My sincere apologies for the unintended lapse in sharing thoughts via this blog, which has primarily been on account of us having received a "seemingly" simple request late last year, the fulfillment of which required my involvement and time.
We Need to Know, NOW
A few days after I penned my last blog entry, we received a request from a rather prominent U.S Government agency (i.e. one with a 3-letter acronym ending in A) that happens to have a rather large and complex Active Directory environment.
By “swiftly” I mean, within a matter of minutes.
Gold Finger could already identify and reveal paramount administrative access/entitlement insight like Who can effectively reset the password of any user in the organization to instantly login as him/her, within minutes in most deployments. It was in complicated environments that it could sometimes take an hour or more. An hour's not that bad at all, considering the sole alternative, which is to try and do the same manually (using basic tools), which could easily take months, if not years.
But I suppose they needed Gold Finger to be able to do the same in their "complex" AD deployment, within minutes.
Anyway, this was, as I said a "seemingly" simple ask.
I say "seemingly" simple because as the architect of Gold Finger, I'll be the first to tell you that the only thing harder than making something as sophisticated as Gold Finger, is trying to make it much faster. Here’s why -
When you press the Gold Finger button, almost half a million lines of code go to work in a magical black box, and within minutes, they reveal completely accurate, instantly actionable and mission-critical effective access insight in plain English.
For instance, when you select a report like Who can reset user account passwords across a domain of say 50,000 users, Gold Finger literally determines effective permissions on 50,000 user accounts in a single shot. That's no easy task. To begin with, it involves retrieving almost 5 million ACEs, doing the relatively easy stuff (resolving 1000s of SIDs, expanding 1000s of direct/nested/circular group memberships, etc. etc.) and then the difficult stuff (assessing millions of access grants taking into account over a dozen factors), to ultimately identify and reveal exactly who can reset whose passwords. There’s also a lot that can go wrong at any point so you have to be able to deal with virtually every potential unknown.
In essence, there are over a 100 different inter-dependent logical functions that operate in unison to do at a touch of a button, what is generally considered almost impossible to do. In other words, there’s just so much complexity involved that trying to make the smallest change, let alone trying to accomplish even a 10% performance gain, can be quite difficult.
So, although this seemed like a simple ask, what was required to deliver on it was in fact a combination of deep subject matter expertise, utmost discipline, world-class software-engineering, and of course comprehensive testing.
After months of highly disciplined work (some of which was already in progress), our Engineering teams ultimately achieved what was no easy feat - making Gold Finger faster. Not just a little faster, but up to 5 times faster.
The result was Gold Finger 6.0 - http://finance.yahoo.com/news/paramount-defenses-one-worlds-top-173000714.html
Gold Finger 6.0
Gold Finger 6.0 embodies our patented cumulative access entitlement technology and is the culmination of over half a decade of innovative cyber security research and development. It is not only the world's fastest cyber security solution that can accurately identify and reveal the identities of all individuals who effectively possess (any level of) administrative / privileged access in Microsoft Windows Server based IT infrastructures powered by Active Directory, it may possibly be the world's ONLY cyber security solution that can do so.
A Potentially Trillion $ Algorithm
As you may know, in most organizations worldwide today, the compromise of a single administrative / privileged account could be sufficient to inflict colossal and often irreversible damage to the organization, so the need to know exactly who has what administrative access in Active Directory (which stores and protects the keys to virtually every lock in the kingdom) is paramount.
For those, to whom this seems overstated or far fetched, there’s just one name to mention – Edward Snowden.
In our efforts to fulfill this request, not only were we able to help one of the world’s most important government agencies, we have also been able to (now) empower virtually every organization worldwide to finally be able to know within minutes with complete accuracy, exactly who has the proverbial keys to their kingdoms.
With over 85% of all government and business organizations worldwide running on Active Directory, including virtually the entire Fortune 1000, even we’re not sure how to value an algorithm that can uniquely and instantly help determine exactly who’s got the keys to the(se) kingdom(s).
Alright, back to work.
PS: Sadly, it takes just ONE malicious or coerced insider with admin/privileged access to inflict colossal damage.