Phew. Thycotic solutions remain unaffected during devastating Heartbleed vulnerability.

11 04 2014

The recent OpenSSL vulnerability CVE-2014-0160, or “Heartbleed” is affecting millions of SSL-enabled web servers worldwide; estimates are somewhere between 60% and 80% of servers are affected by the deadly bug. It’s the perfect example of a worst-case scenario: Heartbleed gives attackers the ability to reveal your server’s private SSL key by recovering just enough SSL key material.

We’re fortunate to announce that Thycotic has remained completely unaffected by this vulnerability, as our solutions are built on a Microsoft stack that doesn’t use any form of SSL technology. Our customers and partners can rest assured. However, it’s important to let others know what they can do to avoid an attack during this time.

While many tech news and media sites are advising consumers to rapidly change all web passwords that may have been affected by the Heartbleed bug, there’s still a risk for IT administrators, web admins and developers managing servers affected by the vulnerability. Question is… how do you prevent an attack while vulnerable?

Keep servers safe during Heartbleed

Website administrators were advised to patch their OpenSSL libraries on their servers to address the problem. But Heartbleed goes deeper than just patching OpenSSL. OpenSSL includes a general purpose API that software developers can use as part of their software. This is where static linking comes into play.

Static linking. Developers may choose to statically link to OpenSSL. Static linking allows developers to include OpenSSL within their software and it becomes embedded at compile time. Since the OpenSSL library is embedded in the software, upgrading the OpenSSL package on the operating system alone won’t update the OpenSSL version that software programs may have linked to statically.

Update all software, not just SSL. It is highly advisable that all software that makes use of OpenSSL technology be updated. Software vendors that statically link to OpenSSL should release updates for their software immediately by using a patched version of OpenSSL.

Keep clear, steady communications with customers. Make sure that as you’re updating systems and sending patches you’re also communicating these actions with your customers regularly. Consumers are rapidly changing web passwords and scrambling to protect their most valuable, personal data. Clear communications to your customer base (whether consumer or business) will help everyone stay on the same page and mitigate the most risk by using best practices during this time.





Empower the User: Group Provisioning within Group Management Server

8 04 2014

Group Management Server already relieves a lot of stress and extra work for IT Administrators. With the latest release, we just made IT admins lives even easier by streamlining the process for creating new AD groups through Group Provisioning.

What does this mean for you?

Think of this everyday scenario: The Marketing Team just started a project and they need a new mailing list for participants. Typically, the project leader would have to submit a request to IT for the new mailing list before they could add members in Group Management Server. With Group Provisioning, the entire process is simplified. Now, the marketing project leader can submit a new group request, including group members, directly through Group Management Server. The IT administrator will receive the request through the Group Management Server interface, and can immediately approve and create the group.

Helpful Tip: Use Group Provisioning alongside Group Membership Expiration to keep your Active Directory free from outdated group clutter.

Conclusion: Group Provisioning = Streamlined group creation.

Not using Group Management Server, but interested in learning more? Request a free trial here.





Sneak Peek: New Secret Server features only at RSA Conference 2014

20 02 2014

2014 marks Thycotic’s 5th year exhibiting at the RSA cybersecurity conference. RSA is one of the largest gatherings of IT security professionals and analysts in North America. This year, the conference takes place February 24-28th 2014 at the Moscone Center.

RSA Conference 2014

Thycotic to unveil new Secret Server features

We’re excited to demonstrate not-yet-published Secret Server features before they’re officially released at booth 415 during RSA expo hours. Our team will also give demos of our other IT products and are available to answer any questions you have on our products or password management best practices. Product Manager Ben Yoder and CEO Jonathan Cogley will be there, as well as many more of our great team. Look for our 20X20 black and green booth, you can’t miss us!

What to expect from RSA

Informations sessions cover a variety of security hot topics: hackers and threats, governance, risk and compliance, cryptography, data privacy and more. IT security professionals come eager to discover the latest in security technology, debate fiery issues and mingle with the best in breed vendors and industry experts. Oh, and don’t forget the rocking vendor parties that pack the evenings; complete with food, drinks and entertainment of all kinds amidst the backdrop of a lively San Francisco nightlife.

Awesome keynote lineup

RSA 2014 boasts an impressive speaker lineup worth checking out, including Nawaf Bitar of Juniper Networks, Art Gilliland of HP, James Comey of the FBI and a special closing keynote appearance by Stephen Colbert guaranteed to bring some hilarity to the mix.

Thinking about attending? Register for RSA 2014 here.

See you there!

 





Take the Pain (and IT) Out of AD Group Management with Group Management Server

21 01 2014

Organizations that have many different departments inevitably have to spend time just to keep things organized, and IT teams become a critical part of this strategy. Often, their role is to help implement software that enhances each employee’s ability to do their job, but they also perform many back-end tasks to organize the network. Active Directory group management is one of those critical back-end tasks. It gives each employee access they need to the network, file structures and email distribution lists, but in a complex environment, accommodating requests for AD group membership changes can become a time consuming task for IT to manage.

