Monthly Archives: September 2015

Charles Leaver – To Win A Red Herring Award Means Everything To Us At Ziften

Written By Rachel Munsch And Presented By Charles Leaver CEO Ziften

There is some interesting news to share: For 2015 Ziften has been chosen as a Top 100 North America award winner. There were around 1200 businesses from the USA and Canada assessed in the yearly competition and our Endpoint Detection and Response system managed to lift us into the leading 100.

It is well recognized that the Red Herring 100 Awards are widely understood to be among the sector’s more prestigious acknowledgments. Those that reach the finals have to go through an extensive selection procedure which is based on over 20 requirements that includes technological development, addressable market, business model, client footprint and level of specialty. Alex Vieux, CEO and Red Herring Publisher, felt that the competition was very strong this year and the procedure of selection was difficult:

“However after much thought, extensive reflection and conversation, we narrowed our list down from large numbers of candidates from throughout North America to the North America winners. Our company believe Ziften embodies the vision, drive and innovation that specify a successful entrepreneurial endeavor. Ziften ought to take pride in its achievement, as the competition was really strong.”

Here at Ziften we are extremely proud to be selected as a Red Herring award winner. It’s always gratifying to have our work validated and be recognized, especially when you think about the renowned list of finalists. Our dedication to helping companies safeguard themselves from the advanced threats that exist today stays strong, and this award will work as an inspiration moving on as we continue to strive to be the leader in endpoint security and defense.


Make Sure That You Are Vigilant With Vishing Scams On The Rise – Charles Leaver

Written By David Shefter And Presented By Ziften CEO Charles Leaver

I was viewing television in August, 2015 and I had a call from a 347 area code telephone number. I believed that it was a business associate of mine who resides in the outer districts, so I answer the call.

The call was a total surprise, “Roy Callahan from the New York City Police Department” threatens me with a warrant for my arrest within minutes, and specifies that I have to turn myself into the regional police department. So, I spoke with my buddy Josh Linder. He says that it’s rampant in the region where he lives and likewise happened to him, but they threatened him if he didn’t comply by acquiring a $9000 Green Dot pre-paid card.

If You Believe This Sounds Embellished …

This happens countless times every day. Law enforcement agencies (LEA’s) ranging from local municipalities to the FBI, and everything between are overwhelmed. They can’t compete – poor actors are quick, clever, and ahead of the curve.

These lawbreakers likewise understand how budget, talent and resource constrained the LEA’s are. The local ones are best at catching thieves and pulling over speeding vehicles, not tracking terrorists to their origin across federal or state borders. With little coordination or interest and an absence of tools, over 99% of these frauds go unsolved.

How Did They Discover Me?

Initially, social networking has actually created a gold mine of details. People trust their name, address, phone number, work history, educational background, and social circles to the public domain. This is where the threat lies, not the much publicized hacks at federal government agencies, banks, healthcare organizations and retailers.

However, the big exposures at merchants like Home Depot, Target and Michael’s along with the more recent hacks at the United States Office of Personal Management (OPM), United Airlines and Anthem must be of tremendous concern. This info enables wrongdoers the capability to triangulate data, and construct an abundant persona of people like you and me.

Putting this into context, tens of millions of records were exposed, which could be used to go far beyond extortion payments, and move towards the exploit physical susceptibilities in military personnel, executives and even normal people.

How Rapidly Will I Be Exposed?

According to a 2014 FBI rip-off alert, victims reported having money illegally withdrawn from their accounts within ten minutes of getting a vishing call, and another of having hundreds or thousands of fraudulent withdrawals in the days following.

What Can I Do About It?

As an individual, it is best to be alert and utilize common sense. No matter what a “vishing” caller ID says, the U.S. IRS will not require cash or account numbers. Do not fall victim to Vishing’s wicked cousin Phishing and click links in emails which might take you to a malware site – invest an extra 2 seconds confirming that the email is actually who it is from, not simply a familiar name.

Second, it’s best to protect your social profiles online. Facebook, LinkedIn, Twitter, and the trove of other tools have probably currently exposed you. Perform an easy Google search, then move to tidy up the public aspects of your online persona.

Third, imitate a business to protect your employees as if they were your relatives. Big organizations have invested greatly in antivirus, drive encryption, email security, and next generation firewall software. None of this matters – phishing and vishing frauds go right around these. You need training, continuous education, caution, and technology which is smarter. A crucial technique to this is executing continuous endpoint visibility on your devices. At Ziften, our software application plugs security gaps to form a more durable wall.

The battle for cyber security protection is consuming your resources, from your individuals to your budget plan. Threats are faster, smarter, and more focused than before, and working their way around conventional avoidance services and getting straight to the point; your endpoints. As soon you have been breached you have less than an hour before the cyber attack discovers additional victims within your organization. Time is of the essence, and because we cannot develop more of that, we focus on maximizing continuous intelligence so your group can make the right choice, right now.

