Webinar News

Latest Webinar News

March 21, 2012

Webinar - Viewfinity Provides Holistic View for Privilege Management


As highlighted last week, the subject that few enterprises like to talk about in public, but which is top of mind when IT professionals gather, is security. It only takes one bad actor to bring down a network, causing sometimes irreparable harm to corporate reputations and financial vitality. Whether it be the theft of customer information, or a myriad of critical data, stopping the bad guys or preventing the inadvertent compromising of vital corporate assets is what keeps IT managers awake at night.




As the movie “Jurassic Park” so vividly illustrates, despite good intentions and best attempts, “life will find a way.” This unfortunately is true for those with malicious intent. And, with so many cyber attacks originating or proliferating behind enterprise perimeters, as they say in sports, “the best offense is a good defense.” Reality is that in Microsoft (News - Alert) environments, which predominate in almost all large enterprises, the back door of local administrator accounts tends to be either/or wide-open or under-observed providing an open invitation to those with evil in their hearts. 

These accounts (the ones you see when your PC asks for your password which at a minimum is hopefully a capability that is activated) can be created directly by users as well as real administrators. However, they can be and often are hidden from IT managers’ standard tracked list of administrative accounts managed by Microsoft Active Directory. That is the rub. Once through the back door, malware can install malicious software on local computers through these accounts. 

It can come based on intent of someone wishing to do your organization harm or even inadvertently as being placed on an unsuspecting user’s PC when they are using it remotely at home for personal as well as professional reasons. The challenge once a corrupted device is on your network is that the malware and malicious software can and most likely will propagate.  

In addition, because local administration is not airtight, downloading activities in the burgeoning bring your own device (BYOD) era means the possibility of unauthorized applications being run on enterprise networks is becoming a high probability. Valuable, or just innocent apps that individual users like, can wreak havoc on corporate networks if not inventoried properly and assigned privileges.    

On March 13, security specialists Viewfinity conducted a fascinating webinar, Using Group Policy to Manage Administrator Accounts, which detailed the issues surrounding vulnerabilities of poorly managed administrator accounts, and discussed their Privilege Management solution that gives IT managers tools to mitigate risks, proactively deal with changes in status, and thus increases peace of mind.     

What’s the problem?

As implied in the company name, the simple answer to the question above it that IT managers require a holistic view of all devices that are network-aware and that have the ability to allow users to enable or bypass enterprise policies and rules. This means using unauthorized devices (a growing issue in the bring your own device (BYOD) world and unauthorized software, adding unauthorized users to the an administrative group, or executing unauthorized management of administrative credentials such as UAC password access.

This is a case where a picture is worth a lot of words. 

This is actually only a small portion of a dashboard that Viewfinity provides in its solution. The Privilege Management Project from whence this screen shot comes from enables IT managers to:
 

  • Discover users with administrative rights
  • Discover applications requiring administrative rights
  • Automatically build policies
  • Remove admin rights
  • Policy authorization management
  • Auditing and reporting for compliance validation


A Viewfinity customer summed up the value of having such a web-based tool and its powerful analytics in the following way:

The Viewfinity admin console is simple to navigate and allows us to make significant changes to our operating environment in a matter of moments. The built-in flexibility creates a multidimensional approach to common access control issues, ranging from which users can install and run what applications (and restrict child processes) to an allowable time of day for a user to be accessing information. From a performance perspective, the Viewfinity agent processes takes up less than 1.5 MB of memory and there has not been any noticeable impact on the network.

They ran Viewfinity on a virtual server 2008 system. This meant no additional hardware or equipment costs, and  the solution was installed and up and running in half a day. Better yet, in approximately two weeks, all the newly written application control policies, including policies for users that required ActiveX and desktop functions requiring elevated permissions, were created, propagated and active on all of the workstations.  

Plus, as is common when Viewfinity is employed, since 95 percent of the privilege escalation needs were known, most policies were established and implemented during the initial project rollout phase. And, for exception circumstances, the company now uses Viewfinity’s Policy Automation feature that streamlines privilege elevation requests from end users with automated workflow approval for the IT administrators.

During the webinar, Alex Shoykhet, VP of Product Management, walked participants through why they should be concerned, and all of the functionality Viewfinity can provide. As he stated, Viewfinity’s differentiated value is, “To give IT managers a full inventory of all of the software that is running on all devices so that they know what they have, can create groups to block unauthorized applications, and can start building policies using completely automated policy creation process…Viewfinity addresses issues of privilege management and applications in a holistic manner.” 

He added that it is important to note that the solution is flexible. What this means is it gives IT managers the ability to administrate, e.g., ensure they have visibility and control to ensure the correct policies and rules are enforced on employees and their devices when they are working remotely .

You are invited to access the full webinar to learn more about the risks that can arise in Microsoft environments because of holes in local administrator accounts, and about the functionality Viewfinity provides to give IT managers the tools needed to mitigate these risks.   




Edited by Jennifer Russell