Launch Away-Multiple Launcher Sneak Peek

17 12 2013

One of the most popular features in Secret Server is the Launcher. With one click, Secret Server can launch and authenticate to RDP, PuTTY or a website. You can also launch a custom executable with Secret Server and pass in command-line arguments that reference Secret values. Additionally, the Windows Form Filler can be used to auto-fill credentials for programs that cannot launch with command-line arguments.

Using the Launcher is easy. First, go to the Secret that you want to use. Then, click the Launcher icon to initiate the session directly from your computer. This way, as long as an employee can access Secret Server, they can get their work done – a convenient feature for anyone working offsite.

With the next product release, Secret Server will allow users to assign multiple launchers to a single Secret. This is valuable when one set of credentials is used for multiple access points. For example, you could launch an RDP session with an Active Directory account, then, using the same credentials you could launch a PuTTY session.

MLBlog1

You will be able to add as many Launchers as you would like to a Secret, including custom Launchers. Any user with access to the Secret will be able to use all of the configured Launchers. Add and configure new Launchers to a Secret at the Secret Template level, as shown below.

MLBlog2

Look for the release later this week. As always, we’ll send out an email announcement once the update is live. If you do not get emails about the latest product releases, update your email preferences here.





Use Custom Reports as Your Secret Weapon

10 12 2013

Custom Reports

While Secret Server contains a number of reports addressing Secrets, folders, users, activity and more, having the flexibility to create your own reports may be necessary to address your organization’s unique requirements. With the Custom Reports feature of Enterprise and Enterprise Plus editions (and a little knowledge of SQL), you can do just that.

When creating a custom report, you can either write your own SQL query or customize a SQL query from an existing report.

Create a New Custom Report

To create a new custom report, click the Create it link at the bottom-right corner of the Reports page in Secret Server. The resulting page contains a few fields that are present to customize the name, descriptions and other aspects of the report, and a large text box for the SQL query. At the bottom of the page, clicking Show Secret Server SQL database information will provide a drop-down menu and grid that allow you to take a look at the tables and table columns available for use in reporting. Clicking Preview will provide you with the results of your custom report below, so you can check the accuracy of your report.

reportsql1

Reference Custom Secret Fields

With version 8.2.000000, the ability to expose fields for display was introduced along with custom columns for the Dashboard. This means that certain Secret fields can be left unencrypted, and can therefore be used in custom reporting as well. This change can be made at the Secret Template level, and will present a message warning that the fields will be left unencrypted in the database. For this reason, it is important to not mark any fields as exposed for display if they contain sensitive information that should remain encrypted.

report2

report3

Once fields are marked to be exposed for display, they can be referenced in reports as any other field in the database. For example, the following SQL with display Secrets containing a custom field value called “Account Used By”:

SELECT

s.SecretName AS [Secret Name]

,si.ItemValue AS [Account Used By:]

FROM

tbSecret s

JOIN

tbSecretItem si

ON    s.SecretID = si.SecretID

JOIN

tbSecretField sf

ON    sf.SecretFieldID = si.SecretFieldID

WHERE

s.SecretTypeID = 6001

AND

sf.SecretFieldDisplayName = ‘Account Used By:’

This report will return results in the following manner:

report4

Dynamic Parameters

Secret Server also supports the use of several dynamic parameters that will allow report users to select a variable to apply to a report. These can be parameters such as user, group or date range. For more information on using dynamic parameters, see our KB article on the topic. A good example of dynamic parameters can be seen in the preconfigured report “What Secrets have been accessed by a user?”

report5

report6

Reports Gallery

To see custom reports that other Secret Server users have created and to share your own, you can take a look at the Custom Reports Gallery.

Want to learn even more about creating custom reports? Join us this Thursday, December 12th, at  11:30 AM EST for our Deep Dive: Secret Server – Get the most out of Reporting Webinar. Register today!  

For any questions or assistance with custom reports, contact Thycotic Support.





