Monthly Archives: November 2016

Here Is What You Need To Do To Avoid A Cyber Attack – Charles Leaver

Written By Charles Leaver CEO Ziften


No organization, however small or big, is immune from a cyberattack. Whether the attack is started from an outside source or from an insider – no business is completely secure. I have lost count of the number of times that executives from organizations have said to me, “why would any person want to attack us?”

Cyberattacks Can Take Lots of Forms

The expansion of devices that can connect to organization networks (laptops, smart phones and tablets) indicate an increased threat of security vulnerabilities. The objective of a cyberattack is to exploit those vulnerabilities.


One of the most common cyberattack techniques is the use of malware. Malware is code that has a harmful intent and can include viruses, Trojans and worms. The aim with malware is typically to steal delicate data or even destroy computer networks. Malware is often in the shape of an executable file that will distribute across your network.

Malware is ending up being a lot more advanced, and now there is rogue software that will masquerade itself as legitimate security software that has been developed to secure your network.

Phishing Attacks

Phishing attacks are likewise typical. Frequently it’s an e-mail that is sent from an allegedly “trustworthy authority” requesting that the user supply individual data by clicking on a link. Some of these phishing e-mails look extremely genuine and they have deceived a great deal of users. If the link is clicked and data entered the info will be taken. Today an increasing number of phishing emails can include ransomware.

Password Attacks

A password attack is among the simplest kinds of cyberattacks. This is where an unapproved third party will attempt to access to your systems by “breaking” the login password. Software applications can be employed here to carry out brute force attacks to predict passwords, and mix of words used for passwords can be compared using a dictionary file.

If an enemy gains access to your network through a password attack then they can easily introduce destructive malware and trigger a breach of your sensitive data. Password attacks are one of the simplest to prevent, and stringent password policies can provide an extremely reliable barrier. Altering passwords frequently is also advised.

Denial of Service

A Denial of Service (DoS) attack is everything about causing maximum disruption of the network. Attackers will send very high volumes of traffic through the network and typically make lots of connection demands. The result is an overload of the network and it will shut down.

Numerous computer systems can be utilized by hackers in DoS attacks that will create really high levels of traffic to overload the network. Just recently the biggest DoS attack in history utilized botnets against Krebs On Security. Frequently, endpoint devices connected to the network such as PC’s and laptops can be hijacked and will then contribute to the attack. If a DoS attack is experienced, it can have serious effects for network security.

Man in the Middle

Man in the middle attacks are accomplished by impersonating endpoints of a network throughout a details exchange. Details can be stolen from the end user or perhaps the server that they are communicating with.

How Can You Totally Avoid Cyber Attacks?

Total avoidance of a cyber attack is impossible with existing innovation, but there is a lot that you can do to protect your network and your delicate data. It is very important not to think that you can simply acquire and execute a security software application suite and then relax. The more advanced cyber lawbreakers are aware of all the security software application systems on the market, and have actually created methods to overcome the safeguards that they offer.

Strong and frequently changed passwords is a policy that you must embrace, and is one of the most convenient safeguards to implement. Encrypting your sensitive data is another no-brainer. Beyond setting up anti-viruses and malware protection suites along with an excellent firewall software program, you should make sure that routine backups remain in place and also you have a data breach event response/remediation strategy in case the worst happens. Ziften assists organizations continually monitor for threats that might survive their defenses, and act instantly to eliminate the hazard totally.

Prevent Cloud Migration Security and Compliance Headaches With Endpoint Visibility – Charles Leaver

Written By Logan Gilbert And Posted By Charles Leaver Ziften CEO


Fears Over Compliance And Security Prevent Organizations From Cloud Migration

Moving segments of your IT operations to the cloud can look like a big task, and a dangerous one at that. Security holes, compliance record keeping, the danger of presenting errors into your architecture … cloud migration provides a lot of scary problems to deal with.

If you have actually been wary about migrating, you’re not alone – however aid is on the way.

When Evolve IP surveyed 1,000+ IT pros earlier this year for their Adoption of Cloud Services North America report, 55 percent of those polled said that security is their biggest concern about cloud adoption. For companies that don’t already have some cloud existence, the number was even higher – 70%. The next largest barrier to cloud adoption was compliance, pointed out by 40 percent of participants. (That’s up eleven percent this year.).

