Security Event Analytics and Endpoint Visibility – Key Components of IT Security Synthesized for the First Time by Viewfinity and FireEye

by Viewfinity 27. January 2015 12:41

As the IT security landscape continues to become more complex, analysts and industry experts urge the importance of threat investigation and response tools. Seeing a need, the Viewfinity and FireEye teams have collaborated to join solutions to provide improved security event analytics and endpoint visibility.

<Read the full press release here>

With organizations facing tens of thousands of security events, on a daily basis (InfoSecurity Magazine), IT administrators need a way to identify suspicious behavior, isolate security risks, and remediate incidents as quickly as possible. Accelerated threat detection and incident response is paramount when trying to reduce costly dwell time and the foot print of security infiltrations.

With this joint integration, Viewfinity application and endpoint access data are correlated with enterprise-wide security and network threat information within FireEye TAP and FireEye AX. Using FireEye TAP, security teams can view one dashboard with relevant threat data and prioritized by threat level. This centralized dashboard allows security teams to quickly identify malicious activity and, with the Viewfinity integration, enforce restricted execution of suspicious applications and block malware identified by TAP on the endpoint.

 

AX Viewfinity: How it Works 

 
TAP Viewfinity: How it Works
   

This week Viewifnity is also participating in FireEye Momentum - a FireEye partner and user event. Here's a shot of one of the speakers during the show!

 

 

 

 

To learn more about this latest integration and how you can leverage the investment that you have already made into FireEye AX or TAP, contact a Viewfinity representative today.

 


 

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Administrative Rights | application control | Security | Security Protection | Viewfinity

About Viewfinity Part 2: What our software does

by Viewfinity 23. January 2015 10:11




Share this information

Upcoming Industry Events

FireEye Momentum
Las Vegas, NV
January 26-29

 

Data Connectors
Los Angeles, CA
January 29th

 

Data Connectors
San Jose, CA
February 19th

 

MODUG
Oklahoma City, OK
February 24th

 

RSA Conference
San Francisco, CA
April 20-14

 

BlackHat
Las Vegas, NV
August 1-6

 

 

What Does Viewfinity Do?

Part 2 in our succinct series to determine if our endpoint and security solution is a fit for your company


Watch our video overview!

Last week we shared with you a brief overview of our company. This week we wanted to follow up with a bit more about exactly what it is we do to improve your security posture and defend against potentially devastating infiltrations.

Our core capabilities aim to reduce the attack surface and proactively deter advanced persistent threats by:

  1. Managing administrative rights once local admin rights have been removed from user machines
  2. Monitoring and controlling all applications being installed or run within an environment
  3. Collaborating with network security sandboxes and firewalls, reputation database services, and SIEM to accelerate threat detection and remediation

See what industry experts are saying:

We've run several live webcasts with Microsoft Security Trusted Advisor Paula Januszkiewicz in the recent past. Check out our latest recording:

Steps Hackers Take to Infiltrate Windows Infrastructures & Least Privilege Application Control

 


 

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

What does 2015 have in store for Information Security? - InfoSecurity Magazine’s 2015 Predictions

by Viewfinity 7. January 2015 14:54

Recently InfoSecurity Magazine ran a 3 part series outlining their predictions for the upcoming year as it relates to information security. In honor of the New Year we wanted to share these predictions with you.

Part 1: The Recurring Themes

Part 2: The Escalating Threats

Part 3: Defense, Response, Collaboration

The articles outline some very interesting points on the state of the industry and what is expected to come in the near future. Some predictions, like a rise in insider threats, are expected, while other predictions offer new insights into recurring problems. Take a read and let us know what you think the most pressing prediction the IT security landscape faces in 2015.

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Sony Draws Global Headlines as Latest Breach Continues to Wreak Havoc

by Alex Shoykhet 18. December 2014 11:39

Wow.  Those are the words being used to describe the diverse ways in which the Sony breach is playing out.  Hackers who have been waging a cyber war on the production have leaked millions of documents drawing global headlines and unreleased films being distributed online.

