Fortinet vs Instasafe Zero Trust - A Comparative Guide
Viewfinity Application Control and Monitoring 2015
1. With each new headline about another major security breach, it is vital to know, in real-time, what applications are
installing and running in your server and endpoint environment. Rogue applications, embedded with malware, are
used by hackers as a critical invasion path to get to the heart of your IT operation. Understanding which applications
are running on servers and desktops offers key insights for IT security. Observing unauthorized changes can be a clear
indicator of advanced targeted attacks, and with real-time change management alerts in place, often these attacks
can be diffused.
Application Monitoring and Visibility
Viewfinity utilizes Forensic Analysis and continuous Application Monitoring to aid in the investigation of security
breaches and identifies information related to malicious files. Our forensic analysis keeps track of the source and
the entire footprint of a suspect attack, while
our application monitoring offers visibility
into your server and desktop environments
by continuously monitoring and observing on
several levels.
Viewfinity Application Control
Benefits Features
Secures your infrastructure against malware, advanced
persisent threats, and zero-day attacks.
Greylisting - handles unknown applications beyond the
limits of default/deny by restricting access to resources.
Accelerates incident response and reduces dwell time in the
event a breach occurs.
Forensic Analysis - aids in the investigation of security
breaches & identifies information related to malicious files.
Integrates with threat detection technologies to bridge the
gap between network and endpoint security.
Real-Time Change Management Alerts - detects and
diffuses attacks by sharing suspicious activity and behavior
with network security devices for analysis and remediation.
Reduces data breach insurance premiums. Application Monitoring - continuously works to identify
potentially malicous executables and identifies root source
information.
FORENSICSPREVENTIONVISIBILITYRESPONSE
400 Totten Pond Road • Waltham, MA 02451 • 781.810.4320 • www.viewfinity.com
VIEWFINITY APPLICATION CONTROL
WHO?
WHERE?
WHEN?
HOW?
2. Integration with Palo Alto, FireEye, and Check Point
Viewfinity integrates with top network security vendors (Palo Alto Networks, FireEye, Check Point) to broaden
and reinforce threat prevention, detection, and analysis for both endpoints and servers, as well as for networks.
Viewfinity’s real-time change management alerts detect and diffuse many attacks by sharing suspicious application
activity and network behavior with network security devices for thorough analysis and further remediation.
Greylisting - A novel approach
Viewfinity captures the installation and/or execution of applications which are not yet classified as approved trusted
sources during its continuous process of application execution and monitoring. These are the applications that
are not known trusted applications or blocked applications - these “grey” unknown/unclassified applications are
monitored and allowed to run on the computer in a restricted mode (no admin privileges - access to file/folder,
network shares, registry, internet, etc.)
The observation mode shows what applications are actively being used and will report if these applications require
administrative rights - - another security loophole that Viewfinity can eliminate. Applications can be incorporated
into previously established trusted software source locations such as SCCM, Altiris, CA, LANDesk, trusted OS image,
network shares, and software vendor (Microsoft, Dell, HP, etc.).
400 Totten Pond Road • Waltham, MA 02451 • 781.810.4320 • www.viewfinity.com
Viewfinity Manager
Server/SaaS/GPO
End User Computer
W/ Viewfinity Agent
Threat Detection
Platform
Application
1
5
Step 1: A new application
installation/execution is attempted
on the endpoint
Step 3: The greylisted file is
uploaded to the threat detection
platform for further verification/
analysis
Step 4: The threat detection
platform identifies the file as
malicious and a threat report is sent
to Viewfinity
Step 5: Viewfinity creates a policty
to block the application from
installing and/or running on any
endpoint or server
Step 2: Viewfinity Agent
communicates with Viewfinity
Manager, flags the application as
suspicious due to an unclassified
status and the application is
greylisted
1
2
3
4
5
3
4
2
010111001100010
10110011HACKER0
100111000011100
111000111000100
111011100110110
111001001110110
110111010110010
HACKER
Run with standard
privileges only
Limited access to
corporate data
No access to network
shares, servers, or
removable devices
No access to
the internet
FORENSICSPREVENTIONVISIBILITYRESPONSE
Until categorized, applications can execute in restrictive Mode:
Viewfinity Greylist Restrictive Mode
Utilize all or custom configure your needs based on these restrictive elements: