Get Increased Control for Identity Verification with Password Reset Server’s Latest Upgrade

15 04 2014

Password Reset Server’s most recent upgrade to 3.2 gives greater control over the identity verification process by allowing administrators to define which questions users must answer correctly.

Now, verification questions can be marked as Optional, Required or Grouped.

Required Questions

Administrators can now mark specific questions as Required, meaning that users will have to provide correct answers to required questions during enrollment and will have to answer the questions correctly during a password reset.

Grouped Questions

Questions can also be marked as Grouped. This will display all questions in the group during a password reset, but the user only has to answer one of the grouped questions correctly. This option is especially useful for companies requiring multifactor authentication, as it gives users the option to choose the multifactor method of communication works best for them at the time.

Here’s how this can work: Set three multifactor questions Grouped: email, SMS and phone. During enrollment, the user will be required to enter their email, SMS and phone numbers. Then during a password rest, the user can choose which multifactor question to answer correctly, so if they are only able to access email at the time, they can answer the email verification question correctly.

Password Reset Server Enrollment

 Security Policy question configuration: Three multifactor questions are marked as grouped (required 1 correct answer out of 3), an image question is required, and the user will choose two of the optional questions to answer during enrollment.

Password Reset Server Security Questions

Questions during enrollment: Required questions are marked with an exclamation point (!) and optional questions can be selected from the drop-down menus.

For a chance to see the new features in action, join us for our webinar this Thursday, April 17 at 11:30 a.m. EDT!





Phew. Thycotic solutions remain unaffected during devastating Heartbleed vulnerability.

11 04 2014

The recent OpenSSL vulnerability CVE-2014-0160, or “Heartbleed” is affecting millions of SSL-enabled web servers worldwide; estimates are somewhere between 60% and 80% of servers are affected by the deadly bug. It’s the perfect example of a worst-case scenario: Heartbleed gives attackers the ability to reveal your server’s private SSL key by recovering just enough SSL key material.

We’re fortunate to announce that Thycotic has remained completely unaffected by this vulnerability, as our solutions are built on a Microsoft stack that doesn’t use any form of SSL technology. Our customers and partners can rest assured. However, it’s important to let others know what they can do to avoid an attack during this time.

While many tech news and media sites are advising consumers to rapidly change all web passwords that may have been affected by the Heartbleed bug, there’s still a risk for IT administrators, web admins and developers managing servers affected by the vulnerability. Question is… how do you prevent an attack while vulnerable?

Keep servers safe during Heartbleed

Website administrators were advised to patch their OpenSSL libraries on their servers to address the problem. But Heartbleed goes deeper than just patching OpenSSL. OpenSSL includes a general purpose API that software developers can use as part of their software. This is where static linking comes into play.

Static linking. Developers may choose to statically link to OpenSSL. Static linking allows developers to include OpenSSL within their software and it becomes embedded at compile time. Since the OpenSSL library is embedded in the software, upgrading the OpenSSL package on the operating system alone won’t update the OpenSSL version that software programs may have linked to statically.

Update all software, not just SSL. It is highly advisable that all software that makes use of OpenSSL technology be updated. Software vendors that statically link to OpenSSL should release updates for their software immediately by using a patched version of OpenSSL.

Keep clear, steady communications with customers. Make sure that as you’re updating systems and sending patches you’re also communicating these actions with your customers regularly. Consumers are rapidly changing web passwords and scrambling to protect their most valuable, personal data. Clear communications to your customer base (whether consumer or business) will help everyone stay on the same page and mitigate the most risk by using best practices during this time.





Sneak Peek: New Secret Server features only at RSA Conference 2014

20 02 2014

2014 marks Thycotic’s 5th year exhibiting at the RSA cybersecurity conference. RSA is one of the largest gatherings of IT security professionals and analysts in North America. This year, the conference takes place February 24-28th 2014 at the Moscone Center.

RSA Conference 2014

Thycotic to unveil new Secret Server features

We’re excited to demonstrate not-yet-published Secret Server features before they’re officially released at booth 415 during RSA expo hours. Our team will also give demos of our other IT products and are available to answer any questions you have on our products or password management best practices. Product Manager Ben Yoder and CEO Jonathan Cogley will be there, as well as many more of our great team. Look for our 20X20 black and green booth, you can’t miss us!

What to expect from RSA

Informations sessions cover a variety of security hot topics: hackers and threats, governance, risk and compliance, cryptography, data privacy and more. IT security professionals come eager to discover the latest in security technology, debate fiery issues and mingle with the best in breed vendors and industry experts. Oh, and don’t forget the rocking vendor parties that pack the evenings; complete with food, drinks and entertainment of all kinds amidst the backdrop of a lively San Francisco nightlife.

Awesome keynote lineup

RSA 2014 boasts an impressive speaker lineup worth checking out, including Nawaf Bitar of Juniper Networks, Art Gilliland of HP, James Comey of the FBI and a special closing keynote appearance by Stephen Colbert guaranteed to bring some hilarity to the mix.

Thinking about attending? Register for RSA 2014 here.

See you there!

 





Password Reset Server User Interface REFRESH

18 02 2014

Face it, there will always be end-users that forget their passwords. Giving them the ability to reset their own password is key to saving time, money and unnecessary stress, both for the user and the help desk.

The trick is to make the reset process as simple as possible. We kept this in mind with the latest release of Password Reset Server, our end user self-service password reset tool. We focused on enhancing the user interface to make the process for end-users simple and intuitive. The modern interface provides clear action steps and a newly designed enrollment process tailored to the end-user. Below are screen shots of the new, fresh face of Password Reset Server:

Introducing the new Password Reset Sever landing page

Password Reset Server Login

Updated enrollment process: End-users can now select the questions they want to answer

Enrollment Security Questions

Modern end-user interface to manage their answers

PRSSecurity Questions

And for administrators (Don’t think we would leave you out!) check out our new configuration screen

Administrator Configuration User Interface

Like what you see? Join us this Thursday February 20th at 11:30 AM EST for our Password Reset Server Webinar as we showcase the new user interface and the other features of our last release.

Look out for the next Password Reset Server Release coming in April, which is feature-focused. Want a sneak peek? In THIS release, you got the ability for end-users to choose the security questions they want to answer. In the NEXT release, you’ll be able to flag specific questions from that list as required. And, if you have a Security Policy for different groups in your organization, you can choose different required questions for each group.





2013: A Security Odyssey

31 12 2013

What did 2013 hold for Thycotic Software? New partners, software releases, and other exciting milestones. Join us for our movie themed year-in-review.

This year, in the wake of dozens of newsworthy data breaches, the landscape for IT security broadened with every headline. The importance of securing privileged credentials and managing identity went from a “nice to have” to a “need to have” seemingly overnight. It became more apparent from IT teams across the globe that a spreadsheet was no longer a trusted, secure repository to manage privileged passwords in an organization.

So what did this mean for Thycotic? Keeping a close eye on security trends, we listened to our customers and built the features they requested to solve their most essential use-cases in privileged account management. But that wasn’t all we did.

Here are just a few highlights of what made 2013 a defining year for Thycotic Software.

Let it snow, let it snow? More like, let it grow, let it grow!

Inc. Magazine named us one of the Top 5000 Fastest Growing Companies in the US, and #33 in the top 100 fastest growing companies in DC. We couldn’t be more honored to receive this privilege. Our growth is attributed directly to our fantastic customers and our intelligent, hard-working team.

Lions, Tigers, and Splunk – Oh, My!

This year we announced several great partnerships, ending the year with an official announcement of our partnership with Splunk to release the Secret Server App for Splunk Enterprise. We’re proud of all of our new partnerships, and especially of our rapidly growing technology integration partner program. You can read more about the Splunk integration with Secret Server in our press release.

Come fly with me, let’s fly, let’s fly away.

We broke a personal record at Thycotic by sponsoring over 35 tradeshows across the world in 2013. We’ve presented dozens of keynotes, spotlight sessions, thought leadership interviews and spoke directly with thousands IT security and operations professionals in every major vertical about their security needs. Thanks to our dedicated team who worked round-the-clock to make those events a major success.

Release the kracken!

This year we’ve had several exciting releases to our products Secret Server, Password Reset Server and Group Management Server based on direct requests from our customers.

For Secret Server, some notable new features are: SAP support for natively changing passwords on SAP accounts; expanded API to increase automation in scripting; Custom Columns for a more tailored dashboard view; Website Password Changing to automatically change passwords for Windows LIVE, Google and Amazon accounts; SAML Support for increased security and single-sign on convenience; and Improved Discovery for Scheduled Tasks and Application Pools, now discoverable by Secret Server.

