The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/80353
policies, the software installed with administrative rights in the context of the logged-in user. • Create Viewfinity policies that allow aspects of an application to run with elevated rights. This helps us with legacy applications in which the developer did not consider the application running with restricted rights. • Record and report precisely what component of an application install is failing because of insufficient rights. Browser plugins pushed by SaaS sites are the real "Wild West." Often the failing component is an MSI that is bootstrapped from an initial Active X that is sometimes delivered by a completely separate URL. To alleviate this problem, we are able to instantiate a policy on the fly from the administrative console. The rules of the policy can be based on MD5 hash, originating URL, Active X GUID and other criteria allowing the policy to be as tailored as needed by governing policy. • Invoke elevated privileges on the fly. This allows users to provide justification for an install. This is very valuable to trial teams in remote locations that typically require more latitude than under normal working conditions. In addition to the rich policy set, Viewfinity has provided critical value in the mitigation against malware. With users running with limited rights, malware that beats our layers of defense is often restricted to the machine or profile of the logged-on user. This has been very beneficial when laptop users catch malware when they are out the office. Often all we need to do is rename the profile of the user and then have the user log on again to create a new profile. The malware is then sandboxed in the old profile. This does not hold true universally, depending on the nature of the infection, but it has been a technique that has saved us on many occasions. When the user returns to the office, we can then provision a new laptop and reload the original. Control Is Critical Many firms are seeing a new wave of client audits, and with absolute certainty we anticipate questions around local user rights. Viewfinity has become a critical part of our ability to respond to these questions in a manner that will reinforce clients' confidence in our information security. In addition to the security management parts of the product, it also has desktop management components. One in particular that we enjoy is precise software monitoring that reports on all machines. This is more effective than SCCM, which reports on active machines only. Until Microsoft gets serious about giving desktop administrators and security engineers an effective tool for privilege management (user account control, anybody?), there will continue to be a critical need to revoke administrative rights and perform selective, policy-driven privilege elevation. Sean Power is the Chief Information Officer at Lathrop & Gage LLP. He can be contacted at smpower@lathropgage.com. Peer to Peer 45