Viewfinity Application Control and Monitoring 2015
- 1. With each new headline about another major security breach, it is vital to know, in real-time, what applications are installing and running in your server and endpoint environment. Rogue applications, embedded with malware, are used by hackers as a critical invasion path to get to the heart of your IT operation. Understanding which applications are running on servers and desktops offers key insights for IT security. Observing unauthorized changes can be a clear indicator of advanced targeted attacks, and with real-time change management alerts in place, often these attacks can be diffused. Application Monitoring and Visibility Viewfinity utilizes Forensic Analysis and continuous Application Monitoring to aid in the investigation of security breaches and identifies information related to malicious files. Our forensic analysis keeps track of the source and the entire footprint of a suspect attack, while our application monitoring offers visibility into your server and desktop environments by continuously monitoring and observing on several levels. Viewfinity Application Control Benefits Features Secures your infrastructure against malware, advanced persisent threats, and zero-day attacks. Greylisting - handles unknown applications beyond the limits of default/deny by restricting access to resources. Accelerates incident response and reduces dwell time in the event a breach occurs. Forensic Analysis - aids in the investigation of security breaches & identifies information related to malicious files. Integrates with threat detection technologies to bridge the gap between network and endpoint security. Real-Time Change Management Alerts - detects and diffuses attacks by sharing suspicious activity and behavior with network security devices for analysis and remediation. Reduces data breach insurance premiums. Application Monitoring - continuously works to identify potentially malicous executables and identifies root source information. FORENSICSPREVENTIONVISIBILITYRESPONSE 400 Totten Pond Road • Waltham, MA 02451 • 781.810.4320 • www.viewfinity.com VIEWFINITY APPLICATION CONTROL WHO? WHERE? WHEN? HOW?
- 2. Integration with Palo Alto, FireEye, and Check Point Viewfinity integrates with top network security vendors (Palo Alto Networks, FireEye, Check Point) to broaden and reinforce threat prevention, detection, and analysis for both endpoints and servers, as well as for networks. Viewfinity’s real-time change management alerts detect and diffuse many attacks by sharing suspicious application activity and network behavior with network security devices for thorough analysis and further remediation. Greylisting - A novel approach Viewfinity captures the installation and/or execution of applications which are not yet classified as approved trusted sources during its continuous process of application execution and monitoring. These are the applications that are not known trusted applications or blocked applications - these “grey” unknown/unclassified applications are monitored and allowed to run on the computer in a restricted mode (no admin privileges - access to file/folder, network shares, registry, internet, etc.) The observation mode shows what applications are actively being used and will report if these applications require administrative rights - - another security loophole that Viewfinity can eliminate. Applications can be incorporated into previously established trusted software source locations such as SCCM, Altiris, CA, LANDesk, trusted OS image, network shares, and software vendor (Microsoft, Dell, HP, etc.). 400 Totten Pond Road • Waltham, MA 02451 • 781.810.4320 • www.viewfinity.com Viewfinity Manager Server/SaaS/GPO End User Computer W/ Viewfinity Agent Threat Detection Platform Application 1 5 Step 1: A new application installation/execution is attempted on the endpoint Step 3: The greylisted file is uploaded to the threat detection platform for further verification/ analysis Step 4: The threat detection platform identifies the file as malicious and a threat report is sent to Viewfinity Step 5: Viewfinity creates a policty to block the application from installing and/or running on any endpoint or server Step 2: Viewfinity Agent communicates with Viewfinity Manager, flags the application as suspicious due to an unclassified status and the application is greylisted 1 2 3 4 5 3 4 2 010111001100010 10110011HACKER0 100111000011100 111000111000100 111011100110110 111001001110110 110111010110010 HACKER Run with standard privileges only Limited access to corporate data No access to network shares, servers, or removable devices No access to the internet FORENSICSPREVENTIONVISIBILITYRESPONSE Until categorized, applications can execute in restrictive Mode: Viewfinity Greylist Restrictive Mode Utilize all or custom configure your needs based on these restrictive elements: