It Happened Again… More Retail Breaches

by Viewfinity 18. April 2014 15:00
So, it happened again, another high profile retailer has been breached and the community is up in arms. The fact of the matter is that unfortunately no matter what we do, no matter how hard IT teams work, breaches will continue to happen. As security evolves so do hackers, it’s a vicious cycle that can never really be won. Given that less than optimistic outlook, the key to securing your endpoints and servers is to first build strong defenses against advanced malware, hackers and persistent threats and then to put in place advanced monitoring and forensics to help organizations identify and quickly mitigate risks when breaches do occur… because they will.

There is a reason that NFL coaches film and review every game throughout the season, they want to be able to catch any bad habits or threats  and rectify them immediately; organizations need to do the same. Visibility is the only way to really stay on top of the security game.

After the first of the high profile retail data breaches that we’ve seen flooding the news lately, ESG Senior Principal Analyst, Jon Oltsik, came out with a powerful article containing potential prevention and mitigation strategies related to detection and prevention.

Jon Oltsik, Senior Principal Analyst for ESGThe Target Breach…

“…if Target used some type of application controls (from Bit9, Kaspersky, McAfee, Viewfinity, etc.)… it may have had a better fighting chance.”

 

Understanding the tactics outlined in Oltsik’s article, including advanced detection and prevention techniques, like those offered by the Viewfinity Application Control solution, may be the key to an optimized security strategy. Retailers in particular need to understand that POS machines are no different than any other endpoint, they allow access to networks and hold sensitive data, and they need to be treated as such.

Also, the SANS Institute recommends a series of Quick Wins and Top Security Controls to help organizations gain footing while implementing stronger security strategies. These tactics are essentially what the SANS Institute regards as the most easily implementable and important steps that organizations can take to get the most bang for their IT security buck. Again, included in these primary security measures are items like application whitelisting, controlling user privileges, and monitoring of systems to help protect against advanced malware and targeted attacks.

And oh by the way… in case you still weren’t convinced yet, employing a next generation application control solution, like that of Viewfinity, can save companies some money too. With the added layers of protection you'll be putting in place, you'll have a proven risk management solution for mitigating security incidents and/or data breaches which should decrease the premiums that organizations pay for data breach/cyber risk insurance.

Application control, reinforced with least privileges, and a continuous monitoring and forensics process will help fortify your security efforts.

Read more here to find out how your company can being implementing the next generation of IT security, today.

 

 

 

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Do you feel safe from insider threats?

by Viewfinity 10. April 2014 14:19

The bad news, astonishingly a recently study published by Ovum revealed that a mere 9% of organizations feel that they are safe from insider threats. The good news, 66% of those surveyed did say that they were looking to invest more spending in IT security, specifically to help combat insider threats. You can read more on the Ovum study here: http://www.infosecurity-magazine.com/view/37826/less-than-10-of-companies-feel-safe-from-insider-threats/

Unfortunately, “insider threats” is a vague term and they are often difficult to mitigate if not handled properly. First, one must understand the different types of insider threats that organizations face each day. The most obvious threats are those internal users who act with malicious intent to either harm the organization or for their own personal gain. Second are the users who accidentally or unknowingly cause harm through lack of knowledge or preparation. Finally, there are the targeted attacks that work from the outside in. These actors target highly privileged users and utilize their credentials as a way to get access to even the most protected parts of a network. These actors are by far the most dangerous, they use advanced evasion techniques (AETs) to execute advanced targeted attacks across multiple network layers. They are difficult to defend against and even more so to detect.

So, how does an organization begin to combat these elusive threats? Obviously the first step is to enable strong perimeter controls, followed by a completely locked down desktop environment. Operating in a least privilege environment helps to prevent threats, which do make their way through the defenses, from gaining access to privileged data and applications.

Additionally, measures such as application whitelisting can help further protect organizations through a default-deny model, ensuring that only trusted applications, files, and executables can run on the endpoints and servers.

Organizations must go one step further though, to employ next-generation monitoring and forensics capabilities. In order to protect against these evasive threats, full and real-time visibility of all activities within a network is paramount. This will help organizations detect and mitigate any breaches early and effectively.

