Leading Analyst Firm Publishes A Buyer’s Guide to Endpoint Protection Platforms

by Viewfinity 6. February 2015 14:33

In one of its latest research reports focusing on Endpoint Protection Platforms (EPP), this leading analyst firm stresses the importance of implementing solutions which fall in line with an organization’s specific business, technical, and regulatory needs. Each situation is different, however one common factor that all organizations battle is malware.

Analyst firm subscribers can read the full report here.

Malware detection is stressed as a core functionality of EPP solutions, breaking down the category into three distinct sections: Advanced Malware Protection, Malware Removal, and Application Control. Due to the limitations of traditional anti-virus/malware solutions it’s important for organizations to look for comprehensive tools which cater to all three malware detection categories. This enables organizations to have a closed-loop solution which handles security before, during, and after and attack.

The report also states that an ideal solution will cater to both well-known and not yet identified malware, while at the same time allowing an organization to identify, isolate/restrict, and eventually remove suspicious executables from your environment.

Viewfinity offers one of the only solutions to offer advanced endpoint protection that focuses on lessening the impact of IT security breaches before, during and after an attack. Our core capabilities aim to reduce the attack surface and proactively deter advanced persistent threats by:

  1. Managing administrative rights once local admin rights have been removed from user machines
  2. Monitoring and control all applications being installed or run.  Can be used as a precursor to default deny.
  3. Accelerate detection, incident response and remediation efforts via threat management capabilities that collaborate with network security sandboxes and firewalls, reputation database services, and SIEM.

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Tech Target: CIOs beef up security tools in wake of 2014 data breaches

by Viewfinity 3. February 2015 13:37

Tech Target recently published an article by Dina Gerdeman that breaks down new and changing IT security strategies that CIOs should be adopting given the current IT landscape. Key topics of the article cover:

  • Monitoring user behavior
  • Employee training
  • Working remotely and encrypting data
  • Seeking outside help
  • Planning for a disaster
  • Fear of the unknown

In regard to the top mentioned topic – Monitoring, this white paper may be helpful in your research phase: Utilizing Pervasive Application Monitoring and File Origin Tracking in IT Security.

Gartner also chimed in on the article: “Monitoring is one area where CIOs need to step up their game, said Jay Heiser, research vice president with Gartner Inc. Many organizations have been putting more effort into "locking the doors," he said, than in detecting whether those doors have been circumvented.”

"It feels good to put more locks on the doors, but if someone comes in through the windows, what's the point?" he asked. "If there is any change based on this year's dramatic failures, it's a renewed appreciation for the benefits of monitoring." (TechTarget, 2015)

Take a few minutes to read the article and let us know if you have questions about how Viewfinity can help you with some of these topics.

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

FireEye VP of Strategic Solutions Discusses Viewfinity/FireEye Integration

by Viewfinity 30. January 2015 14:23

For the first time endpoint and network security solutions have come together for a truly comprehensive security solution.

In our recent press release we outlined our latest integration with FireEye TAP and AX solutions, in an aim to leverage the power of both solutions to accelerate incident response and remediation.

In an interview with Mary-Louise Hoffman of Executive Biz, Grady Summers FireEye VP of Strategic Solutions highlighted the need for this integration, “endpoint to network security visibility is an instrumental component to stopping advanced attacks” (Executive Biz, 2015).

Viewfinity and FireEye now can work in tandem to identify suspicious behavior within a network and then track, isolate, and block malicious activity on the endpoints.

Learn more about how the integration works.

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Security Event Analytics and Endpoint Visibility – Key Components of IT Security Synthesized for the First Time by Viewfinity and FireEye

by Viewfinity 27. January 2015 12:41

As the IT security landscape continues to become more complex, analysts and industry experts urge the importance of threat investigation and response tools. Seeing a need, the Viewfinity and FireEye teams have collaborated to join solutions to provide improved security event analytics and endpoint visibility.

<Read the full press release here>

With organizations facing tens of thousands of security events, on a daily basis (InfoSecurity Magazine), IT administrators need a way to identify suspicious behavior, isolate security risks, and remediate incidents as quickly as possible. Accelerated threat detection and incident response is paramount when trying to reduce costly dwell time and the foot print of security infiltrations.

With this joint integration, Viewfinity application and endpoint access data are correlated with enterprise-wide security and network threat information within FireEye TAP and FireEye AX. Using FireEye TAP, security teams can view one dashboard with relevant threat data and prioritized by threat level. This centralized dashboard allows security teams to quickly identify malicious activity and, with the Viewfinity integration, enforce restricted execution of suspicious applications and block malware identified by TAP on the endpoint.

