In the face of an increasingly alarming rate of cyber-attacks many organizations are rethinking their normal methods of network protection. Chris Paoli and Jeffrey Schwartz of Redmond Magazine reached out to industry experts and analysis for input.

This past March the intelligence community even went so far as to declare that cyber-attacks are now the nation’s biggest security threat, above even terrorism. No matter who you talk to, the consensus is strong: firewalls and anti-malware just don’t cut it against the sophisticated attacks of today. Gartner Inc. analyst and Research Director, Lawrence Pingree warns, “The threats that exist today are getting through many of today’s existing security controls. Advanced threat protection appliances that leverage virtual execution engines as a petri dish for malware are most effective to deal with the latest threats. Also, organizations much continue to upgrade their endpoint protection suites. The antivirus they bought several years ago is not the same as it is today”.

Lack of planning is often seen as the largest issue when dealing with these large scale security breaches and having only one strategy for IT security isn’t enough. Paoli and Schwartz suggest a segmented approach to handle each type of attack differently. “The fundamental difference between hackers who are trying just to show their muscles as cyber thieves [by] trying to get a financial advantage and governmental-sponsored attacks is in scale of operation,” says Leonid Shtilman, CEO of Viewfinity Inc. “It’s hard to believe that a group of two=to-three thieves could have developed Stuxnet [the computer worm used to attack Iran’s nuclear operations]. IT organizations may be well armed to protect databases containing credit-card data, but at the same time will not be prepared for an attack on Group Policies, which will lead to damage to the global infrastructure.”

In order to tackle these problems Gartner’s Pingree stresses the importance of staying abreast of IT security innovations – including privilege management. “Application control technology can play a significant hand in prevention of the latest attacks”, Pingree explains, “defense in depth and detect in depth are concepts that all customers should explore.”

The importance of increased protection is hard to argue with though, with a 40% increase in the number of breaches disclosed over the past two years alone. Shtilman explains a potential reason for the increase, “As several of the technical components of information systems have gotten more secure, attackers have shifted their focus to targeting the human link in these systems. [They] are finding it easier to trick people into giving them access to their credentials and using those access networks then to find ways to sneak into those same networks without credentials,” something which privilege management and removal of administrator rights can help with.

Read the FULL ARTICLE to see Paoli and Schwartz’s suggestions on how to start addressing these issues moving forward.

This Wednesday - May 8^th, 2013 - Phil Stasko, Director of IT for Apex Companies will present a case study for removing administrator rights without impeding user productivity. Join us for this informative webinar. 

Faced with the challenge of maintaining endpoint security and application control with a limited IT team, Apex was driven to find a cost effective and premium solution for removing administrator rights.

Join in to hear Stasko outline how he sought an approach with Viewfinity Privilege Management that would reverse the previously ineffective and costly way to manage privileges on locked down endpoints, without having a negative impact on user productivity. This live session will also demonstrate how to whitelist and manage user privileges with the Viewfinity solution.

Join us for the webinar, Wednesday, May 8^th at 9:00am Pacific / 12:00pm Eastern Time. Click here to register for the event.

As thousands of attendees poured into Europe’s largest Information Security Event, Viewfinity drove hundreds of attendees to its booth and gave demonstration after demonstration to the steady flow of visitors. Everyone from CEOs and Engineers to Security Architects and Analysts stopped by to find out more about how Viewfinity Privilege Management could benefit their organizations. 

In addition to the demonstrations and information sessions that the Viewfinity team offered throughout the day, they also raffled off some great Samsung Tablets to booth visitors. Winners of the tablets were Ben H., Telefonic O2, Frank H., Unibridge and Jamie C., Exacta Technologies.

                   

Thanks to everyone who stopped by our booth during the show. Stay posted for information about our TechEd NA and Gartner Security and Risk Management shows coming up in June 2013.

Here’s a quick 2 minute flash overview of what Viewfinity does:

www.viewfinity.com/vfadmin/ContentRepository/downloads/introduction.wmv

Don’t forget to follow us on Twitter (www.twitter.com/viewfinity) and Facebook (www.facebook.com/viewfinity).

In this video, Shtilman sits with SC Magazine reporter, Danielle Walker, to discuss privileged management and ways organizations can secure corporate accounts.

