The next steps CSOs should take now when it comes to data breaches and attacks
Viewfinity provides the only solution which offers full set of application control features and administrative privilege capabilities to protect against sophisticated zero-day attacks, malware, and advanced persistent threats. We provide next generation application control which combines two powerful solutions: whitelisting and privilege management. This innovation leads to more secure desktop and server environments, enables high operational IT efficiency, and maximizes end user productivity.
Info Security PG: How have data breaches and attacks evolved over the past few years? What’s ahead?
Leonid Shtilman: Most well-known breaches were executed by intruders that were targeting a particular organization or entity with a specific intent. The attacker’s software is compiled and packaged during the final moments just before the attack, thus making every attempt to make them unknown and unidentifiable to conventional perimeter methods. Some attacks were done by foreign entities, and possibly even foreign governments, and were politically motivated. These political attacks are very well organized by a group of people united by a common agenda. However the data breach evolution is not so much cyber warfare any longer, rather it’s more along the level of cyber civil warfare launched by hacktivists. What we’re seeing evolve are attacks that are now full-out, well planned cyber robbery and cyber civil warfare.
I envision that local critical infrastructure attacks will become real. There have been a lot of stories about the potential for attacks on critical physical infrastructure, and now unfortunately the stage has been set for a real attack. Someone will shut down an area of a country, the electric or power grid for example. However just the way they've trained to become pilots, they're learning computer technology. Looking ahead, there is a real call to action for more security around those communications networks.
About Leonid Shtilman
Prior to founding Viewfinity, where he serves as CEO, Leonid Shtilman was Senior Vice President of CA Inc. CA acquired XOsoft, which he founded in 1999 and served as President and Chief Executive Officer, leading the company to a top position in the disaster recovery/business continuity software industry, exceeding 2,500 customers and receiving multiple product excellence awards. Shtilman served in various positions at NASA, MIT, and Princeton University and was a tenured professor at Tel Aviv University and The City University of New York. He holds multiple patents and two Ph.Ds: Mathematics (Israeli Technion), Mechanical Engineering (Tel-Aviv University).
Info Security PG: Has security become a moving target for most companies? What is it that companies are most ill prepared to handle?
Leonid Shtilman: It’s a moving target because companies should not only invest in new security software, but they should change the way employees work. Most companies think that if they implement traditional technologies (antivirus, firewall) and use sophisticated passwords, it will be enough. Our ever-changing environment requires several layers of protection. Only IT personnel should have administrative passwords, and they should be kept in a vault and handled only through identity management techniques.
Companies are most ill prepared to handle privileged accounts, which are the basis, or entry point if you will, for all attacks. Perpetrators take over these accounts, or gain access through these accounts, to further penetrate your environment and take over servers and other IT infrastructure sources.
Info Security PG: What are the next steps that companies should take in addition to perimeter and antivirus-based security to combat zero-day attacks and malware?
Leonid Shtilman: A good many years ago, progressive thinkers in security put forward whitelisting technology as the perfect enhancement and compliment to antivirus' blacklisting strategy as a way to counter the fast-moving, polymorphic malware that was just then starting to bombard signature-based blocking mechanisms AV is built on. The constant stream of zero-day attacks and malware variations has made it necessary to utilize many layers of protection to effectively combat the infiltrations.
In today’s highly vulnerable online corporate environments, careful control of applications and user-privilege levels are the very foundation of IT security. Most IT professionals agree that controlling which applications are allowed to run in your environment and reinforcing that protective layer by allowing standard administrative rights only are the best practices for reducing security risks.
The ideal solution is to set up a risk-based application control framework that doesn't necessarily block all unknown applications but instead establishes default behavior for managing applications not yet classified by your organization. These are applications that are not yet part of the white or black lists and are allowed to run on the computer but in a restricted “greylist mode” with limited privilege rights and access to resources. Through automation, greylisted applications are processed and either whitelisted or blocked. If whitelisted, the application continues to run in standard user mode only and administrative privileges are managed with software.
This combination adds a fortified level of application security currently unheard of with the typical whitelisting strategies seen today.
Company: Viewfinity 303 Wyman St. Suite 300
Waltham, MA 02451 U.S.A.
Founded in: 2007 CEO: Leonid Shtilman Public or Private: Private Products and Services: Application Control and Privilege Management Company's Goals: Viewfinity continues to lead out in defining the most meaningful and logical next steps in the IT security sector through new levels of automation and concrete solutions that help companies make IT security best practices a reality in their environment. We will strive to increase the adoption of our next generation application control by raising awareness in the market regarding the importance of abiding by the principle of least privileges and the number of security risks this practice mitigates. With the increase in end user computing mobility, Viewfinity’s Next Generation Application Control will become the de facto fundamental layer for helping companies secure their IT infrastructure from malware and APT.
JOIN NOW THE CYBER SECURITY WORLDWIDE COMMUNITY ON LINKEDIN