eWeek Product Review on Privilege Management

by Mary Rose 22. October 2010 14:38

Managing user privileges is one of the first steps in securing desktops from unauthorized use. However, privilege management can be a complex and difficult process. Viewfinity removes much of that complexity and should be useful for regulatory compliance.
by Frank Ohlhorst

In the past, administrators looking to lock down PCs and servers had to rely on complex, difficult-to-audit schemes that used policies driven by a directory service, such as Microsoft's Active Directory. That approach involved the creation of granular policies using native operating system tools that proved tedious at best, unenforceable at worst.

Viewfinity in the lab

I found that Viewfinity offers an easy-to-use, Web-based management console, which is laid out in dashboard fashion. Here, it was pretty easy to determine what to do. For example, if I wanted to control administrative privileges for a group of PCs or users, I could simply select from the "Policies" menu and then select "Create policy," which would offer me some choices, such as "Elevate privileges," "Application policy" or "Computer policy." With "Elevate privileges" I was presented with choices from which to create rules for the privilege set, such as "Run application with administrative privileges" or "Permit ActiveX control installation," and so on.

The rule selection can get very granular, allowing administrators to fine-tune access and control policies. Administrators also have the option of creating policies based upon specific applications or specific computers. Application policies that control privileges can be very useful. Take for example a situation that requires an application to have access to certain low-level OS functions. Let's say it is an application that uses an ActiveX control—normally, you may want to lock down access to that control to prevent a breach. With Viewfinity, you can grant temporary privileges to the application, allowing access to the normally locked-down ActiveX control, so the application can function properly, while the level of security remains high.

That granularity fits well with the preferred security concept of locking everything down and only allowing access to what is required. Viewfinity offers a plethora of policy controls that can be combined, grouped and assigned in multiple fashions. That level of flexibility allows administrators to create complex policies that span several administrative privileges on a PC. That bodes well for those trying to meet regulatory compliance requirements, such as HIPAA (Health Insurance Portability and Accountability Act), FDCC, PCI or the Sarbanes-Oxley Act, which encompass access controls and the control of sensitive information.

... [read the full review]

Viewfinity also offers comprehensive auditing reporting, which lets administrators create full audit reports identifying who has what privileges. Auditing goes one step further to record activity, access attempts and dependencies required by applications and processes.

Read the full review:  http://www.eweek.com/c/a/Security/Viewfinity-Takes-the-Pain-out-of-Privilege-Management-720233/

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Privilege Management | Viewfinity

Comments

Powered by BlogEngine.NET 1.4.5.0
Theme by Mads Kristensen

Calendar

<<  September 2014  >>
MoTuWeThFrSaSu
25262728293031
1234567
891011121314
15161718192021
22232425262728
293012345

View posts in large calendar

About Viewfinity

Viewfinity provides privilege management and application control for desktops, laptops and servers, empowering enterprises to meet compliance mandates, reduce security risks, and lower IT costs. The Viewfinity solution allows enterprises to control end user and privileged user rights for applications and systems which require elevated permissions. Viewfinity's granular-level control enables companies to establish and enforce consistent policies for least privilege Windows-based environments based on segregation of duties. For more information, visit www.viewfinity.com.

Follow us on Twitter: viewfinity
Find us on LinkedIn: www.linkedin.com/companies/viewfinity
Become a fan on Facebook: www.viewfinity.com/facebook