However here’s the bigger problem: If these concerns are keeping your company out of the cloud, you cannot make the most of the effectiveness and cost advantages of cloud services, which becomes a strategic impediment for your entire company. You require a method to migrate that likewise answers issues about security, compliance, and operations.

Improved Security in Any Environment With Endpoint Visibility.

This is where endpoint visibility wins the day. Having the ability to see what’s going on with every endpoint offers you the visibility you have to improve security, compliance, and functional efficiency when you migrate your data center to the cloud.

And I imply any endpoint: desktop computer, laptop, mobile device, server, VM, or container.

As a very long time IT pro, I understand the temptation to think you have more control over your servers when they’re locked in a closet and you’re the one who holds the keys. Even when you know that parts of your environment depend on kludges, they’re your kludges, and they’re steady. Plus, when you’re running your own data center – unlike when you’re in the cloud – you can utilize network taps and an entire host of tracking tools to take a look at traffic on the wire, determine a great deal about who’s speaking to whom, and fix your issues.

But that level of information pales in comparison to endpoint visibility, in the data center or in the cloud. The granularity and control of Ziften’s solution offers you much more control than you could ever get with a network tap. You can spot malware and other issues anywhere (even off your network), separate them right away, then track them back to whichever user, application, device, or process was the weak spot in the chain. Ziften offers the ability to perform look back forensics and to quickly repair issues in much less time.

Eliminating Your Cloud Migration Headaches.

Endpoint visibility makes a big difference anytime you’re ready to migrate a segment of your environment to the cloud. By evaluating endpoint activity, you can develop a standard inventory of your systems, clear out unmanaged assets such as orphaned VMs, and hunt down vulnerabilities. That gets everything protected and steady within your own data center prior to your relocate to a cloud provider like AWS or Azure.

After you have actually moved to the cloud, ongoing visibility into each application, device and user implies that you can administer all segments of your infrastructure more effectively. You avoid squandering resources by preventing VM proliferation, plus you have an in-depth body of data to please the audit requirements for NIST 800-53, HIPAA, and other compliance regulations.

When you’re ready to relocate to the cloud, you’re not destined to weak security, insufficient compliance, or operational SNAFUs. Ziften’s technique to endpoint security offers you the visibility you require for cloud migration without the nightmares.

Tool For Complete Endpoint Visibility And Attack Remediation – Charles Leaver

Written By Logan Gilbert And Presented By Charles Leaver


Ziften aids with incident response, removal, and examination, even for endpoints that are not connected to your network.

When events happen, security experts have to act quickly and thoroughly.

With telecommuting labor forces and corporate “cloud” infrastructures, remediation and analysis on an endpoint pose a really overwhelming job. Below, watch how you can use Ziften to act on the endpoint and determine the origin and proliferation of a compromise in minutes – no matter where the endpoints are located.

First, Ziften alerts you to destructive activities on endpoints and directs you to the reason for the alert. In seconds, Ziften lets you take remediation actions on the endpoint, whether it’s on the organization network, an employee’s home, or the regional cafe. Any removal action you ‘d typically perform by means of a direct access to the endpoint, Ziften offers through its web console.

Just that rapidly, removal is taken care of. Now you can utilize your security expertise to go threat searching and do a bit of forensics work. You can instantly dive into much more information about the procedure that led to the alert; and then ask those vital questions to discover how widespread the problem is and where it propagated from. Ziften delivers comprehensive incident remediation for security analysts.

See directly how Ziften can help your security team zero in on threats in your environment with our 30 day complimentary trial.

CISO’s Need To Pay Close Attention To The OPM Breach Review – Charles Leaver

Written by Dr Al Hartmann And Presented By Ziften CEO Charles Leaver


Cyber attacks, attributed to the Chinese government, had breached delicate workers databases and taken data of over 22 million existing, former, and potential U.S. civil servants and family members. Stern cautions were neglected from the Office of the Inspector General (OIG) to close down systems without current security authorization.

Presciently, the OIG specifically cautioned that failure to close down the unauthorized systems carried nationwide security implications. Like the Titanic’s doomed captain who preserved flank speed through an iceberg field, the OPM reacted,

” We concur that it is essential to keep updated and valid ATO’s for all systems but do not think that this condition rises to the level of a Material Weak point.”

