Monthly Archives: May 2015

With Rising Data Breaches Organizations Must Follow Data Loss Prevention Policies – Charles Leaver

By Ziften CEO Charles Leaver

For United States businesses the incident of a major cyber attack and substantial data leak is looking more like “when” instead of “if”, because of the new dangers that are presenting themselves with fragmented endpoint techniques, cloud computing and data intensive applications. All too frequently organizations are overlooking or inadequately dealing with vulnerabilities that are understood to them, and with aging IT assets that are not correctly protected the cyber lawbreakers start to take notice.

The variety of data breaches that are happening is very disturbing. In a report from the Verizon Risk Team there were 855 significant breaches which led to 174 million records being lost back in 2011. The stakes are really high for businesses that deal with personally identifiable info (PII), since if staff members are not informed on compliance and inadequate endpoint data defense measures remain in place then costly legal action is most likely to occur.

” The likelihood of a data breach or privacy concern taking place in any company has ended up being a virtual certainty,” Jeffrey Vagle, legal expert posting for Mondaq stated. He suggested that record keepers need to reconsider their approach to network and device security, staff member data access controls and the administration of PII information. The rise in the use of cloud services can make the prevention of data breaches more challenging, as these services make it possible for the enormous exchange of information each time. It would only take one incident and millions of files could be lost.

Known Vulnerabilities Need Focus

A lot of IT departments worry continually about zero day attacks that will cause a data breach and catch them off guard. As an example of this, Dirk Smith of Network World posted about an Adobe Acrobat exploit that opened the door for hackers to carry out advanced surveillance. A lot of IT vulnerabilities can come when a software application is not patched up to date, and a great deal of zero day threats can take place from weaknesses in legacy code which includes a bug in Windows which targeted features that were first introduced 20 years back.

Security professional, Jim Kennedy wrote in a Continuity Central post “one thing that I have found is that many of the breaches and invasions which prospered did so by attacking known vulnerabilities that had been identified and had been around for several years: not from some sophisticated ‘zero-day’ attack which was unidentified and unknown until only yesterday by the security community at large.” “And, even more troubling, social engineering continues to be a most effective way to start and/precipitate an attack.”

Now the cyber criminal fraternity has access to a comprehensive range of pre packaged malware. These tools have the capability to perform network and computer system analytics that are complicated in nature and after that advise the optimal attack strategy. Another risk is a human one, where workers are not trained correctly to evaluate out calls or messages from individuals who lie about being a member of the technical support group of an external security supplier.

It is definitely crucial to proactively resist zero day attacks with robust endpoint protection software, but also companies need to combine effective training and processes with the software and hardware solutions. While the majority of companies will have a variety of security policies in place there is normally an issue with enforcing them. This can result in dangerous changes in the movement of data and network traffic that must be evaluated by security personnel being overlooked and not being addressed.


More And More Widespread Cyber Attacks Are Starting At Organization Endpoints – Charles Leaver

From The Desk Of Charles Leaver CEO Ziften Technologies

With the development of bring your own device (BYOD) methods and cloud computing the securing of particular endpoints has actually ended up being much harder, as administrators could be making ease of data access a priority over security. The risks exist nevertheless, since most of the present generation of endpoint security software have not been modified to defend from aggressive hacking and destructive cyber attack tactics that target individual endpoints as the launch pad for attacks that are extensively dispersed.

There was a really well-known endpoint attack that occurred in recent times where a malware strain called Comfoo was utilized to compromise the networks of lots of multinational organizations back in 2010. The Comfoo malware included a variety of custom developed backdoor Trojans and exploits that might continuously distribute malware. A more serious consequence was that this malware could cause destructive data leakage by scraping account and network details and monitor all user input, according to CRN contributor Robert Westervelt. It is believed that the Comfoo malware might have been a part of an advanced cyber espionage campaign, because of the methodology that was applied and the evasion of traditional endpoint tracking.

