Author Archives: leavmecha

We Have Made Our Channel Program Even Better For You – Charles Leaver

Written By Greg McCreight And Presented By Charles Leaver

 

If you are a reseller, integrator, distributor, managed service provider – the brand-new Ziften Activate Partner Program is here, it’s ready to go, and will be fantastic for your profitability (and for decreasing your customers’ stress and anxiety about cybersecurity).

Ziften is 100 percent focused on the channel, and as we grow and develop in the market, we understand that your success is our success – and that our success is your success. And it is already happening: 96% of our sales in 2017 were through the channel! This is the reason that we built the brand-new Activate Partner Program to provide you the resources you require to grow your organization with Ziften security solutions.

We kicked it all off with a powerful, cross-platform Endpoint Detection and Response (EDR) solution, Ziften Zenith. Customers really love it. Innovation Partners love it. Resellers really love it. The market really love it. And analysts love it.

I have to share this from the conclusion of our broadband testing report, which talks about SysSecOps, or Systems Security Operations – an emerging category where Ziften is leading the market:

Critical to Ziften’s endpoint method in this classification is total visibility – let’s face it, how can you protect what you cannot see or don’t know is there to start with? With its Zenith platform, Ziften has a solution that delivers on all the essential SysSecOps requirements and more …

Overall, Ziften has an extremely competitive solution in what is a really legitimate, emerging IT category through SysSecOps and one that must be on the assessment short-list.

In addition to this: Microsoft recently partnered with Ziften to produce an integration between Zenith and Microsoft Windows Defender ATP, to enable Microsoft clients to protect Linux and Mac systems with the same single pane of glass as they use to protect Windows systems.

Enough about Ziften. Let’s concentrate on you. You and the Activate Partner Program.

We have actually assembled a multi tier partner program that has better discounts, more resources, and strong market development support. We understand a one-size-fits-all program doesn’t work, not in today’s market.

With Activate, we take a hands-on stance to bringing on board brand-new partners; making it easy for those for whom security is a relatively small element of your services; and rewarding top tier partners who have devoted themselves to Ziften.

Here’s what you will receive with the Activate Partner Program – and we’ll work alongside with you to make sure that Activate fulfills your needs completely:

Security for more of your customer’s environment – end points, servers, and cloud

Visibility and security for your customer’s complex, multi-cloud deployments

Easy security tool integrations to deliver genuinely custom, differentiated solutions

Hands on, customized support and life-cycle expertise

Abundant monetary rewards that motivate your long-term investment and reward on-going success

Market advancement assistance to drive incremental demand and list building

First-rate, hands-on support from our field sales, sales engineers, technical support, and marketing experts

The Activate program combines our effective security solutions, financial investments, and hands on help to assist you develop more business opportunities and close more deals.

Your Essential Guide To Cloud Asset Migration – Charles Leaver

Written By Logan Gilbert And Presented By Charles Leaver

 

It bears reiterating – the Web has forever altered the world for individuals and companies alike. When it comes to the latter, every aspect of modern IT is going through digital transformation. IT departments everywhere are under pressure to make info extremely available and at lower expense – all while securing vital data from corruption, loss, or cyber theft.

Central to this technique is the migration of data centers to the cloud. In fact, nineteen percent of service workloads are anticipated to be in the public cloud by the end of 2019, and 50% over the next ten years.

What is Cloud Asset Migration?

Cloud migration is the process of moving data, applications or other service elements from a company’s on premise infrastructure to the cloud or moving them from one cloud service to another.

The diagram shown below highlights this migration of file-server(s), data, and application(s) from an on premise server infrastructure to a cloud environment.

Cloud providers make it possible for businesses to migrate some or all IT infrastructure to the cloud for scale, speed, service flexibility, ease of handling, and decreased expenses. The advantages are absolutely nothing short of compelling.

Utilizing Cloud Computing is changing the corporate landscape. With the technological advancements, people are leaning more to a virtual office meaning that you can work from anywhere and anytime utilizing cloud computing.

Cloud Asset Migration Considerations

However, as with any significant IT infrastructure change, a move to the cloud needs thoughtful preparation and execution for the procedure to occur within the budget plan and on-time. Moving a server, database, application, or all of the above to the cloud is not without risk. System failures, efficiency degradation, loss of data and more are likely to happen as a result of misconfigurations, system failures, and security exploits.