In addition the OPM worried that closing down those systems would mean a lapse in retirement and worker benefits and paychecks. Provided an option in between a security lapse and an operational lapse, the OPM decided to operate insecurely and were pwned.

Then director, Katherine Archuleta, resigned her office in July 2015, a day after exposing that the scope of the breach significantly exceeded initial damage assessments.

Despite this high value info preserved by OPM, the agency cannot prioritize cyber security and sufficiently safe and secure high value data.

Exactly what Can CISO’s learn from this?

Rational CISO’s will wish to prevent career immolation in a huge flaming data breach catastrophe, so let’s quickly review the essential lessons from the Congressional report executive summary.

Focus on Cybersecurity Commensurate with Asset Value

Have an efficient organizational management structure to execute risk-appropriate IT security policies. Persistent lack of compliance with security best practices and lagging recommendation execution timelines are signs of organizational failure and administrative atherosclerosis. Shake up the organization or prepare your post-breach panel grilling prior to the inquisitors.

Don’t Endure a Complacent State of Information Security

Have the essential monitoring in place to maintain crucial situational awareness, leave no observation gaps. Don’t fail to comprehend the scope or extent or gravity of attack indications. Assume if you recognize attack indicators, there are other indications you are missing out on. While OPM was forensically observing one attack avenue, another parallel attack went unobserved. When OPM did do something about it the cyber attackers understood which attack had been identified and which attack was still effective, rather important intelligence to the opponent.

Enforce Basic Required Security Tools and Quickly Deploy State Of The Art Security Tools

OPM was woefully irresponsible in implementing mandated multi-factor authentication for privileged accounts and didn’t deploy available security technology that might have avoided or reduced exfiltration of their most important security background investigation files.

For privileged data or control access authentication, the phrase “password protected” has been an oxymoron for many years – passwords are not protection, they are an invite to compromise. In addition to sufficient authentication strength, complete network monitoring and visibility is required for prevention of delicate data exfiltration. The Congressional investigation blamed sloppy cyber hygiene and insufficient system traffic visibility for the hackers’ persistent existence in OPM networks.

Don’t Fail to Intensify the Alarm When Your Critically Sensitive Data Is Being Attacked

In the OPM breach, observed attack activity “ought to have sounded a high level multi agency national security alarm that a sophisticated, relentless actor was seeking to access OPM’s highest-value data.” Instead, absolutely nothing of consequence was done “until after the agency was severely compromised, and till after the agency’s most delicate information was lost to dubious actors.” As a CISO, activate that alarm in good time (or rehearse your panel look face).

Finally, do not let this be said of your business security posture:

The Committee acquired documents and testaments showing OPM’s information security posture was weakened by a woefully unsecure IT environment, internal politics and bureaucracy, and misplaced top priorities related to the deployment of security tools that slowed essential security decisions.

Be Aware Of Security Problems With A Cloud Migration – Charles Leaver

Written By Charles Leaver CEO Ziften


What Worries Enterprise CISOs When Migrating To The Cloud

Moving to the cloud provides a variety of benefits to enterprise organizations, but there are real security issues that make switching over to a cloud environment uneasy. What CISOs desire when migrating to the cloud is continuous insight into that cloud environment. They require a method to monitor and determine threat and the self-confidence that they have the appropriate security controls in place.

Increased Security Risk

Migration to the cloud suggests using managed IT services and lots of people think this suggests relinquishing a high level of visibility and control. Although the top cloud suppliers utilize the latest security technology and file encryption, even the most current systems can fail and expose your delicate data to the world.

In reality, cloud environments are subject to comparable cyber risks as private enterprise data centers. Nevertheless, the cloud is becoming a more attractive target due to the significant amount of data that has been saved on servers in the cloud.

Cyber attackers understand that business are slowly migrating to the cloud, and they are currently targeting cloud environments. Alert Logic, a security as a service provider, published a report that concluded that those who make IT decisions should not presume that their data that is stored off premise is more difficult for cyber bad guys to get.

The research report went on to state that there had actually been a 45% boost in application attacks against deployments in the cloud. There had actually likewise been an increase in attack frequency on organizations that save their infrastructure in the cloud.

