Monthly Archives: August 2017

Generic Will Not Fit So Choose Extensible – Charles Leaver

Written By Charles Leaver Ziften CEO


Whether you call them extensions, or call them personalizations – no matter what they are called, the best technology platforms can be tailored to fit an organization’s specific business requirements. Generic operations tools are great at performing generic operations jobs. Generic security tools are great at dealing with generic security challenges. Generic can just take you so far, though, which’s where extensibility takes over.

Extensibility turns up often when I’m speaking to customers and potential customers, and I’m proud that a Global 10 company selected Ziften over everyone else in the market mainly on that basis. For that client, and numerous others, the capability to deeply tailor platforms is a need.

This isn’t really about merely creating custom-made reports or custom-made notifications. Let’s be truthful – the ability to develop reports are baseline ability of many IT operations and security management tools. Real extensibility goes deep into the service to offer it abilities that resolve real problems for the company.

One client used lots of mobile IoT devices, and had to have our Zenith real time visibility and control system have the ability to access (and monitor) the memory of those devices. That’s not a standard function used by Zenith, due to the fact that our low-footprint agent does not hook into the operating system kernel or work through basic device drivers. Nevertheless, we dealt with the customer to personalize Zenith with that ability – and it ended up being simpler than anybody imagined.

Another customer looked at the basic set of end point data that the agent collects, and wanted to add additional data fields. They likewise wished to setup the administrative console with custom-made actions utilizing those data fields, and press those actions back out to those end points. No other endpoint tracking and security option was able to offer the function for adding that functionality besides Ziften.

What’s more, the client established those extensions themselves … and owns the code and IP. It becomes part of their own secret sauce, their own company differentiator, and distinct to their company. They could not be any more happy. And neither could we.

With many other IT operations and security systems, if clients desire additional functions or capabilities, the only option is to submit that as a future feature demand, and hope that it appears in an upcoming release of the solution. Until then, regrettable.

That’s not how we developed our flagship solutions, Zenith and ZFlow. Due to the fact that our endpoint agent isn’t based on kernel hooks or device drivers, we can allow for significant extensibility, and open up that extensibility for clients to access directly.

Likewise, with our administrative consoles and back-end tracking systems; everything is adjustable. And that was integrated in right from the beginning.

Another aspect of customization is that our real time and historic visibility database can integrate into your other IT operations and security platforms, such as SIEM tools, risk intelligence, IT ticketing system, task orchestration systems, and data analytics. With Zenith and ZFlow, there are no more silos. Ever.

In the world of endpoint tracking and management, extensions are significantly where it’s at. IT operations and enterprise security groups need the capability to tailor their tools platforms to fit their specific requirements for tracking and handling IoT, conventional endpoints, the data center, and the cloud. In numerous client discussions, our integrated extensibility has actually caused eyes to light up, and won us trials and implementations. Inform us about your custom requirements, and let’s see what we can do.

Ziften Is The First To Reveal Its Endpoint Security Architecture So Will Others Follow? – Charles Leaver

Written By Mike Hamilton And Presented By Ziften CEO Charles Leaver


Endpoint security is really in vogue these days. And there are lots of different vendors out there touting their services in this market. But it’s in some cases hard to understand exactly what each vendor offers. What’s much more hard is to comprehend how each vendor solution is architected to offer their services.

I believe that the back end architecture of whatever you pick can have a profound influence on the future scalability of your application. And it can develop lots of unexpected work and costs if you’re not cautious.

So, in the spirit of openness, and due to the fact that we believe our architecture is not the same, unique and effective, we welcome all endpoint security vendors to “reveal to us your architecture”.

I’ll kick this off in the following video where I reveal to you the Ziften architecture, and a couple of exactly what I think about tradition architectures for contrast. Specifically, I’ll discuss:

– Ziften’s architecture designed utilizing next-gen cloud principles.
– One business peer-to-peer “mish-mash” architecture.
– Tradition hub-spoke-hub architectures.

