We keep our eyes and ears peeled on your behalf here at STEALTHbits Headquarters, and we recently overheard some really cool news about an Active Directory project that’s under way (and under wraps). We convinced Adam Laub, VP of Marketing, to sit down with us for just 5 questions about this mystery solution.

Daria: Word on the street has it that there's something called "Interceptor" technology that's coming. What is it?

Adam: How do you guys hear about these things?! I can't say much at this point, but I can tell you that StealthINTERCEPT is a hot new technology that will allow our customers to lock-down Active Directory from unauthorized changes, and to get real-time notifications.

D: What business benefits can users expect?

A: This is part of our larger data governance initiative, which helps our customers take back control of their unstructured data. Active Directory is a key and often overlooked piece of the puzzle. If you're not securing AD, then all you're leaving a door wide open.

D: So when can we expect to see this?
A: Soon! We have test sites running it already. You'll have to stay tuned for details.

D: Is this part of an upgrade to the StealthAUDIT Management Platform?
A: Yes and No. StealthINTERCEPT technology is new and stands on its own, but also integrates with the StealthAUDIT Management Platform.

D: Do you guys practice these vague answers?
A: Absolutely.

D: So how is this real-time technology going to work?
A: Sorry, that's five questions!

We're certainly intrigued. We'll be sure to keep you posted on this blog and in our monthly newsletter as this develops, so stay tuned. This is gonna be big.

Try this: go to your favorite search engine, and type in “high risk share.” Chances are, you’ll get the same thing I did: pages and pages of financial information dealing with risky shares as they pertain to stocks. The definition and even identification of a high risk stock is fairly straightforward (at least in theory). In the IT space, though, high risk shares are much broader in term, and can be difficult to identify (which, in turn, makes them difficult to govern). Unlike a stock market, which appears in a uniform way to all investors in that market, high risk data repositories vary across organizations based on individual access settings, permission needs, departmental requirements, and more.

One way to look at it is in terms of access. If a file or share is accessible by a very large number of users (through well-known security principles like “Everyone,” for instance) the chances increase that it would be considered at “high risk.” At the same time, organizations often purposely leave folders at the top level open because they’re commonly used across the board. So where’s the risk then, exactly?

Risk comes into play when open permissions at the top level filter down through effective rights to permissions several levels below. Because effective rights are difficult to identify (take our effective rights quiz to see how well you do), they can leave sensitive data open to many more people than need or should have access to it.

To learn more about high risk shares, and how to identify and remedy them, watch our STEALTHsession on Controlling the threat of High Risk Shares.

GLEN ROCK, NJ--(November 10, 2010) - STEALTHbits Technologies today announced that its StealthAUDIT Management Platform (SMP) was chosen as a winner in the Best of Connections 2010 awards program in the "Best Windows Product" category by Penton Media's DevConnections. SMP is a comprehensive framework featuring audit, reporting, compliance, and remediation capabilities across the Microsoft computing platform, including solutions for Exchange, ActiveSync, BlackBerry Enterprise Server, Active Directory, SharePoint, Windows Desktop and Server Operating Systems, Windows File Systems, and beyond.

"We are thrilled to have received the 'Best Windows Product' award recognizing StealthAUDIT's ability to answer the toughest IT questions across the Microsoft landscape," said Adam Laub, VP of Marketing and Technical Operations at STEALTHbits. "We're excited to have had the opportunity to showcase our unique approach to Microsoft infrastructure and application management which our customers have found so valuable, and are grateful to the Penton Media team for their acknowledgement of our achievement in this field."

The Best of Connections awards recognize companies based on their innovation, strategic importance to the market, competitive advantage and exceptional value to customers. The winners were chosen from more than 80 nominated products in six (6) categories. The field was narrowed to three finalists in each category. Finalists were interviewed at the DevConnections 2010 conference in Las Vegas, Nevada, November 2-3 to determine the winners in each category. Winners were announced live from the DevConnections 2010 exhibitor's floor at 2 pm on Thursday, November 4.

"Narrowing down the list of nominees to 18 finalists in the six Connections categories was a challenge, considering that we were faced with so many top-tier products and services," said Amy Eisenberg, Executive Editor for Windows IT Pro, "but in the end, we came up with six very deserving winners. We're proud of our selections, and we believe all our finalists and winners represent the best of the best in their categories."

