Cyber Criminals Target Healthcare and Insurance

by Viewfinity 24. March 2015 16:50

Last week Lysa Myers, of We Live Security, published an article highlighting the increase in breaches targeting medical based organizations. Premera Breach: Healthcare Businesses in the Crosshairs discusses some of the most high profile data breaches so far this year, affecting millions of records. Myers cites the high quantity and high value of medical records as a driving factor in many of these advanced attacks.

Read how Viewfinity works with healthcare companies to offer advanced endpoint protection.

Myers stresses the importance of risk mitigation as part of a solid security strategy; understanding security must be approached from various angles to achieve comprehensive protection. Myers uses the article to call out and explain the top strategies that organizations should employ to mitigate risk:

  • Regular and timely software updates / patch management
  • Two-factor authentication of sensitive data
  • The principle of least privileges
  • Comprehensive data encryption
  • Layered security: anti-malware + firewall + etc.

In line with Myers’ suggestions, Viewfinity offers advanced endpoint protection that focuses on lessening the impact of IT security breaches before, during, and after an attack. Our core capabilities aim to reduce the attack surface and proactively deter advanced persistent threats by:

  1. Managing administrative rights once local admin rights have been removed from user machines.
  2. Monitoring and controlling all applications being installed or run. This can be used as a precursor to default deny.
  3. Accelerating detection, incident response, and remediation efforts via threat management capabilities that collaborate with network security sandboxes and firewalls, reputation database services, and SIEM.

Found out more here.

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5


Administrative Rights | Desktop Lockdown | Principle of Least Privileges | Security | Security Protection | Viewfinity

The State of POS: Protecting Yourself and Your Company from Devastating Data Breaches

by Viewfinity 23. October 2014 10:50

2013 was labeled “The Year of the Mega Breach” as more and more consumer facing companies were ravaged by devastating POS attacks. 2014 has done nothing but prove that these types of attacks are only getting faster, more frequent, and harder to detect.   

Attend our Nov 5th webinar:
 Steps Hackers Take to Infiltrate Windows Infrastructures and Least Privilege Application Control

The fact is that IT professionals are doing everything they can to prevent these breaches. Unfortunately, as quickly as security practices adapt, so do hackers and advanced malware.  Where there is no one-size-fits-all security solution, here are select insights from industry experts sharing their knowledge, and knowledge is power.

Jon Oltsik, Senior Principle Analysts for ESG

  “If Target used some type of application controls (from Bit 9, Kaspersky, McAfee, Viewfinity etc.)… it may have bad a better fighting chance.”

SANS 5 Quick Wins:  #1 Application whitelisting; #5 Reduce the number of users w/ admin privileges


Mike Rothman, Securosis, Reducing Attack Surface with Application Control:  

In Reducing Attack Surface with Application Control, we look at the double-edged sword of application control, detail a number of use cases where it fits well, and define selection criteria to consider for the technology.

Paul Ducklin, 2009 winner of the AusCERT Director’s Award for Individual Excellence in Computer Security
Ducklin stresses the importance of ensuring that 3rd party vendors and contractors are amply protected, especially if the POS vendors access your networks remotely. More here.

Steven Norton, The Wall Street Journal
“Rolling out EMV technology in brick-and-mortar stores is a step in the right direction, but it won’t solve the entire security problem. While it can significantly reduce fraud, it doesn’t take in to account online transactions and may not help companies identify larger threats to the point-of-sale systems.”  Steven Norton: Security Breaches Trigger Retail’s Big Players to Call for Major Tech Challenges

Tracy Kitten, Bank Info Security
“By educating merchants about compliance with the Payment Card Industry Data Security Standard, or, in some cases, even providing network security services to their merchant customers, banking institutions are playing a more aggressive role in ensuring card fraud associated with point-of-sale attacks is contained.” Tracy Kitten: Banks: How to Stop POS Breaches

When it comes to POS and retail security breaches, unfortunately there is no easy button, no simple fix, but the strongest weapon you have is knowledge.  First and foremost organizations should adhere to the principle of least privileges; removing admin rights can eliminate a large number of security loopholes. Application whitelisting on POS devices ensure that only approved applications are running. Finally visibility into these activities with proper monitoring and forensic analysis can help accelerate threat detection and remediation in the event that a breach does occur.       

