London, UK: Lieberman Software Corporation has announced that its adaptive privilege management platform, Enterprise Random Password Manager (ERPM), now offers Secure Shell (SSH) key management. With the newest version of ERPM released in July, customers can manage and secure SSH keys, in addition to other privileged account credentials, from one unified privilege management security platform.
Building on ERPM’s exclusive True Discovery™ technology, the next ERPM update - scheduled for later this year - will add automatic discovery, correlation, and rotation of SSH keys throughout the enterprise. This discovery capability will eliminate the need to manually associate a key with an account on a system. That version of ERPM is currently running at select customer beta sites.
The SSH Security Vulnerability
SSH operates as a protected communications tunnel used to remotely login to systems, transfer files and execute commands in large enterprise environments. As a technology that automates the integration of IT systems, SSH often provides privileged access to the most sensitive IT assets on a network. However, this privileged access is poorly managed in many organizations. According to recent research from Aberdeen Group, unauthorized SSH keys represented 45% of the total security vulnerabilities discovered in an analysis of 1,977 public cloud instances.1
Visibility and Management of SSH Keys
With its new SSH key management capabilities, ERPM helps overcome SSH vulnerabilities. ERPM can use SSH keys to connect to and manage credentials on target systems, or a user can give ERPM the appropriate key to connect to a system as an identity. This is a much more secure mechanism for connection than a password.
Additionally, ERPM can use SSH keys to automatically connect a user to a target system with a specific application, while limiting access to certain commands and authentications available to the program. This allows ERPM to perform operations in the customer’s environment, including management of the powerful privileged accounts that grant access to an organization’s most critical data, in the most secure way possible.
ERPM’s application launcher, also added in the newest version of the product, grants the use of unlimited bastion hosts and SSH proxy hosts — leveraging SSH Keys — and can quickly launch corporate applications in a secure environment. The privileged operations performed while using launched applications, whether on premises or in the cloud, are automatically audited and recorded.
“At Lieberman Software we believe the key to stopping today’s advanced threats is the ability to automatically discover, document and eliminate privileged account security vulnerabilities before cyber attackers can exploit them,” said Philip Lieberman, President and CEO of Lieberman Software. “One of the most serious threats comes from poorly managed SSH keys found in most enterprises. The current version of ERPM is an active defense solution that deals with this reality. The next version of ERPM will include the significant enhancement of automated discovery and rotation of SSH keys in the largest enterprise environments.”
In addition to SSH key management, ERPM bundles privileged identity management, privileged access management, session recording and threat analytics capabilities into one adaptive privilege management platform. ERPM ensures that powerful privileged accounts are only accessible to delegated personnel on a temporary, “need-to-know” basis - preventing unauthorized, anonymous access to critical systems.