week Viewfinity announced the release of version 5.5 for Privilege Management
and Application Control GPO solutions. This latest release brings together an easy
to manage policy GUI, powerful forensic tools, and threat management and
remediation via collaboration with network security vendors.
release continues Viewfinity’s model to provide a full circle
prevention-detection-remediation solution based on the architectural integrity
of a single agent.
latest release includes:
will be previewing this latest release next week at RSA. Stop by booth #1046 in
the South Hall to see new capabilities first hand, or contact a Viewfinity representative today for a
Last week Lysa Myers, of We
Live Security, published an article highlighting the increase in breaches
targeting medical based organizations. Premera
Breach: Healthcare Businesses in the Crosshairs discusses some of the
most high profile data breaches so far this year, affecting millions of
records. Myers cites the high quantity and high value of medical records as a
driving factor in many of these advanced attacks.
Viewfinity works with healthcare companies to offer advanced endpoint
Myers stresses the importance of risk mitigation as part of
a solid security strategy; understanding security must be approached from
various angles to achieve comprehensive protection. Myers uses the article to
call out and explain the top strategies that organizations should employ to
- Regular and timely software updates / patch
- Two-factor authentication of sensitive data
- The principle
of least privileges
- Comprehensive data encryption
- Layered security: anti-malware + firewall + etc.
In line with Myers’ suggestions, Viewfinity offers advanced endpoint
protection that focuses on lessening the impact of IT security breaches before,
during, and after an attack. Our core capabilities aim to reduce the attack
surface and proactively deter advanced persistent threats by:
- Managing administrative rights once local admin
rights have been removed from user machines.
- Monitoring and controlling all applications
being installed or run. This can be used as a precursor to default deny.
- Accelerating detection, incident response, and
remediation efforts via threat management capabilities that collaborate with
network security sandboxes and firewalls, reputation database services, and
out more here.
Defense Essentials: Prevention-Detection-Remediation Practices
IBM did the math, over
1 billion records were leaked in 2014 as a result of cyber-attacks. To put
that into perspective, that’s like having every single person in the US have
data stolen… 3 times.
While each cyber-attack deploys different infiltration
methods, for different motivations, one thing can be agreed upon: defending the
endpoint is paramount in the war against cyber criminals.
Today, Viewfinity will run a live webinar with Mike Rothman,
Analyst and President of Securosis, to discuss endpoint defense essentials. The
discussion will focus on prevention, detection, and remediation practices that
you can be implementing within your organization right now.
Here are some of the essentials that you need to be
considering to ensure your endpoints are protected from advanced attacks:
- Solid hygiene and configuration practices
- Focusing on least privilege to prevent
- More effective detection
- Working closely with network-based defenses
- Investigating and remediating the inevitable
Viewfinity offers a closed-loop security solution which
works to protect organizations before, during, and after an attack, all within
a single agent on the endpoint. This comprehensive solution provides
unparalleled protection while still maintaining the architectural integrity of
the endpoint. Which in laymen’s terms means that the Viewfinity agent is a
one-stop shop for prevention, detection, and remediation.
After Mike Rothman’s presentation you’ll also get a chance
to hear from Viewfinity VP of Product Management, Alex Shoykhet as he explains:
- Managing privilege elevation after closing down
the security loophole related to admin rights
- Application control (above and beyond whitelisting)
and the important role that monitoring and forensics play
- Advanced threat management that shares endpoint
information with firewall technology to update firewall policies.
Reserve your seat here,
or request a recording if you can’t
make it today.
In one of its
latest research reports focusing on Endpoint Protection Platforms (EPP), this
leading analyst firm stresses the importance of implementing solutions which
fall in line with an organization’s specific business, technical, and
regulatory needs. Each situation is different, however one common factor that
all organizations battle is malware.
firm subscribers can read the full report here.
detection is stressed as a core functionality of EPP solutions, breaking down
the category into three distinct sections: Advanced Malware Protection, Malware
Removal, and Application Control. Due to the limitations of traditional
anti-virus/malware solutions it’s important for organizations to look for
comprehensive tools which cater to all three malware detection categories. This
enables organizations to have a closed-loop solution which handles security
before, during, and after and attack.