USE CASE BREAKDOWN: Eradicate Nuisance Help Desk Calls – Movado Group Inc.

by Viewfinity 13. October 2014 16:36

USE CASE BREAKDOWN: Eradicate Nuisance Help Desk Calls – Movado Group Inc.

Movado Group Inc. implemented a corporate initiative to lock down its endpoint environment to improve security.  Once administrator rights had been removed, Movado deployed Viewfinity Privilege Management and use automated policies that resolve the challenges that present due to the removal of  admin rights. In addition to the reduction in time-consuming support related requests that occurred prior to lock down, such as reimaging of malware infected machines, Movado Group Inc. was able to completely eradicate nuisance help desks calls within their environment.

Movado Group Inc. - Use Case Webcast

Movado Group Inc. - Full Case Study


Fast Facts

Project Scope: Eliminate nuisance calls due to removal of admin rights and improve end user productivity through faster resolution of IT issues.

  • Multiple sales and distribution offices around the world, with over 1300 employees
  • Workforce is comprised of 1100 endpoints 60/40 laptop/desktop
  • 10% of staff are mobile workers and 30% work in retail locations

The Situation Breakdown

Challenge #1: With a locked down environment employees were unable to perform day-to-day tasks like printer installs, application upgrades etc. which were required for their job functions.

Solution: Using Viewfinity, Movado Group Inc., was able to run an audit of their environment for 30 days, identifying applications and processes which required admin privileges.

Result: Within a month of rolling out Viewfinity, Movado Group Inc. realized a complete eradication of nuisance calls. End users were able to be self-reliant, handling day-to-day task such as printer installs and java updates without having to be granted admin rights.

Challenge #2: The Movado Group IT staff spent a great deal of time making desk-side visits to fix small problems, negatively impacting productivity as users waited for tech support to arrive, and taking up valuable time for IT staff.

Solution: Movado Group Inc. was able to establish proactive policies to handle elevation needs automatically. The policies were predefined to fit actual user needs based on the Viewfinity Audit previously run.

Result: Rolling out Viewfinity helped to control unproductive downtime and predict potential problem areas. End users are able to run updates and install necessary applications on their own but the system is streamlined and controlled from the backend. End users maintain the independence and control they require being in regional offices but still receive the security benefits of a locked down environment.


USE CASE BREAKDOWN: Increase Security While Decreasing Costs – Process-Based Privilege Management – Apex Companies

by Viewfinity 3. October 2014 16:27

Increase Security While Decreasing Costs – Process-Based Privilege Management


Apex Companies uses Viewfinity to increase their IT security and harness the process-based privilege management capabilities to lower desktop management costs for a maximized ROI. Below is a breakdown of their success story as well as a recording to their live use case presentation.

Apex Companies - Use Case Webcast

Apex Companies - Full Case Study




Fast Facts

Project Scope: Remove administrator rights from all employees without impeding user productivity
  • IT staff is very lean, with only three support members responsible for all endpoints spanning 35 geographically disbursed branch offices
  • Apex saves hundreds of thousands of dollars in desktop management costs per year with Viewfinity
  • IT typically performed well over 500 installs on an annual basis, ranging from simple upgrades to full application installs – Viewfinity reversed the previously ineffective and costly method of deploying updates and handling installs

The Situation Breakdown

Challenge #1: Must enforce stringent policies for network and system access

Solution: Move to a fully locked down environment with privilege elevation on the application level, which removes the need for providing individual users or groups access to admin rights.

Result: Viewfinity allows Apex Companies to pre-define policies and granularly manage end-user privileges, thus meeting company compliance requirements.