 

AX Viewfinity: How it Works 

 
TAP Viewfinity: How it Works
   

This week Viewifnity is also participating in FireEye Momentum - a FireEye partner and user event. Here's a shot of one of the speakers during the show!

 

 

 

 

To learn more about this latest integration and how you can leverage the investment that you have already made into FireEye AX or TAP, contact a Viewfinity representative today.

 


 

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Administrative Rights | application control | Security | Security Protection | Viewfinity

About Viewfinity Part 2: What our software does

by Viewfinity 23. January 2015 10:11




Share this information

Upcoming Industry Events

FireEye Momentum
Las Vegas, NV
January 26-29

 

Data Connectors
Los Angeles, CA
January 29th

 

Data Connectors
San Jose, CA
February 19th

 

MODUG
Oklahoma City, OK
February 24th

 

RSA Conference
San Francisco, CA
April 20-14

 

BlackHat
Las Vegas, NV
August 1-6

 

 

What Does Viewfinity Do?

Part 2 in our succinct series to determine if our endpoint and security solution is a fit for your company


Watch our video overview!

Last week we shared with you a brief overview of our company. This week we wanted to follow up with a bit more about exactly what it is we do to improve your security posture and defend against potentially devastating infiltrations.

Our core capabilities aim to reduce the attack surface and proactively deter advanced persistent threats by:

  1. Managing administrative rights once local admin rights have been removed from user machines
  2. Monitoring and controlling all applications being installed or run within an environment
  3. Collaborating with network security sandboxes and firewalls, reputation database services, and SIEM to accelerate threat detection and remediation

See what industry experts are saying:

We've run several live webcasts with Microsoft Security Trusted Advisor Paula Januszkiewicz in the recent past. Check out our latest recording:

Steps Hackers Take to Infiltrate Windows Infrastructures & Least Privilege Application Control

 


 

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

What does 2015 have in store for Information Security? - InfoSecurity Magazine’s 2015 Predictions

by Viewfinity 7. January 2015 14:54

Recently InfoSecurity Magazine ran a 3 part series outlining their predictions for the upcoming year as it relates to information security. In honor of the New Year we wanted to share these predictions with you.

Part 1: The Recurring Themes

Part 2: The Escalating Threats

Part 3: Defense, Response, Collaboration

The articles outline some very interesting points on the state of the industry and what is expected to come in the near future. Some predictions, like a rise in insider threats, are expected, while other predictions offer new insights into recurring problems. Take a read and let us know what you think the most pressing prediction the IT security landscape faces in 2015.

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Sony Draws Global Headlines as Latest Breach Continues to Wreak Havoc

by Alex Shoykhet 18. December 2014 11:39

Wow.  Those are the words being used to describe the diverse ways in which the Sony breach is playing out.  Hackers who have been waging a cyber war on the production have leaked millions of documents drawing global headlines and unreleased films being distributed online.

From purely and IT security perspective, the complete picture of the exact path and components related to the Sony security breach are still being unraveled and investigated, however I did some investigating myself from various sources including a report published by the Trend Micro team and learned what role excess privileges may have played.  Here’s what I found:  

Any company that allows its users to have local administrative rights is equally as exposed to the type of attack that Sony is experiencing. The specific traces I found are as follows and all these actions require admin rights:

  • When the primary malware file diskpartmg16.exe used in the Sony attack was introduced, it granted full user rights to another file which proceeded to execute the following:
  • This malware’s routines, aside from deleting users’ files, include stopping the Microsoft Exchange Information Store service.
  • After it does this, the malware sleeps for another two hours.
  • It then forces the system to reboot.

The FBI flash memo titled “#A-000044-mw” describes an overview of the malware behavior, which reportedly has the capability to override all data on hard drives of computers, including the master boot record, which prevents them from booting up.

Viewfinity Application Control mitigating activities:

  • Also, if default deny practices were actively in use, the unclassified file diskpartmg16.exe would not be allowed to execute because it would not be part of the whitelist profile.
  • Viewfinity supports efforts to enforce a “least privilege” operating model which doesn’t allow not approved processes to operate with administrative privileges
  • Viewfinity’s monitoring mode and forensic analysis capabilities would have identified precisely where diskpartmg16.exe originated from, be it a URL, USB, etc. and through which user it was introduced.

