Summing up a brief history: Data breaches are increasing steadily in the Federal network… and everywhere else.

by Viewfinity 17. July 2014 15:59

We came across a great article that we wanted to share quickly. Josh Hicks and Alice Crites of the Washington Post recently published an article A Brief History of federal network breaches and other information-security problems”. The article gives a good break down of statistics over the past few years and paints a vivid picture of just how many people have been affected by these data breaches and advanced persistent threats: government employees, active military and veterans, the general populous.

Below is a graph they used to exemplify just how rapidly the number of breaches is increasing in recent years. These trends, although centered on the federal government in this article, ring true for all industries.

 

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Solutions for every stage: Where are you with your endpoint security project?

by Viewfinity 27. June 2014 16:02

Improving endpoint security is a difficult, but necessary task. The good news is that Viewfinity offers resources to help you during every stage of your project; whether your head is swimming trying to navigate the ever changing security landscape, you are just learning what application control can do for your organization, you’ve removed admin rights and are ready for the next steps, or you are currently employing all of the top security strategies and are looking for an easier way to manage your processes.

Take some time to check out the resources below that match your needs best, or reach out directly to Viewfinity and we can walk you through the process as smoothly as possible.

  • I am not familiar with application control and would like a high-level overview: IT Security’s 50 Shades of Grey
  • I am thinking about removing admin rights: Viewfinity’s Free Local Admin Discovery tool
  • I have removed admin rights but am experiencing IT help desk overload: Case Study – Fortune 500 Energy & Utilities Company
  • I have a homegrown / Native MS system in place but would like to learn about streamlining the process: Sign up for a One-On-One demo with a Viewfinity Engineer
  • I am making a decision soon and want to see your product: Register for a Trial Eval

Viewfinity offers flexible application control and privilege management solutions to meet whatever cyber security needs your company is currently facing. Let us work with you to make this daunting process as seamless as possible.

 

The Principle of Least Privileges Can Help Thwart Insider Threats

by Viewfinity 11. June 2014 14:07

I came across an article discussing the ways that companies can help prevent insider threats. The article, 360 Advanced Warns About Insider Threats: Is Your Data Already Out There And You Don’t Know It? , outlines some best practices and tips related to preventing and security against insider threats. Within the article David James Smith of 360 Advanced, stresses some suggestions which deserve special attention.

1.       Renew your dedication to the principle of least privilege. Immediately conduct an audit of permissions of access, and cut back. Over time, through the phenomenon of permission creep, too many people have access to information who should not. "The big problem is awareness. My rule is, know they network, and people don't," said Smith. "On several projects, when we point out the dangers of too many permissions, we're told, 'well, nobody could do anything with that data,' and then we'll show them what could be done with that data using the privileges that they thought were safe."

Viewfinity has a free Local Admin Discovery Tool that allows organizations to discover user accounts and groups that are members of the local “Administrators” built-in user group on computers in your Windows domain.  Having detailed information related to which users and groups have administrator rights on corporate desktops allows you to reassess who should have these rights. Once the analysis has been run IT Administrators can take action, if needed, by removing the users or suspicious groups from the Administrators group.  Reports can be scheduled to run regularly to show you where privilege creep is happening.

2.       Beware vendor access. Smith warns that a vital component of the rule of least privilege is to thoroughly and regularly analyze what access you have allowed for your vendors. As increased use of extranets grows, know your vulnerability, and avoid opening the door to a vendor's access to vital company information without a thorough compliance audit. Obviously, your HVAC vendor should not have access directly to the same set of computers where you store your payroll data. Such routes through vendor sharepoints and extranets are favored by hackers, and Smith says he sees that frequently.

For organizations that have outsourced their operations support to a third party or offshore entity, Viewfinity provides the ability to limit and restrict what the administrators who are part of those outsourced teams can run. This way, if the outsourced team is only responsible for maintaining certain operational functions on servers, for example, they only perform software updates, the policy will limit their privilege elevation rights to performing only those functions. You can define exactly which software products they can update via granular-level privilege control by providing the ability to reduce (or elevate) permissions for privileged users based on roles and responsibilities.

Insider threats are a real issue, affecting not just those companies who are breached, but for anyone associated with those organizations, whether it be vendors, customers, partners, or employees. A completely locked down environment benefits everyone.

Currently rated 3.0 by 10 people

  • Currently 3/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Local Admin Discovery Tool | Principle of Least Privileges | Security | Security Protection | Tools

SC Magazine Gives Viewfinity 4.5 Stars!

by Viewfinity 2. June 2014 16:18

Recently, SC Magazine invited Viewfinity to participate in their Risk & Policy Management 2014 group review. We are proud to announce that the test results released today indicate that Viewfinity has received 4.5 out of 5 stars!

Viewfinity scored perfect 5’s in Features, Ease of Use, Performance, and Documentation. Other areas that Viewfinity excelled in were Support and Value for the Money.

You can read the full report on SC Magazine’s website, for a more detailed breakdown of the scoring and reviews.

 

 

 

You can see more information specifically about Viewfinity Application Control here.

