© 2012 Lathrop & Gage LLP
ILTA SOS Webinar: Remove Administrator Rights and Secure a Law Firm’s Greatest Asset- Its Reputation
Sean M. Power
Chief Information Officer
April 2013
© 2012 Lathrop & Gage LLP
About Lathrop & Gage, LLP
Founded in 1873, known as the oldest law firm west of the Mississippi River Approximately 850 desktops and laptops 315 Attorneys Highly-mobile, distributed work force:
• 11 offices across the US
© 2012 Lathrop & Gage LLP
Desktop Environment Challenges
850 desktops and laptops running multiple configurations Nearly 200 applications, many customized Extensive mobile workforce Previously all users ran with administrator rights Much trepidation by some about removing administrator rights. Moved to a fully locked down desktop environment with all users running as limited
users. Attorney’s need flexible user control of PCs
© 2012 Lathrop & Gage LLP
The Solution
Very effective reporting on what precisely needs privilege elevation especially third party legal review websites with Active X add-ins.
Ability to control and manage our distributed PCs over a secure internet connection Elevate privileges on the fly regardless of attorney’s work location Policies are propagated immediately No need to initiate remote desktop and use RUN AS
• Significant when running and installing programs as the user, not in the administrator context
Ability to flexibly manage our locked-down environment Easy discovery of what rights are needs to run challenging applications Recording of privilege elevation events for auditing
© 2012 Lathrop & Gage LLP
The Results
Manage user access privileges effectively, efficiently, extremely timely manner User still does not require admin rights Increased productivity immensely for IT staff and end users Much better control for software compliance considerations Significant reduction in malware incidence or severe limitation in the effect of
malware if it gains a foothold, often constrained to individual profile – this is very useful if someone is travelling and out of the office
Application configuration files and the registry can be effectively controlled Allows people to focus on the job Case study:
www.viewfinity.com/ Resources/CaseStudies/LathropGage.aspx
Leading the Privilege Management Sector
Eliminate Admin Rights with Viewfinity
Viewfinity
• Worldwide Leader in Least Privilege Management• Only PM Vendor to offer GPO, SaaS, and Server options• HQ in Boston with offices in The Netherlands, Germany,
Israel and Ukraine• Strategic partnerships with Microsoft, CA, McAfee, Centrify
Our Mantra: Eliminate administrative rights
without disrupting end user productivity!
Viewfinity Inc. Confidential
Users with Admin Rights can….• Install kernel-mode root kits• Install system-level level key loggers• Install ActiveX controls, including IE and Explorer extensions• Install spyware and adware• Install and start services• Stop existing services (such as the firewall)• Access data belonging to other users• Cause code to run whenever anybody else logs on to that system• Replace OS and other program files with Trojan horses• Disable/uninstall anti-virus virus• Create and modify user accounts• Reset local passwords• Render the machine unbootable …
Private Cloud*
Viewfinity Server – optional deployment in DMZ
Public Cloud
GPO Architecture
Flexible Delivery Methods
Quick Preview
• Discover users with local administrative rights• Discover applications requiring administrative rights• Privilege elevation policies • Auditing & reporting for compliance validation
Discover User Accounts that Have Local Administrative Rights
WWW.VIEWFINITY.COM
Visit our website for resources and to begin your product evaluation
WWW.VIEWFINITY.COM/INTRODUCTION_FLASH.HTM2 minute flash video overview of the Viewfinity product