Black Hat Attendees - Understand a malicious applications propagation path with Viewfinity

Join Viewfinity next week at Black Hat (Booth #764) to learn how Viewfinity uses powerful File History and Forensics to help organizations understand exactly WHAT propagation path a malicious application took, once inside your environment.


It is vital to know, in real-time, what applications are installing and running in your server and endpoint environment in order to trace a breach. If you won't be at the show, you can schedule a private demo at your convenience.

Black Hat Attendees - Identify who downloaded a malicious application with Viewfinity

Join Viewfinity next week at Black Hat (Booth #764) to learn how Viewfinity uses powerful File History and Forensics to help organizations understand exactly WHO performed the initial installation of a malicious file.


It is vital to know, in real-time, what applications are installing and running in your server and endpoint environment in order to trace a breach. If you won't be at the show, you can schedule a private demo at your convenience.


Viewfinity Receives 4-Star Rating from PC Magazine Product Review

Technology editor Wayne Rash took the Viewfinity Privilege Management software for a test drive and summed up his findings in a product review published in PC Magazine.  The review is comprehensive and represents the product fairly, earning 4 out of 5 stars with an editor’s rating of “Excellent”. 

The information presented digs into the details of the Viewfinity Privilege Management solution.  The testing was performed via Viewfinity’s SaaS-based platform and walks the reader through a step-by-step approach to how a project to remove admin rights and then manage privilege elevation needs would be approached.

While the review is easy to follow and provides just the proper amount of detail to get a good overview and feel for the solution, what is stressed more importantly by this technology expert is the fact that organizations should be paying attention to the local admin rights security loophole.  It’s been said over and over by many security experts that removing local admin rights from your end users is one of the most important ways to reduce the attack surface.

The most common pathway to a data breach by far is the misuse of administrative rights on a company data system. Normally this happens in either of two ways: The first way is by stealing the credentials of someone with administrative rights and the second way is by elevating the rights of an existing user. Once either is accomplished, the data theft is often carried out by inserting a background application that siphons off critical data and sends it to the criminals who want it. Viewfinity Privilege Management and Application Control ($20 per user per year) cloud-based services aim to prevent both of those scenarios.
 

You can read the full review here.



Cybersecurity Insurance Driving Enterprise Purchase Decisions and Implementations


More and more we are seeing that the need for Cybersecurity insurance, and other contingency plans, are driving how organizations view and consume cyber security tools. Cybersecurity insurance providers need to see that organizations are doing their due diligence in order to protect the assets and privacy of their company, customers and other stake holders.

Todd Bell of Enterprise Tech recently published an article, Getting Cybersecurity Insurance After a Breach, outlining the struggles that organizations can face if they fail to take the necessary steps to protect themselves and their assets before a breach occurs.  Pretty serious challenges - it’s worth a read for anyone looking to better understand what they might be up against.

As a place to start, Viewfinity offers a complimentary tool which can provide a baseline for organizations to audit their endpoint security posture in regards to who has local administrator rights.  The Viewfinity Local Admin Discovery is a free tool that allows you to discover user accounts and groups that are members of the local “Administrators” built-in user group on computers in your Windows domain.


Sign up here to schedule your session


If you have removed admin rights from the majority of your end users, you can use this information provided in our tool as proof that you have closed down this security loophole that hackers use regularly to penetrate an infrastructure.

On a larger scale, Viewfinity enables organizations to approach cybersecurity with a 1-2 punch; Application Control with the ability to remove and manage admin rights, from a single agent. Both of these capabilities are vital to avoiding cybersecurity vulnerabilities and loopholes that serve as access points for hackers, Advanced Persistent Threats (APTs), and sophisticated Zero-day attacks. Not to mention, these tools offer the necessary capabilities to satisfy cybersecurity insurance providers and potentially even reduce cybersecurity insurance premiums.

Upcoming Webinar: 30-day Cyber Security Sprint - Not Just for the Government

We've been keeping you up to date on the OPM government data breach over the past few weeks, including information about the Federal CIO's mandated 30-day Cyber Security Sprint. However, it's important to understand that this initiative can benefit and apply to all organizations, regardless of industry.

This week we're running a 30 minute webinar dedicated to spreading awareness for this initiative; attendees will learn first hand how they can begin implementing some of the suggested tactics, within their organization, in order to improve their cyber security posture. Full details of the webinar are below:

Join us for a webinar on July 23, 2015 at 11:30AM EDT

30-day Cyber Security Sprint - Not Just for the Government

Register now!