Announcing Our Official Technology Alliance with Splunk

3 12 2013

In the past we have discussed the benefits of using a security information and event management (SIEM) solution, not only as a compliance tool, but also for protecting against potential threats in real time.

We are excited to announce our official technology alliance with Splunk to release Secret Server for Splunk Enterprise, giving administrators deep insight into the use of privileged accounts, providing better visibility for compliance standards and detection of internal network threats.

Getting the app is simple. While logged into the Splunk interface, navigate to “apps” and search for Secret Server. Once installed, you can use the app to automatically start pulling information from the Secret Server sysLog. Make sure you have Secret Server installed and running before using the app.

Splunk1

Using Secret Server with a SIEM tool such as Splunk allows administrators to gain a clear picture of what is going on throughout their network. The app can be used to filter out key events from the Secret Server sysLog using the Event Search feature. This allows easy retrieval of information from real time events, such as when users are launching sessions, accessing reports, checking out Secrets, or when Unlimited Administrator mode is turned on.

Splunk2

In addition, the app allows you to access and create robust reports directly in the Splunk interface.

Splunk3

Want to learn more? Download Secret Server for Splunk Enterprise today!





Are You Using One Time Passwords?

26 11 2013

Secret Server can easily be configured so that end users do not have to see the password to make use of a resource, such as logging onto a remote server. Using Hide Launcher Password, Secret passwords can be hidden from users, forcing them to use a Launcher to access the machine or device. This makes it easier for admins to use long and complex passwords and also improves security by eliminating the ability for users to write down and save passwords. You can even create white or black-lists< http://blog.thycotic.com/2013/05/03/restricting-user-input-for-launcher/> to restrict the devices that users can launch into. In addition, Secret Sever also has a Web Filler< http://blog.thycotic.com/2013/02/20/webinar-secret-server-web-password-filler/> to launch into website accounts.

Whenever possible (without impending workflow, of course!) passwords should only be revealed when necessary. This keeps passwords from being written down or memorized and enforces using the vault to ensure a full audit trail. Hiding passwords for all of your accounts, however, may not always be possible. For instance, if an administrator creates a new service, she will need to manually enter a password from Secret Server. To do this, you can certainly give the administrator permission to view the Secret’s password, but it risks the password being compromised.

Secret Server’s solution to this is Check Out. Utilizing Check Out allows you to configure how long a user has access to any given Secret. You also have the option of having Secret Server change the password when the access period expires or the user checks in the password themselves.

Here’s an example of how this can work. Say Sarah, our imaginary system administer, checks out a Secret to go preform maintenance on a couple Windows servers.  She decides to write the password down and then gets to work on the different servers using that Secret’s credentials. In the process, she gets a little distracted and leaves her sticky note with the password behind when she goes to grab a cup of coffee. Luckily, Check Out with Expiration is configured. While she is out, the Check Out period automatically ends and Secret Server checks in the password and changes it automatically. When Sarah returns from her coffee break, she will have to go back to Secret Server for the new password. This keeps her usage audited in the system, and protects the company against her stray sticky note, which has now been forgotten. For companies that want even more of an audit trail, they can use Check Out in conjunction with Require Access for Approval< http://blog.thycotic.com/2013/10/15/create-an-approval-workflow-for-sensitive-secrets/> to create an easy and secure workflow for your more sensitive accounts.





3 Ways Secret Server will Enhance your Identity Access Management Strategy

19 11 2013

It’s important to have an Identity Access Management (IAM) strategy, whether you are trying to meet a compliance standard such as PCI, SOXS or FIPS, or you just want accountability for what is going on throughout your network. Secret Server has many ways that it can help administrators accomplish this. In this article, we will be going over three different features that will help establish your IAM strategy.

1. Role-based access:

With roles, administrators can delegate permission and access to appropriate information quickly and easily. Integrating Secret Server with Active Directory will enable you to assign roles automatically based on existing Active Directory groups. This ensures that users only see information that is necessary for them to complete their work, without exposing excess data.