Case in point: forty three percent of those who have actually gone through a cloud asset migration have actually experienced a failure or delayed application. Why is this? Since each asset migration is a ‘snowflake’ with its own level of intricacy.

Let’s look at three areas to consider for successful cloud asset migration.

1. Have a Plan

Initially, there needs to be a tactical migration plan. That plan ought to help address questions such as the following:

Which IT assets should be migrated in the first place?
If you are migrating some, or all, of your infrastructure to the cloud, how will you establish and maintain asset control?
How will you identify what you have – prior to and after the relocation?
Do you even have to migrate all of it?
What comes first?

2. Tidy up Exactly What remains in Place Today

To answer these strategic concerns efficiently, you’ll need definitive visibility into each asset under roof today, as well as pertinent characteristics of each asset. Whether your assets today are running on physical or virtual server infrastructure, you have to comprehend:

What assets exist today? Discover all the linked assets and comprehend whether they are currently handled and unmanaged.
Recognize low usage and/or unused systems. Should these systems be removed or repurposed prior to migration?
Determine low usage and/or unused applications. Are these applications required at all? Should they be gotten rid of prior to migration?
Recognize and clean up aspects of duplication, be it systems and/or applications.
Now determine those business-critical systems and applications that will now be moved as part of your strategy. With this comprehensive asset data in hand, you can sharpen your migration method by segmenting exactly what must – and ought to not be moved – or at least crisply prioritize based on business value.

3. Prepare For Cloud Visibility Post Migration

Now that you’re armed with extensive, precise existing and historic asset data, how will you preserve this level of visibility after your effective cloud asset migration?

While the cost benefits of migrating to the cloud are typically extremely compelling, uncontrolled asset/ virtual device expansion can rapidly deteriorate those cost benefits. So, prior to performing your cloud asset migration, make certain you have a cloud visibility solution in place that:

Finds/ monitors all linked assets throughout your single or multi-cloud environment
Inventories, fingerprints, and classifies found assets
Informs on new or unforeseen asset discovery and/or behavior within the cloud environment
Incorporates with existing ticketing, workflow, and/or CMDB systems

Cloud Visibility and Security with Ziften

Ongoing cloud visibility into each device, user, and application means you can administer all elements of your infrastructure better. You’ll avoid losing resources by preventing VM proliferation, plus you’ll have a comprehensive body of data to satisfy audit requirements for NIST 800-53, HIPAA, and other compliance guidelines.

Follow the above when you move to the cloud, and you’ll avoid weak security, insufficient compliance, or functional SNAFUs. Ziften’s technique to cloud visibility and security gives you the intelligence you need for cloud asset migration without the difficulties.

Microsoft Channel Partners Can Benefit From This Golden Security Opportunity – Charles Leaver

Written By Greg McCreight And Presented By Charles Leaver

 

Windows Defender Advanced Threat Protection (WDATP) is a winner, popular with Microsoft channel partners around the globe. It is highly likely you’re currently dealing with Microsoft clients to install and look after WDATP on their Windows end points.

I’m delighted to inform you about a brand-new chance: Get a fast start with an industry leading service that integrates right into WDATP: Ziften Zenith. For a restricted time, Microsoft channel partners can utilize our brand-new “Fast Start” program to onboard with Ziften.

With “Fast Start,” you delight in all the advantages of Ziften’s top tier partner status for a complete year, and we’ll assist you to get up to speed quickly with joint market and organization advancement resources – and with a waiver of the typical sales volume dedication connected with Gold Status.

If you don’t know Ziften, we supply infrastructure visibility and coordinated threat detection, avoidance, and response throughout all endpoint devices and cloud environments. Zenith, our flagship security platform, quickly deploys to client devices, virtual machines and servers.

As soon as it is installed, Zenith continuously gathers all the information necessary to precisely examine the existing and historical state of all managed devices including system, user behavior, network connection, application, binary, and procedure data. Zenith supplies your clients’ IT and security groups with continuous visibility and control of all handled assets consisting of continuous monitoring, informing, and automated or manual actions.

