New Coordinates

Folks,

Due to substantial time-constraints (given my role at Paramount Defenses), I've decided to change coordinates, shifting this blog to the back-burner, and moving to a more focused vantage point.

 

New coordinates are - www.identitysecurityandaccessblog.com.

Thanks,
Sanjay

A New Years Gift for the Microsoft Ecosystem

Folks,

Here's wishing you a great 2010 on all fronts - may it be your best yet!

There's nothing quite like starting the year on a great note, so its my pleasure to introduce yet another gift to the Microsoft ecosystem - an updated version of our Gold Finger software!


Earlier today, PD released an enhanced version of the Gold Finger offering richer reporting, 140 additional security reports and coverage of 2 new management categories, offering a total of 365 reports spanning 12 Active Directory reporting management categories, all available at the touch of a button.

You're welcome to download your free copy (our compliments ) from http://www.paramountdefenses.com/goldfinger.html

Have a great year ahead!

Cheers,
Sanjay

Helping Organizations Worldwide

Folks,

It is my pleasure to inform you that as of December 01, 2009, the Gold Finger was deployed at over 500 organizations across over 50 countries worldwide.

Gold Finger is helping these organizations efficiently and securely fulfill their Active Directory based IT security reporting, audit and compliance needs.
We're happy to help.
Thanks,
Sanjay

Introducing the Free Edition of Gold Finger, our $30M gift to the Microsoft Ecosystem

Folks,

Earlier today, Paramount Defenses released an updated Free Edition of Gold Finger, featuring over 225 valuable Active Directory Security Reports.

It covers TEN administrative categories including account and group management, and Microsoft Exchange and AD ACL management.

It is also 100% free and completely supported, and can be downloaded and deployed in less than TWO minutes, anywhere in the world.

With over 5000 organizations running on Microsoft’s Active Directory, and spending an average of $6000 on an annual basis to fulfill their AD security, AD ACL management and AD related Exchange reporting needs, the availability of the Gold Finger represents over $30M a year in value to Microsoft’s Windows Server ecosystem.

For more information, you’re welcome to visit http://www.paramountdefenses.com/goldfinger.html

Best wishes,
Sanjay

Rajeev Motwani. 1962 - 2009

Folks,

On Friday, June 05, 2009, the world lost a brilliant mind and a wonderful person in Rajeev Motwani. It is with grief and shock that I offer my deepest condolences to his wife, Asha.

Most people know Rajeev as a highly accomplished acamadecian, most prominently as Director of Graduate Studies at Stanford's Computer Science department. During Google's Stanford years, Rajeev often advised Sergey and Larry and in years to follow, he had a very close relationship with the Google family. During his years at Stanford, he truly made significant contributions to Computer Science.

I remember him most not only as a brilliant mind, but as a wonderful and truly humble human being with a panache for life, passion for entrepreurism and the genuine willingness to help people succeed.

I first met Rajeev in 2006 when Asheem Chandna (over at Greylock) invited me over to dinner with the Motwanis in downtown Palo Alto. From that very moment, his humility left an indelible impression on me. In months to follow, we became friends, and would enjoy breakfast in downtown Palo Alto whenever I'd visit the Bay Area - as accomplished as he was, he was always humble, respectful, warm, welcoming and most of all, always ready to help. He was an ardent believer in Paramount Defenses and always helpful with advice and encouragement.

His sudden demise is truly saddening and our hearts go out to Asha. He will be missed dearly for the world truly has lost a brilliant mind and a wonderful human being. May his soul rest in peace.
- sanjay

PS: Notable Tributes -
> Sergey's Tribute - http://too.blogspot.com/2009/06/remembering-rajeev.html
> Om's Tribute -http://gigaom.com/2009/06/05/goodbye-old-friend-r-i-p-rajeev-motwani/

Paramount Defenses Announces Gold Finger 2.0

Earlier today, Paramount Defenses Inc officially released Gold Finger v2.0, the world’s most powerful access assessment, audit, reporting and compliance solution for Microsoft Active Directory – www.paramountdefenses.com/pr-04-27-2009.html

Gold Finger 2.0’s unrivaled administrative access (keys to the kingdom) assessment, audit and reporting capabilities deliver an essential and paramount security capability to Microsoft’s global ecosystem, comprised of over 85% of IT infrastructures worldwide.

Quoting Charles Coats, Senior Product Manager with the Identity and Security Business Group at Microsoft Corporation, from the Press Release “The ability to view, audit and lockdown administrative access rights to an entire Active Directory network significantly improves the security of an IT infrastructure” said Charles Coats, Senior Product Manager with the Identity and Security Business Group at Microsoft Corporation. “We are very pleased to see Paramount Defenses, a valued Microsoft partner, offer an innovative security solution that helps enhance security and compliance in Active Directory environments.”

Gold Finger 2.0 delivers a completely redesigned UI, high-value administrative task based assessments, instant audit and report generation and archival capabilities, and the ability to instantly identify exactly how someone currently has specific access, empowering organizations to finally assess, audit, manage and control powerful administrative access grants in their IT infrastructures, and demonstrate their compliance.

Given today’s challenging economic climate, organizations worldwide are finding themselves more vulnerable to the real risks associated with the misuse of unauthorized administrative access, especially from insiders, given the likelihood of potential layoffs and the challenge of keeping employees satisfied, and thus are increasingly beginning to find themselves having a real need to swiftly identify and eliminate unauthorized administrative access grants across their IT infrastructures.

Today, organizations from across the globe, including from France, Italy, the United Kingdom, South Africa, United States and others are currently evaluating Gold Finger 2.0’s powerful access assessment capabilities.

At Paramount Defenses, we remain deeply committed and formidably equipped to delivering innovative solutions to paramount global IT security problems, so the world can someday engage in business upon a trustworthy foundation.

Best wishes,
Sanjay

PS: On a personal note, the challenge of making something deemed virtually impossible, as easy as touching a single button, for the entire world, has been rather satisfying :-)

It's time to shed light on matters of global security

Three years ago, I left Microsoft Corporation after spending half a decade on Microsoft's Windows Server Security Development Team, and after delivering a security risk assessment of Microsoft's global IT infrastructure.

 

 

Today, I run Paramount Defenses, a security company recognized globally by Microsoft, RSA, Burton Group, Information Week, Fast Company and others, for delivering respectable value to organizations across the world.

This year, time permitting, I'd like to share my humble perspectives on matters that directly impact global security, with the sole intention of helping C*Os, IT admins, employees and investors make well-informed security and investment decisions.

Stay tuned...

- Sanjay

The Onus of Great Power - Part II

Earlier today, Paramount Defenses officially released Gold Finger, the most powerful access assessment solution in the world.

At the touch of a single button, and within minutes, the Gold Finger can identify thousands of security privilege escalation paths across an Active Directory deployment. (Over 85% of IT infrastructures across the world run on Active Directory.)

The Gold Finger is designed to empower administrators accurately and instantly identify (and subsequently eliminate) excessive access in their Active Directory deployments.

Along with great power comes great responsibility. In the wrong hands, the Gold Finger could significantly aid a malicious entity in very quickly obtaining the keys to the kingdom at over 85% of IT infrastructures around the world. Thus, at Paramount Defenses, we take the onus of protecting the availability and the use of the power of the Gold Finger very seriously.

It's time to make the world a safer place.

Best wishes,
Sanjay.

The Onus of Great Power

[10.04.06: Penning in from my suite at the Waldorf Astoria Towers in Manhattan.]
There’s an old adage – “Along with great power comes great responsibility.”

After giving it considerable thought I have decided against providing the answer to the two questions posed in my previous blog entry, and for a respectable reason – while there is much to talk about in regards to the security posture of the free world, and numerous eye-opening stories to share and incidents to narrate, the onus of ensuring that I don’t give away the slightest of hint that could be misused to inflict significant damage to the very companies we are working to protect, is one I take seriously.

The free world is not yet capable of surviving an attack to their security infrastructures and thus I have decided against shedding any light in the public on the answers to the two questions posed below.

