Reputed marketing firm IDC (India) Ltd has come out with a survey whose results should serve as an eye opener for all enterprises. The survey was commissioned by security solutions provider Symantec India.
The survey reveals that:
Details of the survey as published in the media..
What are the causes?
The survey results once again lend credence to the belief that a good proportion of the cyber threats are being caused by the insiders of the enterprises - either disgruntled staff or greedy techies or sacked employees.
It is also increasingly becoming clear that stolen identities could be serving as the ‘hacking channel’ for many cyber-crimes and improper management of the administrative passwords could potentially remain at the root of a good number of security threats. Many security breaches might stem from lack of adequate password management policies and internal controls.
How do we avoid cyber threats?
Not all security incidents could be prevented or avoided; But, the security incidents that happen due to lack of effective internal controls are indeed preventable. Enterprises should take preventive action to combat cyber-criminals and to ensure information security.
Read this paper "Combating Cyber Security Threats" from ManageEngine Password Manager Pro and share your feedback
Hi,
Of late, cyber-criminal activities across the globe have
assumed such grave proportions that all enterprises - big and small,
are exposed to security breaches and identity thefts of various kinds.
Many sabotage were found to have been caused by the insiders of the
enterprises - either disgruntled staff or greedy techies or sacked
employees.
Lack of well-defined internal controls and access
restrictions generally pave the way for security incidents.
Particularly, as stolen identities seem to have served as the ‘hacking
channel’ for many cyber-crimes, improper management of the
administrative passwords is believed to be at the root of a good number
of security threats.
Security experts strongly believe that
many security incidents (though not all) are actually avoidable by
placing access restrictions and well-defined password policies.
From
ManageEngine Password Manager Pro, we have released an advisory, which
discusses the causes of security incidents in detail and suggests ways
to effectively tackle the challenge.
You may download the advisory from:
http://www.manageengine.com/products/passwordmanagerpro/combating-cyber-threats-advisory-paper-request.html
Hi,
Password Manager Pro has earned the business and goodwill of scores of customers worldwide. Its deployment has immensely benefitted businesses in many ways.
Australian Catholic University (ACU), one among the premier institutions in Australia with campuses at six different locations, has deployed ManageEngine Password Manager Pro to provide web-based, centralized access to privileged passwords to its geographically disparate IT team. ACU has achieved complete password access control and enhanced internal security.
“With Password Manager Pro, managing the growing list of system passwords has become much simpler. We have done away with the insecure practice of keeping the passwords in printouts. Password Manager Pro has improved our performance and overall security of the systems we manage on a daily-basis, ” says Mark Laffan - Team Leader - Network & Communication Systems, ACU National.
For detailed information, take a look at the case study published in our website.
Bala
ManageEngine Password Manager Pro
Hi,
Greetings!
For the second consecutive time, ManageEngine Password Manager Pro has earned top honours in SC Magazine's Group Test of various password management solutions. Password Manager Pro has earned a perfect 5 out of 5 star rating again. The review has concluded that Password Manager Pro offers solid value for money.
In its group test, a hands-on review of ten competing Privileged Password Management solutions, SC Magazine, the world's longest running monthly publication on information security, has awarded the five star rating for Password Manager Pro. The review results have been published in the August 2009 issue of the magazine.
The review states that the product is quite easy to install and use. "After installation, the initial configuration is done by a guided workflow that assists in getting the product up and integrated with the environment. We found this whole process quite intuitive and easy to follow. Further management is done via the web GUI. We found the GUI to be easy to use with a well-organized layout".
The review asserts: "This product is a solid value for the money. ManageEngine Password Manager Pro offers a solid set of features in an easy-to-use, workflow-based format"Complete review report can be accessed from:
http://www.scmagazineus.com/Zoho-Corp-ManageEngine-Password-Manager-Pro/Review/2931/
Details of the Group Test Password Management:
http://www.scmagazineus.com/Reviews/section/107/
In the previous group test done in November 2008 too, Password Manager Pro got the perfect 5 out 5 star rating.
We feel elated on receiving this coveted rating for the second time in a row and take this opportunity to thank all our customers for their continued support.
Bala
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ManageEngine Password Manager Pro
Enterprise Privileged Password Management Solution
www.passwordmanagerpro.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Have you ever revealed the administrative password of an enterprise resource to your colleague? And do you strongly believe that your passwords remain secure even after telling others? If so, you must read this interesting survey done by SecurEnvoy.
