Cybersecurity, It’s not IF but WHEN… and the Board Wants Answers

Last week I was at a cybersecurity summit that included a panel of four leading industry CIOs.  They shared what was top of mind for them related to all aspects of IT.  Topics such as emerging technologies and how they go about engaging with start-up vendors, information related to how they go about researching products, the role of a technology vendor in their organization, and other candid information for “we marketers” in the room. 

Some of the CIOs shared similar perspectives, some were quite different, but there was one point of common ground among all panelist.  The board is asking CIOs and CISOs at every board meeting “what are we doing to protect against and deal with cybersecurity attacks?” 

Veracode just published a study done in partnership with the NYSE Governance Services on this topic.  The study revealed that more than 80 percent of the nearly 200 directors of public companies surveyed said that cybersecurity was discussed at nearly every board meeting.  Not surprisingly considering all the attention paid by the media, both pre and post-attack, boards are willing to hold the CEO and the entire senior management team responsible for cybersecurity breaches.
*Source: Cyber-Security Is a Hot Topic at Board Meetings, Aug 12, 2015 by Maggie O'Neill


This exposure and the ramifications have CISOs directing their IT teams to research and apprise the major cybersecurity solutions on the market today.  This is a major undertaking and since there are only so many budgets dollars that can be spent on IT security software, companies must look for the biggest bang for the buck. 

Hackers are exploiting all potential infiltration points thus it is important to establish your defense structure and response and remediate strategy from all angles. But with so many solutions out there, where do you start? Viewfinity offers a unified strategy that supports prevention, detection and remediation all based on the architectural integrity of one agent.

Viewfinity’s advanced endpoint protection solution closes down two major cybersecurity loopholes:

  • Eliminating the security loophole related to Windows administrator rights and controls privilege elevation via policies
  • Performing application control and monitoring, all which can be the precursor to full default-deny 

The protection is two-fold.  If you are considering whitelisting, you will achieve the goal of only allowing known applications to execute in your environment.  However, if an application requires administrator rights, you must provide those rights to the users, opening up that security vulnerability.  Conversely, if malware does not require admin rights to penetrate your organization, but you are not monitoring applications, it will easily make its way through your infrastructure.  Having both areas of protection all within one agent is extremely useful and valuable.  We also tap into your pre-established security ecosystems and share endpoint information with:

  • Firewall technologies to update firewall policies
  • Palo Alto, Check Point and FireEye sandboxes to perform a payload analysis by sending files for secondary inspection

There’s more… and we can help you prepare for answering to your board members about these specific security issues. Contact us for more information.

Viewfinity Receives 4-Star Rating from PC Magazine Product Review

Technology editor Wayne Rash took the Viewfinity Privilege Management software for a test drive and summed up his findings in a product review published in PC Magazine.  The review is comprehensive and represents the product fairly, earning 4 out of 5 stars with an editor’s rating of “Excellent”. 

The information presented digs into the details of the Viewfinity Privilege Management solution.  The testing was performed via Viewfinity’s SaaS-based platform and walks the reader through a step-by-step approach to how a project to remove admin rights and then manage privilege elevation needs would be approached.

While the review is easy to follow and provides just the proper amount of detail to get a good overview and feel for the solution, what is stressed more importantly by this technology expert is the fact that organizations should be paying attention to the local admin rights security loophole.  It’s been said over and over by many security experts that removing local admin rights from your end users is one of the most important ways to reduce the attack surface.

The most common pathway to a data breach by far is the misuse of administrative rights on a company data system. Normally this happens in either of two ways: The first way is by stealing the credentials of someone with administrative rights and the second way is by elevating the rights of an existing user. Once either is accomplished, the data theft is often carried out by inserting a background application that siphons off critical data and sends it to the criminals who want it. Viewfinity Privilege Management and Application Control ($20 per user per year) cloud-based services aim to prevent both of those scenarios.
 

You can read the full review here.



Cybersecurity Insurance Driving Enterprise Purchase Decisions and Implementations


More and more we are seeing that the need for Cybersecurity insurance, and other contingency plans, are driving how organizations view and consume cyber security tools. Cybersecurity insurance providers need to see that organizations are doing their due diligence in order to protect the assets and privacy of their company, customers and other stake holders.

Todd Bell of Enterprise Tech recently published an article, Getting Cybersecurity Insurance After a Breach, outlining the struggles that organizations can face if they fail to take the necessary steps to protect themselves and their assets before a breach occurs.  Pretty serious challenges - it’s worth a read for anyone looking to better understand what they might be up against.

As a place to start, Viewfinity offers a complimentary tool which can provide a baseline for organizations to audit their endpoint security posture in regards to who has local administrator rights.  The Viewfinity Local Admin Discovery is a free tool that allows you to discover user accounts and groups that are members of the local “Administrators” built-in user group on computers in your Windows domain.


