STEALTHbits Technologies - STEALTHbits Technologies, Inc.

Identity and Access Management: Filling the Gap in Identity and Access Governance

July 2012

By Matt Flynn, TechNet magazine

Traditional identity solutions focus on access to applications, but that misses as much as 80 percent of corporate data.

We’ve entered the age of access governance. Organizations need to know who has access to what data and how they were granted that access. Identity and Access Governance (IAG) solutions address these issues while managing enterprise access. They provide visibility into access, policy and role management, and risk assessment—and they facilitate periodic entitlement reviews of access across numerous systems. Most enterprise IAG solutions are missing a key piece to the puzzle, though: unstructured data.

Continue Reading at TechNet.Microsoft.com

STEALTHbits Technologies Acquires Access Governance Specialist NetVision

Strategic Technology Acquisition Positions Company to Offer the Industry’s Most Comprehensive IT Management and Compliance Solutions to All Market Segments

San Francisco, CA, -- RSA 2012, Booth # 2736 – February 28, 2012 – STEALTHbits Technologies the provider of the industry’s most comprehensive IT management and compliance platform for Microsoft-based systems, applications and data repositories, today announced it has acquired NetVision, Inc., an access rights, reporting and monitoring solutions specialist. The acquisition allows STEALTHbits to extend its product portfolio to the mid-market and offer channel-ready solutions that combine enterprise-class scalability and performance with turnkey functionality.

“We’ve enjoyed tremendous success over the past decade in delivering robust and scalable solutions that truly bridge the gap between IT management and compliance for Fortune 500 companies,” said Steve Cochran, CEO of STEALTHbits Technologies. “With the acquisition of NetVision, we’re now strategically positioned to extend our product line even further by providing our solutions to all market segments both directly and through the channel, meaning mid-market customers will now have access to the advanced technology that our larger enterprise customers have enjoyed, but with out-of-the-box functionality priced according to each organization’s needs.”

STEALTHbits has consolidated the companies’ development, sales, marketing, and customer service to best serve both companies’ new and existing customers. STEALTHbits will leverage some of NetVision’s technology assets to complement its series of comprehensive solutions that address the toughest business problems in IT infrastructure, application management and compliance. All products will be developed, marketed, supported, and sold under the STEALTHbits brand.

 “We’re very excited to be joining forces with STEALTHbits,” said David Rowe, former CEO of NetVision and current general manager at STEALTHbits Technologies. “Our technologies and customer bases are extremely complementary and we expect immediate synergies in the development of more advanced, out-of-the-box solutions for our mid-market customers.”

StealthINTERCEPT™ Directory Authority, which was announced earlier this month, is the first in a line of new, channel-ready product offerings designed to address the mid-market’s need for more advanced security. Solving critical problems related to compliance, data leakage and insider control by providing real-time, in-line analysis of and control over any directory and file system changes, StealthINTERCEPT is designed to dramatically streamline administrator oversight, operational change control and compliance.

In January, STEALTHbits was acknowledged as one of the “10 Hot Emerging Vendors” by CRN Magazine demonstrating that the company is poised to have a significant impact on the channel market.

STEALTHbits will be at RSA Conference 2012 in San Francisco, February 27th – March 2nd, Booth # 2736. To schedule a meeting at the show, please contact Jordan Bouclin or Bree Bolognese at (401) 490-9700.

About STEALTHbits

STEALTHbits Technologies, Inc. offers the industry’s most comprehensive IT management and compliance platform. Built from the ground up to collect, analyze, remediate, and report on data and systems critical to compliance success, STEALTHbits’ technology platform provides a single, unified framework for the management of Microsoft infrastructure and beyond, truly bridging the ever-widening gap between IT Management & Compliance groups within organizations large and small. Since 2001, STEALTHbits Technologies, Inc. has delivered powerful solution sets that address specific business problems across Active Directory, Exchange, Public Folders, SharePoint, Data and Access Governance, Systems Governance, and BlackBerry and ActiveSync. Learn more at www.stealthbits.com and follow STEALTHbits on Twitter.

# # #

STEALTHbits and StealthAUDIT are registered trademarks of STEALTHbits Technologies, Inc. The STEALTHbits logo and all other STEALTHbits product or service names and slogans are registered trademarks or trademarks of STEALTHbits Technologies, Inc. All other trademarks and registered trademarks are property of their respective owners.

Press Contacts:

Bree Bolognese or Jordan Bouclin

SVM Public Relations

(760) 754-7025 or (401) 490-9700

This email address is being protected from spambots. You need JavaScript enabled to view it. or This email address is being protected from spambots. You need JavaScript enabled to view it.

