Black Hat Attendees - Understand a malicious applications propagation path with Viewfinity

Join Viewfinity next week at Black Hat (Booth #764) to learn how Viewfinity uses powerful File History and Forensics to help organizations understand exactly WHAT propagation path a malicious application took, once inside your environment.


It is vital to know, in real-time, what applications are installing and running in your server and endpoint environment in order to trace a breach. If you won't be at the show, you can schedule a private demo at your convenience.

Black Hat Attendees - Identify who downloaded a malicious application with Viewfinity

Join Viewfinity next week at Black Hat (Booth #764) to learn how Viewfinity uses powerful File History and Forensics to help organizations understand exactly WHO performed the initial installation of a malicious file.


It is vital to know, in real-time, what applications are installing and running in your server and endpoint environment in order to trace a breach. If you won't be at the show, you can schedule a private demo at your convenience.


Viewfinity Receives 4-Star Rating from PC Magazine Product Review

Technology editor Wayne Rash took the Viewfinity Privilege Management software for a test drive and summed up his findings in a product review published in PC Magazine.  The review is comprehensive and represents the product fairly, earning 4 out of 5 stars with an editor’s rating of “Excellent”. 

The information presented digs into the details of the Viewfinity Privilege Management solution.  The testing was performed via Viewfinity’s SaaS-based platform and walks the reader through a step-by-step approach to how a project to remove admin rights and then manage privilege elevation needs would be approached.

While the review is easy to follow and provides just the proper amount of detail to get a good overview and feel for the solution, what is stressed more importantly by this technology expert is the fact that organizations should be paying attention to the local admin rights security loophole.  It’s been said over and over by many security experts that removing local admin rights from your end users is one of the most important ways to reduce the attack surface.

The most common pathway to a data breach by far is the misuse of administrative rights on a company data system. Normally this happens in either of two ways: The first way is by stealing the credentials of someone with administrative rights and the second way is by elevating the rights of an existing user. Once either is accomplished, the data theft is often carried out by inserting a background application that siphons off critical data and sends it to the criminals who want it. Viewfinity Privilege Management and Application Control ($20 per user per year) cloud-based services aim to prevent both of those scenarios.
 

You can read the full review here.



Cybersecurity Insurance Driving Enterprise Purchase Decisions and Implementations


More and more we are seeing that the need for Cybersecurity insurance, and other contingency plans, are driving how organizations view and consume cyber security tools. Cybersecurity insurance providers need to see that organizations are doing their due diligence in order to protect the assets and privacy of their company, customers and other stake holders.

Todd Bell of Enterprise Tech recently published an article, Getting Cybersecurity Insurance After a Breach, outlining the struggles that organizations can face if they fail to take the necessary steps to protect themselves and their assets before a breach occurs.  Pretty serious challenges - it’s worth a read for anyone looking to better understand what they might be up against.

As a place to start, Viewfinity offers a complimentary tool which can provide a baseline for organizations to audit their endpoint security posture in regards to who has local administrator rights.  The Viewfinity Local Admin Discovery is a free tool that allows you to discover user accounts and groups that are members of the local “Administrators” built-in user group on computers in your Windows domain.


Sign up here to schedule your session


If you have removed admin rights from the majority of your end users, you can use this information provided in our tool as proof that you have closed down this security loophole that hackers use regularly to penetrate an infrastructure.

On a larger scale, Viewfinity enables organizations to approach cybersecurity with a 1-2 punch; Application Control with the ability to remove and manage admin rights, from a single agent. Both of these capabilities are vital to avoiding cybersecurity vulnerabilities and loopholes that serve as access points for hackers, Advanced Persistent Threats (APTs), and sophisticated Zero-day attacks. Not to mention, these tools offer the necessary capabilities to satisfy cybersecurity insurance providers and potentially even reduce cybersecurity insurance premiums.

Upcoming Webinar: 30-day Cyber Security Sprint - Not Just for the Government

We've been keeping you up to date on the OPM government data breach over the past few weeks, including information about the Federal CIO's mandated 30-day Cyber Security Sprint. However, it's important to understand that this initiative can benefit and apply to all organizations, regardless of industry.

This week we're running a 30 minute webinar dedicated to spreading awareness for this initiative; attendees will learn first hand how they can begin implementing some of the suggested tactics, within their organization, in order to improve their cyber security posture. Full details of the webinar are below:

Join us for a webinar on July 23, 2015 at 11:30AM EDT

30-day Cyber Security Sprint - Not Just for the Government

Register now!

