• 14 JAN 15

The First Line of Defense – Passwords

The IT security stakes are high for the healthcare industry – HIPAA violations and fines, criminal charges, and tainted brand reputations make up the fates of healthcare organizations that fail to protect patient data both from the inside and out. Why Healthcare is Being Targeted A large number of personally identifiable information (PII) is stored

  • 07 OCT 14

[VIDEO] What You Need to Know About Bash Bug

We’ve all heard the headlines of the most recent security bug, including, ‘Shellshock bug could threaten millions compared to Heartbleed,’ or even more terrifying, ‘Shellshock: A deadly new vulnerability that could lay waste to the internet.’ While these headlines are a bit dramatic, there lies some truth in the statements. The National Institute for Standards

  • 09 SEP 14

Infamous Heartbleed Bug Responsible for Over 4.5 Million Patient Records Leaked

Heartbleed continues to haunt the organizations as patch efforts remain ignored. In April we notified our customers that our solutions remained unaffected, but unfortunately for millions that was not the case. Over six months later a data breach at Community Health Systems is the result of the infamous Heartbleed vulnerability that several versions of OpenSSL

  • 05 JUN 14

SSL: Beyond the Basics Part 4: Strict Transport Security

In our previous post, we discussed SSL certificates and new cryptographic functionality that can be used with modern SSL certificates. Next, we are going to look at how to make sure SSL is always used for web clients in a browser. SSL doesn’t do much for securing browsers if it isn’t used, which is why

  • 11 APR 14

Phew. Thycotic solutions remain unaffected during devastating Heartbleed vulnerability.

The recent OpenSSL vulnerability CVE-2014-0160, or “Heartbleed” is affecting millions of SSL-enabled web servers worldwide; estimates are somewhere between 60% and 80% of servers are affected by the deadly bug. It’s the perfect example of a worst-case scenario: Heartbleed gives attackers the ability to reveal your server’s private SSL key by recovering just enough SSL

  • 17 SEP 13

Integration Spotlight – Secret Server and Devolutions Remote Desktop Manager

  In this week’s webinar we will be diving into the integration of Devolutions Remote Desktop Manager and Secret Server. Since the software integration in 2011, users have been securing their credentials through Secret Server and remote connections using Remote Desktop Manager after several client requests. Since then, administrators have been able to use both

  • 16 JUL 13

Get Credentials out of Code with Secret Server API

A few years back, our engineers decided to solve a new password problem: Network credentials are not only used by people. Sometimes other programs need credentials to interact with the network too. Secret Server was already providing full audits of each user’s credential usage, why not create an API so programs could also use Secret

  • 28 MAY 13

Breaking the Glass With Unlimited Administration Mode

What happens when a user creates Secrets and does not share them with anyone else, or if you are administrating Secret Server and need to re-organize your Secrets? Secret Server’s “break the glass” feature, Unlimited Administration Mode, can help in those situations. The Unlimited Administrator Mode allows designated users to manage Secrets they would normally

  • 10 MAY 13

Customizing Roles For Your Company – Part One

Secret Server uses Roles and Permissions to control access to various capabilities within the system. In this two part blog post we will review how to set up customized roles and permissions to meet your company’s security policy. Roles in Secret Server control what a user is allowed to do in the tool. Secret Server

  • 11 APR 13

Integrated Windows Authentication and Two-Factor Authentication

In Google Chrome and Internet Explorer with Integrated Windows Authentication, enabled users are automatically signed in to Secret Server when they visit the site using their Active Directory credentials. This feature reduces the number of passwords that a user has to type, and the possibility of a forgotten password. This also allows domain administrators to