In Closing

Today, individuals are so concentrated on deceitful credit card charges, and organizations are locking down endpoints at a record pace.

More has to be done. The crooks are quicker, more intelligent, more enabled – and outside the bounds of the authorities. While news will always arrive regarding the success of capturing massive fraudsters and untouchable foreign nationals in China and Russia, there will be thousands of small exploits every day.

At Ziften, we have one objective, to make endpoint security quick and easy for the end user to not only deploy, however manage and drive daily worth. By integrating real-time user, device, and behavior monitoring with effective analytics and reporting, Ziften immediately empowers any organization to see, inspect, and react to the very latest attacks.

My thanks to Josh Linder for his discussions on this topic.


With Ziften You Can Be Sure That Your Gartner SOC Nuclear Triad Will Be Implemented – Charles Leaver

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO

Anton Chuvakin, VP and security analyst at Gartner Research posted about the three essential Security Operations Center (SOC) tools required to provide efficient cyber attack visibility. Chuvakin compared them to the cold war’s “nuclear triad” idea of siloed, airborne, and nuclear submarine abilities required to ensure survival in an overall nuclear exchange. Likewise, the SOC visibility triad is important to making sure the survival of a cyber attack, “your SOC triad looks to significantly decrease the chance that the attacker will operate on your network long enough to accomplish their goals” as Chuvakin wrote in his blog.

Now we will look at the Gartner designated essentials of the SOC triad and how Ziften supports each capability.

SIEM (Security Information and Event Management) – Ziften Open Visibility ™ extends existing security, event tracking tools and system management by providing crucial open intelligence of any business endpoint. Ziften’s Open Visibility platform now includes integration with Splunk, ArcSight, and QRadar, as well as any SIEM supporting Common Event Format (CEF) alerts. Unlike competing product integrations that only offer summary data, Ziften Open Visibility exposes all Ziften gathered endpoint data for complete featured integration exploitation.

NFT (Network Forensics Tools)– Ziften ZFlow ™ extends network flow based security tools with essential endpoint context and attribution, significantly enhancing visibility to network events. This new standards based technology extends network visibility down within the endpoint, collecting essential context invisible over the wire. Ziften has an existing product integration with Lancope, and also has the ability to quickly integrate with other network flow collectors utilizing Ziften Open Visibility architecture.

EDR (Endpoint Detection and Response)– The Ziften Endpoint Detection and Response service constantly examines user and device behaviors and highlights anomalies in real time, enabling security analysts to hone in on sophisticated risks faster and lessen Time To Resolution (TTR). Ziften EDR allows companies to more rapidly figure out the root cause of a breach and select the required corrective actions.

While other security tools play supporting roles, these are the 3 fundamentals that Gartner asserts do constitute the core defender visibility into enemy actions within the targeted company. Arm up your SOC triad with Ziften. For a no obligation complimentary trial, see: to get more information.


Charles Leaver – With Endpoint Visibility Incident Response Times Will Be Significantly Reduced

Written By Kyle Flaherty And Presented By Ziften CEO Charles Leaver

It was quite a day on July 9 2015 in the world of cyber security. The first thing to occur was the grounding of flights by United Airlines due to a technical problem, this was followed soon later on by the New York Stock Exchange (NYSE) revealing they had to halt trading. This report originated from the Wall Street Journal as you would anticipate, and they went offline soon after.

This caused total panic on the Internet! There was a huge buzz on Twitter and there were a lot of rumors that a well coordinated cyber attack was occurring. Individuals were jumping off the virtual bridge and declaring a virtual Armageddon.

There was overall chaos until the 3 organizations declared in public that the problems were not connected to cyber attacks but the feared unknown “technical glitch”.

Visibility Is The Problem For Attacks Or Glitches

In today’s world it is presumed that “glitch” means “attack” and it is true to say that an excellent team of hackers can make them look the same. There are still no details about the incidents on that day and there most likely never ever will (although there are rumors about network resiliency issues with one of the biggest ISPs). At the end of the day, when an event like this happens all companies require answers.

Stats recommend that each hour of incident response may cost thousands of dollars an hour, and when it comes to companies such as United and NYSE, downtime has not been taken into consideration. The board of directors at these businesses don’t wish to hear that something like this will take hours, and they may not even care how it happened, they just desire it resolved quickly.

This is why visibility is always in the spotlight. It is essential when emergency situations strike that an organization knows all the endpoints in their environment and the contextual habits behind those endpoints. It might be a desktop, a server, a laptop and it might be offline or online. In this modern-day era of security, where the idea of “prevent & obstruct” is no longer an appropriate technique, our ability to “rapidly find & respond” has actually ended up being more and more important.

So how are you making the transition to this brand-new era of security? How do you decrease the time in determining whether it was an attack or a glitch, and exactly what to do about it?