Monthly Archives: May 2017

Ziften Will Help You Solve The WannaCry Ransomware Problem – Charles Leaver

Written By Michael Vaughn And Presented By Charles Leaver Ziften CEO


Answers To Your Concerns About WannaCry Ransomware

The WannaCry ransomware attack has actually infected more than 300,000 computers in 150 countries up until now by making use of vulnerabilities in Microsoft’s Windows operating system.
In this quick video Chief Data Scientist Dr. Al Hartmann and I discuss the nature of the attack, as well as how Ziften can help organizations safeguard themselves from the vulnerability known as “EternalBlue.”.

As mentioned in the video, the problem with this Server Message Block (SMB) file sharing service is that it’s on many Windows operating systems and found in a lot of environments. However, we make it easy to determine which systems in your environment have or haven’t been patched to date. Notably, Ziften Zenith can likewise from another location disable the SMB file sharing service totally, giving organizations important time to make sure that those machines are correctly patched.

If you want to know more about Ziften Zenith, our 20 minute demonstration consists of a consultation with our specialists around how we can help your organization avoid the worst digital catastrophe to strike the web in years.

Choose The Right Next Gen Endpoint Security Solution Using These Ten Tips – Charles Leaver

Written By Roark Pollock And Presented By Charles Leaver CEO Ziften


The Endpoint Security Purchaser’s Guide

The most common point for an innovative persistent attack or a breach is the end point. And they are definitely the entry point for many ransomware and social engineering attacks. Making use of endpoint security products has actually long been considered a best practice for securing end points. Sadly, those tools aren’t staying up to date with today’s threat environment. Advanced hazards, and truth be told, even less innovative dangers, are often more than appropriate for tricking the average worker into clicking something they should not. So companies are taking a look at and assessing a myriad of next generation end point security (NGES) solutions.

With this in mind, here are ten ideas to consider if you’re looking at NGES solutions.

Idea 1: Start with the end in mind

Don’t let the tail wag the dog. A threat reduction method ought to always begin by evaluating issues and then looking for potential solutions for those issues. However all too often we get captivated with a “shiny” brand-new technology (e.g., the latest silver bullet) and we wind up aiming to squeeze that innovation into our environments without totally assessing if it solves a comprehended and recognized issue. So exactly what problems are you aiming to resolve?

– Is your current endpoint security tool failing to stop risks?
– Do you require better visibility into activities at the end point?
– Are compliance requirements mandating continuous end point monitoring?
– Are you aiming to reduce the time and expense of incident response?

Specify the issues to deal with, then you’ll have a measuring stick for success.

Suggestion 2: Know your audience. Exactly who will be utilizing the tool?

Comprehending the issue that needs to be fixed is a key first step in understanding who owns the problem and who would (operationally) own the solution. Every functional group has its strengths, weaknesses, choices and prejudices. Specify who will need to use the service, and others that might benefit from its use. It could be:

– Security team,
– IT team,
– The governance, risk & compliance (GRC) group,
– Helpdesk or end user support team,
– Or even the server team, or a cloud operations group?

Tip 3: Know exactly what you suggest by end point

Another often overlooked early step in defining the problem is specifying the endpoint. Yes, we all used to know exactly what we implied when we stated end point but today endpoints come in a lot more varieties than before.

Sure we want to protect desktops and laptops however how about mobile devices (e.g. smartphones and tablets), virtual end points, cloud based end points, or Internet of Things (IoT) devices? And how about your servers? All these devices, naturally, can be found in numerous tastes so platform assistance has to be attended to also (e.g. Windows only, Mac OSX, Linux, etc?). Likewise, consider assistance for endpoints even when they are working remote, or are working offline. Exactly what are your requirements and exactly what are “nice to haves?”

Tip 4: Start with a structure of constant visibility

Continuous visibility is a foundational capability for addressing a host of security and functional management problems on the end point. The old expression is true – that you cannot manage exactly what you can’t see or determine. Even more, you cannot secure exactly what you can’t properly manage. So it needs to start with continuous or all the time visibility.

Visibility is foundational to Security and Management

And think of what visibility suggests. Enterprises require one source of truth that at a minimum monitors, stores, and evaluates the following:

– System data – events, logs, hardware state, and file system information
– User data – activity logs and behavior patterns
– Application data – attributes of set up apps and usage patterns
– Binary data – attributes of installed binaries
– Processes data – tracking details and data
– Network connectivity data – statistics and internal behavior of network activity on the host

Idea 5: Monitor your visibility data

Endpoint visibility data can be saved and evaluated on the premises, in the cloud, or some combination of both. There are benefits to each. The suitable approach varies, however is usually enforced by regulative requirements, internal privacy policies, the endpoints being monitored, and the overall expense considerations.

Know if your company requires on premise data retention

Know whether your company enables cloud based data retention and analysis or if you are constrained to on-premise options only. Within Ziften, 20-30% of our customers store data on-premise just for regulative reasons. Nevertheless, if lawfully an option, the cloud can provide expense advantages (among others).