I have actually revealed you the power of our really cloud-based platform. Now it’s my rival’s turn. Come on folks – reveal to us your architectures!

Offensive And Defensive Risk And Security Strategies – Charles Leaver

Written By Roark Pollock And Presented By Charles Leaver Ziften CEO


Threat management and security management have long been dealt with as separate functions often performed by separate functional groups within an organization. The recognition of the need for continuous visibility and control across all assets has increased interest in looking for common ground between these disciplines and the availability of a brand-new generation of tools is allowing this effort. This conversation is really current offered the continued trouble the majority of enterprise organizations experience in drawing in and keeping certified security workers to handle and secure IT infrastructure. A marriage of activity can help to better utilize these critical personnel, lower expenses, and assist automate response.

Historically, danger management has actually been viewed as an attack mandate, and is typically the field of play for IT operations groups. Sometimes referred to as “systems management”, IT operations groups actively carry out device state posture monitoring and policy enforcement, and vulnerability management. The goal is to proactively alleviate possible dangers. Activities that further risk decreasing and that are carried out by IT operations include:

Offending Threat Mitigation – Systems Management

Asset discovery, inventory, and revitalize

Software application discovery, use tracking, and license rationalization

Mergers and acquisition (M&A) danger evaluations

Cloud work migration, tracking, and enforcement

Vulnerability assessments and patch installs

Proactive help desk or systems analysis and issue response/ repair work

On the other side of the field, security management is considered as a protective game, and is normally the field of play for security operations groups. These security operations teams are typically responsible for hazard detection, event response, and resolution. The objective is to react to a risk or a breach as rapidly as possible in order to decrease effects to the organization. Activities that fall directly under security management which are performed by security operations consist of:

Defensive Security Management – Detection and Response

Hazard detection and/or risk searching

User habits monitoring / insider hazard detection and/or searching

Malware analysis and sandboxing

Occurrence response and threat containment/ removal

Lookback forensic examinations and root cause decision

Tracing lateral risk motions, and even more danger removal

Data exfiltration identification

Successful companies, naturally, have to play both offense AND defense similarly well. This requirement is pressing organizations to acknowledge that IT operations and security operations need to be as lined up as possible. Thus, as much as possible, it helps if these two teams are playing utilizing the same playbook, or a minimum of dealing with the same data or single source of truth. This indicates both groups should aim to use a few of the exact same analytic and data collection tools and methods when it pertains to managing and securing their endpoint systems. And if organizations count on the same workers for both jobs, it definitely helps if those people can pivot between both jobs within the exact same tools, leveraging a single data set.

Each of these offensive and protective tasks is critical to protecting an organization’s copyright, credibility, and brand. In fact, managing and prioritizing these jobs is exactly what often keeps CIOs and CISOs up during the night. Organizations must acknowledge opportunities to align and consolidate teams, technologies, and policies as much as possible to ensure they are focused on the most urgent requirement along the present danger and security management spectrum.

When it pertains to managing endpoint systems, it is clear that companies are moving toward an “all the time” visibility and control model that allows continuous danger evaluations, constant threat monitoring, and even continuous efficiency management.

Hence, organizations need to look for these 3 essential capabilities when assessing new endpoint security systems:

Solutions that supply “all the time” visibility and control for both IT operations groups and security operations groups.

Solutions that supply a single source of reality that can be used both offensively for risk management, and defensively for security detection and response.

Architectures that easily integrate into current systems management and security tool environments to deliver even greater value for both IT and security groups.

Here Is What We Experienced At Defcon And Black Hat 2017 – Charles Leaver

Written by Michael Vaughn And Presented By Ziften CEO Charles Leaver


Here are my experiences from Black Hat 2017. There is a slight addition in approaching 2017’s synopsis. It is large in part due to the theme of the opening talk given by Facebook’s Chief Security Officer, Alex Stamos. Stamos predicted the importance of re focusing the security neighborhood’s efforts in working better together and diversifying security options.