Image

2. Audits and Reporting:

Every time a user has any interaction with a Secret, an audit is created to record: (1) the action, (2) the person and (3) the exact time the action occurred. Using the audit information, administrators are able to see exactly what users are doing within the system. For example, they can tell how Secrets are shared between users, Secrets with the most views, and which users are not logging into the system at all.

Image

3. Session Recording:

Secret Server can record everything that occurs during a session. By using the recording launcher, Secret Server takes a screenshot every second and then compiles the images into a movie that is saved on the audit log. This is great for your most critical machines, where you want to know exactly what is going on when a user is logged in. Now, should anything go wrong on these servers, it is easy to retrieve the recording from Secret Server and view exactly what occurred, increasing the speed at which the issue can be resolved.

Using these three features will put you on track to creating a complete Identity and Access Management strategy in which your team may become more productive and secure.

Image

Image

If you are in Los Angeles this week for the Gartner IAM conference, stop by our booth # 210 or join us tonight at 5:45 PM PST for a drink in our “Made in DC” hospitality suite.





Don’t miss our monthly webinars!

5 11 2013

Every month, Thycotic hosts a webinar to explore new features, technical integrations and best practices. Last week we discussed a fairly new feature added to Secret Server version 8.3, which has expanded the list of web password changers. Secret Server can now change passwords on Windows Live, Google and Amazon accounts. This means you can now manage your Office 365, Google Apps and Amazon Web Services through Secret Server. These sites are just the beginning of web password changing for Secret Server. If you missed the live webinar, you can watch a recorded version here.

We have several upcoming webinars, including a feature deep-dive and tech integration case study.

Sign up now to get them on your calendar!

Learn how America First Increased Security through Authenticated QualysGuard Scanning with Secret Server

November 5, 2013 at 1:00 pm EST.

Do you have a full understanding of your network security, from both external and internal threats? Performing authenticated scanning for internal threats while keeping credentials locked-down on premises can greatly mitigate security risk. Find out how America First, a national credit union, implemented secure authenticated scans with Secret Server.

Register here for the Qualys Authenticated Scanning webinar

Thycotic Software Introduces- Password Reset Server

November 14, 2013 at 11:30 am EST.

Learn how Thycotic can help solve your end-user AD password rests. Password Reset Server is an AD self-service reset tool that helps reduce your help desk calls.

Register here for the Password Reset Server webinar

For the latest security news and Thycotic product updates, follow us on LinkedIn!





Windows 8.1 Security Improvements Helps Protect Against Pass the Hash Attacks

21 10 2013

This cyber security month, we’d like to congratulate and thank Microsoft on their efforts to block Pass the Hash cyber-attacks. Known by Microsoft as “one of the most popular types of credential theft and reuse attacks ,” Pass the Hash attacks are known for their ability to infiltrate full networks within minutes, making a major mess along the way.

With the Windows 8.1 update released on October 1, Microsoft has added major security improvements that are intended to block the ability of hackers to use these kinds of attacks. With the new release, Microsoft has bought us all some “space to breathe.”

Use your space wisely and remember that cyber security is constantly evolving. Take these three steps to help strengthen your organization’s password practices.

  1. Administrator accounts still need to be separated and used with care. Segment administrator accounts into a regular AD account and a user-specific Domain Administrator account for use only when privilege is needed.
  2. Lock down Domain Administrator passwords in a secure place where the administrator can access them when needed, and admin access is fully audited, so you have a record of use.
  3. Change Domain Administrator passwords to a new, random value after each use.

These steps can be incorporated into your security policy and implemented manually or through an automation tool, such as Secret Server. Password management tools provide added value to security and password management when they enable role-based access, sharing among teams, and full auditing for compliance.

Learn more about the Windows 8.1 update here.





Create an Approval Workflow for Sensitive Secrets

15 10 2013

It’s important to understand how to properly create a workflow in Secret Server for secrets of a sensitive nature. For example, let’s say you have a Secret for the admin account on your production web server. You want to give all your web server administrators access to the Secret, but you only want them to log in for a specific reason, such as during an emergency or to perform maintenance or install new software.