Using email phishing and social engineering the malware had the ability to compromise targeted devices, which underlines how ripe endpoints have actually ended up being for malware infestation, so says Jason O’Reilly, security executive. When he was speaking to ITWeb, O’Reilly said that standard endpoint software does not adequately account for access from locations beyond the IT department most of the time, and it does not limit data exposure to authorized parties through using access controls.

O’Reilly stated that “endpoint security solutions need to offer layered defense that exceeds signature-based detection only to consist of heuristic-based detection and polymorphic-based detection.” “Today’s networks are exposed to dangers from several sources.”

Real Time Threat Capturing And Report Generation

The high stakes for control techniques and endpoint security were determined by business consulting firm Frost & Sullivan, as they felt both of these areas were under pressure from both external hackers and the pressing demand from staff members for gadget choice flexibility.

Chris Rodriguez, Frost & Sullivan analyst stated “business IT departments now face significant pressure to make it possible for workers to access the corporate network and files from their own personal gadgets.” “Considering their relatively universal nature, quick data connections, and effective hardware and os, these devices represent prime targets for hackers.”

When asked what companies can do to tighten up on the special weak points of mobile hardware, O’Reilly advised that any services need to offer clear and thorough visibility into what is happening on each endpoint so that action can be taken rapidly when any threats are detected.


Survey Reveals That Two Thirds Of Organizations Believe That They Are Immune From Cyber Attacks – Charles Leaver

By Charles Leaver Ziften Technologies CEO

A large number of companies have the belief that there is no need for them to pursue assiduous data loss prevention, they regard cyber attacks as either extremely not likely to take place or have minimal financial effect if they do occur. There is an increase in the recorded cases of cyber attacks and advanced consistent threats have added to this complacency. These harmful attacks have the tendency to avert conventional endpoint security software applications, and while they do not have the teeth of denial-of-service attacks, they have the potential to cause significant damage.

Over 67% of companies claim that they have not been the victims of a cyber attack in the last 18 months, or that they had little or no visibility into whether an attack had compromised their network according to Infosecurity. The planners of the survey were skeptical about the results and highlighted the various vulnerable desktop and mobile endpoints that are now very common in companies.

Security specialist and survey coordinator Tom Cross said “Any system you connect to the Internet is going to be targeted by attackers really rapidly afterwards.” “I would assert that if you’re unsure whether or not your organization has actually had a security incident, the possibilities are really high that the response is yes.”

Around 16% stated that they had experienced a DDoS attack over the same duration, and 18% reported malware infestations. Despite this, most of the companies evaluated the effects as minor and not validating the application of brand-new endpoint security and control systems. Around 38% stated that they had actually not suffered from found security breaches, and only 20% were able to admit to financial losses.

The loss of reputation was more extensive, affecting around 25% of the respondents. Highlighting the potential impact of a cyber attack on finances and reputation, an occurrence at The University of Delaware led to 74,000 people having their sensitive data exposed, according to Amy Cherry, WDEL contributor. The hackers targeted the school’s website and scraped information about university identifications and Social Security Numbers, which made it provide complimentary credit monitoring of the affected individuals.


Charles Leaver – Cyber Security Dark Ages Must Be Escaped From Says RSA President In Keynote Message

Written By Dr Al Hartmann And Presented By Charles Leaver CEO Ziften Technologies


A 5 Point Plan For A New Security Approach Proposed By Amit Yoran

Amit Yoran’s, RSA President delivered an exceptional keynote speech at the RSA Conference which reinforced the Ziften philosophy. Ziften is intently focused on continuous endpoint monitoring, silo-busting Ziften Open Visibility ™, risk-focused security analytics, and to provide robust defenses in a brand-new era of advanced cyber attacks. Existing company security techniques were slammed as being stuck in the Dark Ages of cyber moats and castle walls by Yoran, it was referred to as an “legendary fail”, and he outlined his vision for the way forward with 5 main points, and commentary from Ziften’s perspective has been added.