The survey results reveal that 75% of UK employees have admitted that they have told at least two other colleagues their corporate passwords.
SecurEnvoy states that while workers are trusting of their colleagues, it may not be a great idea to share passwords so easily since it can compromise one’s entire work life.
The concern raised in the survey is well-founded. Enterprises - big and small, face security issues and outages quite often. After all, mis-management of administrative passwords lies at the root of all security issues.
It is always good to avoid sharing of administrative passwords. But, what if your business needs demand that you seletively share passwords with others and yet ensure high levels of security? Caught in a catch-22 situation, right?
But take heart, you have ManageEngine Password Manager Pro for your rescue. Using this Enterprise Password Management Solution, you can store thousands of administrative passwords in a centralized repository and selectively share the passwords with others. You can have the trail of 'who', 'what' and 'when' of password access. The passwords are shared, yet remain highly secure. Exactly what you want!
To know more, visit www.passwordmanagerpro.com
Bala
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ManageEngine Password Manager Pro
Enterprise Privileged Password Management Solution
Email: passwordmanagerpro-support@manageengine.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hi,
Greetings!
ManageEngine Password Manager Pro is there to help you!
By simply storing the URL of the web page and the login credentials, you can launch direct connection to the required website from Password Manager Pro. That is, the URL of the website would be visible in Password Manager Pro and upon clicking that you will be logged in to the website directly.
We have published a step-by-step tutorial on how to implement this feature. Along with the textual explanation, the tutorial contains a two-minute video presentation at the end. Don’t forget to check that out!
Bala
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ManageEngine Password Manager Pro
Enterprise Privileged Password Management Solution
Email: support@passwordmanagerpro.com
Toll Free: +1 925 924 9600
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hi,
Greetings!
In its group test, a competitive, hands-on review of nine competing Privileged Password Management solutions, SC Magazine, the world's longest running monthly publication on information security, has awarded top honors to ManageEngine Password Manager Pro.
With the coveted "SC Magazine Recommended" rating, Password Manager Pro earned 5 out 5 stars in all test categories — features, performance, ease-of-use, documentation, support and value for the money.
"Ease of deployment, small software footprint and superior pricing make ManageEngine Password Manager Pro our Recommended product," states the review. The Magazine has concluded that Password Manager Pro provides excellent value for the money.
Complete review report can be accessed from:
http://www.scmagazineuk.com/ManageEngine-Password-Manager-Pro/Review/2654/
Details of the Group Test Password Management:
http://www.scmagazineuk.com/Password-management-2008/GroupTest/155/
We feel elated on receiving this coveted rating and take this opportunity to thank all our customers for their continued support.
Bala
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ManageEngine Password Manager Pro
Enterprise Privileged Password Management Solution
Email: support@passwordmanagerpro.com
Toll Free: +1 925 924 9600
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hi,
Greetings!
In the tutorial series of Password Manager Pro, here comes one more. By leveraging the 'Active Directory Integration' support provided by Password Manager Pro, you can optimize password access management and read on the Tutorial below to know how!
Bala
The Challenge
One of the fundamental capabilities of PMP is strict access control, where password owners can define who can access and do what operations on shared passwords. Quite often, we find from our customers that they have a few password owners having to manage the access permissions to passwords shared by many people across various groups. This can get very tedious and error prone if each of the password owner has to manage access for individual users, especially with people moving across groups or leaving the organization.
The Solution
A better solution is to have administrators create user groups in PMP and manage access to the user groups instead of individual users. But user group management itself can be quite a task, even for a medium sized organization with hundreds of users and user groups.
This is where PMP's strong integration with Active Directory helps administrators to completely automate user access management. They can leverage user group management capabilities of AD and make PMP use the same user group definitions from AD. For these user groups, only the access permissions are defined in PMP and the users that are part of the groups are derived from what is defined in AD.
For example, if the AD has user groups named Finance Admins, Finance Users, Executives, Engineers, Sales etc., PMP not only imports user information from AD, but also the user groups. Any change made to the user groups in AD could be automatically updated in PMP as well, in as fast as one minute.
With the user subscription to the user groups taken care reliably, all that the password owners have to ensure is provide appropriate access permissions to the user groups. Subsequently, when a user is moved across groups or gets deleted in AD, the change is immediately reflected in PMP and the user will automatically lose all permissions that was inherited. In addition, PMP audits all these events, generates notifications and provides in-depth reports to administrators to ensure they are always in control when it comes to password access control.