The Cloud Is a Jackpot

With the shifting of important data, production workloads, and software applications to cloud environments these discoveries should not come as a surprise. A declaration from the report said, “… cyber attackers, like everyone else, have a minimal amount of time to finish their task. They want to invest their time and resources into attacks that will bear the most fruit: companies utilizing cloud environments are mostly considered that fruit bearing jackpot.”

The report also suggests that there is a mistaken belief within organizations about security. A variety of organization decision makers were under the impression that once a cloud migration had actually taken place then the cloud service provider would be completely accountable for the security of their data.

Security in The Cloud Has to Be A Shared Duty

All companies should take responsibility for the security of their data whether it is hosted on site or in the cloud. This duty can not be totally relinquished to a cloud business. If your business experiences a data breach while utilizing cloud management services, it is unlikely that you would be able to evade obligation.

It is vital that every business fully comprehends the environment and the dangers that are connected with cloud management. There can be a myriad of legal, financial, commercial, and compliance risks. Prior to migrating to the cloud make certain to inspect agreements so that the supplier’s liability is totally understood if a data breach were to take place.

Vice president of Alert Logic Will Semple said, “the secret to safeguarding your critical data is being knowledgeable about how and where along the ‘cyber kill chain’ cyber attackers penetrate systems and to use the best security tools, practices and resource investment to combat them.”

Cloud Visibility Is Critical

Whether you are utilizing cloud management services or are hosting your own infrastructure, you require complete visibility within your environment. If you are considering the migration of part – or all – of your environment to the cloud then this is vital.

After a cloud migration has happened you can count on this visibility to monitor each user, device, application, and network activity for prospective risks and possible dangers. Therefore, the administration of your infrastructure ends up being a lot more effective.

Don’t let your cloud migration result in weakened security and insufficient compliance. Ziften can assist preserve cloud visibility and security for your existing cloud implementations, or planned cloud migrations.

Prevent A Cyber Attack From Occurring With Sophisticated Endpoint Management – Charles Leaver

Written By Charles Leaver Ziften CEO


Identify and manage any device that needs access to your business network.

When a company becomes larger so does its asset footprint, and this makes the job of handling the whole set of IT assets a lot more challenging. IT management has altered from the days where IT asset management consisted of keeping records of devices such as printers, making an inventory of all installed applications and making sure that anti-virus suites were updated.

Today, companies are under constant threat of cyber attacks and making use of harmful code to infiltrate the corporate network. Numerous devices now have network access abilities. Gone are the days when only desktop PC’s linked to a business network. Now there is a culture of bring your own device (BYOD) where mobile phones, tablets and laptops are all encouraged to link to the network.
While this provides flexibility for the companies with the capability for users to link from another location, it opens an entire new series of vulnerabilities as these different endpoints make the problem of business IT security a whole lot more complex.

What Exactly Is Endpoint Management?

It is important that you have a policy based technique to the endpoint devices that are connected to your network to lessen the danger of cyber attacks and data breaches. Making use of laptops, tablets, cell phones and other devices may be convenient, however they can expose organizations to a large array of security risks. The main goal of a sound endpoint management technique need to be that network activities are thoroughly kept track of and unapproved devices can not access the network.

The majority of endpoint management software is most likely to check that the device has an os that has been authorized, as well as anti-virus software, and analyze the device for upgraded private virtual network systems.

Endpoint management systems will recognize and control any device that needs access to the organization’s network. If anybody is trying to access the enterprise environment from a non compliant device they will be denied access. This is important to combat attacks from cyber lawbreakers and infiltrations from harmful groups.

Any device which does not adhere to endpoint management policies are either quarantined or approved restricted access. Local administrative rights might be gotten rid of and browsing the Web limited.

Organizations Can Always Do More

There are a number of methods that a business can use as part of their policy on endpoint management. This can consist of firewalls (both network and individual), the encryption of sensitive data, more powerful authentication methods which will certainly consist of the use of difficult to break passwords that are regularly altered and device and network level antivirus and anti-malware defenses.

