Monthly Archives: January 2018

Flexibility Is A Critical Component Of SysSecOps – Charles Leaver

Written By Charles Leaver


You will discover that endpoints are everywhere. The device you read this on is an endpoint, whether it’s a desktop, notebook, tablet, or phone. The HEATING AND COOLING controller for your structure is an endpoint, assuming it’s linked to a network, and the WiFi access points and the security electronic cameras too. So is the connected car. So are the Web servers, storage servers, and Active Directory site servers in the data center. So are your IaaS/PaaS services in the cloud, where you are in control of bare-metal servers, VMware virtual machines, or containers operating on Windows and/or Linux.

They’re all endpoints, and each and every one is very important to handle.

They have to be managed from the IT side (from IT administrators, who ideally have proper IT-level visibility of each connected thing like those security video cameras). That management implies making sure they’re connected to the ideal network zones or VLANs, that their software applications and setups the current version, that they’re not flooding the network with bad packets because of electrical faults etc.

Those endpoints likewise have to be managed from the security viewpoint by CISO teams. Every endpoint is a prospective front door into the business network, which indicates the devices must be locked down – no default passwords, all security patches used, no unauthorized software applications set up on the device’s ingrained web server. (Kreb’s outlines how, in 2014, hackers got into Target’s network through its HEATING AND COOLING system.).

The Operations of Systems and Security.

Systems Security Operations, or SysSecOps, brings those 2 worlds together. With the best type of SysSecOps frame of mind, and tools that support the appropriate workflows, IT and security employees get the same data and can team up together. Sure, they each have various tasks, and react in a different way to difficulty notifications, however they’re all managing the exact same endpoints, whether in the pocket, on the desk, in the energy closet, in the data center, or in the cloud.

Test Report from Ziften Zentih.

We were thrilled when the recently published Broadband-Testing report praised Zenith, Ziften’s flagship end-point security and management platform, as being ideal for this kind of scenario. To quote from the recent report, “With its Zenith platform, Ziften has a product that ticks all the SysSecOps boxes and more. Because its definition of ‘endpoints’ extends into the Data Centre (DC) and the world of virtualisation, it holds true blanket protection.”.

Broadband-Testing is an independent testing facility and service based in Andorra. They describe themselves as, “Broadband-Testing communicates with suppliers, media, investment groups and VCs, experts and consultancies alike. Checking covers all elements of networking software and hardware, from ease of use and performance, through to increasingly crucial aspects such as device power usage measurement.”

Back to versatility. With endpoints everywhere (again, on the desk, in the energy closet, in the data center, or in the cloud), a SysSecOps-based endpoint security and management system should go everywhere and do anything, at scale. Broadband-Testing composed:

“The configuration/deployment choices and architecture of Ziften Zenith allow for a really flexible deployment, on or off-premise, or hybrid. Agent implementation is simplicity itself with zero user requirements and no endpoint intrusion. Agent footprint is likewise very little, unlike numerous endpoint security solutions. Scalability also seems exceptional – the biggest customer implementation to this day is in excess of 110,000 endpoints.”

We can’t help but take pride in our product Zenith, and exactly what Broadband-Testing concluded:

“The emergence of SysSecOps – combining systems and security operations – is an unusual milestone in IT; a hype-free, sound judgment method to refocusing on how systems and security are managed inside a business.

Key to Ziften’s endpoint method in this category is overall visibility – after all, how can you protect what you cannot see or have no idea exists in the first place? With its Zenith platform, Ziften has a product that ticks all the SysSecOps boxes and more.

Implementation is basic, specifically in a cloud-based scenario as checked. Scalability also seems outstanding – the greatest customer implementation to this day remains in excess of 110,000 endpoints.

Data analysis choices are extensive with a big amount of information readily available from the Ziften console – a single view of the whole endpoint infrastructure. Any object can be analysed – e.g. Binaries, applications, systems – and, from a procedure, an action can be defined as an automatic function, such as quarantining a system in the event of a potentially harmful binary being found. Numerous reports are predefined covering all areas of analysis. Alerts may be set for any occurrence. Furthermore, Ziften supplies the principle of extensions for custom data collection, beyond the reach of most suppliers.

And with its External API functionality, endpoint data gathered by Ziften can be shared with a lot of 3rd party applications, thereby including more value to a consumer’s existing security and analytics infrastructure financial investment.

