Monthly Archives: August 2015

Find Out Why Investment In Cyber Security Companies Continues To Grow At Record Levels – Charles Leaver

Written By Patrick Kilgore And Presented By Charles Leaver Ziften CEO

A report was published called “Financiers put billions into cyber security companies” by CEO of Cybersecurity Ventures, Steve Morgan. This is not guesswork. The previous year alone, venture backed cyber security organizations raised nearly $2 billion dollars. With this increase of capital, you would be forgiven for believing that things have actually achieved their peak. But you would be incorrect …

At the midpoint of 2015, start ups in cyber security had actually already raised $1.2 billion in financing. There seems to be no end in sight when it pertains to cyber security as Morgan suggests. Leading firms like Allegis Capital have actually even raised funds (to the tune of $100M) to back cyber security innovation, exclusively.

The usual suspects are not there on the list of names. Morgan’s article states that most of the financing statements are for quick growing companies like ours. Ziften is in good company among innovators who are keeping pace with the demands of modern cyber security. While we lead the pack in constant endpoint visibility – others companies have taken distinct approaches, such as applying artificial intelligence to the fight against cyber attacks or simplifying crucial lookups to bring public key file encryption to the masses. They are all tackling a various pieces of the puzzle.

And it certainly is a puzzle. Because lots of solutions are highly specialized, collaboration is going to be critical. The need for incorporating the different components in the market for an advanced view of the issue set is clear. That’s why we developed Ziften Open Visibility ™ – to supply APIs, connectors, and indicators to incorporate endpoint context and attribution data with existing investments.

Market Vision That Is 20/20

It may seem like market saturation to the layperson but it is just the tip of the cyber security iceberg. Every day, cyber attacks become more sophisticated, finding brand-new ways to devastate customers and organizations. This list of backed companies is a testament to the notion that legacy endpoint and network security is failing. The idea of prevention is a good one, however security experts now understand that a 2 pronged strategy is needed that integrates detection and response.

You can have a 20/20 view of your security landscape, or you can keep your present blind spots. Which one do you believe will help you to sleep at night?


After Reading The Cisco 2015 Midyear Security Report One Positive Really Stands Out – Charles Leaver

Written By Michael Bunyard And Presented By Ziften CEO Charles Leaver

Taking a look through the Cisco 2015 Midyear Security Report, the view was that “the bad guys are innovating faster than the security community.” This is not an unique declaration and can be discovered in a great deal of cyber security reports, because they are reactive documents to previous cyber attacks.

If all you do is concentrate on unfavorable results and losses then any report is going to look bad. The reality is that the vendors that are releasing these reports have a lot to gain from companies that wish to buy more cyber security products.

If you look thoroughly within these reports you will find good pieces of advice that could significantly enhance the security plans of your organization. So why do these reports not begin with this information? Well it’s all about offering solutions right?

One anecdote stood out after reading the report from Cisco that would be easy for organization security groups to resolve. The increasing vulnerabilities and exploits of Adobe Flash were detailed, and they are being integrated frequently into exploit packages such as Angler and Nuclear. The Flash Player is often updated by Adobe, however a variety of users are slow to apply these updates that would supply them with the protection that they need. This suggests that hackers are benefiting from the gap between the vulnerability being discovered and the upgrade patch being used.

Vulnerability Management Is Not Fixing The Issue

You would be forgiven for believing that because there are a whole range of services in the marketplace which scan endpoints for vulnerabilities that are understood, it would be extremely simple to ensure that endpoints were updated with the current patches. All that is required is for a scan to be run, the endpoints that require upgrading recognized, run the updates and task done right? The problem here is that scans are just run periodically, patches fail, users will introduce vulnerable apps inadvertently, and the organization is now wide open up until the next scan. Additionally, scans will report on applications that are installed but not used, which results in substantial varieties of vulnerabilities that make it difficult for an analyst to prioritize and manage.

What Is So Simple To Address Then?

The scans need to be run constantly and all endpoints monitored so that as soon as a system is not compliant you will know about it and can react instantly. Constant visibility that provides real time notifying and substantial reporting is the brand-new requirement as endpoint security is redefined and people understand the period of prevention – first is over. Leveraging the National Vulnerabilities Database (NVD), each application that is in fact running a recognized vulnerability can instantly be recognized, security personnel alerted, and the patch used. Further, solutions can search for suspicious activity from vulnerable applications, like sudden application crashes, which is a possible indication of an exploit attempt. Lastly, they can likewise find when a user’s system has not been restarted since the last security patch was available.

There Certainly Is Hope

The bright side about real-time endpoint visibility is that it deals with any susceptible application (not just Adobe Flash) because, hackers will move from app to app to evolve their techniques. There are simple solutions to big issues. Security teams just have to be informed that there is a better way of handling and protecting their endpoints. It simply takes the proper endpoint detection and response service.


Once You Accept That Hacking Starts With Humans You Can Win The Cyber Security War

Written By Patrick Kilgore And Presented By Charles Leaver CEO Ziften

When you are at the Black Hat yearly conference there are conversations going on everywhere about hacking and cyber security and it can make you paranoid. For a lot of individuals this is simply an appetiser for the DEF CON hacking program.

A long time ago a story was released by the Daily Dot which was called “The art of hacking humans” which went over the Social Engineering “Capture the Flag” contest that has been running from 2010. In it, participants utilize the very best tool a hacker has at their disposal – their wits – and take advantage of flight of fancies and social subterfuge to encourage unwary victims to supply sensitive info in exchange for points. A couple of mistakes here, a remark about applications there, and a bang! You’re hacked and on the front page of the New York Times.

For the businesses being “Targeted” (such as huge box sellers who will remain nameless …), the contest was initially considered as an annoyance. In the years since its creation nevertheless, the Capture the Flag contest has actually gotten the thumbs up from numerous a corporate security professionals. Its contestants engage each year to evaluate their mettle and help possible hacking victims comprehend their vulnerabilities. It’s a white hat education in what not to do and has actually made strides for business awareness.

Human Hacking Starts With … Humans (duh).

As we know, the majority of destructive attacks start at the endpoint, because that is where the people in your company live. All it takes is access from a nebulous location to do major damage. But rather than consider hacks as something to react to or a simple process to be eliminated, we have to advise ourselves that behind every attack there is an individual. And ultimately, that’s who we need to equip ourselves against. How do we do that?

Considering that companies exist in the real world, we should all accept that there are those who would do us harm. Rather than trying to prevent hacks from occurring, we need to re-wire our brains on the matter. The secret is identifying harmful user behavior as it is happening so that you can react accordingly. The brand-new age of endpoint security is focused on this ability to picture user behavior, inspect and analyze it quickly, and then respond rapidly. At Black Hat we are revealing folks how they can continuously monitor the fringes of their network so that when (not if) breaches take place, they can be promptly tackled.

As a wise man once said, “You can’t secure what you cannot manage and you can’t manage what you cannot see.” The outcome significantly lowers time to detect and time to respond (TTR). Which’s no lie.


Charles Leaver – Here Is Why You Should Look At Cyber Security As A War Between People

Written By Michael Bunyard And Presented By Charles Leaver CEO Ziften

Cyber security is all about people vs. people. Each day that we sift through the most recent attack news (like the current Planned Parenthood breach) it becomes increasingly more obvious that not only are individuals the issue, in numerous ways, but people are likewise the answer. The aggressors are available in various categories from insiders to hackers to organized crime and State sponsored terrorists, but at the end of the day, it’s individuals that are directing the attacks on organizations and are for that reason the problem. And it’s individuals that are the primary targets exploited in the attack, normally at the endpoint, where people access their connected business and personal worlds.

The endpoint (laptop, desktop, mobile phone, tablet) is the device that people utilize throughout their day to get their stuff done. Think of how often you are attached to your endpoint( s). It’s a lot, right? Not only are these endpoints susceptible (see the Stagefright Android vuln for a fine example), individuals at the endpoint are often the weak link in the chain that provide the opening for the enemies to make use of. All it takes is a single person to open the wrong email, click to the incorrect site or open the wrong file and it’s game on. In spite of all the security awareness available, individuals will make errors. When speaking about the Planned Parenthood breach my coworker Mike Hamilton, who directs the product vision here at Ziften, provided a truly intriguing insight:

” Every organization will have individuals against it, and now those people have the methods and objective to disrupt them or steal their data. Leveraging existing blind spots, cyber criminals or perhaps hackers have simple access through susceptible endpoints and use them as a point of entry to conceal their activities, avert detection, make use of the network and take advantage of the targeted company. It is now more important than ever for companies to be able to see suspicious habits beyond the network, and certainly beyond just their web server.”

People Powered Security

It makes good sense that cyber security services ought to be purpose built for individuals that are protecting our networks, and keeping track of the behaviors of the people as they utilize their endpoints. But typically this hasn’t held true. In fact, the endpoint has been a virtual black box when it comes to having continuous visibility of user behaviors. This has actually resulted in a dearth of details about what is truly taking place on the endpoint – the most vulnerable component in the security stacks. And cyber security services certainly don’t appear to have individuals protecting the network in mind when silos of disparate pieces of information flood the SIEM with so many incorrect positive signals that they cannot see the genuine threats from the benign.

Individual powered security allows viewing, examining, and responding by examining endpoint user habits. This has to be performed in a way that is pain-free and fast since there is a big shortage of skills in companies today. The very best technology will enable a level one responder to deal with the majority of suspected dangers by providing easy and concise details to their fingertips.

My security master coworker (yeah, I’m lucky that on one corridor I can talk with all these folks) Dr. Al Hartmann says “Human-Directed Attacks need Human Directed Response”. In a recent blog post, he nailed this:

” Human intelligence is more versatile and creative than machine intelligence and will always eventually adapt and beat an automatic defense. This is the cyber-security versio of the Turing test, where a machine defense is trying to rise to the intellectual level of a knowledgeable human hacker. At least here in the 21st Century, machine learning and artificial intelligence are not up to the task of fully automating cyber defense, the cyber assailant inevitably is victorious, while the victims lament and count their losses. Only in science fiction do thinking machines overpower humans and take control of the planet. Don’t subscribe to the cyber fiction that some autonomous security software application will outsmart a human hacker foe and conserve your organization.”

Individual powered security empowers well informed vibrant response by the individuals trying to thwart the attackers. With any other technique we are simply kidding ourselves that we can keep up with enemies.