This was an interesting month. We looked at what we thought was going to be a small to moderate group and ended up with 13 contenders. That certainly ran our team through its paces. Another nicety this month was that we had the services of Mike Stephenson, formerly our strong right hand, doing just about all of the reviews. He is off doing very cool stuff for the Detroit Public School System and he agreed to come back into the lab for one more go. That he likes this group helped a lot, I’m sure.
Privileged account management (PAM) is the name of this month’s game and it really is a fascinating group. Way back in the day, there was one product that did this and it only did it on Unix. That product evolved, went through the usual mergers and acquisitions that promising companies go through, and now we have an entire field rather than a single product.
The whole idea behind PAM is that there are some accounts that need to get special treatment. When this tool first hit the streets, its only purpose was to carve up the Unix root account so that no one account/password had all of the keys to the castle. Today, these products go way beyond that. Take a look at Mike’s opener for a peek at what the field looks like now – and then dive into the products.
There were other things happening last month that were worthy of note, among them Super Bowl 50, arguably the most hyped sporting event in history. There were endless public cautions and wringing of hands over the possibility – no, the likelihood – of a disruptive cyber attack. It never materialized. For a change, much of the pre-game hype centered on the unprecedented show of strength by law enforcement and public safety officials, including cyber.
Led by Det Sgt. Ray Carreira from the Santa Clara (California) police department, the cyber protection team in the Levi’s Stadium command post put in a lot of long hours, applied some of today’s most sophisticated tools and the result was a solid performance in cyberspace by the sports event of the year. That shows that a lot of preparation yields a lot of positive results.
And take the SB50 cyber team’s lead: Don’t keep quiet about what you are doing to protect your organization, even though, of course, you don’t want to discuss how you are doing it. While advertising does not impress the bad guys, it does impress management and it helps answer that old questio: “Why should we be paying for all this cybersecurity? Nothing ever happens.”
Ya think all that prep (and budget) might be why?