Upcoming Webinar: 30-day Cyber Security Sprint - Not Just for the Government

We've been keeping you up to date on the OPM government data breach over the past few weeks, including information about the Federal CIO's mandated 30-day Cyber Security Sprint. However, it's important to understand that this initiative can benefit and apply to all organizations, regardless of industry.

This week we're running a 30 minute webinar dedicated to spreading awareness for this initiative; attendees will learn first hand how they can begin implementing some of the suggested tactics, within their organization, in order to improve their cyber security posture. Full details of the webinar are below:

Join us for a webinar on July 23, 2015 at 11:30AM EDT

30-day Cyber Security Sprint - Not Just for the Government

Register now!

On June 12th, US federal government CIO Tony Scott launched a government-wide Cyber Security Sprint, giving agencies 30 days to shore up their systems. The guidelines outlined in the 30-day cyber security sprint make sense for all industries, not just the US federal government.

There are two important elements on the list that Viewfinity can help with in regard to improved cyber security:

  1. Controlling, Containing, and Recovering from Incidents: Contain malware proliferation, privilege escalation, and lateral movement. Quickly identify and resolve events and incidents.
  2. Reducing Attack Surfaces

Join our 30 minute webinar focused on explaining the various methods by which the Viewfinity software addresses these security measures. Topics to be addressed include:

  • Removing administrator rights and managing privilege elevation needs through policies
  • Application Control, Monitoring and Forensics providing threat detection and response
  • Mitigating Pass the Hash tactics that harvest local admin credentials in an attack
  • Protecting against Cryptolocker

Leading Analyst Firm “Cool” Report Still Leans on IT Security Fundamentals

A leading analyst firm recently published a report highlighting emerging technology companies in security infrastructure protection that offer innovative solutions to tackling IT security challenges.  While the technologies are intriguing, what is also interesting is that the analysts continue to address the common attack loopholes.  So while there is cool new technology, the importance of adhering to IT security fundamentals like removing local admin rights and understanding endpoint vulnerabilities continues to offer solid security.

One such citing was “the most common attack vector that hackers use across enterprises and sectors is dumping malware on a user's endpoint…” and “code is typically reused for initial exploits, establishing a foothold, and escalating privileges and moving laterally through the target victim organization.”

Even with all the emerging technology available, analysts are still bringing fundamental IT security concerns to the attention of CISOs! 

This is why we stress the importance of being informed about all technology.  You can learn more about Viewfinity’s here.  

Viewfinity offers endpoint security technology that eliminates risks exposed due to excessive administrative privileges and allowing unclassified applications to run unmonitored.  We shut down a hackers ability to use pass-the-hash to steal user credentials because no user has administrative privileges on the endpoint, effectively closing off this extremely vulnerable security loophole.

TODAY, July 7th - Critical Flash Exploit In Play

A sophisticated "zero-day", critical Flash exploit stolen from Hacking Team has now been released into the wild, and Adobe won’t have a patch available until tomorrow.

What is your immediate risk due to this critical Flash exploit? 

One of the most vulnerable points of entry into your IT infrastructure is through endpoints, this includes both servers and desktops.  This is where hackers typically seed their malware and begin the process of exploitation via lateral movements. They do this by stealing user credentials with administrative privileges and privileged accounts.  This is commonly done via the pass-the-hash technique.

What can you do in the meantime? 

How can you protect against other exploits, such as CryptoLocker?

  • A proven method for reducing vulnerabilities related to common cyber attacks, such as CryptoLocker, is to block access to known malicious websites and also by limiting the activity of unclassified applications.  Do this by blocking or restricting the execution of unsigned executables which can frequently open the door for cyber threats like CryptoLocker.
  • Collaborate endpoint activity with network firewall intelligence.  A good example is the practice of cross-referencing unknown endpoint files with network security vendors. This sandbox-like functionality provides an isolated local environment for running greylist (unknown) applications. This limits the reach of an application, protecting your environment from any malicious intent from rogue executables.

National Journal - A Timeline of Government Breaches

Recently, Kaveh Waddell and Stephanie Stamm of the National Journal posted an article: A Timeline of Government Breaches. This article does a great job at outlining the major data breaches that have hit the US government over the past few years. In addition to creating a timeline of all data breaches over the past few years, they break down each data breach individually in a timeline from infiltration, to detection, and public notification.