In general, Ziften has a really competitive offering in exactly what is an extremely worthy and emerging IT classification through SysSecOps that is extremely worthy of examination.”.

We hope you’ll consider an examination of Zenith, and will agree that when it comes to SysSecOps and endpoint security and management, we do tick all the boxes with the true blanket protection that both your IT and CISO groups have been searching for.

Be Warned Of Spectre And Meltdown And Find Out How We Help – Charles Leaver

Written By Josh Harriman And Presented By Charles Leaver


Ziften understands the most recent exploits affecting almost everybody who works on a computer system or digital device. While this is a very large statement, we at Ziften are working diligently assisting our consumers discover susceptible assets, fixing those vulnerable systems, and keeping track of systems after the fix for prospective performance problems.

This is a continuous investigation by our team in Ziften Labs, where we keep up to date on the latest malicious attacks as they progress. Today, the majority of the discussions are around PoC code (Proof of Concept) and what can theoretically occur. This will soon alter as opponents take advantage of these opportunities. The exploits I’m speaking, naturally, are Meltdown and Spectre.

Much has actually been blogged about how these exploits were found and what is being done by the industry to find workarounds to these hardware problems. To get more information, I feel it’s best to go right to the source here (

What Should You Do, and How Can Ziften Assist?

An essential location that Ziften aids with in case of an attack by either method is keeping an eye out for data exfiltration. Since these attacks are basically taking data they shouldn’t have access to, our company believe the first and most convenient approaches to secure yourself is to take this confidential data and remove it from these systems. This data might be passwords, login qualifications or even security secrets for SSH or VPN access.

Ziften checks and alerts when procedures that typically do not make network connections begin showing this unusual behavior. From these signals, users can quarantine systems from the network and / or eliminate processes related to these situations. Ziften Labs is keeping track of the advancement of the attacks that are likely to become readily available in the real world related to these vulnerabilities, so we can better protect our customers.

Find – How am I Vulnerable?

Let’s look at areas we can monitor for vulnerable systems. Zenith, Ziften’s flagship product, can simply and rapidly find OS’s that need to be patched. Despite the fact that these exploits are in the CPU chips themselves (Intel, AMD and ARM), the repairs that will be available will be updated to the OS, and in other cases, the web browser you utilize as well.

In Figure 1 below, you can see an example of how we report on the offered patches by name, and what systems have effectively set up each patch, and which have yet to install. We can also track failed patch installs. The example below is not for Meltdown or Spectre, however the KB and / or patch number for the environment could be populated on this report to show the susceptible systems.

The exact same is true for web browser updates. Zenith monitors for software application versions running in the environment. That data can be utilized to comprehend if all browsers are up to date once the repairs become available.

Mentioning browsers, one area that has actually currently gained momentum in the attack circumstances is utilizing Javascript. A working copy is revealed here (

Products like Edge browsers do not utilize Javascript any longer and mitigations are available for other browsers. Firefox has a repair offered here ( A Chrome repair is coming out this week.

Repair – Exactly What Can I Do Now?

When you have actually recognized susceptible systems in your environment you definitely want to patch and fix them as soon as possible. Some safeguards you need to think about are reports of specific Anti-Virus items triggering stability problems when the patches are applied. Details about these issues are here ( and here (

Zenith likewise has the capability to help patch systems. We can monitor for systems that require patches, and direct our solution to apply those patches for you then report success / failure and the status of those still needing patching.

Considering that the Zenith backend is cloud based, we can even monitor your endpoint systems and apply the required patches when and if they are not linked to your corporate network.

Monitor – How is Everything Running?

Lastly, there could be some systems that show performance deterioration after the OS fixes are used. These concerns appear to be restricted to high load (IO and network) systems. The Zenith platform helps both security and operational teams within your environment. Exactly what we like to call SysSecOps (

We can assist reveal problems such as application crashes or hangs, and system crashes. Plus, we monitor system usage for Memory and CPU gradually. This data can be used to monitor and inform on systems that start to exhibit high usage compared with the duration prior to the patch was used. An example of this tracking is shown in Figure 2 below (system names purposefully removed).

These ‘defects’ are still new to the general public, and far more will be gone over and discovered for days / weeks / months to come. Here at Ziften, we continue to monitor the circumstance and how we can best educate and safeguard our clients and partners.