File Share Entitlement Review: Finding the Owner

One thing top of mind for information security professionals in 2012 is understanding who has access to what and being able to provide clear, concise reporting around it. We call it Access Governance or Data Governance and it consists of entitlement reviews, access reviews, or audit reporting. The terms overlap and the complete superset of product features around this challenge can seem overwhelming and difficult to comprehend. At STEALTHbits, we simplify things. We’ve developed quick-win solutions that get you from where you are today to the next step with a proven and pragmatic methodology.

Data Owners

One small example is how we’re able to identify owners of file shares and other resources. First, we have an algorithm that provides a list of probable owners based on a number of factors – who has rights, who is doing what, etc. The algorithm is adjustable to meet specific requirements, but we know that there isn’t an algorithm on earth that could determine ownership with 100% accuracy across large scale environments. So, we leverage the STEALTHAudit Platform survey modules to reach out to probable data owners to ask them if we’re right.

If we are, we provide a set of instructions on what we need them to do. If they’re not, we move on to the next probable owner to see if we can track down the right people. Each step of the way, we report on where things stand: which shares are high-risk, which have owners, which are still awaiting response, etc.

In large scale environments, there is no easy button. But there is experience and expertise. Experience counts. If you’re trying to figure out who owns your content, let’s chat and we’ll let you know what we’ve learned about this challenge as we’ve helped a number of the world’s largest organizations solve it.

Open File Shares: A Pragmatic Approach

A number of STEALTHbits’ customers have reported that their #1 audit challenge boils down to open file shares. Auditors are clearly concerned with access and while it’s difficult to understand access rights across millions of individual files, it’s immediately apparent when there are file shares that are open to anyone.

But, how do you approach a problem that spans across thousands of servers? Do you implement a monitoring solution for three months? Manually sift through each one? Well, you could do either of those things. And if you’re interested in activity monitoring, we’ve got the best solution on the market. But, I’d argue that the best way to deal with open shares is to move through a quick, pragmatic process that scopes resources, identifies high-risk, and automates cleanup without significant infrastructure or investment.

STEALTHbits has developed a step-by-step approach to closing down open file shares and has proven it out at a number of the world’s largest organizations. It’s simple to deploy, uses a just single server, can scan remotely, and it works. We’re able to provide real results in about one week. Give us 5 days, and we’ll have your arms comfortably around the problem and your mind at rest.

Data & Access Governance for the Masses (of servers)

We’ve been building and perfecting our solution for data and access governance over the past few years and we’ve learned that two of the biggest considerations for data governance solutions are (1) Scalability and (2) Coverage.

Scalability

Scalability is critical. Any solution that attempts to scan a server will take some amount of time depending on how big the server is and how deep the scan goes. We can’t control the number of servers or the fact that scanners take time to work. A few things we CAN control are the architecture of the solution and the flexibility of the approach. For example, the STEALTHbits solution is multi-threaded. So, we can scan 1, 10, 50, or 10,000 servers concurrently depending on the precise need. We can also scan a batch of 500 servers in a single job or maybe expand that job to 5000 servers. Obviously, scanning 5000 servers takes considerably more time than 500, but there may be a valid business justification to get it all done at once.

Our customers report that they feel most successful when they can break jobs into chunks and review results along the way. 250 - 500 servers at a time seems like a sweet spot for many. One customer had an immediate need and we scanned close to 20,000 servers for a specific requirement in about 10 minutes. That’s the power of a multi-threaded approach and a flexible architecture. And In some cases, for global scalability, we might recommend deploying regional instances of the StealthAUDIT console that could manage data collection jobs locally and then deliver that information to a central reporting console.

The key to all of the above was our decision to design technology that will scale and enable flexibility in implementation so that decisions can be made that meet any requirements that come up, whether it be to finish quickly, handle large numbers, or just to keep things simple. It’s not a one-size-fits-all approach.

Coverage

The second consideration is coverage. If you care about “Who has access to what?” you should care about it wherever the data lives. The StealthAUDIT Management Platform can report on access to many areas where unstructured data may live, including file systems, SharePoint sites, and Exchange Mailboxes and Public Folders. And, by the way, even though various applications may control access to data in database (structured data) and that seems secure, DBA access to SQL Server is one of the most common insider threat scenarios. And that should be on your mind as well. Of course, we can help with that too.

We’d love an opportunity to discuss how the largest companies in the world are deploying STEALTHbits’ solution for Data & Access Governance. Let us know if you’d like to hear more.

So, in the "new and upcoming news" category, StealthINTERCEPT is due out shortly here at STEALTHbits. With a name like that, we're not suprisingly referring to it as SI internally right now. And since I'm sitting up here in Canada going through some webpage design for the roll-out, I think of it as CSI. And then I get to thinking - CSI - well, it may not be bones and blood tests, but it's sure useful for Corporate System Investigation. Some poor OU goes missing? Get CSI on the case. Got a bad one, Tony - three critical users were just deleted. Better get CSI.