Zenith is cross-platform – it works with and secures Windows, Mac, Linux, and other endpoints.

What’s particularly noteworthy – and here’s the chance – is that Ziften has teamed up with Microsoft to integrate Zenith with Windows Defender ATP. That indicates your customers can use WDATP on Windows systems and Zenith on their macOS and Linux systems to spot, see, and react to cyber attacks all using only the WDATP Management Console for all the systems. Zenith is concealed in the background.

A single pane of glass, to handle Windows, Mac, Linux end points, which can include desktops, laptops, and servers. That makes Zenith the best option to offer your existing WDATP customers… and to make your bids for new WDATP business more comprehensive for multi-platform enterprise prospects.

Furthermore, providing Zenith can assist you speed customer migrations to Windows 10, and sell more Enterprise E5 commercial editions.

” Fast Start” for a Year with Gold Status

Ziften is completely concentrated on the channel: 96% of our sales in 2017 were achieved via the channel. We are very excited to bring the “Fast Start” program to current Microsoft channel partners, throughout the world.

With “Fast Start,” you can sign up for the Ziften Channel Program with these advantages:

Expedited Acceptance and On-Boarding – Ziften channel managers and field sales work straight with you to get up and running offering the Zenith endpoint security solution incorporated with Windows Defender ATP.

Superior Security Worth – You’ll be uniquely positioned to offer clients and potential customers higher security worth across more of their overall environment than ever, increasing the variety of supported and protected Windows, Mac, and Linux systems.

Hands-On Collaboration – Ziften commits field sales, sales engineers, and marketing to support your daily pre-sales engagements, drive brand-new sales chances, and assist to close more business opportunities with Microsoft and Ziften endpoint security.

Here’s exactly what one major Microsoft channel partner, says about this – this is Ronnie Altit, creator and CEO of Insentra, a “partner-obsessed” Australian IT services company that works exclusively through the IT channel:

” As a big Microsoft reseller, teaming with Ziften to provide their Zenith security platform integrated with Microsoft Windows Defender ATP was a no-brainer. We’re delighted at the seamless integration between Zenith and Windows Defender ATP offering our clients holistic security and visibility across their Windows and non-Windows systems. Ziften has actually been a pleasure to deal with, and encouraging at every step of the procedure. We expect to be extremely effective offering this effective security solution to our clients.”

The Cybersecurity Industry Needs More Women And The Girl Scouts Take The Lead – Charles Leaver

Written By Kim Foster And Presented By Charles Leaver

 

It’s clear that cybersecurity is getting more international attention than ever before, and businesses are truly worried if they are training enough security professionals to satisfy growing security threats. While this issue is felt throughout the business world, lots of people did not expect Girl Scouts to hear the call.

Starting this fall, millions of Girl Scouts nationwide have the opportunity to earn cybersecurity badges. Girl Scouts of the U.S.A partnered with Security Company (and Ziften tech partner) Palo Alto Networks to create a curriculum that educates girls about the fundamentals of computer security. According to Sylvia Acevedo, CEO of GSUSA, they developed the program based on need from the ladies themselves to safeguard themselves, their computers, and their household networks.

The timing is good, considering that in accordance with a study launched in 2017 by (ISC), 1.8 million cybersecurity positions will be unfilled by 2022. Factor in increased demand for security pros with stagnant development for ladies – only 11 percent for the past few years – our cybersecurity staffing problems are poised to get worse without substantial effort on behalf of the industry for better inclusion.

Obviously, we cannot depend on the Girl Scouts to do all of the heavy lifting. Broader instructional efforts are a must: according to the Computing Technology Industry Association, 69 percent of U.S. ladies who do not have a profession in infotech pointed out not being aware exactly what opportunities were offered to them as the reason they did not pursue one. One of the great untapped opportunities of our market is the recruitment of more varied experts. Targeted curricula and increased awareness must be high concern. Raytheon’s Ladies Cyber Security Scholarship is a fine example.

