Monthly Archives: October 2017

Safeguard Your Organization Against The KRACK Vulnerability – Charles Leaver

Written By Dr Al Hartmann And Presented By Charles Leaver


Enough press has been generated over the Wi-Fi WPA2-defeating Key Reinsertion Attack (KRACK), that we don’t need to re-cover that again. The initial discoverer’s site is an excellent location to review the problems and connect to the detailed research paper. This may be the most attention paid to a core communications security failure since the Heartbleed attack. In that earlier attack, a patched variation of the vulnerable OpenSSL code was launched on the very same day as the general disclosure. In this brand-new KRACK attack, comparable responsible disclosure standards were followed, and patches were either currently launched or quickly to follow. Both wireless endpoints and wireless network devices need to be properly patched. Oh, and all the best getting that Chinese knockoff wireless security camera bought off eBay patched quickly.

Here we will just make a couple of points:

Take inventory of your wireless devices and follow up to ensure appropriate patching. (Ziften can carry out passive network stock, consisting of wireless networks. For Ziften monitored end points, the readily available network interfaces in addition to applied patches are reported.) For enterprise IT staff, it is patch, patch, patch every day anyhow, so absolutely nothing brand-new here. But any unmanaged wireless devices must be identified and vetted.

Windows and iOS end points are less prone, while unpatched Android and Linux end points are highly prone. The majority of Linux endpoints will be servers without wireless networking, so not as much exposure there. But Android is another story, especially provided the balkanized state of Android upgrading throughout device manufacturers. More than likely your enterprise’s greatest exposure will be IoT and Android devices, so do your risk analysis.

Prevent wireless access by means of unencrypted protocols such as HTTP. Stick to HTTPS or other encrypted protocols or utilize a safe VPN, but be aware some default HTTPS sites enable compromised devices to coerce downgrade to HTTP. (Note that Ziften network monitoring reports IP addresses and ports used, so take a look at any wireless port 80 traffic on endpoints that are unpatched.).

Continue whatever wireless network health practices you have actually been using to identify and silence rogue access points, unapproved wireless devices, etc. Grooming access point positioning and transmission zones to decrease signal spillage outside your physical borders is likewise a sensible practice, since KRACK opponents must exist locally within the wireless network. Do not give them advantaged placement opportunities within or close by to your environment.

For a more broad discussion around the KRACK vulnerability, check out our current video on the topic:

You Need Effective Training On Security Awareness For Employees – Charles Leaver

Written By Charles Leaver Ziften CEO


Effective corporate cybersecurity assumes that people – your workers – do the best thing. That they do not hand over their passwords to a caller who claims to be from the IT department doing a “credentials audit.” That they do not wire $10 million to an Indonesian savings account after getting a midnight request from “the CEO”.

That they don’t set up an “urgent upgrade” to Flash Player based on a pop-up on a porn website. That they do not overshare on social media. That they do not store business info on file-sharing services outside the firewall. That they don’t link to unsecure WiFi networks. And they don’t click on links in phishing emails.

Our research study reveals that over 75% of security events are triggered or helped by staff member mistakes.

Sure, you have actually installed endpoint security, e-mail filters, and anti-malware services. Those precautions will most likely be for nothing, though, if your employees do the wrong thing time and again when in a dangerous situation. Our cybersecurity efforts resemble having an expensive car alarm: If you do not teach your teenager to lock the car when it’s at the shopping mall, the alarm is worthless.

Security awareness isn’t enough, of course. Employees will make errors, and there are some attacks that don’t need a worker bad move. That’s why you need endpoint security, email filters, anti-malware, etc. However let’s speak about effective security awareness training.

Why Training Often Doesn’t Have an Effect

First – in my experience, a great deal of employee training, well, is poor. That’s specifically true of online training, which is normally horrible. But most of the times, whether live or canned, the training lacks trustworthiness, in part because many IT professionals are poor and unconvincing communicators. The training often focuses on interacting and imposing guidelines – not changing risky habits and habits. And it resembles getting compulsory photocopier training: There’s absolutely nothing in it for the employees, so they don’t accept it.

It’s not about imposing rules. While security awareness training might be “owned” by various departments, such as IT, CISO, or HR, there’s typically a lack of understanding about exactly what a safe awareness program is. First of all, it’s not a checkbox; it needs to be continuous. The training needs to be delivered in different ways and times, with a combination of live training, newsletters, small-group discussions, lunch-and-learns, and yes, even resources online.

Securing yourself is not complex!

But a huge problem is the lack of objectives. If you have no idea what you’re aiming to do, you can’t see if you have actually done a good job in the training – and if risky behaviors really change.

Here are some sample objectives that can lead to effective security awareness training:

Provide employees with the tools to recognize and handle ongoing daily security threats they might get online and by means of email.

Let staff members understand they are part of the team, and they cannot simply rely on the IT/CISO teams to manage security.

Halt the cycle of “unintentional lack of knowledge” about safe computing practices.

Change state of minds towards more safe practices: “If you observe something, state something”.

Evaluation of company guidelines and procedures, which are discussed in actionable terms which relate to them.

Make it Appropriate

No matter who “owns” the program, it’s necessary that there is visible executive backiong and management buy-in. If the execs don’t care, the workers won’t either. Efficient training won’t discuss tech buzzwords; rather, it will focus on changing behaviors. Relate cybersecurity awareness to your workers’ personal life. (And while you’re at it, teach them the best ways to keep themselves, their family, and their house safe. Odds are they do not know and hesitate to ask).

To make security awareness training really pertinent, solicit worker ideas and encourage feedback. Procedure success – such as, did the number of external links clicked by staff members go down? How about contacts to tech assistance originating from security infractions? Make the training timely and real-world by including current rip-offs in the news; unfortunately, there are a lot of to choose from.