Pointer 6: Know exactly what is on your network

Comprehending the problem you are attempting to resolve requires comprehending the assets on the network. We have found that as much as 30% of the endpoints we initially find on customers’ networks are un-managed or unknown devices. This obviously develops a big blind spot. Minimizing this blind spot is an important best practice. In fact, SANS Critical Security Controls 1 and 2 are to perform an inventory of authorized and unapproved devices and software applications attached to your network. So search for NGES services that can finger print all connected devices, track software applications stock and utilization, and carry out on-going continuous discovery.

Pointer 7: Know where you are vulnerable

After figuring out exactly what devices you need to watch, you have to make sure they are running in up to date setups. SANS Critical Security Controls 3 suggests making sure protected setups tracking for laptops, workstations, and servers. SANS Critical Security Controls 4 suggests enabling continuous vulnerability assessment and remediation of these devices. So, search for NGES services that provide all the time tracking of the state or posture of each device, and it’s even of more benefit if it can help enforce that posture.

Likewise try to find solutions that provide constant vulnerability evaluation and remediation.

Keeping your total endpoint environment hardened and devoid of critical vulnerabilities avoids a substantial amount of security problems and gets rid of a great deal of back end pressure on the IT and security operations teams.

Tip 8: Cultivate continuous detection and response

A crucial end goal for numerous NGES services is supporting constant device state monitoring, to enable reliable threat or event response. SANS Critical Security Control 19 recommends robust incident response and management as a best practice.

Search for NGES services that provide all-the-time or constant threat detection, which leverages a network of international hazard intelligence, and numerous detection strategies (e.g., signature, behavioral, machine learning, etc). And search for incident response solutions that help focus on determined risks and/or concerns and provide workflow with contextual system, application, user, and network data. This can assist automate the appropriate response or next steps. Finally, comprehend all the response actions that each solution supports – and look for a service that supplies remote access that is as close as possible to “sitting at the endpoint keyboard”.

Idea 9: Consider forensics data gathering

In addition to event response, organizations need to be prepared to resolve the need for forensic or historic data analysis. The SANS Critical Security Control 6 advises the maintenance, monitoring and analysis of all audit logs. Forensic analysis can take many forms, however a structure of historical endpoint monitoring data will be crucial to any examination. So search for solutions that keep historic data that allows:

– Forensic jobs include tracing lateral risk motion through the network gradually,
– Pinpointing data exfiltration efforts,
– Identifying origin of breaches, and
– Identifying appropriate removal actions.

Idea 10: Tear down the walls

IBM’s security team, which supports a remarkable community of security partners, approximates that the average enterprise has 135 security tools in place and is working with 40 security suppliers. IBM customers certainly skew to large enterprise however it’s a common refrain (complaint) from companies of all sizes that security products don’t integrate well.

And the problem is not simply that security products don’t play well with other security solutions, however likewise that they don’t always integrate well with system management, patch management, CMDB, NetFlow analytics, ticketing systems, and orchestration tools. Organizations have to consider these (and other) integration points in addition to the supplier’s willingness to share raw data, not simply metadata, through an API.

Bonus Suggestion 11: Plan for modifications

Here’s a bonus suggestion. Assume that you’ll wish to tailor that shiny new NGES service quickly after you get it. No solution will meet all of your needs right out of the box, in default setups. Discover how the solution supports:

– Customized data collection,
– Notifying and reporting with custom data,
– Custom-made scripting, or
– IFTTT (if this then that) performance.

You understand you’ll desire brand-new paint or new wheels on that NGES service soon – so make certain it will support your future customization jobs easy enough.

Try to find assistance for easy modifications in your NGES service

Follow the bulk of these ideas and you’ll unquestionably avoid a number of the common mistakes that pester others in their assessments of NGES solutions.

Ziften Is The Very Best At Protection From End To End – Charles Leaver

Written By Ziften CEO Charles Leaver


Do you wish to handle and safeguard your end points, your data center, your network and the cloud? In that case Ziften can provide the best solution for you. We collect data, and let you correlate and use that data to make choices – and remain in control over your enterprise.

The info that we receive from everyone on the network can make a real-world distinction. Think about the inference that the 2016 U.S. elections were affected by hackers from another nation. If that holds true, hackers can do almost anything – and the concept that we’ll opt for that as the status quo is just ludicrous.

At Ziften, our company believe the best method to fight those dangers is with greater visibility than you’ve ever had. That visibility goes across the whole enterprise, and links all the major players together. On the back end, that’s real and virtual servers in the data center and the cloud. That’s applications and containers and infrastructure. On the other side, it’s laptops and desktop computers, no matter how and where they are linked.

End to end – that’s the thinking behind all that we do at Ziften. From endpoint to cloud, all the way from a browser to a DNS server. We tie all that together, with all the other parts to offer your company a total service.