Sign up here to schedule your session


If you have removed admin rights from the majority of your end users, you can use this information provided in our tool as proof that you have closed down this security loophole that hackers use regularly to penetrate an infrastructure.

On a larger scale, Viewfinity enables organizations to approach cybersecurity with a 1-2 punch; Application Control with the ability to remove and manage admin rights, from a single agent. Both of these capabilities are vital to avoiding cybersecurity vulnerabilities and loopholes that serve as access points for hackers, Advanced Persistent Threats (APTs), and sophisticated Zero-day attacks. Not to mention, these tools offer the necessary capabilities to satisfy cybersecurity insurance providers and potentially even reduce cybersecurity insurance premiums.

RSA Recap – Pescatore Proves Data Breach Prevention Possible

Year after year RSA has no trouble creating buzz, as industry experts share knowledge and innovations related to IT security theories, trends and facts. However, above and beyond this year, a favorite story comes from John Pescatore of the SANS Institute. In the wake of so many data breaches over the past few years, organizations are losing faith in the ability to stop these infiltrations. Despite the pessimison, at RSA John Pescatore explained, measure by measure, that data breach prevention is possible and that organizations should not give up.

During his talk, Pescatore stressed the importance of having a strong security portfolio which takes on security from various angles. He used real-life examples of organizations who have been able to successfully prevent data breaches using a multitude of approaches.

One of the organizations which Pescatore featured in his talk was the Australian Government’s Department of Defense. According to Pescatore, this governing body was able to realize a number of measurable reductions in “the rate of successful malware execution by nearly two-thirds by layering three security technologies” (Shea, 2015). These three security technologies included Application Whitelisting, adding least privilege users access, and OS patch management.

Here is a quick breakdown on the results which they saw:



We’ve long been speaking about the top 4 mitigation strategies that the Australian Government has been implementing for a long time now, and it’s great to see that they have realized some strong measurable results. Clearly a layered security approach which handles management of both users and applications is a key factor in preventing these data breaches.

Viewfinity offers the only solution to combine the strength of both privilege management and application control within the architectural integrity of one single agent. If you’d like to find out more, join us on Tuesday, April 28th at 2pm ET for a live webcast event: Advanced Endpoint Protection: Full Circle Prevention-Detection-Remediation Based on a single Agent.


Sources

Shea, S. (2015, April 23). Pescatore on security success: Breach prevention is possible. Retrieved from Tech Target: http://searchsecurity.techtarget.com/news/4500244894/Pescatore-on-security-success-Breach-prevention-is-possible

 

 

Viewfinity Releases a New Version of its Endpoint Security Solution

This week Viewfinity announced the release of version 5.5 for Privilege Management and Application Control GPO solutions. This latest release brings together an easy to manage policy GUI, powerful forensic tools, and threat management and remediation via collaboration with network security vendors.

This release continues Viewfinity’s model to provide a full circle prevention-detection-remediation solution based on the architectural integrity of a single agent.

The latest release includes:

Viewfinity will be previewing this latest release next week at RSA. Stop by booth #1046 in the South Hall to see new capabilities first hand, or contact a Viewfinity representative today for a private demo.

The State of POS: Protecting Yourself and Your Company from Devastating Data Breaches

2013 was labeled “The Year of the Mega Breach” as more and more consumer facing companies were ravaged by devastating POS attacks. 2014 has done nothing but prove that these types of attacks are only getting faster, more frequent, and harder to detect.   

Attend our Nov 5th webinar:
 Steps Hackers Take to Infiltrate Windows Infrastructures and Least Privilege Application Control

The fact is that IT professionals are doing everything they can to prevent these breaches. Unfortunately, as quickly as security practices adapt, so do hackers and advanced malware.  Where there is no one-size-fits-all security solution, here are select insights from industry experts sharing their knowledge, and knowledge is power.

Jon Oltsik, Senior Principle Analysts for ESG

  “If Target used some type of application controls (from Bit 9, Kaspersky, McAfee, Viewfinity etc.)… it may have bad a better fighting chance.”

SANS 5 Quick Wins:  #1 Application whitelisting; #5 Reduce the number of users w/ admin privileges

 

Mike Rothman, Securosis, Reducing Attack Surface with Application Control:  

In Reducing Attack Surface with Application Control, we look at the double-edged sword of application control, detail a number of use cases where it fits well, and define selection criteria to consider for the technology.

Paul Ducklin, 2009 winner of the AusCERT Director’s Award for Individual Excellence in Computer Security
Ducklin stresses the importance of ensuring that 3rd party vendors and contractors are amply protected, especially if the POS vendors access your networks remotely. More here.