This multi-layered approach is the only way to protect against the sophisticated modern day threats that all organizations are facing today. here is an interesting whitepapter that discusses just that: Layers of Cyber Security - Modern Security Threats. Give it a read and pass it along. It's vital that the community understand the necessity for a next-generation, layered approach to cyber security.

It Takes One to Know One – Hackers for Hire

by Viewfinity 31. March 2014 15:59

An interesting article in USA today paints a less common image of modern day hackers, as individuals that can help instead of just hurt. When Hackers Became Heros”, written by Marc Rogers sheds light on the not so often talked about side of hacking, which leads to greater protection instead of the other way around.

Today, “hackers” are utilized more often than most people realize, in attempts to prevent malicious actors from finding security loop holes and breaking their way through layers of defense. The article pushes the notion that the title hacker doesn’t have to be a bad word, or a sentence for life long unemployment. It can also simply mean “that of a technical genius who likes to explore the technical world and reshape it to his or her desires in a non-destructive way”, explained Rogers. Who better to help create the means to protect our digital assets than the ones who also understand how to break them down.

Do you agree, or disagree? Let us know your thoughts! Whatever your opinion, it’s definitely an interesting read.

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

THE IT ADMIN – A MODERN DAY SISYPHUS

by Viewfinity 14. March 2014 14:30

An IT admin’s job is never done; whether it’s cleaning up the constant onslaught of malware, responding to endless user requests or trying to find the perfect balance between endpoint and seer security and user productivity, IT admins are constantly working behind the scenes to keep organizations up and running.

Here’s a like to a short comic that we found on the web and thought was fitting. It doesn’t do true justice to the constant battle that IT admins rage each day, but hopefully it will spread a few smiles on a Friday afternoon.

 

 

By the way, at Viewfinity, one of our goals it to make the life of an IT admin just a bit easier, which enhancing security and potentially boosting user productivity. Our products have been proved to reduce IT service costs in companies of all sizes. Visit our website to find out how our security solutions can progress your level of cybersecurity by adapting IT security mechanisms and cataloging threat intelligence for future behavior analysis.

 

 

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Resistance is Futile

by Viewfinity 6. March 2014 13:39

We know that IT administrators do everything they can to help protect their endpoints and servers against cyber threats. However, the reality is that no matter how hard an IT admin works to bolster security, threats can get through. The sophisticated and diverse nature of cyber-attacks, combined with the sheer number of events happening daily, makes complete prevention a hefty challenge. Every day cyber threats change and evolve, and it’s up to the IT professionals to try and keep up with these changes. One thing is for certain:  threats will target their organizations.

All is not lost, though!  Organizations can learn how to respond and mitigate damage from threats that do get through, thus creating a truly next-generation defense against these attacks.  Organizations need to continue to build advanced endpoint defenses against cyber criminals through least privileges and application control, and investing resources into monitoring and forensics.  Next steps are implementing bi-lateral endpoint-to-network communication based on purposeful forensics.  This provides a structure that progresses the level of cybersecurity that can adapt enterprise IT security mechanisms and catalog threat intelligence for future behavior analysis.

At last week’s RSA conference FireEye COO, Kevin Mandia, spoke to this same issue during his keynote address. It’s important for organizations and IT professionals to be able to analyze the attacks that do get through, remediate any damage quickly and adapt their network for stronger security next time. Visibility is paramount.

Recently Viewfinity CEO, Leonid Shtilman, shared similar thoughts in a white paper, “Layers of Cyber Security – Modern Security Threats”. We highly recommend this whitepaper to IT professionals looking to move toward a next generation approach to cyber security.

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

RSA Day Four

by Viewfinity 28. February 2014 16:07

Yesterday, as things wound down at RSA 2014, Viewfinity managed to keep the momentum going.

Our final raffle drawing was a complete success, bringing a crowd of participants as the show began to close. Congratulations to Ralph R. (pictured below), Ralph was the final recipient of our pebble smartwatch give-away.

 

 

Demo attendance continued to flourish as well, as our technical team previewed Viewfinity’s new Splunk integration. However, far and away, one of the most exciting aspects of the final day at RSA was the interview that Viewfinity CEO, Leonid Shtilman, gave with Steve Ragan, blogger for CSO.

Ragan included Shtilman in his own recap blog, highlighting the good, bad and ugly of IdM (Identity/privilege management). Shtilman gave a comprehensive description of the importance of privilege management as well as the risks associated with failure to manage user privileges.

