Lieberman Software and Qualys have announced the integration between Enterprise Random Password Manager (ERPM) and the QualysGuard Security and Compliance Suite, providing customers with secure password management for authenticated scanning for IT security and compliance. Lieberman Software will exhibit this functionality at Qualys Security Conference 2013 in Las Vegas this week.
“We’re pleased to announce our new partnership with Qualys,” said Philip Lieberman, president and CEO for Lieberman Software. “This integration was requested by some of our mutual enterprise customers to help them more efficiently manage expansive IT infrastructures. As large cloud environments and enterprises scale to vast numbers of systems, the need to automate privileged account management is essential to the security of all systems and devices.”
More than 6,000 customers use the QualysGuard Cloud Platform and integrated suite of solutions to effectively manage IT security and compliance across their organizations. Authenticated scans require privileged identity information, which can be difficult to manage in a secure way. ERPM, Lieberman Software’s flagship privileged identity management product, automatically finds all privileged accounts in the enterprise and continuously tracks, secures and controls access to each account. With the integration of ERPM and QualysGuard, customers can manage privileged credentials in ERPM for authenticated security scans of IT resources, eliminating the need to maintain unsecure duplicate static passwords to initiate QualysGuard scans, and preventing IT administrators from attempting time-intensive manual password management actions.
“Managing passwords across IT environments is a crucial yet challenging and time consuming part of maintaining effective IT security and compliance,” said Philippe Courtot, chairman and CEO for Qualys. “We are pleased to offer this integration with Lieberman Software’s ERPM so customers can securely manage and protect their passwords as they use QualysGuard to regularly scan for vulnerabilities and meet compliance regulations.”
Large enterprises usually have thousands of powerful privileged accounts that hold elevated permission to access data, install and run programs, and modify system configuration settings. For convenience, IT groups often deploy systems with identical privileged account passwords, and then leave them unchanged.
However, maintaining static privileged passwords is a violation of most major regulatory mandates, such as PCI-DSS, SOX, HIPAA, BASEL and more. Shared static passwords can also lead to serious data breaches. Exploiting unchanged passwords is a common tactic of criminal hackers and nation-state attackers.
ERPM automates the frequent randomization of all managed privileged account credentials. It provides QualysGuard with access to the most recently updated passwords on a massive scale, across all operating systems, middleware and applications in the enterprise, without requiring manual involvement from IT staff.