We also record and store real time data for approximately 12 months to let you know what’s taking place on the network today, and provide historic pattern analysis and cautions if something is modified.

That lets you detect IT faults and security concerns instantly, as well as be able to hunt down the origin by recalling in time to see where a fault or breach might have first taken place. Active forensics are an absolute must in this business: After all, where a breach or fault initiated an alarm may not be where the issue began – or where a cyber criminal is running.

Ziften provides your security and IT groups with the visibility to comprehend your present security posture, and recognize where enhancements are required. Endpoints non-compliant? Found. Rogue devices? These will be discovered. Off-network penetration? This will be detected. Out-of-date firmware? Unpatched applications? All discovered. We’ll not only help you find the problem, we’ll help you repair it, and make sure it stays fixed.

End-to-end security and IT management. Real time and historic active forensics. Onsite, offline, in the cloud. Incident detection, containment and response. We’ve got it all covered. That’s what makes Ziften so much better.

Track Your Cloud Activities With ZFlow Which Is Enhanced NetFlow – Charles Leaver

Written by Roark Pollock and Presented by Ziften CEO Charles Leaver


In accordance with Gartner the public cloud services market surpassed $208 billion last year (2016). This represented about a 17% rise year over year. Not bad when you consider the on-going concerns most cloud consumers still have concerning data security. Another particularly intriguing Gartner finding is the typical practice by cloud consumers to contract services to several public cloud suppliers.

In accordance with Gartner “most companies are currently using a mix of cloud services from various cloud providers”. While the business reasoning for the use of numerous suppliers is sound (e.g., avoiding supplier lock in), the practice does create extra complexity inmonitoring activity throughout an company’s increasingly dispersed IT landscape.

While some suppliers support more superior visibility than others (for example, AWS CloudTrail can monitor API calls throughout the AWS infrastructure) companies have to understand and deal with the visibility issues associated with relocating to the cloud despite the cloud service provider or companies they deal with.

Sadly, the capability to monitor application and user activity, and networking interactions from each VM or endpoint in the cloud is restricted.

Regardless of where computing resources live, organizations must respond to the concerns of “Which users, machines, and applications are communicating with each other?” Organizations require visibility across the infrastructure in order to:

  • Rapidly recognize and focus on issues
  • Speed origin analysis and recognition
  • Lower the mean time to fix problems for end users
  • Rapidly recognize and eliminate security threats, decreasing general dwell times.

Alternatively, poor visibility or bad access to visibility data can decrease the effectiveness of current security and management tools.

Organizations that are familiar with the ease, maturity, and relative inexpensiveness of keeping an eye on physical data centers are going to be disappointed with their public cloud options.

What has been missing is a basic, common, and classy solution like NetFlow for public cloud infrastructure.

NetFlow, of course, has actually had twenty years approximately to become a de facto requirement for network visibility. A normal deployment involves the tracking of traffic and aggregation of flows where the network chokes, the retrieval and storage of flow data from numerous collection points, and the analysis of this flow data.

Flows consist of a standard set of source and destination IP addresses and port and protocol info that is typically collected from a switch or router. Netflow data is reasonably cheap and simple to collect and provides almost common network visibility and allows for analysis which is actionable for both network tracking and performance management applications.

A lot of IT personnel, specifically networking and some security groups are exceptionally comfortable with the technology.

But NetFlow was produced for fixing what has actually ended up being a rather restricted problem in the sense that it just gathers network data and does this at a restricted variety of prospective places.

To make much better use of NetFlow, 2 key changes are essential.

NetFlow at the Edge: First, we need to broaden the helpful implementation circumstances for NetFlow. Instead of only collecting NetFlow at networking choke points, let’s expand flow collection to the network edge (clients, cloud, and servers). This would considerably broaden the big picture that any NetFlow analytics offer.

This would enable companies to augment and leverage existing NetFlow analytics tools to remove the growing visibility blind spot into public cloud activities.

Rich, contextual NetFlow: Secondly, we have to use NetFlow for more than easy visibility of the network.

Instead, let’s use an extended version of NetFlow and take account of info on the device, application, user, and binary responsible for each tracked network connection. That would permit us to rapidly connect every network connection back to its source.

In fact, these two modifications to NetFlow, are exactly what Ziften has actually achieved with ZFlow. ZFlow provides an expanded version of NetFlow that can be released at the network edge, including as part of a container or VM image, and the resulting info collection can be taken in and evaluated with existing NetFlow tools for analysis. Over and above traditional NetFlow Internet Protocol Flow Information eXport (IPFIX) visibility of the network, ZFlow supplies extended visibility with the addition of details on user, device, application and binary for every network connection.

Ultimately, this enables Ziften ZFlow to provide end to end visibility between any two endpoints, physical or virtual, removing conventional blind spots like East West traffic in data centers and business cloud implementations.