From purely and IT security perspective, the complete picture of the exact path and components related to the Sony security breach are still being unraveled and investigated, however I did some investigating myself from various sources including a report published by the Trend Micro team and learned what role excess privileges may have played.  Here’s what I found:  

Any company that allows its users to have local administrative rights is equally as exposed to the type of attack that Sony is experiencing. The specific traces I found are as follows and all these actions require admin rights:

  • When the primary malware file diskpartmg16.exe used in the Sony attack was introduced, it granted full user rights to another file which proceeded to execute the following:
  • This malware’s routines, aside from deleting users’ files, include stopping the Microsoft Exchange Information Store service.
  • After it does this, the malware sleeps for another two hours.
  • It then forces the system to reboot.

The FBI flash memo titled “#A-000044-mw” describes an overview of the malware behavior, which reportedly has the capability to override all data on hard drives of computers, including the master boot record, which prevents them from booting up.

Viewfinity Application Control mitigating activities:

  • Also, if default deny practices were actively in use, the unclassified file diskpartmg16.exe would not be allowed to execute because it would not be part of the whitelist profile.
  • Viewfinity supports efforts to enforce a “least privilege” operating model which doesn’t allow not approved processes to operate with administrative privileges
  • Viewfinity’s monitoring mode and forensic analysis capabilities would have identified precisely where diskpartmg16.exe originated from, be it a URL, USB, etc. and through which user it was introduced.

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Microsoft Security Bulletin Summary for November 2014 / Admin Rights related vulnerabilities

by Viewfinity 9. December 2014 11:20
Microsoft Security Bulletin Summary for November 2014 / Admin Rights related vulnerabilities
  • Microsoft Security Bulletin MS14-064 – Critical . Vulnerabilities in Windows OLE Could Allow Remote Code Execution
    This security update resolves two privately reported vulnerabilities in Microsoft Windows Object Linking and Embedding . The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • Microsoft Security Bulletin MS14-065 – Critical . Cumulative Security Update for Internet Explorer
    This security update resolves seventeen privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
  • Microsoft Security Bulletin MS14-067 – Critical. Vulnerability in XML Core Services Could Allow Remote Code Execution
    This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a logged-on user visits a specially crafted website that is designed to invoke Microsoft XML Core Services (MSXML) through Internet Explorer. In all cases, however, an attacker would have no way to force users to visit such websites. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger request that takes users to the attacker's website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
  • Microsoft Security Bulletin MS14-069 – Important. Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
    This security update resolves three privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected edition of Microsoft Office 2007. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
  • Microsoft Security Bulletin MS14-070 – Important. Vulnerability in TCP/IP Could Allow Elevation of Privilege
    This security update resolves a publically reported vulnerability in TCP/IP that occurs during input/output control (IOCTL) processing. This vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another process. If this process runs with administrator privileges, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Microsoft Security Bulletin MS14-073 – Important. Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege
    This security update resolves a privately reported vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could run arbitrary script in the context of the user on the current SharePoint site. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit these vulnerabilities and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit these vulnerabilities.
     
  • Microsoft Security Bulletin MS14-078 – Moderate. Vulnerability in IME (Japanese) Could Allow Elevation of Privilege
    This security update resolves a privately reported vulnerability in Microsoft Input Method Editor (IME) (Japanese). The vulnerability could allow sandbox escape based on the application sandbox policy on a system where an affected version of the Microsoft IME (Japanese) is installed. An attacker who successfully exploited this vulnerability could escape the sandbox of a vulnerable application and gain access to the affected system with logged-in user rights. If the affected system is logged in with administrative rights, an attacker could then install programs; view, change or delete data; or create new accounts with full administrative rights.

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

#TBT Sony is not the only company with recurring data breaches

by Viewfinity 4. December 2014 16:40

Sony is in the news for another high profile data breach; this time hackers were able to infiltrate their servers, denying service and leaking proprietary information about scripts and even releasing upcoming films. While many are quick to point the finger at Sony for being underprepared, we’re standing with journalist Wayne Rash of eWeek.  In his article published yesterday Rash stated “the fact is all enterprises are just as vulnerable as Sony.”

Sony is not the first enterprise to get breached more than once. While traditional IT security practices should definitely be investigated and bolstered if necessary we think that the answer lies not in fool proof protection, which simply doesn’t exist, but in proper incident response and analysis which can enable an organization to adapt and move past a breach, better protecting against them in the future. Visibility into an IT environment allows for accelerated incident response, which can drastically diminish dwell time. Solutions like continuous monitoring and forensic analysis are the tools needed to respond to the ever adapting hackers and malware of today.