To gain the benefits of having women invested in shaping the future of innovation, it is necessary to eliminate the exclusionary understanding of “the boys’ club” and keep in mind the groundbreaking contributions made by females of the past. Numerous folk know that the very first computer programmer was a woman – Ada Lovelace. Then there is the work of other well-known pioneers such as Grace Hopper, Hedy Lamarr, or Ida Rhodes, all who may stimulate some vague recollection amongst those in our industry. Female mathematicians developed programs for one of the world’s very first totally electronic general-purpose computers: Kay McNulty, Jean Jennings Bartik, Betty Snyder, Marlyn Meltzer, Fran Bilas, and Ruth Lichterman were simply a few of the first programmers of the Electronic Numerical Integrator and Computer system (much better referred to as ENIAC), though their essential work was not extensively recognized for over 50 years. In fact, when historians first discovered photos of the women in the mid-1980s, they mistook them for “Fridge Ladies” – models posing in front of the machines.

It’s worth keeping in mind that many think the very same “boys’ club” mentality that neglected the accomplishments of ladies in history has actually resulted in minimal management positions and lower incomes for modern-day women in cybersecurity, along with outright exemption of female luminaries from speaking opportunities at industry conferences. As trends go, omitting intense individuals with suitable knowledge from influencing the cybersecurity industry is an unsustainable one if we hope to stay up to date with the bad guys.

Whether or not we collectively take action to cultivate more inclusive offices – like educating, recruiting, and promoting females in greater numbers – it is heartening to see an organization associated with fundraiser cookies effectively inform a whole market to the fact that ladies are truly thinking about the field. As the Girls Scouts of today are given the tools to pursue a profession in information security, we need to expect that they will become the very women who ultimately reprogram our expectations of what a cybersecurity expert looks like.

Mac Computers Can Be A Threat To Your Security – Charles Leaver

Written By Roark Pollock And Presented By Charles Leaver

 

Do you have Mac computers? That’s fine. I also own one. Have you locked your Macs down? If you haven’t, your business has a potentially major security weak point.

It’s a misconception to think that Macintosh computers are inherently safe and don’t have to be secured against malware or hacking. Many believe Macs are undoubtedly probably more safe than Windows desktops and notebooks, due to the design of the Unix-oriented kernel. Definitely, we see fewer security patches issued for macOS from Apple, compared with security patches for Windows from Microsoft.

Less security problems is not zero defects. And safer doesn’t mean complete safety.

Some Mac Vulnerability Examples

Take, for instance, the macOS 10.13.3 upgrade, released on January 23, 2018, for the present variations of the Mac’s operating system. Like many current computers running Intel processors, the Mac was vulnerable to the Meltdown defect, which implied that destructive applications may be able to read kernel memory.

Apple needed to patch this defect – as well as numerous others.

For example, another problem could permit destructive audio files to execute arbitrary code, which might violate the system’s security integrity. Apple needed to patch it.

A kernel defect suggested that a destructive application may be able to execute random code with kernel advantages, providing hackers access to anything on the device. Apple needed to patch the kernel.

A defect in the WebKit library indicated that processing maliciously crafted web material may cause random code execution. Apple had to patch WebKit.

Another defect meant that processing a harmful text message may result in application denial of service, locking up the system. Whoops. Apple had to patch that flaw as well.

Don’t Make The Exact Same Mistakes as Customers

Numerous customers, believing all the hype about how wonderful macOS is, choose to run without security, relying on the macOS and its built-in application firewall to obstruct all manner of bad code. Bad news: There’s no integrated anti virus or anti malware, and the firewall program can just do so much. And lots of enterprises wish to neglect macOS when it concerns visibility for posture monitoring and hardening, and hazard detection/ hazard hunting.

Consumers frequently make these presumptions due to the fact that they do not know any better. IT and Security experts should never ever make the exact same mistakes – we should understand much better.

If a Mac user installs bad software, or includes a harmful internet browser extension, or opens a bad email attachment, or clicks on a phishing link or a nasty advertisement, their computer is corrupted – similar to a Windows computer. But within the enterprise, we need to be prepared to handle these issues, even on Macs.

What To Do?

What do you have to do?

– Set up anti-virus and anti malware on corporate Macs – or any Mac that has access to your organization’s material, servers, or networks.
– Track the state of Macs, much like you do with Windows computers.
– Be proactive in applying fixes and patches to Macs, again, similar to with Windows.