also states that an ideal solution will cater to both well-known and not yet
identified malware, while at the same time allowing an organization to identify,
isolate/restrict, and eventually remove suspicious executables from your
offers one of the only solutions to offer advanced endpoint protection that focuses on lessening the impact
of IT security breaches before, during and after an attack. Our core
capabilities aim to reduce the attack surface and proactively deter advanced
persistent threats by:
administrative rights once local admin rights have been removed from user
and control all applications being installed or run. Can be used as
a precursor to default deny.
detection, incident response and remediation efforts via threat management
capabilities that collaborate with network security sandboxes and
firewalls, reputation database services, and SIEM.
Tech Target recently published an article by Dina Gerdeman
that breaks down new and changing IT security strategies that CIOs should be
adopting given the current IT landscape. Key topics of the article cover:
- Monitoring user behavior
- Employee training
- Working remotely and encrypting data
- Seeking outside help
- Planning for a disaster
- Fear of the unknown
In regard to the top mentioned topic – Monitoring, this
white paper may be helpful in your research phase: Utilizing
Pervasive Application Monitoring and File Origin Tracking in IT Security.
Gartner also chimed in on the article: “Monitoring
is one area where CIOs need to step up their game, said Jay Heiser,
research vice president with Gartner Inc. Many organizations have been putting
more effort into "locking the doors," he said, than in detecting
whether those doors have been circumvented.”
"It feels good to put more locks on the doors, but if someone comes
in through the windows, what's the point?" he asked. "If there is any
change based on this year's dramatic failures, it's a renewed appreciation for
the benefits of monitoring." (TechTarget, 2015)
Take a few minutes to read
the article and let us know if you have questions about how Viewfinity can
help you with some of these topics.
For the first time endpoint and network security solutions
have come together for a truly comprehensive security solution.
In our recent press
release we outlined our latest integration with FireEye TAP and AX
solutions, in an aim to leverage the power of both solutions to accelerate incident
response and remediation.
In an interview with Mary-Louise Hoffman of Executive Biz,
Grady Summers FireEye VP of Strategic Solutions highlighted the need for this
integration, “endpoint to network security visibility is an instrumental
component to stopping advanced attacks” (Executive
Viewfinity and FireEye now can work in tandem to identify
suspicious behavior within a network and then track, isolate, and block
malicious activity on the endpoints.
more about how the integration works.
As the IT security landscape
continues to become more complex, analysts and industry experts urge the
importance of threat investigation and response tools. Seeing a need, the
Viewfinity and FireEye teams have collaborated to join solutions to provide
improved security event analytics and endpoint visibility.
<Read the full press release here>
With organizations facing tens of thousands of security events, on a daily basis (InfoSecurity Magazine), IT
administrators need a way to identify suspicious behavior, isolate security
risks, and remediate incidents as quickly as possible. Accelerated threat
detection and incident response is paramount when trying to reduce costly dwell
time and the foot print of security infiltrations.
With this joint integration, Viewfinity application and endpoint access data are correlated with enterprise-wide security and network threat information within FireEye TAP and FireEye AX. Using FireEye TAP, security teams can view one dashboard with relevant threat data and prioritized by threat level. This centralized dashboard allows security teams to quickly identify malicious activity and, with the Viewfinity integration, enforce restricted execution of suspicious applications and block malware identified by TAP on the endpoint.
AX Viewfinity: How it Works
TAP Viewfinity: How it Works
This week Viewifnity is also participating in FireEye Momentum - a FireEye partner and user event. Here's a shot of one of the speakers during the show!
To learn more about this latest integration and how you
can leverage the investment that you have already made into FireEye AX or TAP, contact a Viewfinity
Recently InfoSecurity Magazine ran a 3 part series outlining
their predictions for the upcoming year as it relates to information security.
In honor of the New Year we wanted to share these predictions with you.
1: The Recurring Themes
2: The Escalating Threats
3: Defense, Response, Collaboration
The articles outline some very interesting points on the
state of the industry and what is expected to come in the near future. Some
predictions, like a rise in insider threats, are expected, while other
predictions offer new insights into recurring problems. Take a read and let us
know what you think the most pressing prediction the IT security landscape
faces in 2015.