And from talking to a few of our friends/customers out there let me tell you - people need CSI. I heard from one guy how he discovered as part of an ad-hoc cleanup process that the permissions on the CEO's mailboxes had "acquired" several different unwarranted security principals. After a quick panic lockdown, and the removal of all of the unwanted access, everything seemed fine - until the CEO couldn't log on to his mailbox either. Then the stuff really hit the fan. Worst of all, they couldn't find out who had made the unwanted changes in the first place. The only guy they had a name for was the guy who tried to clean it up. Guess who got in trouble? Bleah.

Another of our clients has a problem where OUs keep moving around. They think it's caused by accidental drag-and-drops by admins using ADUC, but they don't really know for sure. They're looking for a tool to tell them who is making changes to their OU names. And what they'd really love is to be able to stop them *before* it happens. Moving OUs causes all kinds of messy ripple effects with DNs changing and applied GPOs getting mis-applied, they'd like to prevent all that before it hits.

So, look for [C]SI coming out soon from STEALTHbits. It may not be as sexy as Jorja Fox (what a name!), but it's just as good for finding out the whodunnit and making sure those responsible pay for their (electronic) crimes. And it can do some prevention too - so unwanted changes to critical objects don't happen in the first place. Pretty cool stuff.

You've heard it before – that nagging phrase that makes you feel like you're underachieving or stretching yourself too thin: Jack of all trades, Master of none. Yet, in today's world of click-happy multi-tasking, that phrase is ringing less and less true. To be effective, the demand within organizations now seems to be for Jacks of all trades, people who can wear multiple hats in order to obtain a complete picture.

Perhaps nowhere is this more obvious than within the IT Governance space. While there are certainly distinctions among and separations between administrative teams within IT (and for good reason!), the team responsible for an organization's governance and security program needs to be able to access and leverage all of those individual teams and their technologies to truly determine security and compliance levels, and curb potential threats.

While it makes perfect sense to have, for instance, an Exchange team managing Mailboxes or a Collaboration team managing SharePoint from a functional and administrative perspective, security management often requires a "grey area" to ensure governance at the intersection of these teams' endeavors. For instance, if a company is undergoing a Public Folder retirement campaign in preparation for a migration to SharePoint, the Governance team plays a crucial role in answering questions like:

1. Are any of the PF's open to security threats (excessive permissions, sensitive data with improper access assignments, etc.)?

2. Are those threats the result of effective access?

3. Who owns the PF, and are they aware of the people it's available to?

4. Are the folders being migrated to SharePoint locked down as tight as possible, even when considering effective access?

And that's just one scenario. With IT departments often composed of dozens of teams – one or more for each critical area of the enterprise – it's no wonder that Data & Access Governance and Security folks have a tough time gaining the kind of cross-disciplinary insight needed to say with confidence: "Yes, my environment is compliant and secure."

The ability to have insight into security at all levels and across all resources – from Exchange to SharePoint, Active Directory, the file system, SQL, NetApp Storage Controllers, Windows Servers, and even into mobility applications like BES—is critical for anyone brave enough to wear the Security and Compliance Hat. The thing to remember, though, is that IT Governance Teams are still evolving and expanding to address security issues as folders move from Exchange to SharePoint (as above), and usually require the individual Exchange or SharePoint administrators to take on a governance role.

So, to all the Jacks of all Governance trades out there, remember the original (and long-forgotten) addendum to the "Jack of all Trades" phrase:

"Jack of all trades, master of none,
Though oftentimes better than master of one."

Glen Rock, NJ (Marketwire.com 6/8/2011) – STEALTHbits Technologies, a leading Data and Access Governance software vendor, today announced the release of a new SQL Server Management solution. As an extension to the award-winning StealthAUDIT Management Platform (SMP) for Data & Access Governance, the SQL Solution Set leverages the powerful core technologies available within SMP to provide holistic insight into Microsoft SQL databases – from effective access and permissions to resource allocation.

SMP for SQL boasts comprehensive reporting on SQL infrastructure, objects, operations, and permissions, and allows administrators to take full inventory of their SQL instances through discovery. The new solution's key features include the ability to detect and reduce permissions sprawl, discover rogue databases to curb security threats, uncover effective access and detect non-compliance, and retire stale and unnecessary databases. The SQL Solution Set can also secure custom applications leveraging SQL within organizations, as well as collect custom data based on queries written in SQL by leveraging SMP's core data collection capabilities.

