeable support required to put it into practice.

IBM delivers comprehensive PAM capabilities through enterprise-grade solutions: IBM Security Secret Server and IBM Security Privilege Manager. Backed by expert consultation and 24/7 support, IBM Secret Server and IBM Privilege Manager help you capitalize on everything PAM has to offer, while also integrating with identity governance solutions for complete lifecycle management for users of your privileged accounts.

A key part of securing your organization is ensuring you are integrating identity into the broader security ecosystem to mitigate internal and external threats. Two key parts of that are:

  1. Privileged Access Management – focused on the special requirements for managing powerful accounts within the IT infrastructure of an enterprise.
  2. Privileged Elevation and Delegation Management (PEDM) – which prevents external threats and stops malware and ransomware from exploiting applications by removing local administrative rights from endpoints.

This week we’ll take a look at why both are necessary for your organization.
Read more tomorrow!

1 Source: The Forrester Wave: Privileged Identity Management, Q4 2018 by Andras Cser, November 14, 2018

2 Source: Best Practices for Privileged Access Managed Through the Four Pillars of PAM, Gartner, January 28, 2019.

3 Source: Comply or Die: 2018 Global State of Privileged Access Management (PAM) Risk & Compliance, Thycotic.


Omada Named a Leader in the Gartner Magic Quadrant 2019

SecurIT is proud to announce that Omada has been named a leader in the Gartner Magic Quadrant for Identity Governance and Administration 2019.

Omada believes that they are positioned as a Leader because of their pioneering best practices for IGA, the development of their unique identityPROCESS+ framework, their implementation methodology, and their Identity Governance and Administration product OIS delivered as software and as-a-service.

“Being recognized as a Leader by Gartner is an honor and an important milestone in our global expansion,” said Morten Boel Sigurdsson, CEO of Omada. “Yet, it is not our achievement alone. This is also a recognition of our partners who are building their businesses on Omada and our shared effort to create business value for customers.”

Discover why Omada is a Gartner Magic Quadrant for Identity Governance and Administration Leader
Omada has been named a Leader in Gartner’s Magic Quadrant for their ability to execute and completeness of vision. They see their position in the Magic Quadrant as a confirmation of their focus on using identity to create business value and accelerate digital transformation. 


THE NIST CYBER-SECURITY FRAMEWORK AND THE IMPORTANCE OF ‘IDENTIFY’

One of the areas that the National Institute of Standards and Technology or NIST is concentrating on is cybersecurity. As regular readers of this blog will know, cybersecurity incidents are at an all-time high. Last year, secretary of state, John Kerry, even described the security situation as being, “pretty much the wild west…so to speak”. It is within the context of this overbearing security incident landscape that the NIST Cybersecurity Framework has come into being.

Why Even Have A Framework for Cyber-Security?

You may well ask, why have an overarching framework for handling security issues, why can’t I just work it out myself as I need to? A framework is a positive and helpful reference system. Frameworks develop out of experience and knowledge of a given situation. You could apply the principles of a framework to pretty much any situation. For example, you could have a framework which expands upon the types of policies needed for a specific healthcare service, or one for a public transport system, and so on.

The cyber-security framework that NIST has developed is in a similar vein. It has been built upon the experience and knowledge of many organizations and individuals who have worked in the area of security. This collective expertise is used to create guidance on how to recognize, manage and mitigate cybersecurity risks.

Having an expert system, like a framework, is particularly useful for creating strategy and policy around cybersecurity threats. The framework was put together using the aggregated wisdom of over 3000 security professionals. It gives you the foundation stone to create your own internal targets and plans that you can use to build a more secure organization.  It means you can use already tried and tested protocols and procedures, without having to reinvent the wheel. In other words, it is a way to use security collaboration for the benefit of all.

Having an established set of guidelines for developing your own Cybersecurity program is recognized by many experts as now essential. PWC in their report on “Why you should adopt the NIST Cybersecurity framework” has stated that,

“It is our opinion that the NIST Cybersecurity Framework represents a tipping point in the evolution of cybersecurity, one in which the balance is shifting from reactive compliance to proactive risk-management standards.”

PWC

What are the NIST Cybersecurity Framework Basic Functions?

The NIST Cybersecurity framework has a core, which is built upon five basic functions:

Identify

Protect

Detect

Respond

Recover

Each looks at different aspects of a Cybersecurity threat/attack lifecycle and how best to handle it. They follow a logical progression and build upon each preceding function. I’ll concentrate here on the first one, identity.

The definition of ‘identity is this:

“An understanding of how to manage Cybersecurity risks to systems, assets, data, and capabilities”

This is the most basic and fundamental of all of the NIST Cybersecurity functions and as such, it is the most important. Identify is all about identification – understanding what your critical assets are and understanding where the risks lie. Assets are wide and varied and literally, anything that can be breached or damaged is an asset. This includes intellectual property, customers’ data, proprietary information and also physical assets. This whole area is becoming increasingly complex as we expand our networks outwards into the Cloud and even more so as we enter the era of the Internet of Things (IoT).

Identify is all about governance too. Our perimeters are becoming more fluid and fuzzy as they expand outwards and cross over the supply chain itself. In fact, the supply chain is one of the areas that can stand to benefit most from the use of the Identify function within the NIST Cybersecurity framework. Many organizations are now asking suppliers to provide a Framework profile, or providing their own template to suppliers, which sets out how the supplier approaches security and their own internal processes and procedures that fit in with the NIST philosophy. This forms the basis of their risk management strategy, again a fundamental of the Identify function.

The Identify stage of the NIST framework is the vital first step in understanding how to approach Cybersecurity risk mitigation. This step is the pivot upon which the other four functions work. Without having full sight of the various aspects of your business, across your expanded data universe for your own organization and any associated companies, you can’t hope to build a holistic and effective Cybersecurity management plan.

Making NIST and the Identify Function Work for Us

The NIST Cybersecurity Framework has been designed by collaboration with security professionals, who have gone through the pain of creating a solid Cybersecurity strategy.  We can all benefit from using their collective wisdom and following their recommendations. The first foot on the road to a solid Cybersecurity program is to know your enemy and their actions. Performing the Identify function is that first step on the road to a more secure organization.

There are many places you can get further information on applying the NIST cybersecurity framework principles. However, there is a book I can highly recommend, by Adam Anderson and Tom Gilkeson, “Small Business Cybersecurity”, that will help ease the complexity out of the equation and explain in simple terms how to utilize the NIST Cybersecurity framework and the Identify function. The book was written specifically to advise small to medium-sized company security professional on how to communicate the latest tools and techniques in security to C level executives and is a great reference guide.


Privileged Account Management for Dummies

Getting to know PAM

This book gives IT professionals a practical understanding of privileged account management (PAM). It describes what privileged accounts are, where they reside throughout an IT environment, and how they function. Most importantly, this book explains the risks associated with these accounts and how to best protect them from hackers and malicious insider threats. 

This book will help you:

  • Grasp the fundamentals of privileged account management (PAM) 
  • Develop strategies for building a PAM solution
  • Learn the top ways to protect your organization’s most critical accounts

PAM for Dummies is sponsored by Thycotic, an IBM partner whose technology powers IBM Security Secret Server.

Get your white paper here


About SecurIT

Founded in 1999, SecurIT has over 18 years of extensive experience of designing, implementing, maintaining large Identity Management/Governance infrastructures. With more than 30 specialists permanently employed in the Netherlands SecurIT offers its customers high quality consultancy, implementation, management and support services (24*7).