On June 12th, US federal government CIO Tony Scott launched a government-wide Cyber Security Sprint, giving agencies 30 days to shore up their systems. The guidelines outlined in the 30-day cyber security sprint make sense for all industries, not just the US federal government.

There are two important elements on the list that Viewfinity can help with in regard to improved cyber security:

  1. Controlling, Containing, and Recovering from Incidents: Contain malware proliferation, privilege escalation, and lateral movement. Quickly identify and resolve events and incidents.
  2. Reducing Attack Surfaces

Join our 30 minute webinar focused on explaining the various methods by which the Viewfinity software addresses these security measures. Topics to be addressed include:

  • Removing administrator rights and managing privilege elevation needs through policies
  • Application Control, Monitoring and Forensics providing threat detection and response
  • Mitigating Pass the Hash tactics that harvest local admin credentials in an attack
  • Protecting against Cryptolocker

Leading Analyst Firm “Cool” Report Still Leans on IT Security Fundamentals

A leading analyst firm recently published a report highlighting emerging technology companies in security infrastructure protection that offer innovative solutions to tackling IT security challenges.  While the technologies are intriguing, what is also interesting is that the analysts continue to address the common attack loopholes.  So while there is cool new technology, the importance of adhering to IT security fundamentals like removing local admin rights and understanding endpoint vulnerabilities continues to offer solid security.

One such citing was “the most common attack vector that hackers use across enterprises and sectors is dumping malware on a user's endpoint…” and “code is typically reused for initial exploits, establishing a foothold, and escalating privileges and moving laterally through the target victim organization.”

Even with all the emerging technology available, analysts are still bringing fundamental IT security concerns to the attention of CISOs! 

This is why we stress the importance of being informed about all technology.  You can learn more about Viewfinity’s here.  

Viewfinity offers endpoint security technology that eliminates risks exposed due to excessive administrative privileges and allowing unclassified applications to run unmonitored.  We shut down a hackers ability to use pass-the-hash to steal user credentials because no user has administrative privileges on the endpoint, effectively closing off this extremely vulnerable security loophole.

TODAY, July 7th - Critical Flash Exploit In Play

A sophisticated "zero-day", critical Flash exploit stolen from Hacking Team has now been released into the wild, and Adobe won’t have a patch available until tomorrow.

What is your immediate risk due to this critical Flash exploit? 

One of the most vulnerable points of entry into your IT infrastructure is through endpoints, this includes both servers and desktops.  This is where hackers typically seed their malware and begin the process of exploitation via lateral movements. They do this by stealing user credentials with administrative privileges and privileged accounts.  This is commonly done via the pass-the-hash technique.

What can you do in the meantime? 

How can you protect against other exploits, such as CryptoLocker?

  • A proven method for reducing vulnerabilities related to common cyber attacks, such as CryptoLocker, is to block access to known malicious websites and also by limiting the activity of unclassified applications.  Do this by blocking or restricting the execution of unsigned executables which can frequently open the door for cyber threats like CryptoLocker.
  • Collaborate endpoint activity with network firewall intelligence.  A good example is the practice of cross-referencing unknown endpoint files with network security vendors. This sandbox-like functionality provides an isolated local environment for running greylist (unknown) applications. This limits the reach of an application, protecting your environment from any malicious intent from rogue executables.

National Journal - A Timeline of Government Breaches

Recently, Kaveh Waddell and Stephanie Stamm of the National Journal posted an article: A Timeline of Government Breaches. This article does a great job at outlining the major data breaches that have hit the US government over the past few years. In addition to creating a timeline of all data breaches over the past few years, they break down each data breach individually in a timeline from infiltration, to detection, and public notification.

Read the full article here.

Here is a quick snapshot of the latest OPM breach timeline, be sure to read the full article to find out about all of the data breaches affecting the US government over the past few years.

Endpoint Security Measures Enacted to Remove Administrative Privileges and Meet Least Privilege Compliance

The article that follows is a use case study from an IT Services & Consulting company related to endpoint security that eliminates risks exposed due to excessive administrative privileges and allowing unclassified applications to run unmonitored. Request a brief consult to learn how Viewfinity can help your efforts to reduce endpoint security vulnerabilities.


The Challenge:
Millions of dollars were spent annually on unwarranted and unauthorized installations of licensed software such as premium versions of Microsoft Visual studio, Visio, Project, Adobe Acrobat Writer, etc. In addition, malware infections and the management of end user administrative privileges created significant IT department overheads. The company also had stringent compliance and security mandates, both within the organization as well as from its clients - which, if not met, often resulted in hefty financial penalties.