You can read Ragan’s full recap blog, “RSAC 2014: RSA Conference (Day 4)” to see Leonid’s full interview as well as highlights from all aspects of the show.

 

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

RSA Day Three

by Viewfinity 27. February 2014 16:57

The week is flying by out in San Francisco; traffic stayed consistently strong at the Viewfinity booth (841) during the 3rd day of this year’s RSA conference. Attendees were lining up throughout the day to preview our new Splunk integration. As usual at this show, all hands were on deck, talking to attendees about their endpoint and server security needs. Below, Alex Shoykhet, our VP of Project Management, can be seen giving a demo.

 

 

Toward the end of the day crowds began to gather as we raffled off yet another “pebble” smartwatch. We had a great turn out, congratulations to Jim C. (pictured below) our winner from yesterday. We’ll be raffling off one final watch today at show close, so be sure to stop by for your chance to win!

 

 

Outside of the booth 841 area, the show continued to captivate audiences. Highlights from yesterday included keynote speakers form experts like FBI director, Comey, and Michael Fey of Intel. It’s been quite a busy and exciting show so far, stay tuned for our final show recap tomorrow.

 

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

RSA Day Two

by Viewfinity 26. February 2014 16:30

Day 2 of this year’s RSA conference was quite a success at the Viewfinity booth (841). Our team was kept busy the entire day giving demos; we had a great turn out at our raffle. Here’s a picture of yesterday’s winner:

 


 

 

Be sure to stop by our booth today and tomorrow, at show close, for more changes to win for yourself, and to catch a preview of our new Splunk integration.

Our CEO, Leonid Shtilman, and President, Gil Rapaport, have been busy meeting with analysts, key executives and attending key note sessions throughout the show.

As for non-Viewfinity activity – the show is quite a buzz with sessions, speakers, and activities. Alex Bender, of RSA, put together a great recap of Day 2 at RSA. Make sure to read his blog to find out if you missed anything.

   

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

RSA Day One

by Viewfinity 24. February 2014 14:00

RSA is kicking off their 2014 conference today with a cornucopia of activities, announcements, and innovations. The week to come is sure to be jam packed with some very interesting news for organizations small and large.

Whether you are looking to learn about the newest security trends, gain access to leading edge vendors, hear the latest from industry experts or simply get your share of some great tech swag, this year’s show is sure to please.

Viewfinity will be at the show (Booth 841) to preview its latest innovation – the availability of integration with Splunk. Be sure to stop by the booth for a demo! We’ve also got a great raffling going on – at the end of each day, one lucky winner will receive a pebble smart watch.

Visit our web page for all the information surrounding Viewfinity at this year’s show.

There is so much going on at the show this year be sure to visit the RSA Conference site, so that you don’t miss a thing.

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Optimize your time at RSA – tips for navigation

by Viewfinity 21. February 2014 15:28

 

RSA is fast approaching, as exhibitors put the last minute touches on their booths and attendees from all over the world scramble to finish packing before their flights, we wanted to share an article by Megan Goldschmidt of Info Risk Today.

Goldschmidt wrote a great article earlier this month, “Getting the most out of RSA 2014”. We highly recommend you give it a read before stepping out into the sea of exhibitors. It gives great breakdowns for both veteran attendees and those new to the show.

Oh, and don’t forget to swing by our booth here is what is going on there.

 

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Powered by BlogEngine.NET 1.4.5.0
Theme by Mads Kristensen

Calendar

<<  April 2014  >>
MoTuWeThFrSaSu
31123456
78910111213
14151617181920
21222324252627
2829301234
567891011

View posts in large calendar

About Viewfinity

Viewfinity provides privilege management and application control for desktops, laptops and servers, empowering enterprises to meet compliance mandates, reduce security risks, and lower IT costs. The Viewfinity solution allows enterprises to control end user and privileged user rights for applications and systems which require elevated permissions. Viewfinity's granular-level control enables companies to establish and enforce consistent policies for least privilege Windows-based environments based on segregation of duties. For more information, visit www.viewfinity.com.

Follow us on Twitter: viewfinity
Find us on LinkedIn: www.linkedin.com/companies/viewfinity
Become a fan on Facebook: www.viewfinity.com/facebook