"An effective security strategy should include adequate privileged management security practices. Certain applications should be whitelisted, others blacklisted, and those that fall between the lines are graylisted. According to Leonid Shtilman, CEO of Viewfinity, graylisted applications are the ones that need to be monitored closely. They need to put under restrictive modes that won't allow the application to access corporate data, thus limiting the amount of damage that can be done if an intruder happens to gain privileged access to an employees account."

Read more:  http://www.scmagazine.com/video-privileged-access-in-the-enterprise/article/288300/ 

A Fine Line

 Print This
 Email This
 Bookmark/Share 
 Most Popular

If “time is money,” no one knows this better than Movado. The premier watchmaking company, based in Switzerland and Paramus, N.J., designs, manufactures and distributes some of the world’s most recognized brands including Ebel, Coach, Hugo Boss, Juicy Couture, Lacoste and Tommy Hilfiger.

The company has distribution offices around the world and a workforce of more than 1,100 desktop and laptop users, running an average of more than 30 applications. The company has always focused on best practices to proactively protect the entire organization, but the number of applications and employees’ ability to access them were creating problems.

Specifically, Movado’s IT help desk was being inundated 24 hours a day with support calls for everything from spyware and popups that impacted computer performance to installing new printers. Even simple issues were impacting productivity, when employees had to wait for an on-site visit from IT personnel to fix a problem.

The solution was privilege management software from Viewfinity that enabled the company to control and streamline its systems and eliminate “nuisance” calls to the help desk.

Read the full article here:  http://www.stores.org/STORES%20Magazine%20November%202012/fine-line 

Doug Barney of Redmond Magazine published an article "Cloud Conversions: Software Vendors Transforming into Service Providers".  In this article he discusses how "the cloud is putting pressure on traditional software companies to redefine their focus to a service-oriented business model" and reviews several vendors that are transitioning their traditional software to embrace the cloud model.  Viewfinity was featured as one of the vendors who has made cloud-based delivery of its software part of it's portifolio.  

Read the full article here:   http://redmondmag.com/articles/2012/10/01/cloud-conversions.aspx 

Viewfinity has entered into a technology and marketing partnership with Centrify Corporation to integrate Centrify’s DirectControl for Mac OS X solution with the Viewfinity Privilege Management product.  This is critical to enterprises today as Mac devices need to be secured at the same level as other endpoint devices.

This partnership allows Viewfinity to offer Centrify’s DirectControl for Mac solution to enable administrators to utilize Active Directory-based authentication and Windows Group Policy for centralized application control policies on Mac systems in the workplace.  While IT desktop support personnel can centrally configure privilege policies for application and desktop tasks for Windows-based endpoints, administrators are challenged because Macs are still often managed on a standalone basis.  With this joint solution, IT administrators can easily lock down and manage their entire desktop environment because policies for Mac systems are easily integrated to the most complex environments using the same processes, people and infrastructure as are used for Windows systems.

User Privilege Management: Not Just for Linux

Posted by Haim Lichaa in Open Port IT Community on Apr 2, 2012 3:34:32 PM

I came across this blog article and was impressed with the author's clear articulation of “Least Privilege Management” beyond the Linux world.  His analogy of the “Honor System” explains the situation with finesse.  For all you IT Security Pros, I recommend reading the article:

http://communities.intel.com/community/openportit/blog/2012/04/02/user-privilege-management-not-just-for-linux

Viewfinity Privilege Management 4.0 was honored with a Stevie® Award in the New Product or Service of the Year - Software - Security Solution category in The 10^th Annual American Business Awards.  Viewfinity stands out as the only privilege management vendor to be awarded the Stevie Award in 2012.  More than 3,000 nominations from organizations of all sizes and in virtually every industry were submitted this year for consideration in a wide range of categories. Stevie Award winners were selected by more than 270 executives nationwide who participated in the judging process this year. 

"The Stevie Award reflects our dedication to developing and delivering the industry's most advanced and reliable privilege management solution,” said Leonid Shtilman, CEO, Viewfinity. “It’s an honor to have won this distinction out of an extensive list of nominees, and we are equally as proud to have this recognition come alongside established, proven products from RSA, HP, GFI, SecureAuth and Threatmetrix.”

If you missed the popular webinar with Group Policy Guy and Microsoft Group Policy MVP, Darren Mar-Elia and Viewfinity on Windows 7 Security and Managing UAC Prompts, then you can catch the recording here.