“Working much better together” is relatively an oxymoron when taking a look at the mass competition amongst numerous security businesses fighting for customers during Black Hat. Based off Stamos’s messaging during the opening presentation this year, I felt it important to add a few of my experiences from Defcon as well. Defcon has actually traditionally been an occasion for learning and consists of independent hackers and security specialists. Last week’s Black Hat theme concentrated on the social element of how companies need to get along and really assist others and one another, which has constantly been the overlying message of Defcon.

Individuals visited from all over the world last week:

Jeff Moss, aka ‘Dark Tangent’, the creator of Black Hat and Defcon, also wishes that to be the theme: Where you aim to help individuals get knowledge and learn from others. Moss desires attendees to remain ‘great’ and ‘helpful’ during the conference. That is on par with exactly what Alex Stamos from Facebook conveyed in his keynote about security businesses. Stamos asked that all of us share in the obligation of assisting those that can not help themselves. He likewise raised another valid point: Are we doing enough in the security industry to really help people rather than simply doing it to make cash? Can we achieve the goal of actually assisting people? As such is the juxtaposition of the two events. The primary differences between Black Hat and Defcon is the more corporate consistency of Black Hat (from vendor hall to the presentations) to the true hacker community at Defcon, which showcases the innovative side of what is possible.

The business I work for, Ziften, offers Systems and Security Operations software applications – offering IT and security teams visibility and control across all endpoints, on or off a business network. We likewise have a pretty sweet sock game!

Lots of guests flaunted their Ziften assistance by adorning previous year Ziften sock designs. Looking good, feeling great!

The idea of joining forces to combat against the corrupt is something most guests from around the world accept, and we are no different. Here at Ziften, we aim to genuinely help our customers and the community with our solutions. Why offer or count on a service which is restricted to only exactly what’s inside the box? One that offers a single or handful of specific functions? Our software application is a platform for integration and offers modular, individualistic security and functional solutions. The whole Ziften team takes the creativity from Defcon, and we push ourselves to try and develop new, customized functions and forensic tools where standard security companies would avoid or simply remain consumed by day-to-day tasks.

Providing continuous visibility and control for any asset, anywhere is one of Ziften’s primary focuses. Our combined systems and security operations (SysSecOps) platform empowers IT and security operations teams to rapidly fix endpoint concerns, decrease overall threat posture, speed threat response, and improve operations efficiency. Ziften’s protected architecture provides constant, streaming end point monitoring and historic data collection for enterprises, governments, and managed security service providers. And remaining with this year’s Black Hat style of interacting, Ziften’s partner integrations extend the worth of incumbent tools and fill the gaps in between siloed systems.

Journalists are not enabled to take images of the Defcon crowd, however I am not the press and this was prior to going into a badge needed area:P The Defcon hoards and goons (Defcon mega-bosses using red t-shirts) were at a standstill for a solid 20 minutes waiting for initial access to the four massive Track meeting rooms on opening day.

The Voting Machine Hacking Village got a lot of attention at the event. It was interesting but nothing brand-new for veteran attendees. I suppose it takes something notable to amass attention around particular vulnerabilities.? All vulnerabilities for the majority of the talks and particularly this town have actually already been revealed to the proper authorities prior to the occasion. Let us understand if you need aid locking down one of these (looking at you federal government folks).

More and more individual data is appearing to the general public. For instance, Google & Twitter APIs are freely and openly readily available to query user data metrics. This data is making it easier for hackers to social engineer focused attacks on individuals and specifically persons of power and rank, like judges and executives. This discussion titled, Dark Data, showed how a simple yet dazzling de-anonymization algorithm and some data made it possible for these 2 white hats to recognize individuals with severe precision and reveal extremely private details about them. This must make you reconsider what you have actually installed on your systems and individuals in your work environment. The majority of the above raw metadata was gathered through a popular browser add-on. The fine tuning accompanied the algothrim and public APIs. Do you know exactly what browser add-ons are operating in your environment? If the answer is no, then Ziften can assist.