Challenge #2: Need to ensure all software is installed legally and that all applications have valid licenses

Solution: Application whitelisting to allow control of which processes, applications, versions etc. are allowed to run within the environment.

Result: “Viewfinity’s reporting allows me to quickly ascertain which applications are installed, how many are installed, when they were installed, and on which computers. I use this information to budget as well as to maintain license legality… With Viewfinity I have very accurate, complete information.”

Challenge #3: Need to provide timely support to end users despite lean IT staff and geographically dispersed end users

Solution: Pre-defined policies and application whitelists can enable end users to perform simple tasks (upgrades, installs, settings) without having to contact IT support for help.

Result: Because of Viewfinity’s whitelisting capabilities, users no longer need to contact Apex IT in order to perform routine updates or whitelist installs. Viewfinity allowed Apex to realize a reduction of hundreds of thousands of dollars in desktop management costs per year.



High Profile Data Breaches Have the IT Security Community on Edge

by Viewfinity 4. September 2014 14:12

Financial institutions (JP Morgan Chase and others), Retail Stores (Home Depot, Target, Niemen Marcus), Restaurants (Dairy Queen, PF Chang), Universities (University of Maryland, Iowa State University, Wisconsin State University), Celebrities… If we’ve learned one thing this year it is that no one is safe, no one is immune to sophisticated hackers, malware, advanced persistent threats and zero-day attacks.

Here are some more examples of breaches that you might not know about, but probably should. Many of these breaches are now being attributed to "Backoff" malware, which the Department of Homeland Security has recently issued an alert to businesses on. 

Despite IT teams working endlessly against these threats, they are still getting through. The harder IT security teams work, the more pervasive hackers and malicious bodies get. It seems like a never ending, extremely vicious cycle, and no single approach to security is enough.  Experts in the analyst community do point to the removal of administrative rights as a fundamental step in IT security:

“Run more of your windows users without administrator rights… the single most important way to improve endpoint security” ~ Neil MacDonald, VP & Gartner Fellow

“If target used some type of application controls (from Bit 9, Kaspersky, McAfee, Viewfinity, etc.)… it may have had a better fighting chance.” ~ Jon Oltsik, Senior Principal Analyst for ESG: The Target breach…

The SANS Institute: “The Critical Controls represent the biggest bang for the buck to protect your organization against real security threats… The five quick wins are:”




A smart move.  Close down security loopholes and vulnerabilities by removing admin rights and controlling what applications can run in your environment. Here is a link to a webinar that Viewfinity recently ran with renowned security expert Marcus Murray: How Hackers Exploit Admin Rights to Access Your Systems. The webinar does a great job outlining the different security risks associated with excess admin rights in your environment. It’s definitely worth a watch.


Additionally, at the end of this month we’ll be running a webinar: Best Practices for Removing Admin Rights: A Step-by-Step Approach. Keep an eye out for more information regarding this event. We highly recommend this webinar if you have not removed admin rights, or have removed rights but are looking for a streamlined and automated approach to managing privileges and to cut down on IT overload. We know that your security teams are doing everything they can, but they don’t have to do it alone. For more information on the Viewfinity solutions and how we can help you pave the way to better IT security, visit our website.



What is Pass-the-Hash

by Viewfinity 31. July 2014 16:28

August 12th at 2pm ET we will be running a webinar with Enterprise Security MVP and Microsoft Security Trusted Advisor, Paula Januszkiewicz: Security Vulnerabilities Associated with Having Local Administrator Rights. This webinar will focus on the risks associated with having excess admin rights and how Viewfinity can mitigate these risks. One of the main focuses of the webinar will center on pass-the-hash scenarios; in preparation for the event we wanted to make sure everyone was well versed on this dangerous risk.

So, what is pass-the-hash? … and no it has nothing to do with twitter, or illegal substances. Pass-the-hash is when hackers exploit excessive admin rights to steal the credentials of an admin. It’s a complicated process, which is discussed fully in our white paper: How Viewfinity Mitigates Pass-the-Hash. While we highly recommend reading this whitepaper, we also wanted to share some key information to help get readers more knowledgeable in the subject… after all you must understand the vulnerability in order to protect against it.

