Tag Archive for: PathMaker Group

Using IBM Tivoli Access Manager for Enterprise Single Sign On to Secure your Passwords

A sticky note on your monitor is a good way to remember to bring home a gallon of milk to stay out of the doghouse with your spouse. A sticky note hidden around your desk with all your passwords is a good way to end up in the doghouse with your company’s IT security group!

Let’s face it; it’s hard to remember the passwords for every application we have to use at work. It’s even more challenging when the interval to change passwords is different for every application. Hmmm is my email password myusualpassword12, myusualpassword13 or myusualpassword14?

It’s natural to want an easy way to keep track of them. This leads to insecure things such as using your dog’s name, much easier than remembering X1nP4!e. It’s also easy for someone that knows you to socially engineer that password. Writing the complex password down is easy too. Again simple for someone to flip the keyboard to that sticky note and gain access to your accounts. Read more

Zombie Attrition Process (ZAP)

Zombies are everywhere; they lurk in existing and new systems. These zombies don’t lust after our blood or consume our flesh. It is much worse than that. These zombies can cause companies to fail audits, they can be used for unauthorized access, and worst of all they can cost companies money. Technically we are talking about lifeless accounts that exist on systems and no one knows who they belong to. To us on “Team ZAP” or the Identity Management team these accounts are known as ‘Orphan Accounts’. I don’t know about you, but identifying and removing Zombies just sounds more fun.

Not the kind of Zombies you’re interested in? If you are wondering for how to prepare for the basic flesh eating zombie apocalypse, visit our friends at the Centers for Disease Control.

 

Picture from: http://emergency.cdc.gov/socialmedia/zombies_blog.asp

If you want information on how to deal with Zombie or Orphan Accounts then keep reading. For full disclosure, dealing with Zombies is not for the faint of heart and I am not saying you wouldn’t get your hair mussed. Here at PathMaker Group we don’t mind getting a bit dirty when we deal with Zombies or Orphan Accounts in this proven approach: Read more

Using IBM Tivoli Identity Manager to Aggregate Email Notifications

We all struggle with our electronic mailboxes. For every email we receive, there is some portion of our day devoted to opening and processing these emails. There is also serious time spent just deleting unwanted emails.

Take this example. A manager has a number of contractors that she has reporting to her, let’s say about 30. Every three months, an automated email is sent for each contractor requesting the manager to confirm the contractor is still employed. This is just one email sent every quarter for 30 contractors. That’s 120 emails the manager has to process. This adds up to a lot a time for a busy person. Remember this is just one process. There are other processes out there waiting to fill up unsuspecting mailboxes.

IBM Tivoli Identity Manager (ITIM) has the ability to automatically generate the email notification and aggregate the contents so the manager would get only one email. Using ITIM Out of the Box Lifecycle Operations and Post Office features an email can be formatted that contains all the information that was previously contained in the 30 individual emails. Read more

EHR Stimulus Incentive

EHR technology is a medical software that can help your practice keep track of and treat patients more efficiently and effectively. Additionally, many of these technologies, when implemented correctly and used properly, are subject to government incentives, making them affordable to install.

With the Stimulus Incentive Calculator app for the iPhone, you can figure out how much you will earn by using certified EHR software. Using various factors, such as the size of your practice and the number of patients you see per year, this calculator can show you the incentives for which you may be eligible.

To learn more about the benefits of using EHR technology in your practice, contact PathMaker Group. We provide security solutions and identity management servicesw.

Visit our website or call (817) 704-3644.

Leveraging Centralized Log Management in a PCI DSS Environment

Enterprise environments generate vast amounts of log data on their own before even being required to meet PCI DSS section 10 logging requirements. When taking into account the volume of logs from the large variety of sources across a network it is important to find an effective and efficient manner to address this data. IT departments could easily dedicate one full time employee to this task alone when logs are decentralized across the organization and need to be reviewed, at times, on a daily basis. Admins also face the daunting task of having a working knowledge of the vast array of system interfaces used to access and review this data where it is stored by default. Obviously this configuration is highly inefficient as well as impractical. The only logical solution to meet the PCI DSS required logging volume as well as the review requirements is a centralized log management system. PathMaker Group offers such a solution, built on a SaaS platform, that can provide the necessary functionality, usability, and reporting that PCI DSS requires. Read more

PCI Updates

I thought i would take a few minutes to wish everyone happy holidays and a very prosperous 2011. I also noticed that I hadn’t blogged in a while so I thought I do a little of that…

This blog provides a few updates and observations related to the following:

  • PCI DSS v1.2.1 to PCI DSS v2.0 transition – very well defined, except for the cut-over date. The bottom line is that the PCI SSC is encouraging all merchants and service providers to convert as soon as possible, but at the same time saying everyone has until New Years Eve 2011 (one year).
  • PCI DSS and PA-DSS v2.0 Scoring Templates – QSAs can’t plan their projects without the new Scoring Templates. This will stall migrations.
  • Sampling And ASV Scanning Do Not Mix – this wasn’t a like a free lunch but some still manage to screw it up…
  • PCI DSS Timeline Clarification Read more

Stuxnet Worm, Research and Recommendations

As you may be aware, a worm (originally appearing in 2009) and named Stuxnet has recently resurfaced as a focused attack at Industrial and Energy control systems, namely but not exclusively targeting those systems built by Siemens, AG. This worm has the capability to take control of and/or alter settings within SCADA systems and PLC/RTU sub-components.

Below are some good articles related to recent research into the worm.

Read more

Virtual Machines != Security Virtual Reality

Post #1, Virtual Machines != Security Virtual Reality

PathMaker Group is introducing some exciting new technologies to the market that greatly reduce business cost of securing virtual environments and simultaneously increasing system efficiencies, measured in hard-dollar savings. In order to truly embrace the value of these innovative solutions and approaches, one needs to consider some of the obvious and not-so-obvious security issues rooming in virtual space today.

This post is the first of my multi-part series on securing virtual machine environments and I hope that it provides some additional insight into the security issues that I anticipate would concern every business using virtual machines, or considering using it. Read more

Realizing Rapid Value from Identity Management Provisioning

We’ve been working with most of the leading Identity Management/Provisioning tools since 2003. Most of the products have been acquired or rolled up into a larger suite of products. This process brought maturity, stability, and added investment to the industry. This helped the products and industry establish a place in the IT infrastructure that’s here to stay.

When we first meet with a prospective client we always ask the question, “What’s driving your need for provisioning?” Most organizations will talk first about audit compliance forcing these initiatives. And although this driver has finally elevated the effort to become a budget priority, the fact is that most companies wanted to do the project years ago simply to improve the overall security of the organization. And that can still be done pretty quickly.

So what if you’re one of those organizations that still can’t seem justify the project? Let me suggest you consider a streamlined, rapid approach that will enable you to realize value quickly — I mean in a matter of weeks vs. months or years! Read more

Log Management the Easy Way!

The Need for Effective Log Management

Log Management is a necessity for regulatory compliance and essential to maintaining a positive security posture in your environment. As your IT organization evolves to comply with today’s regulations and defend against new network security threats, you should choose a solution that avoids expensive maintenance and operating costs, reduces the number of resources needed to maintain and support your solution, and most importantly provides the most effective log management solution on the market today.

Our SaaS offering collects log data via an agentless collection device and provides log storage, reporting, correlation and monitoring leveraging our grid computing and storage architecture in our highly secure redundant datacenters. Read more