 

 

 

Currently rated 3.0 by 5 people

  • Currently 3/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Dave Ostertag’s Critical Steps for Preventing Breaches – Whitelisting is Key

by Viewfinity 30. May 2014 14:57

This week, Meghan Goldschmidt, writer for Bank Info Security published an article which outlines a conversation with Analyst Dave Ostertag, regarding trends in IT security, data breach statistics and steps which organizations can take to help prevent those breaches.

The article includes a transcript from an interview between Ostertag and Information Security Media Group. The interview discusses recent high-profile data breaches, trends in the industry, particular risks, and steps that organizations can take to better secure themselves now. The information discussed centers around the most recent Verizon Data Breach Investigations Report.

The full article links to the Verizon Data Breach Report, as well as the full audio from Ostertag’s interview. It is definitely worth an in-depth read. Outlined below are some key points from the interview that we thought pertinent to share.

  • 2013 saw an increase in the number of POS attacks, after a drop in attacks seen in both 2009 and 2010
  • Espionage is a key factor in many attacks in recent months
  • In most POS attacks, malware is being customized to the particular company
  • A lack of consistent whitelisting on point-of-sales systems and servers and file integrity monitoring are leading to POS vulnerabilities

Read the full Verizon Data Breach Investigations Report to find out more statistics.

Currently rated 3.0 by 5 people

  • Currently 3/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Where to start… Combatting the Mega Breach

by Viewfinity 20. May 2014 13:19

2013 is being referred to as the “Year of the Mega Breach” by Symantec and other security experts, and it’s no wonder why, considering the explosive growth in breaches and attacks that we have seen from 2012 to 2013. Unfortunately, with 2014 not even half way over, the growth trend seems to be strong.

Symantec’s recent infographic outlines some of the startling growth statistics: 
  • 62% increase in total number of breaches from 2012 to 2013
  • 459 million more identities exposed
  • 87% More “Mega Breaches” (>10M affected)

(Click to view the full infographic)

 

Fortunately, despite this massive growth, there are techniques that organizations can employ to better secure their endpoints and servers. Taking the first step is definitely the hardest though. That’s why experts from the SANS Institute have come out with a list of top security controls and quick wins to get organizations on their way to stronger cyber security.

 

 

We’ve created a handy mapping to outline how Privilege Management and Application Control solutions can correlate with the 5 quick wins. Check it out here.

 

 

  

Currently rated 3.0 by 5 people

  • Currently 3/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Tremendous Time at TechEd

by Viewfinity 16. May 2014 09:41

Viewfinity experienced yet another successful show at Microsoft’s TechEd North America, this past week in Houston, TX.

The event, which was combined with the former Microsoft Management Summit, was alive with activity and opportunity for all who attended.

Viewfinity’s booth experienced an incredibly high level of volume and with  live one-on-one demos, information on the latest innovations and product releases and speaking with industry experts. The show proved to be quite a success as attendees formed lines around the booth, waiting to see the Privilege Management and Application Control solutions in action.

The success of the show can be attributed in many parts to all of the satisfied Viewfinity customers who not only visited the booth themselves, but also sent or brought along other companies to learn about the Viewfinity solutions and benefits!  We thank all our customers who sent these folks in our direction – a nice testament to their success with our solutions!

Below, Viewfinity Senior Engineer, Chuck M. explains the product to an enraptured attendee (top), and Viewfinity CEO, Leonid Shtilman also jumped in, during the hustle of the show, to give demos (bottom).

 


 

On the second day of the show Viewfinity also achieved great success while hosting an IT Executive Dinner Briefing at the III Forks steakhouse in Houston. Viewfinity gathered IT leaders and practitioners in the information security space for a briefing event with SANS Institute’s Tony Sager. During the dinner and briefing Sager presented on security threat trends and adaptive strategies for information security. The discussion focused on the use of the SANS Institute’s top security controls as the foundation of an approach to security in order to better secure against, and quickly detect and minimize, cyber-attacks.

TechEd’s website has a number of on-demand session recordings and PowerPoint slide desks available for download. If you didn’t get a chance to go to the show, couldn’t get in to a popular session, or just want a refresher of what you learned during the week, definitely check it out here.

  

Currently rated 3.0 by 5 people

  • Currently 3/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Success at Symantec Vision

by Viewfinity 8. May 2014 15:41

This week a few lucky Viewfinity staffers got the chance to travel out to Las Vega to represent the company at this year’s Symantec Vision show. While what happens in Vegas is supposed to stay in Vegas, with such a fun and successful show, we wanted to share a few highlights.

The week started off in style with a lively Cinco de Mayo themed opening reception. The show floor was buzzing as dancers twirled with delight. Good food, good music, good people, and good products … what more could anyone ask for?

  The rest of the week continued in the same fashion. Attendees kept our Viewfinity staff busy all week long, giving demos, talking about product innovations and discussing the latest industry trends. Checkout a great shot of some of our staffers below. Who wouldn’t want to talk privilege management and application control with these smiling faces?

In true Vegas fashion, the Symantec Vision show was able to combine the best of all worlds: engaging sessions, riveting key note speakers, access to cutting edge technology and top notch entertainment. Symantec Vision truly embraced the work hard, play hard attitude by wrapping up the third day of the show with a rocking experience, a concert given by the hit band, OneRepublic.

