Password Reset Server User Interface REFRESH

18 02 2014

Face it, there will always be end-users that forget their passwords. Giving them the ability to reset their own password is key to saving time, money and unnecessary stress, both for the user and the help desk.

The trick is to make the reset process as simple as possible. We kept this in mind with the latest release of Password Reset Server, our end user self-service password reset tool. We focused on enhancing the user interface to make the process for end-users simple and intuitive. The modern interface provides clear action steps and a newly designed enrollment process tailored to the end-user. Below are screen shots of the new, fresh face of Password Reset Server:

Introducing the new Password Reset Sever landing page

Password Reset Server Login

Updated enrollment process: End-users can now select the questions they want to answer

Enrollment Security Questions

Modern end-user interface to manage their answers

PRSSecurity Questions

And for administrators (Don’t think we would leave you out!) check out our new configuration screen

Administrator Configuration User Interface

Like what you see? Join us this Thursday February 20th at 11:30 AM EST for our Password Reset Server Webinar as we showcase the new user interface and the other features of our last release.

Look out for the next Password Reset Server Release coming in April, which is feature-focused. Want a sneak peek? In THIS release, you got the ability for end-users to choose the security questions they want to answer. In the NEXT release, you’ll be able to flag specific questions from that list as required. And, if you have a Security Policy for different groups in your organization, you can choose different required questions for each group.





4 Steps to HIPAA Compliance with Privileged Identity Management

11 02 2014

HIPAA, or the Health Insurance Portability and Accountability Act, is meant to protect specific health information gathered and used by the healthcare industry. Many people are familiar with how HIPAA affects their privacy as individuals, but not everyone may know how HIPAA shapes an organization’s security practices. A recent breach at St. Joseph Health Center exposed personal information of over 2,000 individuals and reinforces the concern for data security. With technology everywhere we look, the technical safeguards required by HIPAA are extremely important in ensuring that our information remains protected.

Let’s review exactly how Secret Server can assist your organization in achieving HIPAA compliance. From a privileged identity management standpoint, here’s what you need to know:

1.       Protect your information systems  This one is a given, but not everyone takes the time to do it! Make sure all of your servers (ALL of them – not only those that specifically handle personal health information) have strong, unique passwords that are rotated frequently. Don’t leave any easy targets for intruders to exploit. Require users to change their passwords often and enforce strong password requirements.

Secret Server provides the ability to manage server and systems accounts, not only by storing them in a central repository, but also by changing them on a regular, scheduled basis. Improve password strength by configuring password requirements for Secret Server’s random password generator.

Have too many servers on your network to keep track of? Secret Server can automatically discover the local Windows and service accounts on your network and pull them into Secret Server to be managed.

2.       Encrypt data in transit   Especially personal health information (PHI), but this applies to all information that secures the systems storing and transporting PHI as well. Use SSL/TLS to encrypt data being sent over the network.

Secret Server encrypts all sensitive information before it’s stored and as a web-based application supports the use of SSL/TLS encryption for access. What does this mean? Your passwords and any other private information such as credit card numbers, pin codes or even documents are encrypted and stored securely in one central repository.

3.       Record access to data   HIPAA requires measures to ensure data isn’t modified or deleted without authorization. Keep an accurate record of who has access to which systems or information and why.

Once your accounts are managed by Secret Server, it will be your central point for sharing and auditing access to privileged credentials. Secret Server keeps an audit of who views and edits credentials, showing you who had access, which system or data they needed access to, and when. You can even require comments to keep a more comprehensive audit trail of why a user accessed the data.

4.       Provide documentation   Have reports and audit logs available in case any information is requested for review. Secure access to documentation so you are able to track exactly who has the ability to review it.

Secret Server contains a number of built-in reports that will give you an overview of the status of your passwords, who has access to credentials and data, and more. Use a read-only user role to allow auditors to access reports and documentation without the ability to view or edit sensitive information.

Do you work in the healthcare IT industry? Share your experience meeting HIPAA requirements in the comments below.





SIEM Spotlight: Join us this week for our HP ArcSight Integration webinar

4 02 2014

Yep, you guessed it. We’re going to talk about big data. You’ve probably heard the buzz term a million times this year, but here’s an important question for any IT administrator and management team: What role does big data play in making your organization more secure?

Pairing security information and event management (SIEM) with strong privileged account management and password practices combines the best of both worlds for folks looking to strengthen their internal security posture. Just imagine, you could know when an employee started to view an unusual number of passwords because the SIEM tool immediately alerted your security team, preventing a potential insider threat.