Steven Norton, The Wall Street Journal
“Rolling out EMV technology in brick-and-mortar stores is a step in the right direction, but it won’t solve the entire security problem. While it can significantly reduce fraud, it doesn’t take in to account online transactions and may not help companies identify larger threats to the point-of-sale systems.”  Steven Norton: Security Breaches Trigger Retail’s Big Players to Call for Major Tech Challenges

Tracy Kitten, Bank Info Security
“By educating merchants about compliance with the Payment Card Industry Data Security Standard, or, in some cases, even providing network security services to their merchant customers, banking institutions are playing a more aggressive role in ensuring card fraud associated with point-of-sale attacks is contained.” Tracy Kitten: Banks: How to Stop POS Breaches

When it comes to POS and retail security breaches, unfortunately there is no easy button, no simple fix, but the strongest weapon you have is knowledge.  First and foremost organizations should adhere to the principle of least privileges; removing admin rights can eliminate a large number of security loopholes. Application whitelisting on POS devices ensure that only approved applications are running. Finally visibility into these activities with proper monitoring and forensic analysis can help accelerate threat detection and remediation in the event that a breach does occur.       

USE CASE BREAKDOWN: Eradicate Nuisance Help Desk Calls – Movado Group Inc.

USE CASE BREAKDOWN: Eradicate Nuisance Help Desk Calls – Movado Group Inc.

Movado Group Inc. implemented a corporate initiative to lock down its endpoint environment to improve security.  Once administrator rights had been removed, Movado deployed Viewfinity Privilege Management and use automated policies that resolve the challenges that present due to the removal of  admin rights. In addition to the reduction in time-consuming support related requests that occurred prior to lock down, such as reimaging of malware infected machines, Movado Group Inc. was able to completely eradicate nuisance help desks calls within their environment.

Movado Group Inc. - Use Case Webcast

Movado Group Inc. - Full Case Study

 
   

Fast Facts

Project Scope: Eliminate nuisance calls due to removal of admin rights and improve end user productivity through faster resolution of IT issues.

  • Multiple sales and distribution offices around the world, with over 1300 employees
  • Workforce is comprised of 1100 endpoints 60/40 laptop/desktop
  • 10% of staff are mobile workers and 30% work in retail locations

The Situation Breakdown

Challenge #1: With a locked down environment employees were unable to perform day-to-day tasks like printer installs, application upgrades etc. which were required for their job functions.

Solution: Using Viewfinity, Movado Group Inc., was able to run an audit of their environment for 30 days, identifying applications and processes which required admin privileges.

Result: Within a month of rolling out Viewfinity, Movado Group Inc. realized a complete eradication of nuisance calls. End users were able to be self-reliant, handling day-to-day task such as printer installs and java updates without having to be granted admin rights.

Challenge #2: The Movado Group IT staff spent a great deal of time making desk-side visits to fix small problems, negatively impacting productivity as users waited for tech support to arrive, and taking up valuable time for IT staff.

Solution: Movado Group Inc. was able to establish proactive policies to handle elevation needs automatically. The policies were predefined to fit actual user needs based on the Viewfinity Audit previously run.

Result: Rolling out Viewfinity helped to control unproductive downtime and predict potential problem areas. End users are able to run updates and install necessary applications on their own but the system is streamlined and controlled from the backend. End users maintain the independence and control they require being in regional offices but still receive the security benefits of a locked down environment.

 

USE CASE BREAKDOWN: Increase Security While Decreasing Costs – Process-Based Privilege Management – Apex Companies

Increase Security While Decreasing Costs – Process-Based Privilege Management

 

Apex Companies uses Viewfinity to increase their IT security and harness the process-based privilege management capabilities to lower desktop management costs for a maximized ROI. Below is a breakdown of their success story as well as a recording to their live use case presentation.

Apex Companies - Use Case Webcast

Apex Companies - Full Case Study

 

 

 

Fast Facts

Project Scope: Remove administrator rights from all employees without impeding user productivity
  • IT staff is very lean, with only three support members responsible for all endpoints spanning 35 geographically disbursed branch offices
  • Apex saves hundreds of thousands of dollars in desktop management costs per year with Viewfinity
  • IT typically performed well over 500 installs on an annual basis, ranging from simple upgrades to full application installs – Viewfinity reversed the previously ineffective and costly method of deploying updates and handling installs

The Situation Breakdown

Challenge #1: Must enforce stringent policies for network and system access

Solution: Move to a fully locked down environment with privilege elevation on the application level, which removes the need for providing individual users or groups access to admin rights.

Result: Viewfinity allows Apex Companies to pre-define policies and granularly manage end-user privileges, thus meeting company compliance requirements.

Challenge #2: Need to ensure all software is installed legally and that all applications have valid licenses

Solution: Application whitelisting to allow control of which processes, applications, versions etc. are allowed to run within the environment.

Result: “Viewfinity’s reporting allows me to quickly ascertain which applications are installed, how many are installed, when they were installed, and on which computers. I use this information to budget as well as to maintain license legality… With Viewfinity I have very accurate, complete information.”

