Monthly Archives: July 2017

Just Drop In Advanced Ziften Endpoint Products Into Your Current Security Infrastructure As They Will Integrate – Charles Leaver

Written By Roark Pollock And Presented By Ziften CEO Charles Leaver


Security professionals are by nature a careful lot. Being cautious is a trait most folks likely have coming into this industry given its mission, but it’s likewise surely a characteristic that is acquired over time. Paradoxically this holds true even when it concerns adding extra security precautions into an already established security architecture. While one may assume that more security is much better security, experience teaches us that’s not always the case. There are really numerous issues associated with releasing a new security product. One that almost always appears near the top of the list is how well a brand-new product integrates with other incumbent products.

Integration concerns are available in a number of tastes. Firstly, a new security control shouldn’t break anything. But additionally, new security services have to gracefully share danger intelligence and act upon threat intelligence gathered across an organization’s whole security infrastructure. Simply put, the brand-new security tools should collaborate with the existing ecosystem of tools in place such that “1 + 1 = 3”. The last thing that the majority of IT and security operations teams need is more siloed products/ tools.

At Ziften, this is why we have actually always concentrated on building and providing a completely open visibility architecture. Our company believe that any brand-new systems and security operations tools need to be produced with enhanced visibility and information sharing as key product requirements. However this isn’t a one way street. Developing simple integrations needs technology collaborations with industry vendors. We consider it our duty to work with other technology companies to mutually integrate our products, hence making it easy on clients. Unfortunately, lots of vendors still think that integration of security products, especially brand-new endpoint security services is incredibly hard. I hear the concern constantly in client discussions. But data is now appearing showing this isn’t always the case.

Recent survey work by NSS Labs on “innovative endpoint” products, they report that International 2000 customers based in North America have actually been pleasantly shocked with how well these kinds of services integrate into their existing security architectures. According to the NSS research entitled “Advanced Endpoint Protection – Market Analysis and Survey Results CY2016”, which NSS consequently presented in the BrightTalk webinar below, respondents that had already released advanced endpoint items were a lot more favorable regarding their ability to integrate into existing security architectures than were participants that were still in the planning stages of purchasing these products.

Particularly, for respondents that have currently released advanced endpoint products: they rank integration with already established security architectures as follows:

● Excellent 5.3 %
● Good 50.0 %
● Average 31.6 %
● Poor 13.2 %
● (Awful) 0.0 %

Compare that to the more conservative statements from folks still in the planning stage:

● Excellent 0.0 %
● Good 39.3 %
● Average 42.9 %
● Poor 14.3 %
● (Horrible) 3.6 %

These reactions are motivating. Yes, as noted, security people tend to be pessimists, however in spite of low expectations respondents are reporting positive results with respect to integration experiences. In fact, Ziften clients typically exhibit the same initial low expectations when we first go over the integration of Ziften products into their already established ecosystem of services. But in the end, consumers are wowed by how easy it is to share info with Ziften products and their existing infrastructure.

These survey outcomes will hopefully help alleviate concerns as newer service adopters might check out and count on peer suggestions prior to making purchase decisions. Early traditional adopters are clearly having success deploying these products and that will ideally assist to lessen the natural cautiousness of the true mainstream.

Certainly, there is considerable distinction with products in the space, and companies should continue to perform proper due diligence in understanding how and where services integrate into their broader security architectures. But, the bright side is that there are services not just fulfilling the needs of clients, however actually out performing their initial expectations.

Petya Variant Flaw Attack? No Problem If You Are A Ziften Customer – Charles Leaver

Written By Josh Harriman And Presented By Charles Leaver Ziften CEO


Another outbreak, another nightmare for those who were not prepared. While this newest attack is similar to the earlier WannaCry threat, there are some distinctions in this latest malware which is an alternative or brand-new strain much like Petya. Named, NotPetya by some, this strain has a great deal of issues for anybody who experiences it. It may encrypt your data, or make the system completely inoperable. And now the email address that you would be needed to get in touch with to ‘perhaps’ unencrypt your files, has been removed so you’re out of luck retrieving your files.