Endpoint management systems can work as a server and client basis where software is released and centrally managed on a server. The client program will need to be installed on all endpoint devices that are authorized to access the network. It is likewise possible to use a software as a service (SaaS) model of endpoint management where the vendor of the service will host and take care of the server and the security applications from another location.

When a client device tries a log in then the server based application will scan the device to see if it complies with the organization’s endpoint management policy, and after that it will verify the credentials of the user before access to the network can be given.

The Issue With Endpoint Management Systems

A lot of businesses see security software applications as a “total remedy” however it is not that clear cut. Endpoint security software that is purchased as a set and forget service will never ever suffice. The experienced cyber attackers out there know about these software systems and are establishing malicious code that will evade the defenses that a set and forget application can offer.

There needs to be human intervention and Jon Oltsik, contributor at Network World stated “CISOs must take ownership of endpoint security and designate a group of specialists who own endpoint security controls as part of a general duty for incident prevention, detection, and response.”

Ziften’s endpoint security services provide the constant monitoring and look-back visibility that a cyber security team needs to spot and act on to prevent any destructive infiltrations spreading out and taking the sensitive data of the business.

Feedback From 2016 Splunk.conf – The Need For Adaptive Response – Charles Leaver

Written By Michael Vaughn And Presented By Charles Leaver Ziften CEO

All the latest greatness from Splunk

Last week I attended the yearly Splunk conference in the excellent sunshine state – Florida. The Orlando-based event enabled Splunkers from all over the world to acquaint themselves with the current and most successful offerings from Splunk. Although there were a variety of fun activities throughout the week, it was clear that attendees existed to learn. The statement of Splunk’s security-centric Adaptive Response initiative was well-received and so happens to integrate rather well with Ziften’s endpoint solution.

In particular, the “Transforming Security” Keynote Presentation presented by Monzy Merza, Director of Cyber Research and Chief Security Evangelist for Splunk, Haiyan Song, SVP Security Markets for Splunk, and Mike Stone, CDIO for the UK Ministry of Defense, demonstrated the power of Splunk’s new Adaptive Response interface to thousands of attendees.

In the clip just below taken from that Keynote, Monzy Merza exemplifies how critical data provided by a Ziften agent can likewise be utilized to enact bi-directional functionality from Splunk by sending out instructional logic back to the Ziften agent to take instant actions on a jeopardized endpoint. Monzy had the ability to successfully identify a jeopardized Linux server and remove it off the operational network for further forensic examination. By not only supplying important security data to the Splunk instance, but likewise enabling the user to remain on the very same user interface to take functional and security actions, the Ziften endpoint agent enables users to bi-directionally use Splunk’s effective structure to take instantaneous action across all operating systems in an exacting manner. After the talks our booth was swamped with demonstrations and extremely intriguing discussions concerning operations and security.

Have a look at a 3 minute Monzy highlight from the Keynote:

Over the weekend I had the ability to process the broad range of technical conversations I had with hundreds of brilliant individuals in our booth at.conf. Among the funny things I discovered – which nobody would honestly admit unless I pulled it out of them – is that most of us are beginner-to-intermediate SPL( Splunk Processing Language) users. I likewise observed the obvious: event response was the main focus of this year’s event.

However, many people use Ziften for Splunk for a range of things, such as operations and application management, network tracking, and user habits modeling. In an attempt to illuminate the broad functionality of our Splunk App, here’s a taste of exactly what folks at.conf2016 enjoyed most about Ziften for Splunk:

1) It’s wonderful for Enterprise Security.

a. Generalized platform for digesting real-time data and taking immediate action
b. Autotomizing remediation from a large scope of signs of compromise

2) IT Operations like us.

a. Tracking of Systems, Hardware Lifecycle, Management Of Resources
b. Application Management – Compliance, License Verification, Susceptibilities

3) Network Monitoring with ZFlow is a game changer.

a. ZFlow ties netflow with binary, system and user data – in a single Splunk SPL entry. Do I have to say more here? This is the best Holy Grail from Indiana Jones, folks!

4) Our User Habits Modeling exceeds simply notifications.

a. This could be connected back under IT Operations but it’s becoming its own beast
b. Ziften’s tracking of software usage, logins, raised binaries, timestamps, etc is readily viewable in Splunk
c. Ziften offers a complimentary Security Centric Splunk package, however we transform all of the data we collect from each endpoint to Splunk CIM language – Not simply our ‘Alerts’.