About STEALTHbits Technologies, Inc.
STEALTHbits Technologies, Inc. is an innovative technology leader in the Microsoft Infrastructure and Application Management space. STEALTHbits' StealthAUDIT Management Platform bridges the gap between IT Management and Compliance, providing a unified framework by which to measure, manage, and maintain. STEALTHbits Technologies can be found online at stealthbits.com.

Editorial Contact
Adam Laub
VP, Marketing
+1.201.447.9308

Related Articles
Congratulations to the Best of Connections 2010 Winners! by Jason Bovberg, Windows IT Pro Magazine

GLEN ROCK, NJ and RESTON, VA--(Marketwire - March 2, 2011) - STEALTHbits Technologies, a leader in the IT security and compliance software space, and Carahsoft Technology Corporation, the trusted Government IT solutions provider, announced a partnership today that will enable Carahsoft to add the award-winning StealthAUDIT Management Platform (SMP) to its Intelligence Solutions offerings. The partnership will expand on STEALTHbits' decade of success in the private sector, where they provide innovative data collection, analysis, reporting, and remediation tools to the world's top organizations, including Fortune 500 companies and leading Wall Street firms.

"We are very excited about the opportunity to partner with Carahsoft in bringing a great solution into the US Public Sector," said David Gordon, VP of Business Development at STEALTHbits. "With WikiLeaks and hacker attacks in the headlines weekly, risk mitigation and security within the government space has never been more important than it is today."

SMP features comprehensive solutions spanning the Microsoft infrastructure and application stack, including Shared File Systems, Exchange, Active Directory, SharePoint, BlackBerry and ActiveSync, Desktops and Servers, and more.

"Government agencies are continually improving their efforts to protect the ever-increasing amount of data they must maintain to support their missions," said Craig P. Abod, Carahsoft President. "STEALTHbits' award-winning data security and compliance solutions supports those initiatives by detecting and locking down data access vulnerabilities, and we are pleased to add them to our Cyber Security Solutions portfolio."

About STEALTHbits Technologies, Inc.
STEALTHbits Technologies, Inc. is a leader in the Microsoft Infrastructure and Application Management space. Our mission is to provide solutions to the most difficult business problems across the Microsoft computing platform and beyond by allowing our customers to measure, manage, and understand multiple aspects of their environments using a single unified platform. Learn more at http://www.stealthbits.com.

About Carahsoft Technology Corporation
Carahsoft Technology Corp. is the trusted Government IT solutions provider. As a top-ranked GSA Schedule Contract holder, Carahsoft serves as the master government aggregator for many of its best-of-breed vendors, supporting an extensive ecosystem of manufacturers, resellers, and consulting partners committed to helping government agencies select and implement the best solution at the best value. Carahsoft is consistently recognized by its partners as a top revenue producer, and is listed annually among the industry's fastest growing firms. Visit us at http://www.carahsoft.com.

GLEN ROCK, NJ--(February 9, 2011) - STEALTHbits Technologies, a leader in the IT systems management space, announces the release of the Compliance Baseline Manager, a key enhancement to the award-winning StealthAUDIT Management Platform for Systems Governance which helps to plug security holes like those that may have caused the recent NASDAQ hacking incident. Helping organizations identify and address critical configuration drift and compliance risks, SMP for Systems Governance arms administrators and auditors with comprehensive, scalable baseline and compliance templates as well as patch validation and system administrative insights.

The Compliance Baseline Manager extends SMP for Systems Governance with powerful new features geared towards addressing system configuration and governmental compliance, which can prevent system exploitation and escalation of privileges such as the recent security breach with NASDAQ. Administrators can now pinpoint where baseline configurations have changed, identify government regulatory compliance exceptions, be alerted when critical patches are not completely installed, and much more. The StealthAUDIT Management Platform's lightweight and agent-less architecture allows organizations of all sizes to quickly identify and resolve critical security configuration issues.