Microsoft Security Bulletin Summary for November 2014 / Admin Rights related vulnerabilities
Microsoft Security Bulletin MS14-064 – Critical . Vulnerabilities in
Windows OLE Could Allow Remote Code Execution
security update resolves two privately reported vulnerabilities in Microsoft
Windows Object Linking and Embedding . The most severe of these vulnerabilities
could allow remote code execution if a user views a specially crafted webpage
using Internet Explorer. An attacker who successfully exploited the
vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user
rights, an attacker could then install programs; view, change, or delete data;
or create new accounts with full user rights. Customers whose accounts are
configured to have fewer user rights on the system could be less impacted than
users who operate with administrative user rights.
- Microsoft Security Bulletin MS14-065 – Critical . Cumulative Security
Update for Internet Explorer
security update resolves seventeen privately reported vulnerabilities in
Internet Explorer. The most severe of these vulnerabilities could allow remote
code execution if a user views a specially crafted webpage using Internet
Explorer. An attacker who successfully exploited these
vulnerabilities could gain the same user rights as the current user. Customers
whose accounts are configured to have fewer user rights on the system could be
less impacted than those who operate with administrative user rights.
- Microsoft Security Bulletin MS14-067 – Critical. Vulnerability in XML Core
Services Could Allow Remote Code Execution
security update resolves a privately reported vulnerability in Microsoft
Windows. The vulnerability could allow remote code execution if a logged-on
user visits a specially crafted website that is designed to invoke Microsoft
XML Core Services (MSXML) through Internet Explorer. In all cases, however,
an attacker would have no way to force users to visit such websites. Instead,
an attacker would have to convince users to visit a website, typically by
getting them to click a link in an email message or in an Instant Messenger
request that takes users to the attacker's website. An
attacker who successfully exploited this vulnerability could gain the same user
rights as the current user. Customers whose accounts are configured to have
fewer user rights on the system could be less impacted than those who operate
with administrative user rights.
- Microsoft Security Bulletin MS14-069 – Important. Vulnerabilities in
Microsoft Office Could Allow Remote Code Execution
security update resolves three privately reported vulnerabilities in Microsoft
Office. The vulnerabilities could allow remote code execution if a specially
crafted file is opened in an affected edition of Microsoft Office 2007. An attacker who successfully exploited this vulnerability
could gain the same user rights as the current user. Customers whose accounts
are configured to have fewer user rights on the system could be less impacted
than those who operate with administrative user rights.
- Microsoft Security Bulletin MS14-070 – Important. Vulnerability in TCP/IP
Could Allow Elevation of Privilege
security update resolves a publically reported vulnerability in TCP/IP that
occurs during input/output control (IOCTL)
processing. This vulnerability could allow elevation of privilege if an
attacker logs on to a system and runs a specially crafted application. An attacker who successfully exploited this vulnerability
could run arbitrary code in the context of another process. If this process
runs with administrator privileges, an attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights.
- Microsoft Security Bulletin MS14-073 – Important. Vulnerability in
Microsoft SharePoint Foundation Could Allow Elevation of Privilege
security update resolves a privately reported vulnerability in Microsoft
SharePoint Server. An authenticated attacker who
successfully exploited this vulnerability could run arbitrary script in the
context of the user on the current SharePoint site. In a web-based
attack scenario, an attacker could host a specially crafted website that is
designed to exploit these vulnerabilities and then convince a user to view the
website. The attacker could also take advantage of compromised websites and
websites that accept or host user-provided content or advertisements. These
websites could contain specially crafted content that could exploit these
- Microsoft Security Bulletin MS14-078 – Moderate. Vulnerability in IME
(Japanese) Could Allow Elevation of Privilege
security update resolves a privately reported vulnerability in Microsoft Input
Method Editor (IME) (Japanese). The vulnerability could allow sandbox
escape based on the application sandbox policy on a system where an affected
version of the Microsoft IME (Japanese) is installed. An
attacker who successfully exploited this vulnerability could escape the sandbox
of a vulnerable application and gain access to the affected system with
logged-in user rights. If the affected system is logged in with administrative
rights, an attacker could then install programs; view, change or delete data;
or create new accounts with full administrative rights.