Plenty of information to the actions of this danger are openly offered, but I wished to discuss the fact that Ziften consumers are safeguarded from both the EternalBlue threat, which is one system utilized for its proliferation, and even much better still, an inoculation based upon a possible defect or its own type of debug check that removes the hazard from ever performing on your system. It might still spread however in the environment, however our security would currently be rolled out to all existing systems to halt the damage.

Our Ziften extension platform enables our clients to have defense in place against certain vulnerabilities and malicious actions for this threat and others like Petya. Besides the particular actions taken against this particular version, we have actually taken a holistic approach to stop certain strains of malware that carry out various ‘checks’ against the system before performing.

We can likewise utilize our Search ability to try to find remnants of the other proliferation methods utilized by this risk. Reports show WMIC and PsExec being used. We can search for those programs and their command lines and use. Despite the fact that they are legitimate procedures, their usage is typically unusual and can be signaled.

With WannaCry, and now NotPetya, we expect to see a continued increase of these kinds of attacks. With the release of the recent NSA exploits, it has given ambitious hackers the tools required to push out their malware. And though ransomware dangers can be a high product vehicle, more damaging dangers could be released. It has actually always been ‘how’ to obtain the risks to spread (worm-like, or social engineering) which is most challenging to them.

UK Parliament Need To Make Their Email System Secure After Attack – Charles Leaver

Written By Dr Al Hartmann And Presented By Ziften CEO Charles Leaver


In cyberspace the sheep get shorn, chumps get munched, dupes get deceived, and pawns get pwned. We have actually seen another terrific example of this in the current attack on the UK Parliament e-mail system.

Instead of admitting to an e-mail system that was insecure by design, the official declaration read:

Parliament has strong steps in place to safeguard all our accounts and systems.

Tell us another one. The one protective step we did see at work was blame deflection – it must have been the Russians, that always works, while implicating the victims for their policy infractions. While details of the attack are scarce, combing different sources does assist to assemble a minimum of the gross scenario. If these descriptions are reasonably close, the UK Parliament e-mail system failings are atrocious.

What failed in this scenario?

Count on single factor authentication

“Password security” is an oxymoron – anything password secured alone is insecure, period, no matter the strength of the password. Please, no 2FA here, may restrain attacks.

Do not impose any limitation on failed login efforts

Helped by single factor authentication, this allows easy brute force attacks, no ability required. However when attacked, blame elite foreign hackers – nobody can validate.

Do not carry out brute force attack detection

Allow attackers to conduct (otherwise trivially detectable) brute force violations for prolonged durations (12 hours versus the UK Parliament system), to make the most of account compromise scope.

Do not impose policy, treat it as simply recommendations

Integrated with single element authentication, no limitation on failed logins, and no brute force attack detection, do not enforce any password strength recognition. Supply hackers with really low hanging fruit.

Depend on anonymous, unencrypted e-mail for sensitive communications

If hackers are successful in jeopardizing e-mail accounts or sniffing your network traffic, offer lots of opportunity for them to score high value message material completely in the clear. This likewise conditions constituents to trust easily spoofable e-mail from Parliament, producing an ideal constituent phishing environment.

Lessons learned

In addition to adding “Good sense for Dummies” to their summer reading lists, the United Kingdom Parliament email system administrators may want to take additional actions. Strengthening weak authentication practices, imposing policies, enhancing network and endpoint visibility with continuous monitoring and anomaly detection, and totally reconsidering safe and secure messaging are suggested steps. Penetration testing would have uncovered these fundamental weak points while staying far from media attention.