"The recent incident at NASDAQ only reiterates the critical need to continuously review system compliance," said Chris Olsen, CISM, VP of Product Management at STEALTHbits. "Automation is the key to keeping up with ever-changing internal baseline configurations, governmental compliance requirements, and the on-going struggle to ensure that new patch deployments are installed 100%."

SMP spans the entire Microsoft computing environment-- from Active Directory and the File System to Exchange, SharePoint, and beyond. Detailed data collection combined with built-in business intelligence make SMP ideal for detecting and locking down system vulnerabilities.

"In addition to traditional systems governance reviews, organizations should continue to scrutinize administrative privileges from the top of the organizations all the way down to their unstructured data repositories. A constant vigil and lockdown of who can make changes from Active Directory, infrastructure systems, and applications is an important part to controlling permission sprawl and reducing exposure to escalation of privileges," said Chris Olsen. "We all want to trust our own system administrators, but not everyone should have the access that they do."

About STEALTHbits Technologies, Inc.

STEALTHbits Technologies, Inc. is an innovative technology leader in the Microsoft Infrastructure and Application Management space. STEALTHbitsÌ StealthAUDIT Management Platform bridges the gap between IT Management and Compliance, providing a unified framework by which to measure, manage, and maintain. STEALTHbits Technologies can be found online at stealthbits.com.

Editorial Contact
Adam Laub
STEALTHbits Technologies, Inc.
+1-201-783-2243
www.stealthbits.com

SharePoint is growing more and more prevalent in organizations, and offers a great way for users to interact and share content remotely for collaboration on projects. With the increasing use of SharePoint, however, SharePoint admins are facing the same issues that plagued (and, in many cases, continue to plague) administrators of the distributed file system. Increasingly, sites are growing stale, violating ethical wall regulations, and being deemed "high risk" in terms of access and permissions settings.

Each of these issues have their own steps for mitigating the risk associated with them, which we'll discuss in more detail below, but it's worth noting that what they all have in common is the need for data that will help identify the problem. After all, you can't fix it if you don't know that it's broken.

High Risk Repositories
Sites classified as being at high risk are those that are effectively open to your entire organization. This happens because site managers can assign trustees, who can, in turn, assign permission that expose content to too many people. Some examples of these kinds of permissions are Authenticated Users, Domain Users, and Anonymous Logons. When identifying high risk repositories, it's important to examine effective rights; just because a user does not have access through one set of permissions does not mean that all of their assigned permissions will keep them from being able to read, write, modify, or even delete content. Explore how users have access to identify what, exactly, is at risk, and then work to lock down permissions.

Controlling Stale Content
Stale content in SharePoint is similar to stale content within Active Directory and the File System: it hasn't been modified in a long time. Continuous monitoring is required to determine the last time a site was used, and working together with the data custodians who created the sites that you have identified as stale is important to ensure that it's okay to remove them. Keeping stale sites out of your SharePoint farms will help with simpler management. It's important to note here that, if a SharePoint site has child sites, SharePoint won't let you delete the parent site. This is why it's especially important to reach out to probable owners of sites to gather more information before proceeding.

Ethical Walls
Ethical walls differ by organizations, and apply to most collaborative file systems, including SharePoint. The need for ethical walls stems from the requirement to separate the data that discrete groups within the organization can see. Maybe your organization wants to keep the engineering department's plans for product upgrades out of the hands of the sales team, or your finance team shouldn't have access to the investment team's quarterly assessments. Whatever the reason, one way to identify if ethical wall violations occur is to see where SharePoint group have common access, then corroborate that access within Active Directory to ensure that trustees can only see what they are supposed to.

To learn more about how SMP makes managing SharePoint easy, please view our Controlling SharePoint Sites STEALTHsession, or request a fully-functional product trial.

We talk about governance and compliance a whole lot on this blog, and for good reason. Across the board, IT security is a difficult undertaking, and it's becoming more challenging by the day. For one thing, security threats from outside of the organization have only increased in the last few years, with hackers becoming more sophisticated. From the glamorization of hacking in popular culture (see Girl With A Dragon Tattoo hacker heroine Lisbeth Salander) to 'hacking kits' available online (see Business Day on 1/18/2011), the constant threat of external attack is front and center on a daily basis. Perhaps even more dangerous, the threat from inside (like the alleged catalyst of Wikileaks, for instance) is alive and well, and often gets overlooked as organizations scramble to defend their perimeters.