Ultimately, using a single Splunk Adaptive Response interface to manage a wide variety of tools within your environment is what helps build a strong business fabric for your business – one in which operations, security and network groups more fluidly overlap. Make better decisions, quicker. Discover on your own with our totally free 1 Month trial of Ziften for Splunk!

Toughen Up And Banish Adobe Flash Before Your Organization Is Attacked – Charles Leaver

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO

Be Strong or Get Hacked.

Extremely knowledgeable and gifted cyber attack groups have targeted and are targeting your business. Your huge endpoint population is the most common point of entry for skilled attack teams. These business endpoints number in the thousands, are loosely managed, laxly configured, and rife with vulnerability direct exposures, and are run by partially trained, credulous users – the ideal target-rich opportunity. Mikko Hypponen, chief research officer at F-Secure, frequently says at market seminars: “How many of the Fortune 500 are hacked right now? The response: 500.”

And how long did it take to permeate your organization? White hat hackers performing penetration screening or red group workouts usually jeopardize target enterprises within the first few hours, although fairly and lawfully limited in their techniques. Black hat or state sponsored hackers may achieve penetration even more rapidly and protect their existence forever. Given average cyber attacker dwell duration’s determined in numerous days, the time-to-penetration is minimal, not an impediment.

Exploit Packages

The industrialization of hacking has actually produced a black market for attack tools, including a range of software for identifying and making use of client endpoint vulnerabilities. These exploitation kits are marketed to cyber attackers on the dark web, with lots of exploitation kit families and suppliers. An exploitation package operates by evaluating the software application configuration on the endpoint, determining exposed vulnerabilities, and applying an exploit to a vulnerability exposure.

A relative handful of frequently deployed endpoint software applications accounts for the bulk of exploitation package targeted vulnerabilities. This results from the sad reality that complex software applications have the tendency to display a continuous flow of susceptibilities that leave them continuously vulnerable. Each patch release cycle the exploitation kit designers will download the most recent security patches, reverse engineer them to discover the underlying vulnerabilities, and update their exploit kits. This will frequently be done faster than organizations apply patches, with some vulnerabilities remaining unpatched and ripe for exploitation even years after a patch is issued.

Adobe Flash

Prior to extensive adoption of HTML 5, Adobe Flash was the most typically used software application for rich Internet content. Even with increasing adoption of HTML 5, legacy Adobe Flash maintains a considerable following, keeping its long-held position as the darling of exploit set authors. A recent research study by Digital Shadows, In the Business of Exploitation, is useful:

This report evaluates 22 exploitation sets to understand the most regularly exploited software applications. We searched for trends within the exploitation of vulnerabilities by these 22 packages to reveal what vulnerabilities had actually been exploited most extensively, combined with how active each exploit set was, in order to inform our assessment.

The vulnerabilities exploited by all 22 exploit packages revealed that Adobe Flash Player was likely to be the most targeted software, with 27 of the 76 determined vulnerabilities exploited referring to this software application.

With relative consistency, dozens of fresh vulnerabilities are uncovered in Adobe Flash monthly. To exploitation set developers, it is the present that continues giving.

The market is discovering its lesson and moving beyond Flash for rich web material. For example, a Yahoo senior developer blogging just recently in Streaming Media kept in mind:

” Adobe Flash, once the de-facto standard for media playback on the internet, has actually lost favor in the industry due to increasing concerns over security and efficiency. At the same time, needing a plugin for video playback in web browsers is losing favor amongst users as well. As a result, the market is approaching HTML5 for video playback.”

Amit Jain, Sep 21, 2016

Getting rid of Adobe Flash

One action organizations might take now to solidify their endpoint configurations is to eliminate Adobe Flash as a matter of business security policy. This will not be an easy task, it may be painful, but it will be helpful in minimizing your enterprise attack surface area. It involves blacklisting Adobe Flash Player and imposing browser security settings disabling Flash content. If done correctly, this is what users will see where Flash material appears on a traditional web page:


This message confirms 2 facts:

1. Your system is effectively configured to decline Flash content.

Congratulate yourself!

2. This site would compromise your security for their benefit.

Ditch this site!