In other words: Security awareness training isn’t really enjoyable, and it’s not a silver bullet. However, it is vital for making sure that dangerous staff member habits do not undermine your IT/CISO efforts to protect your network, devices, applications, and data. Make certain that you continuously train your staff members, which the training works.

Splunk And Ziften Generate Passion At Splunk .conf – Charles Leaver

Written By Josh Applebaum And Presented By Charles Leaver


Like a number of you, we’re still recuperating from Splunk.conf recently. As usual,. conf had terrific energy and the people who were in attendance were enthusiastic about Splunk and the many usage cases that it offers through the big app ecosystem.

One crucial statement during the 7 days worth discussing was a brand-new security offering known as “Content Updates,” which basically is pre-built Splunk searches for helping to find security occurrences.

Basically, it has a look at the most recent attacks, and the Splunk security team creates brand-new searches for how they would look through Splunk ES data to discover these kinds of attacks, and then ships those brand-new searches down to customer’s Splunk ES environments for automated signals when seen.

The very best part? Because these updates are using primarily CIM (Common Info Model) data, and Ziften populates a great deal of the CIM models, Ziften’s data is currently being matched against the new Content Updates Splunk has created.

A fast demonstration revealed which suppliers are adding to each kind of “detection” and Ziften was mentioned in a great deal of them.

For instance, we have a current article that shares how Ziften’s data in Splunk is utilized to find and react to WannaCry.

Overall, with the around 500 people who came by the cubicle over the course of.conf I need to say it was among the very best occasions we’ve performed in regards to quality discussions and interest. We had nothing but favorable reviews from our extensive discussions with all walks of business life – from highly technical analysts in the public sector to CISOs in the monetary sector.

The most typical conversation normally started with, “We are just starting to implement Splunk and are brand-new to the platform.” I like those, given that people can get our Apps free of charge and we can get them an agent to try out and it gets them something to use right out of the box to show worth instantly. Other folks were very skilled and truly liked our approach and architecture.

Bottom line: People are genuinely thrilled about Splunk and genuine services are readily available to help people with real problems!

Curious? The Ziften ZFlow App and Technology Add-on assists users of Splunk and Splunk ES usage Ziften-generated prolonged NetFlow from endpoints, servers, and cloud VMs to see exactly what they are missing out on at the edge of their network, their data centers, and in their cloud deployments.

Safeguard Yourself From Cyber Security Problems With Ziften Services – Charles Leaver

Written By Josh Harriman And Presented By Charles Leaver

Having the right tools in place is a given in our market. However having the right tools and services is one thing. Getting the most value out of them can be a difficulty. Even with all the best intents and properly skilled personnel, there can be gaps. Ziften Services can help fill those spaces and keep you on track for success.
Ziften Services can augment, or even straight-out lead your IT Operations and Security groups to much better arm your company with 3 excellent offerings. Every one is customized for a particular requirement and given the statistics from a recent report by ESG (Enterprise Strategy Group) entitled “Trends in Endpoint Security Research Study”, which mentioned 51% of responders in the study said they will be deploying and using an EDR (endpoint detection and response) option now and 35% of them prepare to utilize managed services for the implementation, shows the requirement is out there for correct services around these products and solutions. Therefore, Ziften is offering our services understanding that many companies do not have the scale or proficiency to execute and totally make use of required tools such as EDR.
Ziften services are as follows:
Ziften Assess Service
Ziften Hunt Service
Ziften Respond Service
While each of the 3 services cover a distinct function, the latter two are more complementary to each other. Let’s look at each in a little bit more detail to much better understand the benefits.
Assess Service
This service covers both IT functional and security groups. To determine your success in proper documents and adherence of processes and policies, you need to begin with a good solid baseline. The Assess services begin by carrying out extensive interviews with key decision makers to truly comprehend exactly what is in place. From there, a Ziften Zenith release provides tracking and data collection of key metrics within customer device networks, data centers and cloud deployments. The reporting covers asset management and performance, licensing, vulnerabilities, compliance as well as anomalous behaviors. The result can cover a range of concerns such as M&An evaluations, pre-cloud migration planning and periodic compliance checks.
Hunt Service
This service is a true 24 × 7 managed endpoint detection and response (MDR) offering. Organizations struggle to fully cover this essential aspect to security operations. That could be because of limited personnel or crucial know-how in risk hunting methods. Again, utilizing the Ziften Zenith platform, this service utilizes continuous monitoring throughout client devices, servers, cloud VMs supporting Windows, Mac OSX and Linux operating systems. Among the primary results of this service is dramatically reducing threat dwell times within the environment. This has been discussed frequently in the past few years and the numbers are shocking, generally in the order of 100s of days that risks stay covert within companies. You require someone that can actively hunt for these foes as well as can retrospectively look back to past occasions to find behaviors you were not aware of. This service does provide some hours of dedicated Incident Response as well, so you have all your bases covered.
Respond Service
When you are against the ropes and have a true emergency, this service is what you require. This is a tried and true IR team prepared for battle 24 × 7 with a broad series of response tool sets at their disposal. You will get instant event examination and triage. Suggested actions align with the severity of the danger and what response actions have to take place. The groups are really versatile and will work from another location or if required, can be on site where conditions require. This could be your whole IR team, or will enhance and mix right in with your existing group.
At the end of the day, you need services to help optimize your possibilities of success in today’s world. Ziften has 3 fantastic offerings and wants all our customers to feel protected and lined up with the best operational and security posture available. Please connect to us so we can help you. It’s exactly what we love to do!