Even a few intelligent high-schoolers with a totally free weekend might have duplicated this attack. And lastly, stop blaming the Russians for your own security failings. Presume that any weak points in your security architecture and policy framework will be probed and made use of by some hackers somewhere across the international web. All the more incentive to discover and fix those weak points prior to the enemies do, so get started immediately. And then if your defenders do not have visibility to the attacks in progress, upgrade your tracking and analytics.


SysSecOps Is The Solution To The IT And Security Gap – Charles Leaver

Written By Charles Leaver Ziften CEO


It was nailed by Scott Raynovich. Having actually dealt with numerous organizations he understood that one of the greatest difficulties is that security and operations are two different departments – with drastically varying goals, different tools, and different management structures.

Scott and his analyst firm, Futuriom, just completed a research study, “Endpoint Security and SysSecOps: The Growing Trend to Build a More Secure Enterprise”, where one of the essential findings was that clashing IT and security objectives hamper experts – on both groups – from achieving their goals.

That’s precisely what we believe at Ziften, and the term that Scott produced to discuss the convergence of IT and security in this domain – SysSecOps – describes perfectly exactly what we’ve been discussing. Security groups and the IT teams need to get on the very same page. That means sharing the very same goals, and in some cases, sharing the very same tools.

Consider the tools that IT people use. The tools are created to ensure the infrastructure and end devices are working appropriately, when something fails, helps them fix it. On the endpoint side, those tools help make sure that devices that are allowed onto the network, are configured properly, have software applications that are authorized and properly updated/patched, and haven’t recorded any faults.

Consider the tools that security individuals utilize. They work to enforce security policies on devices, infrastructure, and security devices (like firewall programs). This may include active monitoring incidents, scanning for abnormal habits, analyzing files to ensure they do not contain malware, embracing the most recent risk intelligence, matching against recently discovered zero-days, and carrying out analysis on log files.

Discovering fires, fighting fires

Those are two different worlds. The security teams are fire spotters: They can see that something bad is occurring, can work quickly to isolate the problem, and determine if damage occurred (like data exfiltration). The IT groups are on the ground firefighters: They jump into action when an event strikes to make sure that the systems are made safe and brought back into operation.

Sounds good, right? Regrettably, all too often, they don’t speak with each other – it’s like having the fire spotters and fire fighters utilizing dissimilar radios, dissimilar jargon, and dissimilar city maps. Worse, the groups can’t share the same data directly.

Our approach to SysSecOps is to supply both the IT and security teams with the same resources – and that indicates the very same reports, presented in the suitable ways to professionals. It’s not a dumbing down, it’s working smarter.

It’s ridiculous to operate in any other way. Take the WannaCry infection, for example. On one hand, Microsoft issued a patch back in March 2017 that resolved the underlying SMB defect. IT operations groups didn’t set up the patch, because they didn’t think this was a big deal and didn’t speak with security. Security groups didn’t know if the patch was set up, due to the fact that they do not speak to operations. SysSecOps would have had everyone on the same page – and might have potentially prevented this issue.

Missing data means waste and danger

The inefficient space in between IT operations and security exposes companies to risk. Preventable danger. Unneeded threats. It’s simply unacceptable!

If your company’s IT and security teams aren’t on the same page, you are incurring threats and expenses that you shouldn’t need to. It’s waste. Organizational waste. It’s wasteful since you have a lot of tools that are offering partial data that have spaces, and each of your teams only sees part of the picture.

As Scott concluded in his report, “Collaborated SysSecOps visibility has actually currently shown its worth in helping organizations evaluate, analyze, and avoid significant dangers to the IT systems and endpoints. If these objectives are pursued, the security and management threats to an IT system can be considerably decreased.”

If your groups are working together in a SysSecOps sort of method, if they can see the exact same data at the same time, you not just have much better security and more efficient operations – however also lower threat and lower costs. Our Zenith software application can help you attain that performance, not only dealing with your existing IT and security tools, however also completing the spaces to make sure everyone has the right data at the correct time.