Other new product features are Active Directory Attribute Integration to let employees easily update their own AD information with Password Reset Server, and Group Renewal for Group Management Server to remind Active Directory group managers to double check their group membership from time to time.

So what’s next for 2014?

We think that 2014 will trump this year in success stories, growth, partnerships and products. We hope you join us every step of the way. Join us on LinkedIn and Twitter for the latest news in cybersecurity and be sure to stop by our booth at RSA 2014 in San Francisco as we kick off another thrilling year in IT security.  Also Thycotic is hiring, join the Thycotic team – read these great Thycotic reviews and see the latest Thycotic videos.





Password Reset Server: Remind Your Users to Enroll With a Logon Script

27 11 2013

Being a self-service password reset tool, Password Reset Server needs its end-users to enroll in the product by answering security questions. This can become a challenge if you want your users to begin changing their password immediately or if you are having difficulty getting users to respond to the enrollment reminders. Password Reset Server offers a couple solutions to this challenge.

First, Password Reset Server has recently released Automatic Enrollment.  Automatic Enrollment will sync users’ Active Directory attributes, such as email, phone, address, etc. and allow those answers to be used as the end-user’s security questions. This works well if your user’s profile in Active Directory is accurate and up to date, and if you are using text, email or SMS based questions.

Second, for those of you who want security questions about more than what is listed in AD attributes, you can use a Logon Script to get your users to enroll. The Logon Script can be used for organizations that also want to include more personal challenge questions, such as a user’s “Favorite Food” and “Childhood Friend.”

A Logon Script is a piece of code, usually either a batch file or Visual Basic/PowerShell script, which is deployed using Group Policy and runs as a user logs into their machine. Password Reset Server has an accessible API that can be used to create personalized reminders for those users that have not yet enrolled into Password Reset Server, or completed their personal security questions.

Setting up a Logon Script is simple! First, we created the script to call the Password Reset Server Web Services <http://support.thycotic.com/KB/a382/calling-web-services-password-reset-server-with-powershell.aspx>, and then we created a script to be performed on the user’s logon. For example, we used the following PowerShell script that will check the enrollment status of a user, and direct them to Password Reset Server if they are not yet enrolled.  If they have enrolled, it will simply stop running.

$url = ‘http://www.MyPasswordResetServer.com/webservices/webservice.asmx&#8217;

$proxy = New-WebServiceProxy -uri $url -UseDefaultCredential

$enrolled=$proxy.UserEnrolled($env:USERDOMAIN,$env:USERNAME)

IF ($enrolled -ne $true)

{

Start -Path “http://www.MyPasswordResetServer.com/PasswordResetServer&#8221;

}

ELSE

{

Exit

}

After creating the script, you will want to assign the script in the domain Group Policy. Then, select the objects that you want affected by the Logon Script, edit the policy and navigate to User Configuration>Polices> Windows Settings>Scripts. Right click and select Properties.  After this step, you will want to click the PowerShell Scripts tab inside Group Policy Editor and add your newly created script. Next, you can select the GPO run policy to have this script run first or last after logon. When this is done, click Apply and Ok, and you have successfully created a logon script that will prompt users to enroll in Password Reset Server if they have not already. It’s that easy!





Reduce Help Desk Calls with Password Reset Server

12 11 2013

Any help desk or system administrator will tell you that their company spends much more time resetting end-user passwords then they should. Constant calls to the help desk for this simple yet urgent problem eat a lot IT’s time that could be spent working on other projects and support issues.

To help alleviate this problem, Thycotic Software developed Password Reset Server. Password Reset Server is a self-service password reset tool for Active Directory end-users. It makes the password reset process very simple and straightforward, with a Windows login integration for in-network employees and a web portal for those off-site.

Some of the main features of Password Reset Server include:

Self-Service Password Resets

End-users are put in charge of changing their own passwords. With secure identification, I.T. no longer has to be directly involved.

Automatic Enrollment

IT teams can bulk-enroll all employees. That way, users can simply log into the site and answer questions based on Active Directory attributes when they need to change their passwords.

Multi-factor Questions

Add security to ensure the correct person is resetting their password with multi-factor authentication, including verification via phone, email and SMS.