The following information comes from Wikipedia:

WHO: Most pass-the-hash attacks are done via human speed attacks, not through automated malware, using a remove human controller (remote shell).

WHAT: Pass-the-hash is a technique which enables hackers to use your own systems against you, by using administrator rights to steal admin credentials and then use those credentials to gain access to your infrastructure.

WHERE: Pass-the-hash can infiltrate any server or service that accepts LM or NTLM authentication; it can work against any operating system.

WHEN: Once a user name and password hash is obtained a hacker can then use that information to authenticate to a remote server and have access to an entire infrastructure.

HOW: The hacker uses a user password’s underlying NTLM hash to authenticate to a remote server/service.



Pretty terrifying huh? The good news is there are ways to reduce the attack surface and stop these hackers in their tracks… the bad news is that you will have to wait until next week to find out how.

Stay tuned for a follow up to our pass-the-hash discussion and make sure to sign up for the webinar on the 12th to learn how you can secure against vulnerabilities that are associated with local admin rights.


Solutions for every stage: Where are you with your endpoint security project?

by Viewfinity 27. June 2014 16:02

Improving endpoint security is a difficult, but necessary task. The good news is that Viewfinity offers resources to help you during every stage of your project; whether your head is swimming trying to navigate the ever changing security landscape, you are just learning what application control can do for your organization, you’ve removed admin rights and are ready for the next steps, or you are currently employing all of the top security strategies and are looking for an easier way to manage your processes.

Take some time to check out the resources below that match your needs best, or reach out directly to Viewfinity and we can walk you through the process as smoothly as possible.

  • I am not familiar with application control and would like a high-level overview: IT Security’s 50 Shades of Grey
  • I am thinking about removing admin rights: Viewfinity’s Free Local Admin Discovery tool
  • I have removed admin rights but am experiencing IT help desk overload: Case Study – Fortune 500 Energy & Utilities Company
  • I have a homegrown / Native MS system in place but would like to learn about streamlining the process: Sign up for a One-On-One demo with a Viewfinity Engineer
  • I am making a decision soon and want to see your product: Register for a Trial Eval

Viewfinity offers flexible application control and privilege management solutions to meet whatever cyber security needs your company is currently facing. Let us work with you to make this daunting process as seamless as possible.


Do you feel safe from insider threats?

by Viewfinity 10. April 2014 14:19

The bad news, astonishingly a recently study published by Ovum revealed that a mere 9% of organizations feel that they are safe from insider threats. The good news, 66% of those surveyed did say that they were looking to invest more spending in IT security, specifically to help combat insider threats. You can read more on the Ovum study here:

Unfortunately, “insider threats” is a vague term and they are often difficult to mitigate if not handled properly. First, one must understand the different types of insider threats that organizations face each day. The most obvious threats are those internal users who act with malicious intent to either harm the organization or for their own personal gain. Second are the users who accidentally or unknowingly cause harm through lack of knowledge or preparation. Finally, there are the targeted attacks that work from the outside in. These actors target highly privileged users and utilize their credentials as a way to get access to even the most protected parts of a network. These actors are by far the most dangerous, they use advanced evasion techniques (AETs) to execute advanced targeted attacks across multiple network layers. They are difficult to defend against and even more so to detect.

So, how does an organization begin to combat these elusive threats? Obviously the first step is to enable strong perimeter controls, followed by a completely locked down desktop environment. Operating in a least privilege environment helps to prevent threats, which do make their way through the defenses, from gaining access to privileged data and applications.

Additionally, measures such as application whitelisting can help further protect organizations through a default-deny model, ensuring that only trusted applications, files, and executables can run on the endpoints and servers.

Organizations must go one step further though, to employ next-generation monitoring and forensics capabilities. In order to protect against these evasive threats, full and real-time visibility of all activities within a network is paramount. This will help organizations detect and mitigate any breaches early and effectively.