When the time is right, I will provide the answer to those questions.
Best wishes,
Sanjay
PS: I'm going to put blogging on the back-burner for a bit, so I can devote all my time to helping our customers secure their security infrastructures. It may be a few weeks before the next entry.

Who needs WMDs today?

I was planning on blogging an entry on the need for accountability in security across Corporate America. As I was about to do so, I stumbled upon an interesting article on Yahoo titled “Cyber crime becoming more organized”.

One statement in particular is worthy of mention – “A growing worry is that cyber crooks could target emergency services for extortion purposes or that terrorists may be tempted to attack critical utility networks like water and electricity.”

I'd been meaning to blog this entry for a while now and the coincidental timing of the above mentioned article makes this blog entry highly meaningful today; the blog on accountability will just have to wait because the statement above unequivocally resonates our concern regarding the inadequacy of security infrastructure protection controls across the free world.

Today, the threat of cyber terrorism is very real, especially given our complete dependence on IT. The reality on the ground is that our IT security infrastructures are easy targets for terrorists and it is only a matter of time before terrorists realize how soft our underbelly really is; once they do, we will be in trouble, for they will waste no time in gaining and using the technical know-how required to attack and compromise our security infrastructures.

If you take into account that such avenues of attack can be pursued from virtually anywhere in the world, and be carried out without physically putting the perpetrators in harms way, imagine how appealing this option would be to them, in stark comparison to the expensive and dangerous option of attempting to acquire and use nuclear weapons.

Who needs WMDs today, to make the world a dangerous place?

All you need is two WDs in the same pl(ace). After all, we live in the Information age. Puzzled? Here’s one simple question for you – what does the following string represent and why should it be a grave cause of concern?

(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU) (A;CI;RPWDLCLO;;;WD)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU) (OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)
It shouldn't take the astute mind more than a minute to figure it out, given that I’ve actually already provided the answer. It's all about perspective.

Speaking of perspective, which happens to be the topic of my next blog entry, as I take your leave, I’ll leave you with yet another simple question...

What do the following organizations have in common?
Microsoft, Hewlett Packard, Intel, Cisco, Dell, the US Army, the US Air Force, the US Navy, the White House, the Department of Justice, Bank of America, Citibank, Wells Fargo, Chevron Texaco, Goldman Sachs, Fidelity Investments, Blue Cross, Walmart, KPMG, the Carlyle Group of companies, Los Alamos National Labs, Wipro, Charles Schwab, Boeing, Lockheed Martin and virtually every other organization that is an American household name?
[Hint: The two questions above are closely related. The connect lies between the lines.]
I’ll shed light on the answers on Monday, October 09, 2006.

Have a wonderful weekend,

Best wishes,
Sanjay

Thank you

Folks,

I'd like to thank all of you for your best wishes. It’s been an incredible 36 hours since we launched Paramount Defenses.

We’ve received congratulatory emails from all over the world, including from various prominent folks in the information security space such as Eric Pulaski, Ankit Fadia, Tim Guleri and others. We've also received best wishes from folks at prominent organizations including the White House and the Department of Homeland Security.

As I take your leave, I’d like to publicly express my heartfelt thanks to Scott Charney for his encouragement and inspiration through out my journey thus far – thank you Sir.

Best wishes,
Sanjay

Houston, we have Lift-Off

Hi Folks,

As promised, earlier today we launched Paramount Defenses Inc., the world's first company engaged in the development and delivery of a dedicated IT security infrastructure protection solution.

Best wishes,

Sanjay Tandon
Founder,
Paramount Defenses

Microsoft’s Unsung Heroes

Earlier today, Microsoft made a rather bold move – they publicly invited hackers to test Vista. (Yahoo News: Microsoft invites hackers to test Vista)


Having been on the other side of the fence, I can tell you that it’s no easy job ensuring that the world’s largest piece of software is highly secure.

Over the last few years, Microsoft has put in significant and commendable efforts to raise the security worthiness of their products. If you read the news article above, you’ll come across the mention of a security team with oversight of every Microsoft product. That security team is led by none other than my good friend and former colleague John Lambert. John’s a fiercely intelligent and truly remarkable gentleman, and he leads a team that bears a great responsibility – ensuring that Microsoft ships secure and trustworthy software.