Read the full article here.

Here is a quick snapshot of the latest OPM breach timeline, be sure to read the full article to find out about all of the data breaches affecting the US government over the past few years.

Endpoint Security Measures Enacted to Remove Administrative Privileges and Meet Least Privilege Compliance

The article that follows is a use case study from an IT Services & Consulting company related to endpoint security that eliminates risks exposed due to excessive administrative privileges and allowing unclassified applications to run unmonitored. Request a brief consult to learn how Viewfinity can help your efforts to reduce endpoint security vulnerabilities.


The Challenge:
Millions of dollars were spent annually on unwarranted and unauthorized installations of licensed software such as premium versions of Microsoft Visual studio, Visio, Project, Adobe Acrobat Writer, etc. In addition, malware infections and the management of end user administrative privileges created significant IT department overheads. The company also had stringent compliance and security mandates, both within the organization as well as from its clients - which, if not met, often resulted in hefty financial penalties.

“We immediately saved close to $1M in software license costs just by being able to control who can install premium software versions such as Microsoft Visual Studio Ultimate and Visio Professional”.
“To date, our company has saved close to $2M in licensing costs by restricting which software editions users had access to download.”
~Head of Global IT

The case study can be read in its entirety here.

The Solution:

Before the Viewfinity deployment, the IT Services & Consulting company had no means of controlling end user administrative privileges. Therefore administrative rights were granted to most of the software engineering workforce. Because employees across-the-board had administrative privileges, they were constantly downloading unnecessary and/or harmful software – leading to security incidents that resulted in increased licensing cost and administrative overhead.

Policies were put in place to prevent users from installing costly and unnecessary applications as well as potentially harmful software onto their machines. “A high percentage of our workforce is young software engineers. We found that they were downloading a lot of software, which inadvertently included malware and hacking software, to play around with,” explained the Head of Global IT. “This created a lot of IT overhead when trying to remediate infections created by these downloads. ”With Viewfinity, the company could remove administrative rights from these engineers and only allow elevations for specific, pre-approved applications.

The Results:

  • To date, the company has saved close to $2 Million in licensing costs by restricting download access to software editions.
  • With tighter administrative privilege security, a long laundry list of unwanted software is blocked and company IT overhead has been reduced by 20%.
  • Users have rights only for what they need, they cannot install software that is not required/allowed for their business unit/job function. 
  • Through automated workflow approval, users no longer have to request administrative rights from the IT department and can do their job without waiting. 
  • Administrative rights are never given back to the user, preventing the “privilege creep” problem that was occurring.

Closing down cyber security loopholes that led to the OPM breach, and others

What do the Target, Anthem, OPM breaches all have in common? These cyber security breaches occurred when a privileged user account was compromised and then leveraged to gain access to other parts of their endpoint and server environment, in order to steal sensitive data.  And the key to stopping them? Closing down the security loopholes left open by local administrator rights and improper credential management.

Recently, Jaikumar Vijayan of the Christian Science Monitor published an article, “OPM hack may finally end over use of ‘privileged’ user accounts” which outlines the attack and how several security experts thing it, and others like it, could have been prevented.

SO, as we see it there are 2 problems that led to this attack:

#1 Improper password management and exploitation of user credentials

#2 Excess local admin rights leading to endpoint security loopholes

And, honestly, the fix is actually a relatively simple one, a layered approach to cyber security which Federal CIO Tony Scott says can be addressed in a “30 Day ‘Cyber Security Sprint’”.

First and foremost: reduce the number of people who are operating with administrative rights in your environment. This reduces your attack surface and closes down security loopholes which can lead to devastating advanced persistent threats (APTs).

Scott’s fast track to better, more comprehensive cyber security contains several elements which are easily achievable, including approaches that we feel are applicable to all industries.

We’re taking about a layered approach to cyber security, because one solution just cannot combat the many facets of advanced persistent threats. We’re talking about solutions that fight a combination of external threats, exploiting vulnerabilities of inside users, which often go unnoticed for weeks or even months without the proper visibility (application monitoring, auditing, forensic analysis) into an environment.

The answer is simple, a combination of PIM, application control, and privilege elevation capabilities which can work to track, monitor, and audit all admin password activities and application security across an infrastructure’s endpoints and servers. Key factors here include:

1.      Privilege Account Auditing: understanding who in your environment is operating as a privileged user.

Viewfinity offers a free Local Admin Discovery Tool which allows organizations to do just that.