By providing a secure method for end-users to reset their Active Directory passwords, Password Reset Server helps reduce support demands on help desk staff and allows them to focus on other tasks while giving end-users a quick and easy interface for changing their own passwords.

Learn more about Password Reset Server at our upcoming webinar on Thursday, November 14, at 11:30am EST. We hope you’ll join us!

Register here for the Password Reset Server webinar





Don’t miss our monthly webinars!

5 11 2013

Every month, Thycotic hosts a webinar to explore new features, technical integrations and best practices. Last week we discussed a fairly new feature added to Secret Server version 8.3, which has expanded the list of web password changers. Secret Server can now change passwords on Windows Live, Google and Amazon accounts. This means you can now manage your Office 365, Google Apps and Amazon Web Services through Secret Server. These sites are just the beginning of web password changing for Secret Server. If you missed the live webinar, you can watch a recorded version here.

We have several upcoming webinars, including a feature deep-dive and tech integration case study.

Sign up now to get them on your calendar!

Learn how America First Increased Security through Authenticated QualysGuard Scanning with Secret Server

November 5, 2013 at 1:00 pm EST.

Do you have a full understanding of your network security, from both external and internal threats? Performing authenticated scanning for internal threats while keeping credentials locked-down on premises can greatly mitigate security risk. Find out how America First, a national credit union, implemented secure authenticated scans with Secret Server.

Register here for the Qualys Authenticated Scanning webinar

Thycotic Software Introduces- Password Reset Server

November 14, 2013 at 11:30 am EST.

Learn how Thycotic can help solve your end-user AD password rests. Password Reset Server is an AD self-service reset tool that helps reduce your help desk calls.

Register here for the Password Reset Server webinar

For the latest security news and Thycotic product updates, follow us on LinkedIn!





Thycotic Software (booth #2228) at VMWorld 2012 San Francisco

16 08 2012

Thycotic Software will be at VMWorld 2012!  Please join us at the Moscone Center in San Francisco, CA on August 26th through August 30th.  We will have demonstrations of Secret Server, Password Reset Server, and our newest product Group Management Server.  Stop by booth #2228 and you can meet the team and learn about the newest features in Secret Server.

VMWorld is an ideal opportunity for us to demonstrate our advanced IT admin tools.  Secret Server, Password Reset Server, and Group Management Server all perform well when installed in a virtual server.  We recommend leveraging virtualization technologies such as VMware with our tools not only for ease of management but also for meeting Disaster Recovery and High Availability requirements.

Secret Server is a privileged password management solution, designed to securely control access to critical enterprise passwords in one centralized, web-based repository.  Secret Server is an encrypted, FIPS-compliant, and helps organizations to reach their Sarbanes-Oxley or PCI DSS goals.

Password Reset Server is an end-user password reset tool that combines ease-of-use with advanced security, and meets Section 508 compliance standards. Password Reset Server is designed to reduce Help Desk calls and let employees reset their own forgotten passwords through a series of secure questions, image-matching, and text/phone verification.

Group Management Server is an end-user-facing Active Directory Group management tool that allows IT admins to delegate AD Group membership to the business owners. Group Management Server helps to lower the time your IT team spends on Active Directory Group membership changes by allowing your end users to do it themselves.

See you August 26th!





Meet Thycotic in San Francisco at RSA 2012!

7 02 2012

Will you be in San Francisco for RSA Conference 2012?  We’ll be there too!  Thycotic Software is excited to demonstrate our flagship products Secret Server and Password Reset Server live.  Please join us at the Moscone Center February 27th – March 2 and learn about the newest features.  Thycotic’s booth (#2550) is located here:

Thycotic Software's Booth #2550 at RSA Conference 2012

Thycotic Software's Booth #2550 at RSA Conference 2012

Secret Server is a privileged password management solution, designed to securely control access to critical enterprise passwords in one centralized, web-based repository.  SS is encrypted, FIPS-compliant and helps organizations to reach their Sarbanes-Oxley or PCI DSS goals.

Password Reset Server is an end-user password reset tool that combines ease-of-use with advanced security, and meets Section 508 compliance standards. PRS is designed to reduce Help Desk calls and let employees reset their own forgotten passwords through a series of secure questions and images, and even telephone verification.

See you February 27th!








Follow

Get every new post delivered to your Inbox.

Join 30 other followers