Managing insider threat by securing privileged access
Symark focuses on solving the inherent security gaps in native UNIX, Linux and Windows operating systems. In business for over 20 years, Symark has hundreds of thousands of licenses in use throughout the Global 2000 with a customer retention rate of over 90%. All Symark PowerSeries products offer fast deployment, central administration and detailed audit logs. They provide the perfect balance of protection and productivity. The company delivers continuous, platinum-level technical support throughout the customer relationship. Symark Software is a global identity and access management security software company that protects heterogeneous data centers.
Name: Robert H. Farber Age: 58 Position: COO Popularly known as: Bob Previous jobs: Informatics, Candle Corporation Family: Married, one child, three grandchildren Residence: Westlake Village, CA Other interests: Skiing, Reading, General Fitness, Sports
In the following interview, Robert H. Farber, COO, Symark discusses 1:1 with Rake Narang, Editor-n-chief of Info Security Products Guide, the inside security threats and securing privileged access.
Rake Narang, Editor-n-Chief - Info Security Products Guide: What are the security threats today to heterogeneous data centers and enterprises? Why has insider threat gained importance over the years and what are the security measures that must be taken?
Bob Farber, COO - Symark: The main security concerns for heterogeneous data centers include poor operational efficiency (which contributes to security breaches), employees acting in unauthorized ways, failure to meet compliance regulations and identity theft.
Insider threat has gained importance over the years because of increased opportunity. Organizations have been far too focused on protecting against spam, viruses, worms, spyware and other external security threats. As a result, insider impropriety has increased. Many identity thieves often work in partnership with a so-called “trusted” insider who stands to gain financially as well. A company’s employees are intimately aware of the steps the organization has and has not taken to protect its IT systems and the vital digital assets they contain. Lax internal security controls enable unethical employees to gain access to proprietary data via “super-user” access accounts (such as a systems administrator account) where passwords are often shared by all systems administrators, never changed and activity rarely logged or monitored (if at all). Who best to orchestrate a targeted attack?
"A decade back who would have thought that the insider threat could be so treacherous? Yet it is a major security threat to digital resources today. Symark solves the problem proactively and bringing it under control instead of waiting for the imminent attacks to happen."
Rake Narang, Editor-n-Chief, Info Security Products Guide
Rake Narang: Tell us more about the PowerADvantage solution and how does this integrated authentication and configuration solution provides greater security? Bob Farber: PowerADvantage is an integrated authentication and configuration solution that extends Microsoft® Active Directory's centralized authentication, authorization, account access, policy enforcement and infrastructure management functionality to UNIX and Linux systems. This enables centralized management of identity, streamlines systems administration processes and significantly reduces the potential for orphaned accounts.
PowerADvantage integrates to PowerBroker, Symark’s policy-based solution for controlling and monitoring access to UNIX/Linux systems. This integration enables organizations to centrally configure and automatically deliver policies to UNIX/Linux clients running PowerBroker via PowerADvantage's Resultant Set of Policy (RSoP) applicators and Microsoft Group Policy functions. Group Policy really has no equivalent in the UNIX/Linux world, and there are many benefits to be gained by introducing Group Policy to UNIX/Linux servers. With PowerADvantage and PowerBroker working in unison, policies can be created once and simultaneously deployed to multiple servers. What’s more, systems administrators do not require elevated privileges or the root account to perform their duties.
PowerADvantage also allows users to log on to any Windows, UNIX or Linux host using their Active Directly user name and password. It is very typical, especially in large, mature organizations, for end users to have five or more user IDs and passwords to access various systems. Besides being difficult to remember so many combinations, it is also unlikely that the activity of so many user IDs is being tracked, monitored and controlled. PowerADvantage enables organizations to consolidate these multiple identifications and passwords, which can then be tracked via Active Directory functions and PowerADvantage reporting. Additionally, when employees or contractors leave the company, their accounts can quickly be de-activated by terminating their Active Directory user ID and password. The alternative is to manually disable end-user access on individual UNIX/Linux hosts, a very labor intensive process that contributes to so many orphaned accounts being left active, creating an environment ripe for fraud and sabotage.
Rake Narang: Will the security vendors always be playing a catch-up game with malware? How do you see the security products and services evolving 2-3 years from today?
Bob Farber: There is both a technical side and a human side to this question. A decade ago, rapidly introducing new features to the marketplace was the avenue for success in the software business. However, the world has changed, and we are well aware that software—and the computing systems they are a part of—need to be secure. I think that security vendors, as well as the software and hardware vendors in general, are well on their way to reforming their development practices to make secure systems that meet the mandates of the modern reality. There may be the occasional slip, creating an opportunity for malware penetration, but on the whole, the computer industry should have things fairly well locked down technically in the next decade.
The bigger problem, in my mind, is the human factor. People have always been—and will continue to be—imperfect. Employees will unwittingly or unknowingly download questionable content from the Internet, and well-intentioned corporate citizens will inevitably release privileged information responding to a fake email from the helpdesk. Even if we are able to completely secure systems from external threats, the possibility for sensitive information to be leaked to unauthorized parties will still exist.
One possible answer to this dilemma is to make processes more robust instead of relying completely on user education. At Symark, we help our customers manage insider threat by securing privileged access. Privileged access can be approved in advanced, restricted to only the specific access needed for that task, thoroughly logged and completely audited, so most of the opportunity for unauthorized access can be removed.
All About Symark Head Office Address: 30401 Agoura Road, Agoura Hills, CA 91301 Founded in: 1985 COO: Robert H. Farber Public or Private: Private Investors: Number of Employees: 104 Products: PowerBroker, PowerKeeper, PowerADvantage, PowerPassword Company’s Goals: Market leader in Identity and Access Management (IAM) solutions for heterogeneous IT environments