The SIEM market includes several vendors that offer strong, enterprise-class tools for proper SIEM management, and that integrate out of the box with Secret Server.

HP_ArcSight

On Thursday, February 6, join us and HP ArcSight as we take a deeper look into how Secret Server integrates with SIEM tool HP ArcSight and what that means for customers and their security plan. Join the webinar to see:

  • A full demonstration of the integration.
  • Common examples of how SIEM technology pairs with enterprise password management to enhance security.
  • Live question and answer session with both Thycotic and HP ArcSight.

Event details

Integration Spotlight: HP ArcSight and Thycotic.

Thursday February 6, 11:30am EST.

Hosted by: Ben Yoder from Thycotic, and Eric Shou and Morgan DeRodeff from HP.

Interested in learning more? Register for the webinar now.

 

 





Thycotic Receives Perfect Score for Customer Satisfaction in the Latest Forrester PIM Wave

3 02 2014

THANK YOU to all of our customers. We hope you know how much we value you every day, and it’s thanks to you that we received a perfect score from Forrester for customer satisfaction. You have given us your feedback on products, stopped by our booth at trade shows to chat, and shared your IT security challenges with us. Without this feedback, we wouldn’t be where we are today.

Forrester Research also provides us with great insight to help us better understand the enterprise IT security landscape and, ultimately, learn how to satisfy our customers. The latest feedback from Forrester comes in the form of the new Forrester Privileged Identity Management Wave.

For the latest Wave, Forrester evaluated Secret Server 8.2, which was released July 2013 (version 8.4 is the latest at the time of publishing). We answered questions about Secret Server, provided demos and gave information for their scoring criteria. Thycotic enterprise clients spoke to Forrester analysts about their experiences with Thycotic Secret Server and Thycotic. Forrester also helps us spread the word about our great products, and we thank everyone who helped us with this Wave.

Forrester just released the official PIM Wave today Monday February 3rd 2014. To summarize – Thycotic customers are satisfied, and Thycotic continues to add more features and functionality to Secret Server in 2014.

For a more detailed review, please take a look at our Forrester Research PIM Wave Thycotic Analysis





Don’t Just Store, Actively Manage Your Passwords! Create Custom Password Changers for All Devices

28 01 2014

 

You just purchased a new network device or server and realized that Secret Server doesn’t contain a specific password changer for it. You figure the best you can do is store the static credentials in Secret Server, but there’s no way Secret Server could actively manage password changing, right? Think again! Secret Server has a variety of ways you can customize password changers, no matter how complex your environment.

SSH

SSH password changers can change passwords for ANY of your SSH-compatible devices. Modify an existing SSH password changer or create your own. Enter the SSH commands in Secret Server, replacing actual credentials in the commands with values that reference the credentials stored in the Secret. The same will work for any device accessible for password changes over Telnet.

HP iLO Account Custom Password Changer Template

A few examples:

  • Configure a Dell DRAC password changer:

http://support.thycotic.com/KB/a166/how-to-manage-drac-passwords-with-secret-server-using-ssh.aspx

  • Use the built-in Cisco password changer (customizable):

http://support.thycotic.com/KB/a251/heartbeat-and-remote-password-changing-for-cisco-accounts.aspx

  • Use the built-in Unix Root account password changer:

http://support.thycotic.com/KB/a369/heartbeat-remote-password-changing-unix-root-accounts.aspx

LDAP

Secret Server comes with several LDAP password changers configured for Active Directory, DSEE and OpenLDAP. You can either customize the existing password changers or use one as a template to create your own custom configurations, for example to change passwords for 389 Directory Server. Customizable settings include enabling SSL, method of authentication, and username authentication format. See the article below for details:

  • Use and configure custom LDAP password changers:

http://support.thycotic.com/KB/a183/ldap-password-changing.aspx

Web Passwords

Secret Server’s web password management includes Remote Password Changing for Amazon Web Services, Google, and Windows Live accounts. Configure these options under the Remote Password Changing tab for any Secret using the Web User Account password changer.

Remote Password Changing for a Windows Live Account

Password Changing for Additional Account Types

Secret Server contains password changers for many other account types as well. While these are not all customizable, they include many commonly used account types such as Oracle, SQL Server, SonicWall NSA and more. A full list of included password changers can be accessed here.

See the Secret Server User Guide for more info on creating and testing custom password changers.

Did you create your own custom password changer? Share it with others on our forum.