On June 12th, US federal government CIO Tony Scott launched a government-wide Cyber Security Sprint, giving agencies 30 days to shore up their systems. The guidelines outlined in the 30-day cyber security sprint make sense for all industries, not just the US federal government.

There are two important elements on the list that Viewfinity can help with in regard to improved cyber security:

  1. Controlling, Containing, and Recovering from Incidents: Contain malware proliferation, privilege escalation, and lateral movement. Quickly identify and resolve events and incidents.
  2. Reducing Attack Surfaces

Join our 30 minute webinar focused on explaining the various methods by which the Viewfinity software addresses these security measures. Topics to be addressed include:

  • Removing administrator rights and managing privilege elevation needs through policies
  • Application Control, Monitoring and Forensics providing threat detection and response
  • Mitigating Pass the Hash tactics that harvest local admin credentials in an attack
  • Protecting against Cryptolocker

Leading Analyst Firm “Cool” Report Still Leans on IT Security Fundamentals

A leading analyst firm recently published a report highlighting emerging technology companies in security infrastructure protection that offer innovative solutions to tackling IT security challenges.  While the technologies are intriguing, what is also interesting is that the analysts continue to address the common attack loopholes.  So while there is cool new technology, the importance of adhering to IT security fundamentals like removing local admin rights and understanding endpoint vulnerabilities continues to offer solid security.

One such citing was “the most common attack vector that hackers use across enterprises and sectors is dumping malware on a user's endpoint…” and “code is typically reused for initial exploits, establishing a foothold, and escalating privileges and moving laterally through the target victim organization.”

Even with all the emerging technology available, analysts are still bringing fundamental IT security concerns to the attention of CISOs! 

This is why we stress the importance of being informed about all technology.  You can learn more about Viewfinity’s here.  

Viewfinity offers endpoint security technology that eliminates risks exposed due to excessive administrative privileges and allowing unclassified applications to run unmonitored.  We shut down a hackers ability to use pass-the-hash to steal user credentials because no user has administrative privileges on the endpoint, effectively closing off this extremely vulnerable security loophole.

TODAY, July 7th - Critical Flash Exploit In Play

A sophisticated "zero-day", critical Flash exploit stolen from Hacking Team has now been released into the wild, and Adobe won’t have a patch available until tomorrow.

What is your immediate risk due to this critical Flash exploit? 

One of the most vulnerable points of entry into your IT infrastructure is through endpoints, this includes both servers and desktops.  This is where hackers typically seed their malware and begin the process of exploitation via lateral movements. They do this by stealing user credentials with administrative privileges and privileged accounts.  This is commonly done via the pass-the-hash technique.

What can you do in the meantime? 

How can you protect against other exploits, such as CryptoLocker?

  • A proven method for reducing vulnerabilities related to common cyber attacks, such as CryptoLocker, is to block access to known malicious websites and also by limiting the activity of unclassified applications.  Do this by blocking or restricting the execution of unsigned executables which can frequently open the door for cyber threats like CryptoLocker.
  • Collaborate endpoint activity with network firewall intelligence.  A good example is the practice of cross-referencing unknown endpoint files with network security vendors. This sandbox-like functionality provides an isolated local environment for running greylist (unknown) applications. This limits the reach of an application, protecting your environment from any malicious intent from rogue executables.

National Journal - A Timeline of Government Breaches

Recently, Kaveh Waddell and Stephanie Stamm of the National Journal posted an article: A Timeline of Government Breaches. This article does a great job at outlining the major data breaches that have hit the US government over the past few years. In addition to creating a timeline of all data breaches over the past few years, they break down each data breach individually in a timeline from infiltration, to detection, and public notification.

Read the full article here.

Here is a quick snapshot of the latest OPM breach timeline, be sure to read the full article to find out about all of the data breaches affecting the US government over the past few years.

Endpoint Security Measures Enacted to Remove Administrative Privileges and Meet Least Privilege Compliance

The article that follows is a use case study from an IT Services & Consulting company related to endpoint security that eliminates risks exposed due to excessive administrative privileges and allowing unclassified applications to run unmonitored. Request a brief consult to learn how Viewfinity can help your efforts to reduce endpoint security vulnerabilities.


