Latest news
Security information and event management (SIEM) solutions have become a must-have in IT environments because the technology helps make sense of the vast quantities of data provided by security software and appliances across the network.
But for all the advantages of SIEM, until now the solutions had one troubling blind spot. While SIEM can correlate volumes of security data to create a picture of singular events, by itself it lacks the ability to tie those events to the most powerful users and processes within IT.
Lieberman Software Corporation today announced that the latest version of Enterprise Random Password Manager (ERPM), the company’s privileged identity management (PIM) solution, provides out-of-the-box integration with ArcSight ESM, RSA enVision, and the Q1 Labs QRadar Security Intelligence Platform. Available at no additional cost to supported customers, ERPM now includes an intuitive setup Wizard that customers can use to configure integration with these SIEM systems in only minutes.
Once customers enable the integration features in ERPM, the PIM and SIEM technologies work in concert to ensure that only authorized personnel can access an organization’s most sensitive data, change configuration settings, and run programs on the network.
In most large organizations, IT staff and the software that links computers, databases and applications all maintain access through privileged account credentials. Widely shared and seldom changed, these “super user” accounts grant access to read and alter sensitive data, change configuration settings and run programs everywhere on the network.
Because SIEM systems were not designed with privileged identities in mind, they have no way to tie security events that are triggered through use of these accounts with the individuals and processes responsible. This lack of visibility can leave IT staff with too little information to make informed decisions and the inability to differentiate between routine security events and potentially damaging – or even criminal – activity.
The integrations between ERPM and SIEM technology close this visibility gap by showing IT staff not only when and where critical events occurred, but also precisely who was responsible for any action that required the use of highly “super user” accounts.
ERPM and leading SIEM solutions also
work together to generate an audit trail to correlate the actions taken by privileged users with the security events that might result. By removing anonymity, the products introduce accountability for all users who access the organization’s most critical IT resources – revealing who had access to what systems and data, when and for what purpose.
Spotlight
Facebook IPO advanced fee scam hitting inboxes
Posted on 18 May 2012. | Symantec researchers have spotted a scammy email doing rounds, and trying to trick users into parting with their hard-earned cash.
Twitter supports “Do Not Track” option
Posted on 18 May 2012. | Twitter will support the "Do Not Track" initiative and has already rolled out the DNT opt-out cookie.
How executives understand and manage IT risks
Posted on 17 May 2012. | Corporate boards and executives are taking risk management seriously but there is still a gap in understanding the link between IT risks and enterprise risk management.
Content-related threats cause significant data loss
Posted on 17 May 2012. | Approximately 80% of the breaches that led to loss of data assets were executed via content-layer attacks. These include attacks via social networks, browser and file format vulnerabilities as well as phishing.
Ads on Wikipedia can point to malware infection
Posted on 16 May 2012. | Every now and then, Wikipedia's popularity and brand are misused by malware peddlers, typosquatters and scammers.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