The process for securing data and systems starts with protecting your resources by eliminating (or, at the very least, controlling) vulnerability, continues with active monitoring to detect deviations from norms and standards, and culminates with corrections for exceptions. Underlying all of these processes are industry-centric compliance regulations that ensure that all organizations in a particular vertical are adhering to the same strict security standards.

IT departments follow these regulations in an effort to pre-empt attacks and plug holes. Unfortunately, the tedious nature of the checkpoints for particular compliance standards makes them difficult for administrators to adhere to, potentially leaving environments fatally vulnerable. The problem stems from the fact that the data (detailed accounts of access, permissions, changes, etc. for users and groups, as well as patch and security configurations for systems) is difficult to come by. Extrapolate that difficulty by hundreds or even thousands of users and boxes, and millions and billions of files, and you begin to see the pain point. What's more, even an exceedingly complex query may only be answering one of many compliance checkpoints from standards councils like PCI, HIPAA, NERC, and SOX.

The key to industry compliance, then, is a way to collect data once, and then use that data to check against an entire list of requirements. This approach will allow administrators to shift from data-gatherers to pro-active threat blockers. After all, discovering that Lisbeth Salander has rights to your system is only half the battle.

For more about our solution to the compliance-adherence problem, check out this video on the Compliance Baseline Manager.

Microsoft SharePoint has become a leading solution for enterprise collaboration and document management. SharePoint supports a decentralized approach to administration, allowing organizations to assign Site Collection Administrators and Site Owners responsibilities for managing subsets of SharePoint content. While this delegation of responsibility may streamline the collaborative process in ways, it comes at a cost. Without proper governance plans in place within your SharePoint environment, SharePoint sites can begin to sprout up uncontrollably and may only be used for a matter of weeks, if at all. Eventually, you can end up with a chaotic SharePoint farm with content and permissions completely out of control and almost impossible to remediate.

Being able to take back control of your SharePoint environment can be a daunting task, but it must be done to have an efficiently managed SharePoint farm with proper governance in place. This is important to do before performing a SharePoint migration from SharePoint 2007 to SharePoint 2010. You wouldn't move every piece of junk from your garage and attic into a new house without first sorting through them and only boxing up what you needed to bring with you. The same can be said for SharePoint. If your SharePoint farm is out of control with site, content and permission sprawl, you must go through and decide what you need to bring with you to your new SharePoint farm, and ensure it is neatly packaged with the proper permissions wrapped around it before moving it over. Even if you are not migrating to a new farm, if you are going to implement a governance plan (which is highly recommended) you need to get your farm in order before doing so.

The StealthAUDIT Management Platform is a great tool that provides the means to gain complete insight into your SharePoint environment in order to effectively take control and enforce your governance plan. Even the best SharePoint governance plan can only help you control your SharePoint environment after it has been enforced. SMP for SharePoint provides invaluable information about your SharePoint content, activity, permissions and infrastructure that is not only necessary BEFORE implementing a governance plan or performing a migration, it is vital for continuous monitoring of your environments to ensure the governance plan is being effective.

Why was PCI DSS developed?
Privacy and security breaches involving credit card transactions pose a clear danger to credit card companies and financial institutions. The PCI DSS standard was developed at the urging of large credit card companies to help organizations that process credit card payments to prevent privacy and security breaches through hacking and other means. The standard became mandatory for all companies that process credit card payments in 2008.

Companies that are not PCI compliant can be subject to heavy fines enforced by the credit card companies. Fines may be as high as $500,000 per privacy and security breach if merchants are discovered to be non-compliant. For example, in 2006, Visa alone levied almost $5 million in fines. In 2007, Visa levied a $880,000 penalty against the bank involved with TJX's privacy and security breach. In the worst case scenario, merchants could also risk losing the ability to process customers' credit card transactions. PCI DSS helps facilitate the broad adoption of consistent data security measures around the world. The standard helps assure customers using credit cards that the steps are in place to protect their information and privacy, which is under threat from cyber criminals.