While the final day in Vegas wraps up, with more class A educational sessions, outstanding key notes and prizes galore, one is left wondering, “how can they possibly top this next year?” We have no doubts though, we know they will.


 
 
 

Currently rated 3.0 by 5 people

  • Currently 3/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Happy Birthday… Spam??

by Viewfinity 25. April 2014 09:44

No… we don’t mean the meat. 20 years ago this month, the first Spam email was sent, and for two decades it has continued to annoy internet users all over the world. Spam, that pesky little digital mosquito that just won’t leave you alone, no matter how many times you swat at it.

Here’s a bittersweet birthday card that we made for Spam… how is it that it continues to survive year after miserable year?  But, after all, without Spam, how else would we be able to link to our most recent credit score, find out which singles in our area want to meet us, or finally get in touch with our long lost Nigerian relative who has boat loads of money just waiting for us!

 

 

Much to everyone’s dismay, especially Bill Gates who predicted Spam’s demise by 2006, at 20 years old Spam is alive and thriving. In addition to the countless emails that we all receive daily, Spam has grown and matured to pestering social media sights and other online activities as well.

Gates was definitely wrong in his prediction for the end of Spam, unfortunately there seems to be no real end in sight. One thing is for sure though, no matter how old it gets, no one will ever be singing “For He’s A Jolly Good Fellow” in honor of Spam.

Matt McGee of Marking Land pulled together some interesting stats and figures on the history of spam. If you’re interested in learning more about one of modern day’s biggest annoyances you should definitely give the article a read: At 20 Years Old, Email Spam is Alive & Well & Proving Bill Gates Wrong.


 
 
 

Currently rated 3.0 by 5 people

  • Currently 3/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

It Happened Again… More Retail Breaches

by Viewfinity 18. April 2014 15:00
So, it happened again, another high profile retailer has been breached and the community is up in arms. The fact of the matter is that unfortunately no matter what we do, no matter how hard IT teams work, breaches will continue to happen. As security evolves so do hackers, it’s a vicious cycle that can never really be won. Given that less than optimistic outlook, the key to securing your endpoints and servers is to first build strong defenses against advanced malware, hackers and persistent threats and then to put in place advanced monitoring and forensics to help organizations identify and quickly mitigate risks when breaches do occur… because they will.

There is a reason that NFL coaches film and review every game throughout the season, they want to be able to catch any bad habits or threats  and rectify them immediately; organizations need to do the same. Visibility is the only way to really stay on top of the security game.

After the first of the high profile retail data breaches that we’ve seen flooding the news lately, ESG Senior Principal Analyst, Jon Oltsik, came out with a powerful article containing potential prevention and mitigation strategies related to detection and prevention.

Jon Oltsik, Senior Principal Analyst for ESGThe Target Breach…

“…if Target used some type of application controls (from Bit9, Kaspersky, McAfee, Viewfinity, etc.)… it may have had a better fighting chance.”

 

Understanding the tactics outlined in Oltsik’s article, including advanced detection and prevention techniques, like those offered by the Viewfinity Application Control solution, may be the key to an optimized security strategy. Retailers in particular need to understand that POS machines are no different than any other endpoint, they allow access to networks and hold sensitive data, and they need to be treated as such.

Also, the SANS Institute recommends a series of Quick Wins and Top Security Controls to help organizations gain footing while implementing stronger security strategies. These tactics are essentially what the SANS Institute regards as the most easily implementable and important steps that organizations can take to get the most bang for their IT security buck. Again, included in these primary security measures are items like application whitelisting, controlling user privileges, and monitoring of systems to help protect against advanced malware and targeted attacks.

And oh by the way… in case you still weren’t convinced yet, employing a next generation application control solution, like that of Viewfinity, can save companies some money too. With the added layers of protection you'll be putting in place, you'll have a proven risk management solution for mitigating security incidents and/or data breaches which should decrease the premiums that organizations pay for data breach/cyber risk insurance.

Application control, reinforced with least privileges, and a continuous monitoring and forensics process will help fortify your security efforts.

Read more here to find out how your company can being implementing the next generation of IT security, today.

 

 

 

Currently rated 3.0 by 5 people

  • Currently 3/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Powered by BlogEngine.NET 1.4.5.0
Theme by Mads Kristensen

Calendar

<<  July 2014  >>
MoTuWeThFrSaSu
30123456
78910111213
14151617181920
21222324252627
28293031123
45678910

View posts in large calendar

About Viewfinity

Viewfinity provides privilege management and application control for desktops, laptops and servers, empowering enterprises to meet compliance mandates, reduce security risks, and lower IT costs. The Viewfinity solution allows enterprises to control end user and privileged user rights for applications and systems which require elevated permissions. Viewfinity's granular-level control enables companies to establish and enforce consistent policies for least privilege Windows-based environments based on segregation of duties. For more information, visit www.viewfinity.com.

Follow us on Twitter: viewfinity
Find us on LinkedIn: www.linkedin.com/companies/viewfinity
Become a fan on Facebook: www.viewfinity.com/facebook