To address this issue, Secret Server has a security feature called Require Approval for Access. This setting lets you grant a user access to a Secret by making the user enter a reason they would like to access the Secret. It can be used for any Secret within Secret Server. For our example today, your web server admins would enter the reason why they want to access the web server.

Secret Access Request | Secret Server

Secret Access Request | Secret Server

After the web admin explains why he wants access to the production web server, an email is sent to one or more people to approve. You can customize who receives the email and is allowed to approve the request – every Secret has a customizable approval list.

Next, those approving the request will receive an email notifying them of the request. Inside Secret Server, they can read the request, deny or approve it, and specify how long that user may have access to the Secret before they have to submit another request for access.

Request Access for Workflow | Secret Server

Request Access for Workflow | Secret Server

This entire request and approval process is logged in the audit trail of Secret Server, so if there are ever questions later, it can be double checked.





Secret Server iOS 7 Mobile App Upgrade

7 10 2013

As iOS users may have noticed, our Secret Server app received an upgrade with the recent release of iOS 7. The most noticeable sign the app was upgraded is a fresh user interface. However, there are a few other aspects of the latest update that are worth highlighting.

View & Edit Restricted Secrets
Previously, users could not view restricted Secrets from the mobile app. Now, Secrets that have the advanced security settings Require Comment, Require Approval and CheckOut are also accessible from your mobile device.

Require Comment_iOS app update post_2013

Require Comment

 

Require Approval

Require Approval

Checkout

CheckOut

When viewed through the mobile app, Secrets that require a comment will receive an audit entry called WEBSERVICEVIEWCOMMENT to help differentiate comments in the audit log:

ViewWebserviceView_iOS app update post_2013

These restricted Secrets will not be cached. Therefore, a user must re-enter information after a 5-minute period (for Require Comment) or when the approval period ends (for Require Approval and CheckOut).

More Information

If you don’t yet use the mobile app and/or would like more information, please see the following articles in our Knowledge Base:

Using the iOS 7 Mobile App with Secret Server Installed Edition

Using the iOS 7 Mobile App with Secret Server Online





The Value of SIEM and How to Integrate with Secret Server

1 10 2013

What is a SIEM tool and why should I use one?

SIEM (System Information and Event Management) tools are a type of software that pulls in log and audit information from multiple sources across your network. This can include access logs for building entry, computers, servers, network devices, databases and applications. SIEM tools can aggregate all the data pulled so that you can get a clear picture of what is going on across your network by correlating events. It also provides real-time alerting in the case of security breach.

Here’s a quick example of how a SIEM tool can identify a breach. Say an employee – let’s call her Sarah – comes to work every day around 9:00 am EST. She’s an IT admin, so she beeps into the building with her key card, logs into her computer and starts checking on the status of her assigned servers. But, one day her computer is accessed in the middle of the night, long before she typically comes in. She hasn’t beeped back into the building and her VPN connection was never activated. This could be a security breach and someone better start asking questions. If the company had a SIEM tool, it would have alerted the company that something was wrong.

Secret Server can easily integrate with your existing SIEM tool. As a privileged account manager, Secret Server records a full audit of credential usage – who accessed what and when.  Secret Server can take this audit trail and send all of its information to the SIEM tool using Syslog or CEF format. Once the data is in the SIEM tool, it will compare events from Secret Server to other usage audits throughout your network.

Now, say that Sarah’s company used Secret Server with a SIEM integration for all admin passwords. One night, someone logged into one of Sarah’s servers as the local admin, but there was no indication that anyone logged into Secret Server to retrieve the password. The SIEM tool would be able to tell that a login occurred without Secret Server and flag it as a potential breach. The SIEM tool would then alert the company of the potential breach.

Secret Server is partnered with two SIEM tools, HP ArcSight and Splunk, Inc., with more integrations in the works. Find out more about Secret Server’s SIEM integration and syslog output on our support page!








Follow

Get every new post delivered to your Inbox.

Join 30 other followers