Challenge #3: Need to provide timely support to end users despite lean IT staff and geographically dispersed end users

Solution: Pre-defined policies and application whitelists can enable end users to perform simple tasks (upgrades, installs, settings) without having to contact IT support for help.

Result: Because of Viewfinity’s whitelisting capabilities, users no longer need to contact Apex IT in order to perform routine updates or whitelist installs. Viewfinity allowed Apex to realize a reduction of hundreds of thousands of dollars in desktop management costs per year.

 

  

High Profile Data Breaches Have the IT Security Community on Edge

Financial institutions (JP Morgan Chase and others), Retail Stores (Home Depot, Target, Niemen Marcus), Restaurants (Dairy Queen, PF Chang), Universities (University of Maryland, Iowa State University, Wisconsin State University), Celebrities… If we’ve learned one thing this year it is that no one is safe, no one is immune to sophisticated hackers, malware, advanced persistent threats and zero-day attacks.

Here are some more examples of breaches that you might not know about, but probably should. Many of these breaches are now being attributed to "Backoff" malware, which the Department of Homeland Security has recently issued an alert to businesses on. 

Despite IT teams working endlessly against these threats, they are still getting through. The harder IT security teams work, the more pervasive hackers and malicious bodies get. It seems like a never ending, extremely vicious cycle, and no single approach to security is enough.  Experts in the analyst community do point to the removal of administrative rights as a fundamental step in IT security:

“Run more of your windows users without administrator rights… the single most important way to improve endpoint security” ~ Neil MacDonald, VP & Gartner Fellow

“If target used some type of application controls (from Bit 9, Kaspersky, McAfee, Viewfinity, etc.)… it may have had a better fighting chance.” ~ Jon Oltsik, Senior Principal Analyst for ESG: The Target breach…

The SANS Institute: “The Critical Controls represent the biggest bang for the buck to protect your organization against real security threats… The five quick wins are:”

 

 

 

A smart move.  Close down security loopholes and vulnerabilities by removing admin rights and controlling what applications can run in your environment. Here is a link to a webinar that Viewfinity recently ran with renowned security expert Marcus Murray: How Hackers Exploit Admin Rights to Access Your Systems. The webinar does a great job outlining the different security risks associated with excess admin rights in your environment. It’s definitely worth a watch.

 

Additionally, at the end of this month we’ll be running a webinar: Best Practices for Removing Admin Rights: A Step-by-Step Approach. Keep an eye out for more information regarding this event. We highly recommend this webinar if you have not removed admin rights, or have removed rights but are looking for a streamlined and automated approach to managing privileges and to cut down on IT overload. We know that your security teams are doing everything they can, but they don’t have to do it alone. For more information on the Viewfinity solutions and how we can help you pave the way to better IT security, visit our website.

 

 

What is Pass-the-Hash

August 12th at 2pm ET we will be running a webinar with Enterprise Security MVP and Microsoft Security Trusted Advisor, Paula Januszkiewicz: Security Vulnerabilities Associated with Having Local Administrator Rights. This webinar will focus on the risks associated with having excess admin rights and how Viewfinity can mitigate these risks. One of the main focuses of the webinar will center on pass-the-hash scenarios; in preparation for the event we wanted to make sure everyone was well versed on this dangerous risk.

So, what is pass-the-hash? … and no it has nothing to do with twitter, or illegal substances. Pass-the-hash is when hackers exploit excessive admin rights to steal the credentials of an admin. It’s a complicated process, which is discussed fully in our white paper: How Viewfinity Mitigates Pass-the-Hash. While we highly recommend reading this whitepaper, we also wanted to share some key information to help get readers more knowledgeable in the subject… after all you must understand the vulnerability in order to protect against it.

The following information comes from Wikipedia:

WHO: Most pass-the-hash attacks are done via human speed attacks, not through automated malware, using a remove human controller (remote shell).

WHAT: Pass-the-hash is a technique which enables hackers to use your own systems against you, by using administrator rights to steal admin credentials and then use those credentials to gain access to your infrastructure.

WHERE: Pass-the-hash can infiltrate any server or service that accepts LM or NTLM authentication; it can work against any operating system.

WHEN: Once a user name and password hash is obtained a hacker can then use that information to authenticate to a remote server and have access to an entire infrastructure.

HOW: The hacker uses a user password’s underlying NTLM hash to authenticate to a remote server/service.

 

 

Pretty terrifying huh? The good news is there are ways to reduce the attack surface and stop these hackers in their tracks… the bad news is that you will have to wait until next week to find out how.

Stay tuned for a follow up to our pass-the-hash discussion and make sure to sign up for the webinar on the 12th to learn how you can secure against vulnerabilities that are associated with local admin rights.