"Data is an organization's biggest asset, and, in today's world, a tremendous amount of it lives in digital format in databases," said Chris Olsen, CISM, VP of Product Management at STEALTHbits. "It is vitally important to secure and safeguard that data across the entire environment, but SQL is an often overlooked repository. STEALTHbits' new solution not only addresses this governance hole, but does so by further extending a platform complete with ten years of customer requirements, feedback, and insight already built into it."

The StealthAUDIT Management Platform for Data & Access Governance spans the entire Microsoft computing environment – from Active Directory and the File System to Exchange, SharePoint, SQL and beyond. Detailed data collection combined with built-in business intelligence make SMP ideal for detecting and locking down data access vulnerabilities. STEALTHbits Technologies plans to expand the existing functionality across other common data repositories in future releases.

About STEALTHbits Technologies, Inc.

STEALTHbits Technologies, Inc. is an innovative technology leader in the Microsoft Infrastructure and Application Management space. STEALTHbits' StealthAUDIT Management Platform bridges the gap between IT Management and Compliance, providing a unified framework by which to measure, manage, and maintain. STEALTHbits Technologies can be found online at stealthbits.com.

Editorial Contact:

Adam Laub
VP Marketing & Technical Operations
STEALTHbits Technologies
This email address is being protected from spambots. You need JavaScript enabled to view it.
201.447.9308

Managing user access within SharePoint is a chore, but reducing permissions sprawl (way too many people having access) and keeping access organized and up-to-date is critical if you want to really understand what SharePoint resources are being used, and who is using them.

Unfortunately, due to a variety of reasons, SharePoint is often out-of-date when it comes to permissions.

Factors like:

1. Lots of users with management permissions having the rights to change permissions and assign permissions to other users

2. No native reporting tools within SharePoint that allow admins to detect effective rights to head off problems

both contribute to the SharePoint "zoo."

At the very least, admins need a tool that allows them to baseline permissions, certify ownership, evaluate effective rights, and take immediate action to fix security holes. But wouldn't it be nice if SharePoint admins / users had a "self-service" model for SharePoint clean-up?

SMP for SharePoint, STEALTHbits' solution, features a comprehensive, 4-step workflow to do just that:

1. We baseline the permissions.

2. We identify the probable owners of sites.

3. We talk to the probable owners to get answers to permissions questions.

4. We analyze the results and recommend next steps based on them.

And it's all done from within a single tool.

If you want to learn more about the SharePoint governance challenge, as well as our Self-Service features, check out our STEALTHsession on SharePoint Self-Service. (Please note - you must be logged in to view extended videos).

GLEN ROCK, NJ and RESTON, VA--(Marketwire - March 2, 2011) - STEALTHbits Technologies, a leader in the IT security and compliance software space, and Carahsoft Technology Corporation, the trusted Government IT solutions provider, announced a partnership today that will enable Carahsoft to add the award-winning StealthAUDIT Management Platform (SMP) to its Intelligence Solutions offerings. The partnership will expand on STEALTHbits' decade of success in the private sector, where they provide innovative data collection, analysis, reporting, and remediation tools to the world's top organizations, including Fortune 500 companies and leading Wall Street firms.

"We are very excited about the opportunity to partner with Carahsoft in bringing a great solution into the US Public Sector," said David Gordon, VP of Business Development at STEALTHbits. "With WikiLeaks and hacker attacks in the headlines weekly, risk mitigation and security within the government space has never been more important than it is today."

SMP features comprehensive solutions spanning the Microsoft infrastructure and application stack, including Shared File Systems, Exchange, Active Directory, SharePoint, BlackBerry and ActiveSync, Desktops and Servers, and more.

"Government agencies are continually improving their efforts to protect the ever-increasing amount of data they must maintain to support their missions," said Craig P. Abod, Carahsoft President. "STEALTHbits' award-winning data security and compliance solutions supports those initiatives by detecting and locking down data access vulnerabilities, and we are pleased to add them to our Cyber Security Solutions portfolio."

About STEALTHbits Technologies, Inc.
STEALTHbits Technologies, Inc. is a leader in the Microsoft Infrastructure and Application Management space. Our mission is to provide solutions to the most difficult business problems across the Microsoft computing platform and beyond by allowing our customers to measure, manage, and understand multiple aspects of their environments using a single unified platform. Learn more at http://www.stealthbits.com.

About Carahsoft Technology Corporation
Carahsoft Technology Corp. is the trusted Government IT solutions provider. As a top-ranked GSA Schedule Contract holder, Carahsoft serves as the master government aggregator for many of its best-of-breed vendors, supporting an extensive ecosystem of manufacturers, resellers, and consulting partners committed to helping government agencies select and implement the best solution at the best value. Carahsoft is consistently recognized by its partners as a top revenue producer, and is listed annually among the industry's fastest growing firms. Visit us at http://www.carahsoft.com.