fhs
Volume 11, Number 5 -- February 8, 2011

Lieberman Exposes Super-User Activity to SIEMs

Published: February 8, 2011

by Alex Woodie

Organizations can feel a little more secure that their IT workers aren't abusing powerful user profiles as a result of integration work done by Lieberman Software and Q1 Labs. The two security software companies teamed up to ensure that every use of Lieberman's Enterprise Random Password Manager is tracked by Q1 Labs' security information and event management (SIEM) software.

Lieberman's ERPM is designed to streamline and secure the process of granting IT workers elevated authority on a server or application. ERPM controls access to powerful user profiles, such as ALLOBJ on the IBM i OS or ROOT on Unix, through the passwords that are associated with these user profiles. IT workers can get the authority they need by logging into EPRM, which randomly generates a password for the user profiles in question. The software, which runs on SQL Server or Oracle database, supports most popular platforms, including IBM i, z/OS, Windows, Linux, Unix, Cisco networking gear, major user directory servers, and others.

Liberman already offers its customers the option of requiring two forms of user authentication (including via RSA devices) before ERPM will grant access to powerful user profiles. But with such a treasure trove of corporate resources sitting on the other side of the ERPM wall (one shudders to imagine what a knowledgeable hacker could do if he were granted full access to an IBM i or System z server of a major public company), this is a situation where you almost can't have too many walls, or too much inter-connectedness among security systems.

While there's little question that Lieberman successfully maintains tight security over its customers' delegated domains via ERPM, larger enterprises with big IT security concerns clearly want to view ERPM activities via their SIEMs, those all-seeing, all-knowing eyes in the sky that are charged with detecting coordinated security attacks on corporate information systems.

To that end, Lieberman has embarked upon a concerted effort to get ERPM interfaced to, and certified with, other enterprise security systems. Last year, the Los Angeles company certified ERPM to work with the SIEM from ArcSight, which attracted so much positive attention that was snapped up by Hewlett-Packard last fall for $1.5 billion. It has also integrated ERPM with third-party incident reporting and tracking systems.

Last week, Lieberman announced that ERPM activities will be exposed to QRadar, the SIEM from Q1 Labs, which is another respected developer of enterprise security tools (and one that is now supporting IBM i). According to the vendors, the certification ensures that ERPM can effectively leverage Q1 Labs' LEEF and AXIS "open security intelligence protocols" to identify security threats and anomalies involving powerful user profiles and the passwords that authorize IT workers to use them.

This means that all password check-in and check-out activities, credentials changes, and successful and failed password verifications managed by ERPM are now visible in QRadar, where they can be correlated with other security events in real time. Reporting and auditing elements of ERPM are also now exposed to QRadar.

Lieberman Software president and CEO Philip Lieberman says the integration "closes the loop" on security event management. "With this 360-degree view of security events Lieberman Software and Q1 Labs can show not only what is happening, but also who is behind the activity--effectively ending anonymous access to privileged accounts."

Strong sales of EPRM fueled a strong fiscal 2010, with year-over-year revenues increasing nearly 40 percent, Lieberman said last month. The company attributes the increased sales to a boost in awareness, including the new integration points with SIEM vendors like Q1 Labs and ArcSight.


RELATED STORIES

Q1 Labs Adds IBM i, Social Media Monitoring to SIEM

Lieberman Adds i OS Support to Password Program



                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot


Sponsored By
COMMON

COMMON 2011 Annual Meeting and Exposition

Mark your calendars and register today for COMMON's 2011 Annual Meeting and Exposition in Minneapolis, Minnesota, May 1 - 4, 2011!

The COMMON Annual Meeting is the largest gathering of the Power Systems user community and COMMON's largest educational event of the year, with four full days of in-depth IBM i , AIX, and Linux education that includes all-day pre-conference workshops, all-day Integrated Seminars, open labs and a wide variety of regular-length sessions.

Browse the world's largest Power Systems Exposition, encompassing nearly 80 exhibitors, of the industry's leading solution providers. It's a one-stop source of up-to-the minute information and ideas for the IT industry. Discover what's new in the Power Systems world and give your company ways to reduce costs and improve productivity.

Benefits
The COMMON Annual Meeting and Exposition is the premier Power Systems-related educational conference and annual meeting of the COMMON membership.