John recently presented at the Black Hat conference where he spoke about the security engineering process behind Vista. (Incidentally, he’s one of the seven people at Microsoft who had the opportunity to be privy to my risk-assessment of Microsoft global security infrastructure.) He and his team work night and day hand-in-hand with the various product teams across Microsoft and together they ensure that delivery of trustworthy products.

Speaking of his team, every Microsoft employee (from the Michael Howards of the world to the thousands of unsung developers and testers) deserves praise for their admirable dedication and their (usually under-rewarded) perseverance and contributions to the company. It’s rather unfortunate that over the last few months or so, some of the best at Microsoft have been moving on.

In fact, Jesper just publicly announced that he was moving on from Microsoft moved on just yesterday. He’s a good friend and a phenomenal guy and I wish him well. Jesper’s departure is truly a loss to Microsoft.

Microsoft has some of the best brains in the world, and each Microsoft employee, no matter what their role, is an unsung hero, for their work directly and truly impacts millions of people around the world. I wish all my former colleagues at Microsoft the very best.
Thanks,
Sanjay

Do you play Chess?

Defending an enterprise is sort of like playing Chess.

It’s you versus them. Each party has an army. You're on the defensive while the bad guys are on a constant offensive. It’s your defense strategies against their attack strategies.

Each move takes into account the state of the entire battlefield. They’re looking for a weak link; anything that will get them closer to your King (or the keys to your kingdom). That is their ultimate aim. Should they fail in accomplishing their ultimate mission, they’ll seek satisfaction in inflicting maximum damage before fleeting the battlefield – don’t take it personally, they’re merely frustrated. On the other hand, if they’re successful, well, its game over.

But that's where the similarity ends for there are also differences, and unfortunately none of them are in your favor...
They know exactly who you are. You have no clue as to their identity, their strength, their location,their motivation, their next move. Also, you cannot expect them to play by the rules.

Speaking of which, you definitely cannot expect them to be polite, courteous, compassionate or merciful. And unlike you, they’re not working sixty hour weeks with umpteen responsibilities, a life to live, kids to go back to in theevening, a lovely vacation to look forward to and a hard-earned retirement to dream about.

On the contrary, most of them are ruthless, determined, focused and highly driven to accomplish their objective at any cost. They’ve already compromised their integrity - what more could they have left to lose? Remember the old adage “beware of he, who has nothing to lose.”

How does one win this constant battle against a ruthless and faceless enemy? (This is the stark reality that thousands of organizations around the world face everyday )

Finite Time, Infinite Possibilities

Blogging's a great way of sharing one’s thoughts and perspectives with the world. It's also the easiest way to easily lose your most valuable possession.

Having seen some of my ex-colleagues indulge in it (e.g. Kim's blog @ http://www.identityblog.com/), it is clearly evident that unchecked, it has the potential to easily turn into a highly addictive activity (albeit highly intellectually stimulating) and in certain cases, very quickly turn into long-drawn ego-bouts, thereby easily quenching one's precious time.

While time is finite, the possibilities life presents all of us are virtually infinite, and the clock continues to tick away. In an attempt to efficiently use blogging as a means to share my prespectives, I’ve decided to establish and adhere to a few blogging ground rules:

Rule #1 – Blog at most one (terse and cogent) entry a month
Rule #2 – Share meaningful, thought-provoking perspectives
Rule #3 – As a principle, resist engaging in blog discussions

I look forward to sharing my perspectives with you.

PS: Thought for the day... How much trust can you impose in the machine you're browsing from, and on what basis?

Hello World !

Hi,

Welcome to my blog and thanks for stopping by.

I'm Sanjay, until recently Program Manager for Active Directory Security on the Windows Server development team at Microsoft. I moved on from Microsoft last year to do my bit to secure the world.

Between doing my bit to secure the world and getting some sleep, I intend to spend some time blogging to share my humble perspectives on Information Security.

My blog should be up and running in a few days. As I take your momentary leave, I wish you all the very best on your sojourn of this marvel we call life.

Cheers,
Sanjay