Universities are a great example of complex group management. They have multiple departments of students, faculty and staff, and users require access to workstations in multiple buildings, usually across several campuses.

Each semester, as students change courses and faculty and staff change offices or departments, the IT helpdesk is hit with countless requests for group administration changes to make sure everyone has the access they need to computers, folder structures and group email lists. You can probably imagine how quickly these requests pile up, and how long it can take an IT team to work through the entire list. This can create an immediate inconvenience to students, faculty and staff and to the IT team itself, which always has plenty of work to do.

With Group Management Server, non-IT staff, professors and managers can be authorized to administer their own AD groups. Simply by logging into the website and making the necessary membership changes, AD group management is distributed to those who need the changes immediately, and to those who best understand the access needs of their own groups.

Some of the key features that make Group Management Server a simple and effective solution:

Active Directory Integration

Users access Group Management Server through any major web browser, using their Active Directory credentials to log in.

Role-based Access Control

Control what featured of the application a user can access through customizable roles and permissions. Use the default roles (user, administrator and auditor) or create your own to tailor roles to your company’s needs.

Self-Service Group Administration for Non-IT Staff

Place more control in the hands of managers and team leaders by allowing them to modify group membership of their own groups through Group Management Server. Allow other staff to make group membership requests to their group managers, and fully audit all usage and group changes for security.

AddingGMSGroupMembers

Reports and Auditing

Every group membership change is audited, including the date, time and user involved for each logged event. Information can be condensed into detailed reports for audits and compliance.

GMSUser&GroupAudit

A new version of Group Management Server was released last Friday. See the full release notes HERE or check out a free 30-day trial.





2013: A Security Odyssey

31 12 2013

What did 2013 hold for Thycotic Software? New partners, software releases, and other exciting milestones. Join us for our movie themed year-in-review.

This year, in the wake of dozens of newsworthy data breaches, the landscape for IT security broadened with every headline. The importance of securing privileged credentials and managing identity went from a “nice to have” to a “need to have” seemingly overnight. It became more apparent from IT teams across the globe that a spreadsheet was no longer a trusted, secure repository to manage privileged passwords in an organization.

So what did this mean for Thycotic? Keeping a close eye on security trends, we listened to our customers and built the features they requested to solve their most essential use-cases in privileged account management. But that wasn’t all we did.

Here are just a few highlights of what made 2013 a defining year for Thycotic Software.

Let it snow, let it snow? More like, let it grow, let it grow!

Inc. Magazine named us one of the Top 5000 Fastest Growing Companies in the US, and #33 in the top 100 fastest growing companies in DC. We couldn’t be more honored to receive this privilege. Our growth is attributed directly to our fantastic customers and our intelligent, hard-working team.

Lions, Tigers, and Splunk – Oh, My!

This year we announced several great partnerships, ending the year with an official announcement of our partnership with Splunk to release the Secret Server App for Splunk Enterprise. We’re proud of all of our new partnerships, and especially of our rapidly growing technology integration partner program. You can read more about the Splunk integration with Secret Server in our press release.

Come fly with me, let’s fly, let’s fly away.

We broke a personal record at Thycotic by sponsoring over 35 tradeshows across the world in 2013. We’ve presented dozens of keynotes, spotlight sessions, thought leadership interviews and spoke directly with thousands IT security and operations professionals in every major vertical about their security needs. Thanks to our dedicated team who worked round-the-clock to make those events a major success.

Release the kracken!

This year we’ve had several exciting releases to our products Secret Server, Password Reset Server and Group Management Server based on direct requests from our customers.

For Secret Server, some notable new features are: SAP support for natively changing passwords on SAP accounts; expanded API to increase automation in scripting; Custom Columns for a more tailored dashboard view; Website Password Changing to automatically change passwords for Windows LIVE, Google and Amazon accounts; SAML Support for increased security and single-sign on convenience; and Improved Discovery for Scheduled Tasks and Application Pools, now discoverable by Secret Server.

Other new product features are Active Directory Attribute Integration to let employees easily update their own AD information with Password Reset Server, and Group Renewal for Group Management Server to remind Active Directory group managers to double check their group membership from time to time.

So what’s next for 2014?

We think that 2014 will trump this year in success stories, growth, partnerships and products. We hope you join us every step of the way. Join us on LinkedIn and Twitter for the latest news in cybersecurity and be sure to stop by our booth at RSA 2014 in San Francisco as we kick off another thrilling year in IT security.  Also Thycotic is hiring, join the Thycotic team – read these great Thycotic reviews and see the latest Thycotic videos.





Group Management Server Scales for Enterprise

5 09 2012

Wait, what is Group Management Server?!