Steps Involved
The screen shots below explain how to set this up:
Go to Admin >> Active Directory and click the button “Import Now” in Step 1
[caption id="attachment_111" align="aligncenter" width="636" caption="AD User Group Import"]
[/caption]
Go to Admin >> Active Directory and click the button “Import Now” in Step 1
[caption id="attachment_131" align="aligncenter" width="636" caption="AD Synchronization"]
[/caption]
Go to Resources/Resource Groups tab, select the required Resource/Resource Group, in the drop-down for sharing, select “Share with User Group”
[caption id="attachment_141" align="aligncenter" width="611" caption="Access Permission"]
[/caption]
Go to “Resource Groups” and click the password action notification icon
[/caption]
Go to “User Audit” and click the link “Configure Audit”
[caption id="attachment_161" align="alignnone" width="1001" caption="Audit & Notifications"]
[/caption]
1.
http://manageengine.adventnet.com/products/passwordmanagerpro/help/active_directory_integration.html
2.
http://manageengine.adventnet.com/products/passwordmanagerpro/help/sharing_resources.html
3.
4.
http://manageengine.adventnet.com/products/passwordmanagerpro/help/audit_notifications.html
As you may be aware, the enterprises that deal with public funds are required to comply to Sarbanes-Oxley (SOX) Act. Organizations are looking for a single, complete, low-cost, enterprise-wide solution that could take care of all their SOX-compliance needs.
From ManageEngine Password Manager Pro, we are glad to release a white paper titled ‘Ensuring Compliance to Sarbanes-Oxley through Privileged Identity & Information Management‘.
This White Paper discusses the SOX compliance challenges and the problems faced by the IT administrators, who are mandated with the task of ensuring compliance to SOX. It explains how Privileged Identity and Information Management (PIIM) solutions could ensure effective internal controls and serve the enterprise-wide SOX-compliance needs.
Download the white paper from here and let us know if you find it useful.
Bala
ManageEngine Password Manager Pro
Enterprise Privileged Identity & Information Management Solution
If Samuel Taylor Coleridge were alive today, he would have probably rephrased his immortal lines ‘Water, water everywhere, ne any drop to drink’ as ‘Threat, Threat Everywhere, Cyber criminals on the prowl‘!. Oflate, cyber-criminal activities across the globe have assumed such grave proportions that all organizations - big and small, are exposed to security breaches and identity thefts.
I was reading the Aug 2008 issue of SC Magazine, the world’s widely-read IT security periodical. The ‘Threat Report’, a regular column in the magazine had reported some of the prominent cyber crimes that happened in the recent months across the globe. Not to mention that my head started whirling on reading that report.
Take a quick look at some of the crimes and am sure you would also feel the whirling:
Apart from the above, there are the well-known incidents such as the FiberWAN lockout at San Fransisco where a disgruntled network administrator was charged with locking up the network and with planting network devices that enabled illegal remote access to the network. Last year, the identity theft from TJX, the owner of nearly 2,500 discount stores including Winners and HomeSense in Canada and T.J. Maxx and Marshalls in the United States, reportedly made hackers to gain access to customer information related to at least 45.7 million credit and debit cards. More recently, a month ago, the Best Western hotel chain reportedly suffered what is being claimed as the world’s largest cyber-crime, the identity theft of eight million customers.
The list of crimes will go on and on and will fill volumes, if I were to point them out all. Though the exact cause for the identity thefts in many cyber-crime activities are not exactly known, analysts believe that proper deployment of identity and information management strategies could help prevent such occurrences. Particularly, the administrative passwords, which are often aptly referred as ‘Keys to the Kingdom’ should be guarded with highest care. If the privileged passwords are not properly managed, disgruntled employees and hackers could wreak havoc to your very business causing irrepairable loss to business and reputation.
One of the effective ways to secure the privileged identities is deploying a Privileged Identity and Information Management solution, which will help in securely storing the privileged identities in a centralized vault, restrict access to the identities and automate the identity/password management activities. This will help organizations to take total control of the privileged identities. ManageEngine Password Manager Pro is one among the enterprise-class privileged identity and information management solutions available at an affordable price.
Take preventive action, deploy ManageEngine Password Manager Pro, safeguard your data and reputation. Otherwise, you may end up locking the stable after the horse has bolted!
Cheers,
Bala
Corp