You should likewise eliminate Mac computers from your business environment which are old and cannot run the latest variation of macOS. That’s a great deal of them, since Apple is pretty good at keeping hardware that is older. Here is Apple’s list of Mac designs that can run macOS 10.13:

– MacBook (Late 2009 or newer).
– MacBook Pro (Mid 2010 or newer).
– MacBook Air (Late 2010 or more recent).
– Mac mini (Mid 2010 or newer).
– iMac (Late 2009 or more recent).
– Mac Pro (Mid 2010 or newer).

When the next version of macOS comes out, some of your older devices may drop off the list. They should fall off your stock also.

Ziften’s Viewpoint.

At Ziften, with our Zenith security platform, we strive to preserve visibility and security feature parity between Windows systems, macOS systems, and Linux-based systems.

In fact, we have actually partnered with Microsoft to incorporate our Zenith security platform with Microsoft Windows Defender Advanced Threat Protection (ATP) for macOS and Linux monitoring and hazard detection and response coverage. The combination allows clients to spot, view, investigate, and react to sophisticated cyber-attacks on macOS devices (as well as Windows and Linux-based endpoints) directly within the Microsoft WDATP Management Console.

From our point of view, it has constantly been necessary to provide your security groups self-confidence that every desktop/ notebook endpoint is protected – and thus, the enterprise is secured.

Believe it or not, 91% of enterprises say they have a number of Macs. If those Macs aren’t protected, and also correctly incorporated into your endpoint security systems, the business is not protected. It’s just that simple.

Why Strategic Alliances In The Security Industry Work – Charles Leaver

Written By Charles Leaver

 

Nobody can resolve cybersecurity alone. No single product business, no one provider, nobody can deal with the whole issue. To take on security needs cooperation between different players.

In some cases, those companies are at different levels of the solution stack – some install on endpoints, some within applications, others within network routers, others at the telco or the cloud.

In some cases, those companies each have a specific best of breed component: one player concentrates on e-mail, others in crypto, others in interrupting the kill chain.

From the enterprise client’s viewpoint, efficient security requires putting together a set of tools and services into a working whole. Speaking from the suppliers’ point of view, reliable security requires tactical alliances. Sure, each supplier, whether making hardware, composing software applications, or offering services, has its own products and intellectual property. Nevertheless, all of us work much better when we work together, to enable integrations and make life easy for our resellers, our integrators- and that end consumer.

Paradoxically, not just can suppliers make more profit through tactical alliances, but end consumers will save money at the same time. Why? A number of reasons.

Customers do not lose their cash (and time) with solutions which have overlapping capabilities. Clients do not have to waste profits (and time) creating customized integrations. And consumers won’t lose profits (and time) attempting to debug systems that fight each other, such as by causing extra notifications or hard-to-find incompatibilities.

It’s the Trifecta – Products, Solutions, and Channels

All three work together to meet the requirements of the business consumer, as well as benefit the suppliers, who can concentrate on doing what they do best, relying on tactical alliances to develop complete services out of jigsaw puzzle pieces.

Usually speaking, those solutions require more than easy APIs – which is where strategic alliances are so important.

Think about the integration in between solutions (like a network hazard scanner or Ziften’s endpoint visibility options) and analytics services. End consumers don’t want to operate a dozen various control panels, and they do not wish to by hand correlate anomaly findings from a dozen different security tools. Strategic alliances between product vendors and analytics solutions – whether on-site or in the cloud – make sense for everyone. That includes for the channel, who can provide and support total options that are currently dialed in, already debugged, already documented, and will deal with the least fuss possible.

Or consider the integration of products and managed security services providers (MSSPs). They want to provide prospective clients pre-packaged options, ideally which can run in their multi-tenant clouds. That suggests that the items need to be scalable, with synergistic license terms. They must be well-integrated with the MSSP’s existing control panels and administrative control systems. And naturally, they need to feed into predictive analytics and incident response programs. The very best method to do that? Through tactical alliances, both horizontally with other product suppliers, and with major MSSPs too.

How about significant value add resellers (VAR)? VARs need products that are simple to understand, easy to support, and simple to include into existing security implementations. This makes new products more enticing, more economical, easier to install, much easier to support – and reinforce the VAR’s consumer relationships.