Group Management Server is Thycotic Software’s brand new self service Active Directory group management tool.  IT Admins can designate Group Owners to control Active Directory Security Group and Distribution Group membership.  Reporting and full audit trails are maintained throughout the system on group management activities including adding, deleting, editing user group membership. These audit trails can be used during security audits to demonstrate compliance.

Group Management Server can be installed quickly and does not require Active Directory Schema Extension.  Even very large Active Directory environments can be quickly synchronized and managed from an easy-to-use and secure web interface.  Implementing robust Role Based Access Control and an approvals workflow, Group Management Server can automate IT Admin functions to tighten security, minimize risk, and reduce labor costs associated with managing group membership.

Let’s get back to how Group Management Server scales for the enterprise…

One of the highlights in Group Management Server is the performance during Active Directory synchronization.  Active Directory synchronization is a process in which Active Directory data (groups and users) are populated in Group Management Server.  The synchronization process makes Active Directory group management tasks lightning fast, as opposed to waiting on the Active Directory Users and Computers application to slowly search for the correct group.  In our testing, synchronization with 6 domains (one domain contained nearly 150,000 groups and 100,000 users) was completed in well under 5 minutes.  See figures 1-3 below for before and after screenshots of Active Directory synchronization with Group Management Server.

In Figure 1, this Group Management Server instance manages groups in six domains.  These domains range in size from small (250 objects) to large (100,000+ objects).  Note that domain synchronization has been started at 11:34:08 AM (highlighted in red).

Figure 1

In Figure 2, synchronization has completed for all six domains at 11:38:55 AM.  The elapsed time for the synchronization was
4 minutes and 47 seconds!

Figure 2

In Figure 3, domain statistics are displayed for synchronization.  In less than 5 minutes, Group Management Server synchronized more than 160,000 Active Directory groups and nearly 100,000 user objects spread over six separate domains.

Figure 3

Setting up Active Directory synchronization with Group Management Server

To synchronize with Active Directory, log in as an Administrator for Group Management Server.  Then click Administration -> Active Directory.  Click on the New Domain button and fill out the fields with your specific domain information and click Save.  Group Management Server will begin to synchronize with the newly added domain.  As with test example above, synchronization will take a few minutes depending on the number of groups and other objects in your domain.

Group Management Server information and resources

Try it here:  http://www.thycotic.com/products_groupmanagementserver_try.html

Support:  http://www.thycotic.com/products_groupmanagementserver_support.html

Forums:  http://www.thycotic.com/products_groupmanagementserver_forums.html





Thycotic Software (booth #2228) at VMWorld 2012 San Francisco

16 08 2012

Thycotic Software will be at VMWorld 2012!  Please join us at the Moscone Center in San Francisco, CA on August 26th through August 30th.  We will have demonstrations of Secret Server, Password Reset Server, and our newest product Group Management Server.  Stop by booth #2228 and you can meet the team and learn about the newest features in Secret Server.

VMWorld is an ideal opportunity for us to demonstrate our advanced IT admin tools.  Secret Server, Password Reset Server, and Group Management Server all perform well when installed in a virtual server.  We recommend leveraging virtualization technologies such as VMware with our tools not only for ease of management but also for meeting Disaster Recovery and High Availability requirements.

Secret Server is a privileged password management solution, designed to securely control access to critical enterprise passwords in one centralized, web-based repository.  Secret Server is an encrypted, FIPS-compliant, and helps organizations to reach their Sarbanes-Oxley or PCI DSS goals.

Password Reset Server is an end-user password reset tool that combines ease-of-use with advanced security, and meets Section 508 compliance standards. Password Reset Server is designed to reduce Help Desk calls and let employees reset their own forgotten passwords through a series of secure questions, image-matching, and text/phone verification.

Group Management Server is an end-user-facing Active Directory Group management tool that allows IT admins to delegate AD Group membership to the business owners. Group Management Server helps to lower the time your IT team spends on Active Directory Group membership changes by allowing your end users to do it themselves.

See you August 26th!





Join Our New Reseller Program

27 09 2010

Over the past few months the Thycotic team has been working on creating a structured Value Added Reseller Partner Program. After a little help from some experts and a lot of hard work, we are proud to report our Reseller Partner Program is ready! We have included many useful tools to help our Partners around the world bring Secret Server password management software to their customers.

Here are a few examples of what you’ll get in our Reseller Partner Program:

  • Sales Presentations
  • Typical use case scenarios
  • Detailed target market information
  • Marketing campaign tools
  • Product FAQs
  • Recorded demos
  • Installation and configuration instructions
  • Accompanied professional services examples
  • Objection Handling

Now we need Partners passionate about Secret Server! So what’s in it for you? How about local leads and a generous commission structure? We have thought of everything and what we missed we hope to learn from you; feedback is welcome. The Thycotic team is confident in our products and wants to see our Partners achieve the same success with their customers as we have seen with ours.

If you are ready to get the ball rolling, please complete our Partner Application Form

Please contact us with any questions.








Follow

Get every new post delivered to your Inbox.

Join 30 other followers