National Cyber Security Awareness Month - October 2014 – Viewfinity Brings it Back to the Basics

by Viewfinity 1. October 2014 12:46

It’s that time of year again; time to fill your ears with cyber security news, info, and tips… even more than we do already.

 

 

Last year we celebrated the month by introducing a customer use case presentation series; if you missed that you can still see all of the presentations here. This year there seems to be a constant influx of data breaches, hitting companies small and large. With some 75 Million records compromised this year to date, we’ve decided to bring it “back to the basics” this year and share information that will help organizations fortify security foundations with best practices like removing admin rights and monitoring which applications are running in your environment, which will help detect and filter out rogue applications.

Yesterday we kicked off CSA month with a 30 minute webinar which drew in over 500 live attendees – Best Practices for Removing Admin Rights: A Step-by-Step approach. If you didn’t get a chance to see it live you can access the recording here.

Stay tuned.  All through October we will share webcasts, blogs, use case presentations and other programs to help you build a stronger foundation for IT security.

 

 

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Patch Management | Principle of Least Privileges | Privilege Management | Security | Security Protection

FORBES: $62 million in costs estimated so far in regarding the Home Depot breach

by Viewfinity 19. September 2014 13:31

Forbes reports “With 56 Million Cards Compromised, Home Depot's Breach Is Bigger Than Target's

Home Depot estimates that the breach has cost approximately $62 million, with more costs likely to come. The company believes it will be reimbursed $27 million thanks to its insurance coverage. Last month, Target announced that its breach cost the company $148 million, more than twice the amount Home Depot is estimating.

According to its statement, Home Depot believes it will have a 4.8 percent growth in sales this year, as previously predicted. When Home Depot first began investigating a potential breach, Forbes reporter Samantha Sharf notedthat Home Deport could suffer high financial losses from the breach, with one analyst predicting a loss of 7 cents per share from Home Depot’s 2014 earnings.

 

Read the full article:  http://www.forbes.com/sites/katevinton/2014/09/18/with-56-million-cards-compromised-home-depots-breach-is-bigger-than-targets/

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

IT Security Breaches - A Picture Says a Thousand Words

by Viewfinity 17. September 2014 16:29

If a picture says a thousand words, what do you think these say about the state of security breaches today? Here is a quick snap shot of a Google Alert that our VP of Marketing recieved this morning. We wanted to share it because we thought it was a good way to get the point across that no one is immune, and that data breaches are not going away anytime soon. Find out how Viewfinity can help before, during, and after an attack.

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Security

High Profile Data Breaches Have the IT Security Community on Edge

by Viewfinity 4. September 2014 14:12

Financial institutions (JP Morgan Chase and others), Retail Stores (Home Depot, Target, Niemen Marcus), Restaurants (Dairy Queen, PF Chang), Universities (University of Maryland, Iowa State University, Wisconsin State University), Celebrities… If we’ve learned one thing this year it is that no one is safe, no one is immune to sophisticated hackers, malware, advanced persistent threats and zero-day attacks.

Here are some more examples of breaches that you might not know about, but probably should. Many of these breaches are now being attributed to "Backoff" malware, which the Department of Homeland Security has recently issued an alert to businesses on. 

Despite IT teams working endlessly against these threats, they are still getting through. The harder IT security teams work, the more pervasive hackers and malicious bodies get. It seems like a never ending, extremely vicious cycle, and no single approach to security is enough.  Experts in the analyst community do point to the removal of administrative rights as a fundamental step in IT security:

“Run more of your windows users without administrator rights… the single most important way to improve endpoint security” ~ Neil MacDonald, VP & Gartner Fellow

“If target used some type of application controls (from Bit 9, Kaspersky, McAfee, Viewfinity, etc.)… it may have had a better fighting chance.” ~ Jon Oltsik, Senior Principal Analyst for ESG: The Target breach…

The SANS Institute: “The Critical Controls represent the biggest bang for the buck to protect your organization against real security threats… The five quick wins are:”

 

 

 

A smart move.  Close down security loopholes and vulnerabilities by removing admin rights and controlling what applications can run in your environment. Here is a link to a webinar that Viewfinity recently ran with renowned security expert Marcus Murray: How Hackers Exploit Admin Rights to Access Your Systems. The webinar does a great job outlining the different security risks associated with excess admin rights in your environment. It’s definitely worth a watch.