This multi-layered approach is the only way to protect against the sophisticated modern day threats that all organizations are facing today. here is an interesting whitepapter that discusses just that: Layers of Cyber Security - Modern Security Threats. Give it a read and pass it along. It's vital that the community understand the necessity for a next-generation, layered approach to cyber security.

Trouble Ahead for Windows XP Users

by Viewfinity 5. December 2013 10:52



This week Zach Epstein of BGR wrote an article that we feel is important for anyone still using Windows XP. Epstein describes the outlook which faces current XP users come the April sunset date, including massive security risks, virus and malware onslaughts and critical system flaws which will no longer be fixed.

Read the full article here.

It’s highly recommended that anyone still using Windows XP begin a migration to either Windows 7 or 8 to avoid these serious security issues; however, despite the risks, over 30% of desktops and laptops currently running are still using XP.

Organizations running on XP who are not looking to migrate any time soon need to consider utilizing 3rd party security solutions, which go above and beyond traditional anti-malware software. Organizations need to lock down their endpoint environment and employ tactics like application whitelisting and privilege management in order to try and stave off potentially devastating zero-day attacks and malware.

Windows 7 and 8 users should be implementing these techniques as well. Organizations of all sizes are subject to data breaches and cyber-attacks. A Windows 7 or 8 migration is the perfect time to implement better security practices through endpoint lockdown, application whitelisting and privilege management solutions.

Viewfinity can help ease the pain incurred by Windows 7 and 8 migrations, visit our website to find out how.


ILTA’s 2013 Technology Survey

by Viewfinity 22. November 2013 14:02

Peggy Wechsler, Program Director with International Legal Technology Association (ILTA) shared the published results of their annual Technology Survey. The 2013 Technology Survey reports the input of 494 firms, representing more than 88,000 attorneys and 189,000 total users.  This year’s report, while admittedly featuring the legal industry, should at the very least be skimmed by all IT professionals as it highlights some key technology shifts and findings, including:

  • The adoption of Microsoft Office 2010 jumping almost 30% (not surprising)
  • More firms seem to be supporting single platforms than in previous years (a little surprising)
  • A large shift as firms move back toward more desktop use and less laptop use (pretty surprising, perhaps due to more tablet use?)

Overall, the general consensus is that there is a constant struggle for IT professionals in the legal industry to find that perfect balance between user productivity/adoption and having a secure/affordable/compliant/up-to-date network environment. You can read the full ILTA 2013 Technology Survey to find out the results that matter most to you. In the meantime, we wanted to highlight a few key findings that came out of the survey, relating to IT Security.

In relation to a subject that is relevant to our solution, the report included a section on next-generation endpoint security.  The survey found that an overwhelmingly large number of firms are not using any sort of next-generation endpoint security solution. Most firms are simply using traditional anti-virus solutions.

Legal firms in particular handle massive amounts of sensitive/personal client data. A data breach from an advanced persistent threat or a zero-day attack could be devastating to a legal firm financially, as well as destroying any law firm’s greatest asset- its reputation. 



We think this 89% statistic is an eye-opener and timely.  Just last month Sean Power, CIO at Lathrop & Gage was our featured speaker on a webcast that addressed next-generation endpoint security. His insight was spot-on and it’s worth taking the time to watch the recording. For those looking for some comparison information, we do have this one page chart that explains the similarities and differences between AppLocker and Viewfinity.



Powered by BlogEngine.NET
Theme by Mads Kristensen


<<  April 2015  >>

View posts in large calendar

About Viewfinity

Viewfinity provides privilege management and application control for desktops, laptops and servers, empowering enterprises to meet compliance mandates, reduce security risks, and lower IT costs. The Viewfinity solution allows enterprises to control end user and privileged user rights for applications and systems which require elevated permissions. Viewfinity's granular-level control enables companies to establish and enforce consistent policies for least privilege Windows-based environments based on segregation of duties. For more information, visit

Follow us on Twitter: viewfinity
Find us on LinkedIn:
Become a fan on Facebook: