Monthly Archives: November 2015

Guard Your Organization From Data Breaches With Endpoint Threat Detection Investment – Charles Leaver

Written By Charles Leaver Ziften CEO

Resisting data breaches is a tough thing to achieve, however crucial to be successful in the current business environment. Because of the sheer amount of cyber crooks waiting in the wings to steal personal information, charge card information, and other important data from consumers, businesses need to understand the high quantity of risks to information online, and take steps to prevent it. Utilizing endpoint threat detection and response software is one of the very best ways to look after this issue, as it can allow for a simple method to fight against a variety of various exploits hackers can utilize to gain access to a business network.

In order to produce a better, more attack proof system, developing a strong sense of back-end security is essential. The New York Times’ short article on safeguarding data touches on a couple of, crucial procedures that can make a big difference in keeping customer information from ending up in the wrong hands. Some of the measures the post touches on include utilizing point-of-sale systems for consumer transactions only, dedicating one computer system to all monetary business, and keeping software updated. These are wise suggestions because they secure against a number of ways that hackers prefer to utilize to breach systems. A PoS system that doesn’t connect to the Web other than to transfer data to bank servers is more secure than one that isn’t so restricted since it decreases the threat of a virus getting onto the network through the Internet. Making one computer the single access point for monetary transactions and nothing else can keep infections or other destructive monitoring software from getting in. In this way, a business can significantly protect its clients while not in fact taking on that many additional expenses.

Ensure That Security And Safeguarding Come First

Property Casualty 360 has a comparable list of recommendations, consisting of automating patches to organization systems, utilizing file encryption on all devices, imposing strong passwords, and keeping an eagle-eyed approach to email. Encrypting information, specifically financial information, is highly important. It is possible for a hacker to obtain monetary information kept as plain text extremely simply without using encryption steps. Naturally, strong endpoint threat response systems need to be utilized to deal with this risk, but security, like clothing in Fall, is best when layered. Using several various methods simultaneously significantly reduces the opportunity of a given organization’s data from being leaked, which can, over time, make it much easier to safeguard against any sort of damage that might be done.

Lots of breaches happen not when a piece of malware has actually effectively planted itself on a server, however when an employee’s e-mail account includes an insecure password. Dictionary words, like “dog” or “password,” ought to never be used. They are simple to hack and to break in to, and they can cause entire stores of data being stolen. Likewise, a worker accidentally sending out a list of clients to someone without examining their designated receivers list can end up sending a whole fleet of information out to the incorrect person, effortlessly causing enormous data loss. This type of leak needs to be prevented by strong training.

In response to the multitude of dangers out there currently, the best way to deal with them is to use strong endpoint threat response systems in order to avoid losing important data. Utilizing a big variety of different security techniques in order to secure against all inbound attacks in a clever way to ensure that your company is able to weather a variety of blows. This type of attitude can keep an organization from being sunk by the big quantity of attacks presently striking companies.


Christmas Is A High Alert Time For Hackers So Be Ready – Charles Leaver

Written by Ziften CEO Charles Leaver



Throughout the holiday season it is a prime time for the cyber criminals, syndicates and state sponsored cyber groups to hack your company. A lowered number of IT personnel at work might enhance the odds for undiscovered endpoint compromise, sneaky lateral pivoting, and undetected data exfiltration. Experienced attack teams are most likely assigning their leading talent for a well-coordinated holiday hackathon. Penetration of your enterprise would likely begin with an endpoint compromise by means of the typical targeted methods of spear phishing, social engineering, watering hole attacks, etc

With thousands of enterprise client endpoints readily available, preliminary infiltration barely positions a challenge to experienced assailants. Conventional endpoint security suites are there to secure against previously-encountered commodity malware, and are basically useless versus the one-off crafted exploits used in targeted attacks. The attack group will have reconnoitered your business and assembled your standard cyber defense products in their laboratories for pre-deployment evasion screening of planned exploits. This pre-testing may include appropriate sandbox evasion techniques if your defenses consist of sandbox detonation safeguards at the business boundary, although this is not always needed, for example with off-VPN laptop computers visiting compromised market watering holes.

The methods which enterprise endpoints might end up being compromised are too many to list. In most cases the compromise may merely involve jeopardized credentials, without any malware needed or present, as validated by industry research studies of malicious command and control traffic observed from pristine endpoints. Or the user, and it only takes one among thousands, may be an insider opponent or a disgruntled staff member. In any big enterprise, some incidence of compromise is unavoidable and continuous, and the holiday period is ripe for it.

Given constant attack activity with inescapable endpoint compromise, how can businesses best respond? Endpoint detection and response (EDR) with constant monitoring and security analytics is a powerful strategy to determine and respond to anomalous endpoint activity, and to perform it at-scale throughout lots of enterprise endpoints. It likewise enhances and synergizes with enterprise network security, by offering endpoint context around suspicious network activity. EDR supplies visibility at the endpoint level, similar to the visibility that network security offers at the network level. Together this supplies the complete picture needed to recognize and react to uncommon and potentially significant security incidents throughout the enterprise.

Some examples of endpoint visibility of prospective forensic value are:

  • Monitoring of user login activity, particularly remote logins that may be attacker-directed
  • Tracking of user existence and user foreground activity, including typical work patterns, activity durations, and so on
  • Tracking of active procedures, their resource usage patterns, network connections, procedure hierarchy, and so on
  • Collection of executable image metadata, including cryptographic hashes, version info, filepaths, date/times of first appearance, and so on
  • Collection of endpoint log/audit events, preferably with optimum logging and auditing setup settings (to take full advantage of forensic value, minimize noise and overhead).
  • Security analytics to score and rank endpoint activity and bubble substantial operating pattern abnormalities to the business SIEM for SOC attention.
  • Assistance for nimble traversal and drilldown of endpoint forensic data for rapid analyst vetting of endpoint security anomalies.

Do not get a lump of coal in your stocking by being caught unawares this Christmas. Arm your enterprise to contend with the dangers arrayed against you.

Happy Christmas!

Safeguard Your Organization By Watching The Watchers – Charles Leaver

Written By Charles Leaver CEO Ziften

High level cyber attacks underline how an absence of auditing on existing compliance products can make the worst kind of headlines.

In the previous Java attacks into Facebook, Microsoft and Apple along with other giants of the market, didn’t need to dig too deep into their playbooks to discover a method to attack. As a matter of fact they utilized one of, if not the most ancient axiom in the book – they utilized a remote vulnerability in massively dispersed software and exploited it to set up remote access to software application capability. And in this case on an application that (A) wasn’t up to date and (B) most likely didn’t have to be running.

While the hacks themselves have actually been headline news, the techniques companies can use to prevent or eradicate them is quite dull stuff. All of us hear “keep boxes current with patch management software applications” and “ensure uniformity with compliance tools”. That is industry standard and old news. However to pose a concern: who is “watching the watchers”? Which in this case the watchers being compliance, patch and systems management technologies. I believe Facebook and Apple found out that even if a management product informs you that a software application current doesn’t indicate you need to believe it! Here at Ziften our results in the field say as much where we regularly uncover lots of variations of the SAME significant application running on Fortune 1000 sites – which by the way all are utilizing compliance and systems management products.

In the case of the exploited Java plug-in, this was a MAJOR application with large circulation. This is the type of software that gets tracked by systems management, compliance and patch products. The lesson from this could not be clearer – having some kind of check against these products is essential (just ask any of the organizations that were attacked…). However this only makes up a part of the problem – this is a major (debatably vital) application we are speaking about here. If companies find it difficult to get their arms around keeping ahead with updates on known licensed applications being utilized, then exactly what about all the unknown and unneeded running applications and plug-ins and their vulnerabilities? Stated simply – if you can’t even know exactly what you are expected to know then how in the world can you understand (and in this case secure) about the things you don’t know or are concerned about?


Ziften Will Eradicate The Problem Of Extraneous Software Security Risks – Charles Leaver

Written By Dr Al Hartmann And Presented By Charles Leaver CEO Ziften

The reality about the PC ecosystem is such that extraneous procedures are all over and go into enterprise PC’s by every ruse imaginable. Leading software ISVs and hardware OEMs and IHVs have no ethical qualms with burdening enterprise PCs with unnecessary and unwanted software if they can grab a couple of royalty dollars on the side at your cost. This one flew up on my screen just this morning as I handled the current headline-making Java security vulnerabilities.

Here is the setting – zero-day vulnerabilities were discovered just recently in Java, a key software component in numerous business applications. Department of Homeland Security professionals encouraged turning off Java entirely, however that cuts off Java business apps.

The option for where Java is necessary (within many businesses) is to upgrade Java, an Oracle software product, to obtain a minimum of the most recent partial software fixes from Oracle. However Oracle defaults installation of undesirable extraneous software in the form of the Ask Toolbar, which numerous security-conscious however naïve users will presume is valuable given the Oracle suggestion (and golly gee it doesn’t cost anything), although browser add-ons are an infamous security risk.

Just Ziften integrates security consciousness with extraneous procedure recognition and remediation capabilities to assist enterprises enhance both their security and their performance-driving operating effectiveness Do not opt for half-measures that ignore extraneous procedures multiplying across your business client landscape – employ Ziften to gain visibility and control over your client population.