The Challenge:
Millions of dollars were spent annually on unwarranted and unauthorized installations of licensed software such as premium versions of Microsoft Visual studio, Visio, Project, Adobe Acrobat Writer, etc. In addition, malware infections and the management of end user administrative privileges created significant IT department overheads. The company also had stringent compliance and security mandates, both within the organization as well as from its clients - which, if not met, often resulted in hefty financial penalties.

“We immediately saved close to $1M in software license costs just by being able to control who can install premium software versions such as Microsoft Visual Studio Ultimate and Visio Professional”.
“To date, our company has saved close to $2M in licensing costs by restricting which software editions users had access to download.”
~Head of Global IT

The case study can be read in its entirety here.

The Solution:

Before the Viewfinity deployment, the IT Services & Consulting company had no means of controlling end user administrative privileges. Therefore administrative rights were granted to most of the software engineering workforce. Because employees across-the-board had administrative privileges, they were constantly downloading unnecessary and/or harmful software – leading to security incidents that resulted in increased licensing cost and administrative overhead.

Policies were put in place to prevent users from installing costly and unnecessary applications as well as potentially harmful software onto their machines. “A high percentage of our workforce is young software engineers. We found that they were downloading a lot of software, which inadvertently included malware and hacking software, to play around with,” explained the Head of Global IT. “This created a lot of IT overhead when trying to remediate infections created by these downloads. ”With Viewfinity, the company could remove administrative rights from these engineers and only allow elevations for specific, pre-approved applications.

The Results:

  • To date, the company has saved close to $2 Million in licensing costs by restricting download access to software editions.
  • With tighter administrative privilege security, a long laundry list of unwanted software is blocked and company IT overhead has been reduced by 20%.
  • Users have rights only for what they need, they cannot install software that is not required/allowed for their business unit/job function. 
  • Through automated workflow approval, users no longer have to request administrative rights from the IT department and can do their job without waiting. 
  • Administrative rights are never given back to the user, preventing the “privilege creep” problem that was occurring.

Removing Administrative Rights to Reduce Cyber Threats

Learn how a Fortune 500 energy & utilities company used Viewfinity to reduce cyber threat vulnerability, after removing administrative rights.

This is a cliff-notes version of a use case describing how a Fortune 500 Energy & Utilities Company with assets over $20 billion, tackled the removal of administrative rights in order to protect its infrastructure against cyber threats. Download the full PDF case study here.

FAST FACTS


Reduce exposure to malware and virus threats by
removing administrator rights

Project scope:

•     8500 desktops concerned with this project

•     Managing ~250 applications that corporate IT delivers

•     Between 6-8K unmanaged applications that end users install on their own.  Ultimately the IT team supports the unmanaged to some extent but not on the service level of the corporate applications. 

•     Laptops / mobile workers constitute ~25% of the user base

•     There are over 100 remote offices spread over Missouri and Illinois


The Challenge:

  • The initiative to reduce cyber threats by removing local administrator rights from users was revived during this company’s Windows 7 roll-out. 
  • From previous attempts to remove local admin rights, the IT team realized there would be additional management involved because business processes and application functionality required administrator level access to the operating system. 
  • They knew they would need a tool to manage end user desktop privileges on a granular scale.

The Solution:

  • Contacted other Energy and Utility companies that had implemented or were in the process of planning Windows 7 migration projects and who were also taking the initiative to remove administrator rights. 
  • Research also encompassed online data, and they looked to Gartner reports and analysts to help further qualify the Privilege Management space.   
  • Other Energy companies had different requirements and goals yet the majority were using Viewfinity and having success with it. 
  • The ability to include the Viewfinity agent as part of the deployment image was instrumental to the project since the scope included rolling out Windows 7 machines and removing local admin rights at the same time.


The Results:

  • The company is continuously improving its cyber security posture with a bonus of greater visibility into its end user client computing environment. 
  • The company can be proactive and respond to endpoint security threats without impacting business processes and applications as the Viewfinity product has the ability to quickly update and push policy changes to client endpoints. 
  • They continue to reduce complexity in their client computing environment, and over time have reduced costs. 
  • The product has increased their visibility through working closely with their end users, providing increased awareness of the applications that exist across the organization, who owns them, and how they are used.
  • End users see benefit from less configuration drift and have a desktop that performs better over its useful life. 
  • Removing local admin rights from end users is a big step in protecting the company from cyber threats. Just this reduction cyber threat vulnerability makes it feasible to reduce the company’s exposure.   


Request a brief consult to learn how Viewfinity can help your efforts to reduce endpoint security vulnerabilities.