Cyber Security is fundamentally about precise access control, but precise access control is impossible to achieve without precise effective access assessment.
After all, how can one protect i.e. precisely control access to any IT resource, without being able to precisely assess exactly who has what effective access to that IT resource?
Our patented technology uniquely helps organizations worldwide find out precisely who has what effective access in their IT infrastructures, and thus enables them to precisely control access.
A Global Need – Precise Effective Access Assessment
Today, in 1000s of IT infrastructures worldwide, billions of IT resources are each protected by access control lists (ACLs) that specify which users/groups have what access to these IT resources.
For instance, in Microsoft Windows Server based IT infrastructures, virtually all IT resources such as files, folders, databases, apps, users, computers, groups etc. are all protected by ACLs.
In each ACL, permissions can be specified for any user or group, access can be allowed or denied, and permissions can be specified directly on the IT resource, or be inherited from its parent.
Since access can be allowed and denied, and permissions can be explicit or inherited, what determines the actual (effective) access that a user has on an IT resource are the effective permissions granted to him i.e. the permissions that he actually ends up with after taking into account all the allows and denies in light of all relevant considerations that influence his actual effective access.
The process of determining the precise set of effective permissions that a user has on an IT resource is complicated because it involves numerous considerations such as intersecting conflicting permissions based on precedence orders (e.g. denies override allows, explicit permissions override inherited permissions), expanding and considering all relevant group memberships, and addressing situations wherein a user is indirectly granted a specific permission via an inherited group membership grant but denied the same permission via an explicit nested group membership grant specified etc.
Consequently, today, in most systems, including in Microsoft Windows Server platform, the ability to precisely determine the effective permissions granted to a user on an IT resource does not exist.
Furthermore, since organizations have a large number of IT resources to protect, they need to be able to precisely and efficiently assess what effective permissions/access users have at any point in time, not just on a single specific IT resource, but in fact on a large number of IT resources across their IT infrastructure, such as possibly and ideally, on the entirety of their IT resources.
An Innovative Solution – System-wide, Fully-Automated Precise Effective Access Assessment
Our innovative patented effective access assessment technology governs the precise assessment of effective access in information systems, thereby uniquely fulfilling a global cyber security need.
Our unique IP, embodied in and protected by United States Patent # 8429708. titled Method and system for assessing cumulative access entitlements of an entity in a system governs the precise assessment of effective access granted to (one or more) users on (one or more) IT resources in any information system in which IT resources are protected by access control lists (ACLs).
The ideal example of such a system is a Microsoft Windows Server based IT infrastructure, because virtually all IT resources in it, such as files, shares, AD objects etc. are all protected by ACLs.
Our unique effective access assessment technology can empower organizations to precisely and efficiently find out –
- Exactly what effective permissions/access a specific user has on a specific IT resource (such as a specific file, folder, database or Active Directory object) in their IT environment ?
- Exactly which users have what effective permissions/access on a specific IT resource (such as a specific file, folder, database or Active Directory object) in their IT environment ?
- Exactly what effective permissions/access a specific user has on a set of specific IT resources (such as on all their files on all their file shares) in their IT environment ?
- Exactly which users have what effective permissions/access on a set of specific IT resources (such as on all their files on all file shares) in their IT environment ?
- Exactly what effective permissions/access a specific user has across the environment (such as on all their files, folders, databases, apps, email, Active Directory etc.) ?
- Exactly which users have what effective permissions/access across the environment (such as on all their files, folders, databases, apps, email, Active Directory etc.) ?
Our innovative effective access assessment technology is the outcome of almost a decade of cutting-edge cyber security research and development. It was conceived in 2006 and the world had its first glimpse at the RSA Conference 2007, which was keynoted by Bill Gates and where Paramount Defenses was amongst the 10 Finalists for the Most Innovative New Company of 2007.
Today, our unique, innovative effective access assessment technology is commercially available via our globally deployed Gold Finger and Gold Finger Mini effective access assessment solutions.
These solutions currently focus on the most vital of all IT resources in Microsoft Windows Server based IT infrastructures, i.e. objects in Active Directory that represent all organizational user accounts, computer accounts, security groups and other object types that constitute the very building blocks upon which the entire cyber security posture of these organizations depends today. For instance, at the touch of a single button, Gold Finger can find out precisely who has what effective access across an entire Active Directory deployment comprised of millions of Active Directory objects, within minutes.
Simply put, today Gold Finger can effectively accomplish in minutes, what would take an army of the world's best IT consultants a year to accomplish, for 1/100th the cost, and in 1/100th the time.
Future versions of these solutions can be expected to cover other resource types such as files, folders, databases, applications, portals, routers, etc. i.e. anything that is protected by an ACL today.
Today, the world's most powerful organizations all use our innovative cyber security effective access assessment technology to secure and defend the very foundation of their security.
Our patented technology thus uniquely helps organizations worldwide find out precisely who has what effective access in their IT infrastructures, and consequently enables them to precisely control access. In doing so, it fulfills a paramount global cyber security need for organizations worldwide, and it consequently helps secure and defend the very foundation of cyber security worldwide.