 

Additionally, at the end of this month we’ll be running a webinar: Best Practices for Removing Admin Rights: A Step-by-Step Approach. Keep an eye out for more information regarding this event. We highly recommend this webinar if you have not removed admin rights, or have removed rights but are looking for a streamlined and automated approach to managing privileges and to cut down on IT overload. We know that your security teams are doing everything they can, but they don’t have to do it alone. For more information on the Viewfinity solutions and how we can help you pave the way to better IT security, visit our website.

 

 

Is Your Cyber Security Spending Going to the Right Place?

by Viewfinity 28. August 2014 16:06

It’s pretty common knowledge that the cyber security market is expected to grow steadily in the coming years; every study, analyst, and prediction has pointed this out for a while now. Clearly, organizations now understand the need for increased investment in security. However, with so many different risks, techniques, and advanced malware out there, combined with an endless number of solution providers, it’s difficult to weed through the clutter and determined the best outlets for your spending.

A recent study by HP Security found that internal security within organizations is not where it should be. According to a press release published by HP on August 27, 2014, “Seven out of 10 attacks generated within the network perimeter stem from a malware infected host highlighting the importance of taking a layered approach to security to block suspicious communications at every point on the network – from perimeter to core.” HP has nailed it on the head, organizations need a solution that combats malware and attacks from multiple vantage points. So, if spending is increasing, but protection is still under par, where is the disconnect?

The problem is that there are so many types of threats out there; knowing where to begin and where to spend efforts and budgets can be daunting. Fortunately the SANS Institute offers Critical Security Controls, which simply put, show organizations where they can get the best bang for their buck. While these controls don’t contain answers for every problem out there, they act as an ideal starting point for organizations of any size.

 

 

 

Also, for more information on layered security approached, as described by HP, check out this whitepaper: Layers of Cyber Security.

 

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Principle of Least Privileges | Security | Security Protection | Viewfinity

What it takes for your team to be on top in the cyber security world

by Viewfinity 22. August 2014 15:48

Today we came across a great article with exerpts from security expert Tony Sager, the article focused on the need for a team approach to cyber security. This past spring Viewfinity had the opportunity to have Mr. Sager speak at an intimate dinner event in which he discussed the SANS Institute's top 20 security controls. These top controls are something that we stress for all companies big and small.

In this recent article by Eric Chabrow of Gov Info Security,  Sager goes on to explain the need for a full company approach to today's most advanced malware and hackers. Security challanges come in all shapes and forms, and it really does take a team to combat the risks from every vantage point possible. The stronger the team, the stronger your defenses. This article is definitely worth a read, and if you're looking for more information on the top 20 security controls, you can check out our website as well.


Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Security

Black Hat USA Recap

by Viewfinity 13. August 2014 17:45

What happens in Vegas doesn't always stay in Vegas, and with a show that gets as much buzz as Black Hat, it's nearly impossible to keep anything under wraps. We think that's a good thing though, given the great information that was shared during the show. Experts from all over the world flew in to hear industry experts share new ideas, techniques, and thoughts on the industry, while hundreds of companies gathered to share their latest security innovations.

This year was Viewfinity's first time at the show, and it was quite a success. Below are a few pictures of our staffers sharing the latest news from Viewfinity. 

 

 

Were you at the show this year? Share with us your favorite session, product, booth swag, etc. We want to hear! Obviously the magnifying glasses were our favorite.

 

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

What is Pass-the-Hash

by Viewfinity 31. July 2014 16:28

August 12th at 2pm ET we will be running a webinar with Enterprise Security MVP and Microsoft Security Trusted Advisor, Paula Januszkiewicz: Security Vulnerabilities Associated with Having Local Administrator Rights. This webinar will focus on the risks associated with having excess admin rights and how Viewfinity can mitigate these risks. One of the main focuses of the webinar will center on pass-the-hash scenarios; in preparation for the event we wanted to make sure everyone was well versed on this dangerous risk.