“We immediately saved close to $1M in software license costs just by being able to control who can install premium software versions such as Microsoft Visual Studio Ultimate and Visio Professional”.
“To date, our company has saved close to $2M in licensing costs by restricting which software editions users had access to download.”
~Head of Global IT

The case study can be read in its entirety here.

The Solution:

Before the Viewfinity deployment, the IT Services & Consulting company had no means of controlling end user administrative privileges. Therefore administrative rights were granted to most of the software engineering workforce. Because employees across-the-board had administrative privileges, they were constantly downloading unnecessary and/or harmful software – leading to security incidents that resulted in increased licensing cost and administrative overhead.

Policies were put in place to prevent users from installing costly and unnecessary applications as well as potentially harmful software onto their machines. “A high percentage of our workforce is young software engineers. We found that they were downloading a lot of software, which inadvertently included malware and hacking software, to play around with,” explained the Head of Global IT. “This created a lot of IT overhead when trying to remediate infections created by these downloads. ”With Viewfinity, the company could remove administrative rights from these engineers and only allow elevations for specific, pre-approved applications.

The Results:

  • To date, the company has saved close to $2 Million in licensing costs by restricting download access to software editions.
  • With tighter administrative privilege security, a long laundry list of unwanted software is blocked and company IT overhead has been reduced by 20%.
  • Users have rights only for what they need, they cannot install software that is not required/allowed for their business unit/job function. 
  • Through automated workflow approval, users no longer have to request administrative rights from the IT department and can do their job without waiting. 
  • Administrative rights are never given back to the user, preventing the “privilege creep” problem that was occurring.

Closing down cyber security loopholes that led to the OPM breach, and others

What do the Target, Anthem, OPM breaches all have in common? These cyber security breaches occurred when a privileged user account was compromised and then leveraged to gain access to other parts of their endpoint and server environment, in order to steal sensitive data.  And the key to stopping them? Closing down the security loopholes left open by local administrator rights and improper credential management.

Recently, Jaikumar Vijayan of the Christian Science Monitor published an article, “OPM hack may finally end over use of ‘privileged’ user accounts” which outlines the attack and how several security experts thing it, and others like it, could have been prevented.

SO, as we see it there are 2 problems that led to this attack:

#1 Improper password management and exploitation of user credentials

#2 Excess local admin rights leading to endpoint security loopholes

And, honestly, the fix is actually a relatively simple one, a layered approach to cyber security which Federal CIO Tony Scott says can be addressed in a “30 Day ‘Cyber Security Sprint’”.

First and foremost: reduce the number of people who are operating with administrative rights in your environment. This reduces your attack surface and closes down security loopholes which can lead to devastating advanced persistent threats (APTs).

Scott’s fast track to better, more comprehensive cyber security contains several elements which are easily achievable, including approaches that we feel are applicable to all industries.

We’re taking about a layered approach to cyber security, because one solution just cannot combat the many facets of advanced persistent threats. We’re talking about solutions that fight a combination of external threats, exploiting vulnerabilities of inside users, which often go unnoticed for weeks or even months without the proper visibility (application monitoring, auditing, forensic analysis) into an environment.

The answer is simple, a combination of PIM, application control, and privilege elevation capabilities which can work to track, monitor, and audit all admin password activities and application security across an infrastructure’s endpoints and servers. Key factors here include:

1.      Privilege Account Auditing: understanding who in your environment is operating as a privileged user.

Viewfinity offers a free Local Admin Discovery Tool which allows organizations to do just that.

2.      Follow the Principle of Least Privileges: remove administrator rights from as many users as possible within your environment.

Viewfinity Privilege Management allows organizations to granularly control privilege elevations within your environment once admin rights have been removed.

3.      Implement a fully-automated PIM Solution; password management and other critical techniques to ensure the security of users who must operate as administrators in your environment.

Viewfinity collaborates with organizations like CA and Liberman to leverage the investments that you have already made into these PIM solutions.

4.      Control and monitor what applications are running in your environment.

Viewfinity Application Control utilizes application monitoring and forensic analysis, enabling organizations to understand which applications are running on servers and desktops.

5.       Be prepared to quickly detect, identify, and remediate any threats in your environment; through technologies that can collaborate with network security sandboxes and firewalls.

Viewfinity integrates with FireEye, Check Point, and Palo Alto solutions to accelerate detection, incident response, and remediation efforts via threat management capabilities.

 

Organizations need to be prepared with solutions to tackle cyber threats before, during, and after an attack. Don’t wait for tragedy to strike, speak with one of the Viewfinity security experts to find out how your organization can move in the right direction today.