Send us your ideas and suggestions any time. Post new feature requests and see what other customers have requested at feedback.thycotic.com.





Take the Pain (and IT) Out of AD Group Management with Group Management Server

21 01 2014

Organizations that have many different departments inevitably have to spend time just to keep things organized, and IT teams become a critical part of this strategy. Often, their role is to help implement software that enhances each employee’s ability to do their job, but they also perform many back-end tasks to organize the network. Active Directory group management is one of those critical back-end tasks. It gives each employee access they need to the network, file structures and email distribution lists, but in a complex environment, accommodating requests for AD group membership changes can become a time consuming task for IT to manage.

Universities are a great example of complex group management. They have multiple departments of students, faculty and staff, and users require access to workstations in multiple buildings, usually across several campuses.

Each semester, as students change courses and faculty and staff change offices or departments, the IT helpdesk is hit with countless requests for group administration changes to make sure everyone has the access they need to computers, folder structures and group email lists. You can probably imagine how quickly these requests pile up, and how long it can take an IT team to work through the entire list. This can create an immediate inconvenience to students, faculty and staff and to the IT team itself, which always has plenty of work to do.

With Group Management Server, non-IT staff, professors and managers can be authorized to administer their own AD groups. Simply by logging into the website and making the necessary membership changes, AD group management is distributed to those who need the changes immediately, and to those who best understand the access needs of their own groups.

Some of the key features that make Group Management Server a simple and effective solution:

Active Directory Integration

Users access Group Management Server through any major web browser, using their Active Directory credentials to log in.

Role-based Access Control

Control what featured of the application a user can access through customizable roles and permissions. Use the default roles (user, administrator and auditor) or create your own to tailor roles to your company’s needs.

Self-Service Group Administration for Non-IT Staff

Place more control in the hands of managers and team leaders by allowing them to modify group membership of their own groups through Group Management Server. Allow other staff to make group membership requests to their group managers, and fully audit all usage and group changes for security.

AddingGMSGroupMembers

Reports and Auditing

Every group membership change is audited, including the date, time and user involved for each logged event. Information can be condensed into detailed reports for audits and compliance.

GMSUser&GroupAudit

A new version of Group Management Server was released last Friday. See the full release notes HERE or check out a free 30-day trial.





Fasten Your Seat belts! Advancements to Web Services API Speed Up Remote Password Changing

14 01 2014

If you are familiar with Secret Server’s web services API, you already know that it can be a convenient way to retrieve, create and update Secrets individually and in bulk, especially if you already use scripts to accomplish account-related tasks in your environment. Some of the most common use cases require only simple calls to Secret Server to add and retrieve stored information, such as:

  • Efficiently adding new Secrets as new domain accounts are created.
  • Replacing privileged account credentials with web service calls to retrieve and utilize the account information within the same script.

More fine-grained operations, such as updating Secret security and Remote Password Changing settings require increased functionality from web service calls. This week, we’ll take a look at the additions to web services that have come with the release of Secret Server version 8.4, providing more control over Remote Password Changing for Secrets.

To start, let’s see how web services would assist Sarah, our handy system administrator, in the following scenario:

Sarah has decided that she wants to use a dedicated privileged account to change passwords for all service accounts in her production domain. A great deal of these accounts are scattered throughout her folder structure in Secret Server. Without using web services, Sarah would have to find every account in the Secret Server GUI and set the privileged account manually. Now, if the Secrets were all located in a single folder, Bulk Operation would make this a breeze. However, with the varying locations of these accounts, searching for each individual Secret to update will be time-consuming. Fortunately, Sarah is familiar with PowerShell and can use web services to update all of her service account Secrets. She uses the script below:

Web Services API PowerShell Script for Remote Password Changing

This script will search Sarah’s Secret Server to find any Secret with a name containing the word ‘Service.’ The script then updates the Secret’s privileged account setting for Remote Password Changing. Sarah can also reuse the script any time privileged accounts need to be updated for a large number of Secrets.

The scripts can also be used to change additional Secret properties, such as Require Approval for Access, Require Comment and Check Out. For more information about these properties, see our Web Service API Guide (Pages 60-62), available from the Secret Server Support page.

On another topic, are you tired of endless calls to the help desk to reset a user’s forgotten AD password? You won’t want to miss this week’s webinar, introducing Password Reset Server, our AD self-service password reset tool. Register now!








Follow

Get every new post delivered to your Inbox.

Join 30 other followers