Stop Believing That Even Advanced Protections Suffice

” No matter how high or clever the walls, focused enemies will discover ways over, under, around, and through.”

A lot of the previous, more advanced attacks did not use malware as the primary strategy. Traditional endpoint antivirus, firewall programs and traditional IPS were criticized by Yoran as examples of the Dark Ages. He stated that these legacy defenses could be quickly scaled by experienced hackers and that they were mostly inadequate. A signature based antivirus system can only protect against previously seen dangers, however unseen hazards are the most threatening to a company (considering that they are the most typical targeted attacks). Targeted cyber wrongdoers utilize malware only 50% of the time, maybe just briefly, at the start of the attack. The attack artifacts are easily altered and not utilized ever again in targeted attacks. The accumulation of transient indicators of compromise and malware signatures in the billions in huge anti-viruses signature databases is a pointless defensive approach.

Embrace a Deep and Pervasive Level of Real Visibility All over – from the Endpoint to the Cloud

“We need pervasive and true visibility into our enterprise environments. You merely can’t do security today without the visibility of both constant complete packet capture and endpoint compromise assessment visibility.”

This indicates continuous endpoint monitoring throughout the enterprise endpoint population for generic indicators of compromise (not stale attack artifacts) that show classic methods, not fleeting hex string happenstance. And any company implementing continuous complete packet capture (comparatively expensive) can quickly afford endpoint threat evaluation visibility (comparatively low-cost). The logging and auditing of endpoint process activity offers a wealth of security insight using only primary analytics approaches. A targeted hacker counts on the relative opacity of endpoint user and system activity to mask and conceal any attacks – while real visibility provides an intense light.

Identity and Authentication Matter More than Ever

” In a world without any perimeter and with fewer security anchor points, identity and authentication matter more than ever … Eventually in [any successful attack] campaign, the abuse of identity is a stepping stone the assailants use to impose their will.”

The use of stronger authentication is good, however it just makes for bigger walls that are still not impenetrable. What the hacker does when they overcome the wall is the most important thing. The tracking of user endpoint logins (both local and remote), and the engagement of applications for signs of unusual user activity (insider attack or prospective compromised credentials). Any activity that is observed that is different from typical patterns is possibly suspicious. One departure from normality does not make a case, however security analytics that triangulates several normality departures focuses security attention on the greatest risk anomalies for triage.

External Threat Intelligence Is A Core Capability

” There are extraordinary sources for the best risk intelligence … [which] should be machine-readable and automated for increased speed and leverage. It should be operationalized into your security program and customized to your organization’s assets and interests so that analysts can rapidly attend to the risks that pose the most risk.”

A lot of targeted attacks usually do not utilize readily signatured artifacts once again or recycle network addresses and C2 domains, however there is still worth in threat intelligence feeds that aggregate timely discoveries from countless endpoint and network threat sensors. Here at Ziften we incorporate 3rd party risk feeds via the Ziften Knowledge Cloud, plus the exposure of Ziften discoveries into SIEM and other business security and operations infrastructure via our Open Visibility ™ architecture. With the developing of more machine-readable risk intelligence (MRTI) feeds, this ability will efficiently grow.

Understand What Matters Most To Your Organization And What Is Mission Critical

” You need to understand exactly what matters to your organization and what is mission critical. You have to … safeguard exactly what’s important and protect it with everything you have.”

This is the case for threat driven analytics and instrumentation that focuses security attention and effort on areas of highest enterprise risk exposure. Yoran promotes that asset worth prioritization is only one side of enterprise threat analysis, and that this goes much deeper, both pragmatically and academically. Security analytics that focus security personnel attention on the most common dynamic risks (for example by filtering, correlating and scoring SIEM alert streams for security triage) must be well-grounded in all sides of enterprise threat analysis.

At Ziften we applaud Amit Yoran’s messages in his RSA 2015 keynote address as the cyber security industry evolves beyond the present Dark Ages of facile targeted attacks and established exploitations.