The StealthAUDIT Management Platform and our new Systems & Data and Access Governance Solutions help fulfill requirements and augment processes for organizations with a Microsoft-based infrastructure. It will also verify on a constant basis that many of the requirements are in place, configured properly, and operating as expected. PCI DSS has 6 main categories and 12 requirements.

6 PCI Categories:

1. Build and maintain a secure network - Organizations must install and maintain a firewall configuration to protect cardholder data. As well, they should not use vendor-supplied defaults for system passwords and other security parameters.

2. Protect cardholder data - Organizations are required to protect stored cardholder data and encrypt transmission of that data across open and public networks.

3. Maintain a vulnerability management program - Organizations must use and regularly update anti-virus software. PCI rules mandate that organizations develop and maintain secure systems and applications that protect against known vulnerabilities that hackers can exploit.

4. Implement strong access control measures - Access to cardholder data by business must only be restricted to those with a need-to-know basis. Every member of your organization with computer access should be given a unique ID. As well, steps must be taken to restrict physical access to cardholder data. For instance, physical locks and security personnel may be required to secure access to rooms with databases or servers containing credit card information.

5. Regularly monitor and test networks - PCI-compliant organizations must track and monitor access to network assets and cardholder data. This will not only improve security, but also help identify the cause of a breach should it occur. Security systems and processes must be regularly tested to ensure their ongoing effectiveness.

6. Maintain an information security policy - It is not enough to have technology tools like a firewall or network audit applications to protect private information. Improper handling of information by untrained staff is a huge security vulnerability. Security policies must be developed, implemented and regularly updated.

12 Requirements (italics where the SMP directly applies to fulfilling or verifying compliance):

1. Install and maintain a firewall configuration to protect cardholder data

2. Do not use vendor-supplied defaults for system passwords and other security parameters

3. Protect stored cardholder data

4. Encrypt transmission of cardholder data across open, public networks

5. Use and regularly update anti-virus software

6. Develop and maintain secure systems and applications

7. Restrict access to cardholder data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

12. Maintain a policy that addresses information security

References:

PCI Standards Council: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

PCI Compliance - Cheat Sheet: http://jamynigri.blogspot.com/2008/08/pci-compliance-cheat-sheet.html

Understanding who is opening another user's mailbox is an integral Compliance requirement within any regulated institution. Whether Security needs to monitor executive mailboxes for users probing for information on confidential material, or find the Exchange administrators taking advantage of their elevated mailbox support rights, it is pertinent to have a single consolidated view that highlights these access violations.

Data leakage can cause both financial and reputational damage to an organization. The business, with the IT team, needs to come together to identify what should be monitored and how, while ensuring that the tools implemented do not pose risk to the integrity of the systems.

There are tools in the market that can answer this business question using a variety of unique approaches. Most common is an agent that sits on the Exchange server and runs within the Exchange process, intercepting the traffic. This provides in-depth and granular details around who is doing what in the monitored mailboxes. This agent approach provides an abundant amount of information, but it also poses significant risk of causing serious outages on the systems. Other solutions scan the event log for specific event IDs that identify access violations. Again, these solutions provide the required data, but require administrators to turn up diagnostic logging. For larger organizations, this is often not a viable option, as the amount of events logged when diagnostic logging is turned up can cause a significant volume influx of events. Maintaining history can become very difficult.

A new and different approach, from STEALTHbits Technologies, is similar to the agent variety, but does not pose as much risk. This approach utilizes the existing WMI/PowerShell queries, as you would see in ESM, to find non-owner access. You also maintain history on this data as Microsoft overwrites previous data as soon as the user logs out of the mailbox. Additional data processing and business intelligence isolates executives and rogue admins for focused monitoring. This approach eliminates the risk of an outage as it simply uses the native Windows Scheduler on the remote Exchange server that sits idle and on low priority, watching the resources around it.

Whether understanding access violations is a requirement in an organization or not, it is certainly a common request from senior management. Instead of implementing a "big brother" solution that quietly monitors logon violations, some organizations choose to notify the mailbox owner immediately with this information. In either case, the technology remains the same, and it is pertinent to find a solution that not only meets the business needs, but also does not cause any degradation in services.