Story image

CyberArk addresses the malware problem

03 Feb 16

CyberArk Viewfinity has been updated with a focus on protecting against malware-based attacks without compromising the business user experience.

With CyberArk Viewfinity v5.5, customers are provided with a single privilege management and application control solution.

This has been designed to reduce the attack surface while being able to block the progression of malware-based attacks, and balance business user productivity and enterprise security, according to the company.

Following the acquisition of Viewfinity in Q4 2015, CyberArk Viewfinity is now available as part of the CyberArk Privileged Account Security Solution.

With this release, customers have greater privilege management and application control features in an on-premises or software-as-a-service (SaaS)-based offering, CyberArk says.

New integration with the CyberArk Shared Technology Platform enables all privileged audit logs to be stored and reviewed centrally, as well as new flexible, customisable reporting capabilities.

Evidence shows that advanced attacks often start with phishing emails sent to non-privileged business users, and a campaign of just 10 emails will typically yield a greater than 90% chance that at least one person will become the criminal’s prey. 

If an organisation has removed users’ administrative rights on endpoints and servers, but is not monitoring and controlling which applications are allowed to run on these machines, a rogue application containing malware that does not require administrative privileges to run can enter the infrastructure and execute in the environment, giving attackers a foothold into the organisation, CyberArk says.

Our study of employee endpoints reveals that it is not uncommon to find more than 20,000 different applications across an enterprise, meaning malicious applications can easily hide in plain sight because IT teams simply don’t have the time to manually analyse everything, says the company.

“As malware continues to be a frequently-used and successful means for hijacking credentials, organisations must realise that the endpoint problem is a privilege problem,” says Roy Adar, CyberArk senior vice president product management.

“The fact is, motivated attackers will eventually get inside your network – it’s what happens next that matters.

“Establishing a foothold on endpoints and escalating privileges enables attackers to jump from endpoints, to servers, to domain controllers until they own the network.

“CyberArk Viewfinity extends privilege security to the endpoint to mitigate these risks without excessively restrictive controls on users," says Adar.

To effectively reduce the attack surface and support mitigating the risk of a serious data breach without impacting productivity, organisations require solutions that enforce flexible least privilege policies for business and administrative users, and control what applications are allowed to run, he says.

CyberArk Viewfinity enables users to automatically create policies based on business requirements, elevate application privileges as needed, reduce security risks related to ‘privilege creep,’ reduce help desk costs, leverage integrations with threat detection tools to analyse unknown applications, and accelerate the remediation of threats, the company says.

“We expect the endpoint security market to continue to grow, driven in part by increasing enterprise mobile and cloud adoption.

“To meet new demand efficiently and cost-effectively, organisations are realising that endpoint security can no longer be a siloed compliance or audit initiative, it must be part of a comprehensive cyber security strategy,” says Robert Westervelt, IDC research manager security products.

“We believe innovation at the endpoint focused on flexible deployment options, improving the user experience and streamlining management will be important factors that will resonate across risk, compliance and operations stakeholders," he says.

New CyberArk Viewfinity features include:

Grey Listing: Monitor ‘grey’ applications – those that are not specifically trusted (white listed) or blocked (black listed) – and apply policies such as restrictive access mode until the application can be further researched.

Application Catalog: The Application Catalog displays information on applications installed on end-user computers managed by CyberArk Viewfinity and allows discovery of new applications in the system.

Application Intelligence: Provides support for application forensic and investigation processes; an aggregated historical timeline is compiled for each application with details such as first seen in the organisation, where installed, original source and full family tree.

Trusted Sources: This privilege management capability allows System Administrators to automatically create application control and privilege elevation policies based on Trusted Sources such as System Center Configuration Manager (SCCM), software distributors, updaters and more. Trusted Sources can be used to automate the creation of privilege policies for more than 90 percent of applications within the organisation.

CyberArk Viewfinity provides CyberArk’s global channel partners with opportunities to reach new enterprise customers with capabilities that target risk management, compliance as well as business and IT operations teams, the company says.

v5.5 is available now in a SaaS, on-premises or Microsoft Group Policy (GPO) deployment model.

IP theft: A global issue catching NZ businesses off guard
“We have this incredible record of innovation in New Zealand. But our innovative businesses haven’t always been meticulous in shoring up their IP."
Why A/NZ organisations need to improve compliance protocols
Only a mere 4% of IT decision makers and data managers surveyed said their organisation faced no data management challenges. 
What the people say - Gartner’s November Customers’ Choices
A roundup of the latest Gartner Peer Insight Customers’ Choices from Backup and Recovery to Business Intelligence and Analytics, and more.
BlackBerry buys out cybersecurity AI firm Cylance
“We are eager to leverage BlackBerry’s mobility and security strengths to adapt our advanced AI technology to deliver a single platform.”
Data protection is key to building customer trust
"New data compliance rules offer an opportunity for businesses to re-evaluate their processes and improve data management and customer loyalty."
NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."