2.      Follow the Principle of Least Privileges: remove administrator rights from as many users as possible within your environment.

Viewfinity Privilege Management allows organizations to granularly control privilege elevations within your environment once admin rights have been removed.

3.      Implement a fully-automated PIM Solution; password management and other critical techniques to ensure the security of users who must operate as administrators in your environment.

Viewfinity collaborates with organizations like CA and Liberman to leverage the investments that you have already made into these PIM solutions.

4.      Control and monitor what applications are running in your environment.

Viewfinity Application Control utilizes application monitoring and forensic analysis, enabling organizations to understand which applications are running on servers and desktops.

5.       Be prepared to quickly detect, identify, and remediate any threats in your environment; through technologies that can collaborate with network security sandboxes and firewalls.

Viewfinity integrates with FireEye, Check Point, and Palo Alto solutions to accelerate detection, incident response, and remediation efforts via threat management capabilities.

 

Organizations need to be prepared with solutions to tackle cyber threats before, during, and after an attack. Don’t wait for tragedy to strike, speak with one of the Viewfinity security experts to find out how your organization can move in the right direction today.

Removing Administrative Rights to Reduce Cyber Threats

Learn how a Fortune 500 energy & utilities company used Viewfinity to reduce cyber threat vulnerability, after removing administrative rights.

This is a cliff-notes version of a use case describing how a Fortune 500 Energy & Utilities Company with assets over $20 billion, tackled the removal of administrative rights in order to protect its infrastructure against cyber threats. Download the full PDF case study here.

FAST FACTS


Reduce exposure to malware and virus threats by
removing administrator rights

Project scope:

•     8500 desktops concerned with this project

•     Managing ~250 applications that corporate IT delivers

•     Between 6-8K unmanaged applications that end users install on their own.  Ultimately the IT team supports the unmanaged to some extent but not on the service level of the corporate applications. 

•     Laptops / mobile workers constitute ~25% of the user base

•     There are over 100 remote offices spread over Missouri and Illinois


The Challenge:

  • The initiative to reduce cyber threats by removing local administrator rights from users was revived during this company’s Windows 7 roll-out. 
  • From previous attempts to remove local admin rights, the IT team realized there would be additional management involved because business processes and application functionality required administrator level access to the operating system. 
  • They knew they would need a tool to manage end user desktop privileges on a granular scale.

The Solution:

  • Contacted other Energy and Utility companies that had implemented or were in the process of planning Windows 7 migration projects and who were also taking the initiative to remove administrator rights. 
  • Research also encompassed online data, and they looked to Gartner reports and analysts to help further qualify the Privilege Management space.   
  • Other Energy companies had different requirements and goals yet the majority were using Viewfinity and having success with it. 
  • The ability to include the Viewfinity agent as part of the deployment image was instrumental to the project since the scope included rolling out Windows 7 machines and removing local admin rights at the same time.


The Results:

  • The company is continuously improving its cyber security posture with a bonus of greater visibility into its end user client computing environment. 
  • The company can be proactive and respond to endpoint security threats without impacting business processes and applications as the Viewfinity product has the ability to quickly update and push policy changes to client endpoints. 
  • They continue to reduce complexity in their client computing environment, and over time have reduced costs. 
  • The product has increased their visibility through working closely with their end users, providing increased awareness of the applications that exist across the organization, who owns them, and how they are used.
  • End users see benefit from less configuration drift and have a desktop that performs better over its useful life. 
  • Removing local admin rights from end users is a big step in protecting the company from cyber threats. Just this reduction cyber threat vulnerability makes it feasible to reduce the company’s exposure.   


Request a brief consult to learn how Viewfinity can help your efforts to reduce endpoint security vulnerabilities.

Getting a Handle on Endpoint Security Vulnerabilities

I've been reading many articles related to the breach on the OPM government agency and there is lots of blame to go around. Significant damage has been done. So I keep thinking, what could Viewfinity do now, today to help other companies start to get a handle on understanding their endpoint security vulnerabilities?

With that thought, I want to make sure you know about our local admin discovery tool (complimentary) that discovers user accounts and groups that have local admin rights. Once the analysis has been run, you can remove users or suspicious groups from the Administrators group directly from the GUI. Also, organizations should understand how hackers exploit admin rights using Pass the Hash techniques to infiltrate an environment, which is alleged to be what happened in the OPM breach.