  · Most cost-effective conference option for your 2011 educational needs providing tremendous ROI.
  · Four full days of over 300 educational sessions, labs and pre-conference workshops -
    all led by industry experts.
  · Endless networking opportunities at the largest gathering of the Power Systems user community.
  · Discover the latest products and solutions available for the Power Systems industry in the
    Exposition of nearly 80 exhibitors.
  · Advance your career and showcase you business and technical knowledge with a
    COMMON Certification.
  · See all available educational options in the Online Session Guide: www.common.org/sessions.html.

The COMMON 2011 Annual Meeting and Exposition provides the most value to you available in an educational conference:

  · Learning from Power Systems experts on the latest IBM i, AIX, and Linux topics.
  · Sharing knowledge and Meeting with peers, speakers, experts, and vendors.
  · Discovering the latest products and solutions in the Exposition.
  · Advancing your career with a COMMON Certification.

The COMMON 2011 Annual Meeting and Exposition is the premier educational and networking event that you and your team will not want to miss.

Learn more and register today www.common.org/annualmeeting


Editor: Alex Woodie
Contributing Editors: Dan Burger, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

ASNA:  Wings™: The faster, easier way to a better System i user interface
New Generation Software:  BI comes in many flavors. Get info and FREE ice cream!
COMMON:  Join us at the 2011 Conference & Expo, May 1 - 4 in Minneapolis, MN


 

IT Jungle Store Top Book Picks

BACK IN STOCK: Easy Steps to Internet Programming for System i: List Price, $49.95

The iSeries Express Web Implementer's Guide: List Price, $49.95
The iSeries Pocket Database Guide: List Price, $59
The iSeries Pocket SQL Guide: List Price, $59
The iSeries Pocket WebFacing Primer: List Price, $39
Migrating to WebSphere Express for iSeries: List Price, $49
Getting Started with WebSphere Express for iSeries: List Price, $49
The All-Everything Operating System: List Price, $35
The Best Joomla! Tutorial Ever!: List Price, $19.95


 
The Four Hundred
IBM Kills Off Remaining Power6 and Power6+ Systems

Drilling Down into IBM's Real 2010 Systems Business

Does the iSeries Have a Victim Mentality?

As I See It: The Six Step Solution

Preferred Image Technologies to Sell IBM i HA Software

Four Hundred Guru
Synchronize Your Outlook Calendar with DB2 for i ERP Data

Another Reason Why Function Subprocedures Should Not Modify Their Parameters

Admin Alert: QPWDRULES Rules!!! Opening Up User Password Options with i 6.1

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar

System i PTF Guide
September 25, 2010: Volume 12, Number 39

September 18, 2010: Volume 12, Number 38

September 11, 2010: Volume 12, Number 37

September 4, 2010: Volume 12, Number 36

August 28, 2010: Volume 12, Number 35

August 21, 2010: Volume 12, Number 34

TPM at The Register
VMware takes on Google Apps with Zimbra 7

Cisco munches Inlet for $95m

Google does fractals in HTML5

'Red Hat for stats' goes toe-to-toe with SAS

Wintery January hurts US jobs growth

Newbie CEO Apotheker rakes in big HP bucks

SGI swings to a profit on sales jump

SGI plunks Windows on big Altix UV supers

Schooner ditches IBM, sets MySQL, caching accelerators free

Dell (finally) peddling Canonical UEC clouds

Time Warner Cable bags NaviSite for $230m

Unisys: balance sheet stronger, but sales lower

THIS ISSUE SPONSORED BY:

Help/Systems
looksoftware
Maxava
COMMON
RJS Software Systems


Printer Friendly Version


TABLE OF CONTENTS
Island Pacific Charts Its Own Path to Web 2.0 Independence

Remote Journaling: Friend or Foe in HA?

I-O Finds Success with Host Print Software for i and z

Lieberman Exposes Super-User Activity to SIEMs

ManH Takes the Guesswork out of Warehouse Management for Jeans-Maker

News Briefs and Product Shorts:

CLI Unveils Ubuntu-Based Thin Clients . . . McLeod Touts Big Jump in Sales of Trucking Software . . . Shoe Company Expands with IBM i ERP from CGS . . . Superior Bulk Logistics Taps UNIT4 CODA for Financials . . . IBM Unveils Local Storage Option for Cloud-Based Backup Service . . .

Four Hundred Stuff

BACK ISSUES




 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2011 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement