Security information and event management (SIEM) solutions have become a must-have in IT environments because the technology helps make sense of the vast quantities of data provided by security software and appliances across the network.
But for all the advantages of SIEM, until now the solutions had one troubling blind spot. While SIEM can correlate volumes of security data to create a picture of singular events, by itself it lacks the ability to tie those events to the most powerful users and processes within IT.
Lieberman Software Corporation today announced that the latest version of Enterprise Random Password Manager (ERPM), the company’s privileged identity management (PIM) solution, provides out-of-the-box integration with ArcSight ESM, RSA enVision, and the Q1 Labs QRadar Security Intelligence Platform. Available at no additional cost to supported customers, ERPM now includes an intuitive setup Wizard that customers can use to configure integration with these SIEM systems in only minutes.
Once customers enable the integration features in ERPM, the PIM and SIEM technologies work in concert to ensure that only authorized personnel can access an organization’s most sensitive data, change configuration settings, and run programs on the network.
In most large organizations, IT staff and the software that links computers, databases and applications all maintain access through privileged account credentials. Widely shared and seldom changed, these “super user” accounts grant access to read and alter sensitive data, change configuration settings and run programs everywhere on the network.
Because SIEM systems were not designed with privileged identities in mind, they have no way to tie security events that are triggered through use of these accounts with the individuals and processes responsible. This lack of visibility can leave IT staff with too little information to make informed decisions and the inability to differentiate between routine security events and potentially damaging – or even criminal – activity.
The integrations between ERPM and SIEM technology close this visibility gap by showing IT staff not only when and where critical events occurred, but also precisely who was responsible for any action that required the use of highly “super user” accounts.
ERPM and leading SIEM solutions also
work together to generate an audit trail to correlate the actions taken by privileged users with the security events that might result. By removing anonymity, the products introduce accountability for all users who access the organization’s most critical IT resources – revealing who had access to what systems and data, when and for what purpose.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.