For more information on how you can protect your infrastructure before, during, and after an attack check out this whitepaper: Utilizing Pervasive Application Monitoring and File Origin Tracking in IT Security.

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

SC Magazine: New POS Malware Appears to be in Beta Testing Phase

by Viewfinity 2. December 2014 15:10

New POS Malware Appears to be in Beta Testing Phase

 

Read the full article from SC Magazine here.

Contact us if you'd like to know how we can help protect POS Systems.

Here are two more articles which address this problem as well, they are worth the read.

  • Jon Oltsik, Senior Principle Analysts for ESG
       “If Target used some type of application controls (from Bit 9, Kaspersky, McAfee, Viewfinity etc.)… it may have bad a better fighting chance.”       In Reducing Attack Surface with Application Control, we look at the double-edged sword of application control, detail a number of use cases where it fits well, and define selection criteria to consider for the technology.

 

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Security firms uncover 'sophisticated' Regin spyware

by Alex Shoykhet 25. November 2014 11:26

Security firms uncover 'sophisticated' Regin spyware:
An "extremely complex" and "stealthy" spying program has been stealing data from ISPs, energy companies, airlines and research-and-development labs...

According to an article published by the BBC News, only about 100 Regin infections have so far been identified.

It is believed to provide the ability to:

  • remote access victims' computers remotely
  • take screenshots
  • control a mouse pointer
  • steal data
  • recover deleted files

Viewfinity Application Control provides IT security protection to combat spyware like Regin. As with most malware, computers with excessive administrative rights are much more vulnerable to being penetrated by this type of malware versus computers operating in a controlled privileged management environment. Viewfinity’s monitoring of any “grey” applications (applications not yet classified and/or known as a trusted source in your environment) along with the history related to the application (from which URL it was installed, by whom, how many and which computers it is presently installed on, etc.) plus monitoring of network or web activity that is initiated by a suspicious application, would help to protect against Regin.  Additionally, Viewfinity’s cross-referencing of information using its endpoint agent to colloborate with network security products (FireEye, Check Point and Palo Alto) identifies malware faster and elicits an immediate response. Regin appears to be targeting Energy companies – a vertical in which Viewfinity has an extended customer base.  You can learn about one use case here. http://www.viewfinity.com/Customers/Use_Case_Series.aspx

Read the full BBC News article here:  http://m.bbc.com/news/technology-30145265

 

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

1 Week Until Black Friday – 25 Gadget Gift Ideas

by Viewfinity 21. November 2014 15:49

With only one week left until the biggest shopping day of the year we wanted to share this great gadget gift guide for all of our tech-loving readers out there. Whether you’re computer illiterate or tech savy, these gifts will please anyone.

Holiday Gift Guide 2014: 25 Gadgets That Make Great Gifts

Have you started your holiday shopping yet? Be sure to check out this recent blog post on keeping your credit card safe before you do.

1 Week Until Black Friday – 25 Gadget Gift Ideas

by Viewfinity 21. November 2014 15:29

With only one week left until the biggest shopping day of the year we wanted to share this great gadget gift guide for all of our tech-loving readers out there. Whether you’re computer illiterate or tech savvy, these gifts will please anyone.

Holiday Gift Guide 2014: 25 Gadgets That Make Great Gifts

Have you started your holiday shopping yet? Be sure to check out this recent blog post on keeping your credit card safe before you do.

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags:

Powered by BlogEngine.NET 1.4.5.0
Theme by Mads Kristensen

Calendar

<<  January 2015  >>
MoTuWeThFrSaSu
2930311234
567891011
12131415161718
19202122232425
2627282930311
2345678

View posts in large calendar

About Viewfinity

Viewfinity provides privilege management and application control for desktops, laptops and servers, empowering enterprises to meet compliance mandates, reduce security risks, and lower IT costs. The Viewfinity solution allows enterprises to control end user and privileged user rights for applications and systems which require elevated permissions. Viewfinity's granular-level control enables companies to establish and enforce consistent policies for least privilege Windows-based environments based on segregation of duties. For more information, visit www.viewfinity.com.

Follow us on Twitter: viewfinity
Find us on LinkedIn: www.linkedin.com/companies/viewfinity
Become a fan on Facebook: www.viewfinity.com/facebook