This presentation was clearly about making use of Point-of-Sale systems. Although quite humorous, it was a little scary at the speed at which one of the most commonly used POS systems can be hacked. This specific POS hardware is most commonly used when paying in a taxi. The base os is Linux and although on an ARM architecture and protected by durable firmware, why would a company risk leaving the security of client charge card information entirely up to the hardware supplier? If you look for extra protection on your POS systems, then don’t look beyond Ziften. We protect the most frequently utilized enterprise operating systems. If you want to do the fun thing and set up the video game Doom on one, I can send you the slide deck.

This guy’s slides were off the charts exceptional. What wasn’t exceptional was how exploitable the MacOS is throughout the setup process of very common applications. Essentially each time you install an application on a Mac, it needs the entry of your escalated benefits. However what if something were to a little modify code a few seconds prior to you entering your Administrator qualifications? Well, the majority of the time, most likely something bad. Anxious about your Mac’s running malware wise adequate to discover and change code on typical susceptible applications prior to you or your user base entering qualifications? If so, we at Ziften Technologies can assist.

We assist you by not changing all your toolset, although we often find ourselves doing simply that. Our objective is to utilize the advice and existing tools that work from different vendors, ensure they are running and installed, ensure the perscribed hardening is indeed undamaged, and guarantee your operations and security groups work more efficiently together to achieve a tighter security matrix throughout your environment.

Key Takeaways from Black Hat & Defcon 2017:

1) Stronger together

– Alex Stamos’s keynote
– Jeff Moss’s message
– Visitors from all over the world working together
– Black Hat must maintain a friendly neighborhood spirit

2) More powerful together with Ziften

– Ziften plays great with other software application vendors

3) Popular present vulnerabilities Ziften can help prevent and solve

– Point-of-Sale accessing
– Voting machine tampering
– Escalating MacOS advantages
– Targeted specific attacks

Downloading A Subtitle Package For Your Favorite Move App Can Leave You Exposed – Charles Leaver

Written By Josh Harriman And Presented By Chuck Leaver Ziften CEO


Do you like watching movies with popular apps like Kodi, SmartTV or VLC on your devices? How about needing or wanting subtitles with those films and simply getting the current pack from OpenSubtitles. No problem, sounds like an excellent night at home. Problem is, in accordance with research by Check Point, you could be in for a nasty surprise.

For the hackers to take control of your ‘realm’, they need a vector or some method to gain entry to your system. There are some common ways that occur nowadays, such as creative (and not so creative) social engineering techniques. Getting emails that appear to come from pals or colleagues which were spoofed and you opened an attachment, or went to some website and if the stars lined up, you were pwned. Typically the star alignment part is not that hard, only that you have some vulnerable software application running that can be accessed.

Since the trick is getting users to work together, the target audience can sometimes be hard to discover. But with this latest research study published, many of the major media players have a special vulnerability when it concerns accessing and translating subtitle bundles. The 4 main media giants noted in the post are fixed to date, but as we have seen in the past (just take a look at the current SMB v1 vulnerability problem) even if a repair is available, does not suggest that users are updating. The research has likewise omitted to show the technical details around the vulnerability to permit other suppliers time to patch. That is an excellent indication and the appropriate approach I believe scientists ought to take. Notify the vendor so they can repair the problem and also announce it publicly so ‘we the people’ are notified and understand what to keep an eye out for.

It’s tough to keep up with the numerous methods you can get infected, however at least we have researchers who tirelessly attempt to ‘break’ things to discover those vulnerabilities. By performing the appropriate disclosure approaches, they assist everybody take pleasure in a more secure experience with their devices, and in this scenario, a great night in at the movies.