So, what is pass-the-hash? … and no it has nothing to do with twitter, or illegal substances. Pass-the-hash is when hackers exploit excessive admin rights to steal the credentials of an admin. It’s a complicated process, which is discussed fully in our white paper: How Viewfinity Mitigates Pass-the-Hash. While we highly recommend reading this whitepaper, we also wanted to share some key information to help get readers more knowledgeable in the subject… after all you must understand the vulnerability in order to protect against it.

The following information comes from Wikipedia:

WHO: Most pass-the-hash attacks are done via human speed attacks, not through automated malware, using a remove human controller (remote shell).

WHAT: Pass-the-hash is a technique which enables hackers to use your own systems against you, by using administrator rights to steal admin credentials and then use those credentials to gain access to your infrastructure.

WHERE: Pass-the-hash can infiltrate any server or service that accepts LM or NTLM authentication; it can work against any operating system.

WHEN: Once a user name and password hash is obtained a hacker can then use that information to authenticate to a remote server and have access to an entire infrastructure.

HOW: The hacker uses a user password’s underlying NTLM hash to authenticate to a remote server/service.

 

 

Pretty terrifying huh? The good news is there are ways to reduce the attack surface and stop these hackers in their tracks… the bad news is that you will have to wait until next week to find out how.

Stay tuned for a follow up to our pass-the-hash discussion and make sure to sign up for the webinar on the 12th to learn how you can secure against vulnerabilities that are associated with local admin rights.

 

Summing up a brief history: Data breaches are increasing steadily in the Federal network… and everywhere else.

by Viewfinity 17. July 2014 15:59

We came across a great article that we wanted to share quickly. Josh Hicks and Alice Crites of the Washington Post recently published an article A Brief History of federal network breaches and other information-security problems”. The article gives a good break down of statistics over the past few years and paints a vivid picture of just how many people have been affected by these data breaches and advanced persistent threats: government employees, active military and veterans, the general populous.

Below is a graph they used to exemplify just how rapidly the number of breaches is increasing in recent years. These trends, although centered on the federal government in this article, ring true for all industries.

 

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Solutions for every stage: Where are you with your endpoint security project?

by Viewfinity 27. June 2014 16:02

Improving endpoint security is a difficult, but necessary task. The good news is that Viewfinity offers resources to help you during every stage of your project; whether your head is swimming trying to navigate the ever changing security landscape, you are just learning what application control can do for your organization, you’ve removed admin rights and are ready for the next steps, or you are currently employing all of the top security strategies and are looking for an easier way to manage your processes.

Take some time to check out the resources below that match your needs best, or reach out directly to Viewfinity and we can walk you through the process as smoothly as possible.

  • I am not familiar with application control and would like a high-level overview: IT Security’s 50 Shades of Grey
  • I am thinking about removing admin rights: Viewfinity’s Free Local Admin Discovery tool
  • I have removed admin rights but am experiencing IT help desk overload: Case Study – Fortune 500 Energy & Utilities Company
  • I have a homegrown / Native MS system in place but would like to learn about streamlining the process: Sign up for a One-On-One demo with a Viewfinity Engineer
  • I am making a decision soon and want to see your product: Register for a Trial Eval

Viewfinity offers flexible application control and privilege management solutions to meet whatever cyber security needs your company is currently facing. Let us work with you to make this daunting process as seamless as possible.

 

Powered by BlogEngine.NET 1.4.5.0
Theme by Mads Kristensen

Calendar

<<  October 2014  >>
MoTuWeThFrSaSu
293012345
6789101112
13141516171819
20212223242526
272829303112
3456789

View posts in large calendar

About Viewfinity

Viewfinity provides privilege management and application control for desktops, laptops and servers, empowering enterprises to meet compliance mandates, reduce security risks, and lower IT costs. The Viewfinity solution allows enterprises to control end user and privileged user rights for applications and systems which require elevated permissions. Viewfinity's granular-level control enables companies to establish and enforce consistent policies for least privilege Windows-based environments based on segregation of duties. For more information, visit www.viewfinity.com.

Follow us on Twitter: viewfinity
Find us on LinkedIn: www.linkedin.com/companies/viewfinity
Become a fan on Facebook: www.viewfinity.com/facebook