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Microsoft Security Bulletin Summary for November 2014 / Admin Rights related vulnerabilities

by Viewfinity 9. December 2014 11:20
Microsoft Security Bulletin Summary for November 2014 / Admin Rights related vulnerabilities
  • Microsoft Security Bulletin MS14-064 – Critical . Vulnerabilities in Windows OLE Could Allow Remote Code Execution
    This security update resolves two privately reported vulnerabilities in Microsoft Windows Object Linking and Embedding . The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • Microsoft Security Bulletin MS14-065 – Critical . Cumulative Security Update for Internet Explorer
    This security update resolves seventeen privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
  • Microsoft Security Bulletin MS14-067 – Critical. Vulnerability in XML Core Services Could Allow Remote Code Execution
    This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a logged-on user visits a specially crafted website that is designed to invoke Microsoft XML Core Services (MSXML) through Internet Explorer. In all cases, however, an attacker would have no way to force users to visit such websites. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger request that takes users to the attacker's website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
  • Microsoft Security Bulletin MS14-069 – Important. Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
    This security update resolves three privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected edition of Microsoft Office 2007. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
  • Microsoft Security Bulletin MS14-070 – Important. Vulnerability in TCP/IP Could Allow Elevation of Privilege
    This security update resolves a publically reported vulnerability in TCP/IP that occurs during input/output control (IOCTL) processing. This vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another process. If this process runs with administrator privileges, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Microsoft Security Bulletin MS14-073 – Important. Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege
    This security update resolves a privately reported vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could run arbitrary script in the context of the user on the current SharePoint site. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit these vulnerabilities and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit these vulnerabilities.
     
  • Microsoft Security Bulletin MS14-078 – Moderate. Vulnerability in IME (Japanese) Could Allow Elevation of Privilege
    This security update resolves a privately reported vulnerability in Microsoft Input Method Editor (IME) (Japanese). The vulnerability could allow sandbox escape based on the application sandbox policy on a system where an affected version of the Microsoft IME (Japanese) is installed. An attacker who successfully exploited this vulnerability could escape the sandbox of a vulnerable application and gain access to the affected system with logged-in user rights. If the affected system is logged in with administrative rights, an attacker could then install programs; view, change or delete data; or create new accounts with full administrative rights.

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

#TBT Sony is not the only company with recurring data breaches

by Viewfinity 4. December 2014 16:40

Sony is in the news for another high profile data breach; this time hackers were able to infiltrate their servers, denying service and leaking proprietary information about scripts and even releasing upcoming films. While many are quick to point the finger at Sony for being underprepared, we’re standing with journalist Wayne Rash of eWeek.  In his article published yesterday Rash stated “the fact is all enterprises are just as vulnerable as Sony.”

Sony is not the first enterprise to get breached more than once. While traditional IT security practices should definitely be investigated and bolstered if necessary we think that the answer lies not in fool proof protection, which simply doesn’t exist, but in proper incident response and analysis which can enable an organization to adapt and move past a breach, better protecting against them in the future. Visibility into an IT environment allows for accelerated incident response, which can drastically diminish dwell time. Solutions like continuous monitoring and forensic analysis are the tools needed to respond to the ever adapting hackers and malware of today.

For more information on how you can protect your infrastructure before, during, and after an attack check out this whitepaper: Utilizing Pervasive Application Monitoring and File Origin Tracking in IT Security.

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

SC Magazine: New POS Malware Appears to be in Beta Testing Phase

by Viewfinity 2. December 2014 15:10

New POS Malware Appears to be in Beta Testing Phase

 

Read the full article from SC Magazine here.

Contact us if you'd like to know how we can help protect POS Systems.

Here are two more articles which address this problem as well, they are worth the read.

  • Jon Oltsik, Senior Principle Analysts for ESG
       “If Target used some type of application controls (from Bit 9, Kaspersky, McAfee, Viewfinity etc.)… it may have bad a better fighting chance.”       In Reducing Attack Surface with Application Control, we look at the double-edged sword of application control, detail a number of use cases where it fits well, and define selection criteria to consider for the technology.

 

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Powered by BlogEngine.NET 1.4.5.0
Theme by Mads Kristensen

Calendar

<<  March 2015  >>
MoTuWeThFrSaSu
2324252627281
2345678
9101112131415
16171819202122
23242526272829
303112345

View posts in large calendar

About Viewfinity

Viewfinity provides privilege management and application control for desktops, laptops and servers, empowering enterprises to meet compliance mandates, reduce security risks, and lower IT costs. The Viewfinity solution allows enterprises to control end user and privileged user rights for applications and systems which require elevated permissions. Viewfinity's granular-level control enables companies to establish and enforce consistent policies for least privilege Windows-based environments based on segregation of duties. For more information, visit www.viewfinity.com.

Follow us on Twitter: viewfinity
Find us on LinkedIn: www.linkedin.com/companies/viewfinity
Become a fan on Facebook: www.viewfinity.com/facebook