Many of our customers use this local admin discovery tool as a starting point to reduce endpoint security vulnerabilities within their environments. They have successfully removed the local user as a direct administrator of the computer, effectively closing down one of the top endpoint security loopholes that hackers exploit.

It's a place to start and a smart approach.

Viewfinity Joins FireEye to go Beyond the Breach in Today's Virtual Event

Viewfinity joins FireEye today and tomorrow in a virtual event hosted by FireEye to discuss the evolving threat landscape, best practices in incident response, and how to stop an attack using threat intelligence. 

Viewfinity will showcase the role its endpoint security solution plays with helping organizations deal with security risks. Join Viewfinity alongside other prominent vendors at FireEye’s “Beyond the Breach: Cyber Defense Summit” virtual event. 


Click here to join the conference.



“Unnecessary and excess privileges play a part of every major cyber attack as bad actors seek to gain access to endpoints and systems within an organization by exploiting administrator privileges,” said Grady Summers, vice president of strategic solutions at FireEye.

“By working with Viewfinity, we’re able to combine security information from FireEye with Viewfinity’s application and endpoint access data to surface malicious activity that’s attempting to infiltrate via endpoint access. This endpoint to network security visibility is an instrumental component to stopping advance attacks.”

Viewfinity integrates with FireEye AX and TAP to provide whitelisting/blacklisting functionality and application control on servers and endpoints.

Integration features:

  • Correlates malware alerts from AX and TAP with visibility into server/endpoint data supplied by Viewfinity. 
  • Provides unique information related to the behavior of executables on the endpoint and a timeline of events that offers data which is crucial to TAP analytics. 
  • Identifies suspicious endpoint applications and flags them for submission to FireEye AX for further inspection. 

Integration benefits:

  • Further leverages the investment made in FireEye technology by extending security mechanisms to endpoints.
  • Provides more protection and helps reduce the footprint should a breach occur.
  • Saves time and resources by flagging which files are malicious and need to be blocked on all servers/endpoints.
  • Proves to Cyber Risk Insurance providers that additional measures have been taken to protect their
server/endpoint environment – ensuring prompt response and reduced risk during litigation.

 


USGCB and FDCC

Does anyone remember the days of the US Government Configuration Baseline (USGCB) or its predecessor the Federal Desktop Core Configuration (FDCC)? 

I am fairly certain that with all the announcements about the Chinese breach affecting 4 million federal workers this mandate is going to be revisited seriously by many agencies. 

Simply stated, the Federal Desktop Core Configuration and U.S. Government Configuration Baseline constitute a list of security settings recommended by the National Institute of Standards and Technology for computers that are connected directly to the network of a United States government agency.  In 2010, the USGCB was issued as a replacement to the Federal Desktop Core Configuration (FDCC) and provides the baseline settings that Federal agencies are required to implement for security and environmental reasons.  One of the key principles of these security configuration guidelines is removing the local user as a direct Administrator of the computer.  

For departments that currently lock down desktops, or who are in the process of meeting these governmental guidelines, Viewfinity offers government agencies the ability to manage administrative rights so that the settings mandated by the USGCB and FDCC security list are not compromised due to functionality needs.

Viewfinity Privilege Management features offer IT departments new methods for enforcing USGDB and FDCC compliance policies on all its PC assets regardless of the endpoint client’s location or connectivity status.  Both officially supported applications and those installed by end users can be better managed and provisioned.  Upon installation, they automatically become part of the pool of applications that are managed according to your predefined policies. Administrators can be assured that no matter what end users might be doing while working offsite, all established USGCD and FDCC compliance rules are continuously enforced.

IT departments only have so much to spend, thus being informed about all available technology is imperative.  Our endpoint security software eliminates gaps that are left exposed by anti-virus software.  We align closely with the USGCB guidelines by removing admin rights and monitor all applications installing and running in an environment.  Our technology can then identify possible threats based on a file’s origin, history tracking and forensic analysis.   

There are more details to the use case but suffice to say, any company, not just government agencies, should be closing down the security loophole and vulnerabilities associated with local administrator rights.

Start here by downloading our free tool that allows you to discover user accounts and groups that are members of the local “Administrators” built-in user group on computers in your Windows domain.