What do they try to find when contributing to their solution portfolio? New solutions that have strategic alliances with their existing solution offerings. If you do not dovetail in to the VAR’s portfolio partners, well, you most likely do not fit in.

2 Examples: Fortinet and Microsoft

Nobody can resolve cybersecurity alone, which includes giants like Fortinet and Microsoft.

Think About the Fortinet Fabric-Ready Partner Program, where innovation alliance partners integrate with the Fortinet Security Fabric by means of Fabric APIs and are able to actively collect and share information to improve risk intelligence, improve overall threat awareness, and broaden threat response from end to end. As Fortinet discusses in their Fortinet Fabric-Ready Partner Program Overview, “partner inclusion in the program signals to consumers and the industry as a whole that the partner has teamed up with Fortinet and leveraged the Fortinet Fabric APIs to establish confirmed, end-to-end security services.”

Likewise, Microsoft is pursuing a similar strategy with the Windows Defender Advanced Threat Protection program. Microsoft recently chose only a few key partners into this security program, saying, “We have actually heard from our clients that they desire security and visibility into prospective threats on all their device platforms and we have actually turned to partners to help resolve this requirement. Windows Defender ATP provides security teams a single pane of glass for their endpoint security and now by teaming up with these partners, our consumers can extend their ATP service to their whole set up base.”

We’re the very first to admit: Ziften cannot resolve security alone. No one can. The best way forward for the security market is to move forward together, through strategic alliances bringing together product vendors, service companies, and the channel. That way, all of us win, suppliers, service companies, channel partners, and business consumers alike.

Flexibility Is A Critical Component Of SysSecOps – Charles Leaver

Written By Charles Leaver

 

You will discover that endpoints are everywhere. The device you read this on is an endpoint, whether it’s a desktop, notebook, tablet, or phone. The HEATING AND COOLING controller for your structure is an endpoint, assuming it’s linked to a network, and the WiFi access points and the security electronic cameras too. So is the connected car. So are the Web servers, storage servers, and Active Directory site servers in the data center. So are your IaaS/PaaS services in the cloud, where you are in control of bare-metal servers, VMware virtual machines, or containers operating on Windows and/or Linux.

They’re all endpoints, and each and every one is very important to handle.

They have to be managed from the IT side (from IT administrators, who ideally have proper IT-level visibility of each connected thing like those security video cameras). That management implies making sure they’re connected to the ideal network zones or VLANs, that their software applications and setups the current version, that they’re not flooding the network with bad packets because of electrical faults etc.

Those endpoints likewise have to be managed from the security viewpoint by CISO teams. Every endpoint is a prospective front door into the business network, which indicates the devices must be locked down – no default passwords, all security patches used, no unauthorized software applications set up on the device’s ingrained web server. (Kreb’s outlines how, in 2014, hackers got into Target’s network through its HEATING AND COOLING system.).

The Operations of Systems and Security.

Systems Security Operations, or SysSecOps, brings those 2 worlds together. With the best type of SysSecOps frame of mind, and tools that support the appropriate workflows, IT and security employees get the same data and can team up together. Sure, they each have various tasks, and react in a different way to difficulty notifications, however they’re all managing the exact same endpoints, whether in the pocket, on the desk, in the energy closet, in the data center, or in the cloud.

Test Report from Ziften Zentih.

We were thrilled when the recently published Broadband-Testing report praised Zenith, Ziften’s flagship end-point security and management platform, as being ideal for this kind of scenario. To quote from the recent report, “With its Zenith platform, Ziften has a product that ticks all the SysSecOps boxes and more. Because its definition of ‘endpoints’ extends into the Data Centre (DC) and the world of virtualisation, it holds true blanket protection.”.

Broadband-Testing is an independent testing facility and service based in Andorra. They describe themselves as, “Broadband-Testing communicates with suppliers, media, investment groups and VCs, experts and consultancies alike. Checking covers all elements of networking software and hardware, from ease of use and performance, through to increasingly crucial aspects such as device power usage measurement.”

Back to versatility. With endpoints everywhere (again, on the desk, in the energy closet, in the data center, or in the cloud), a SysSecOps-based endpoint security and management system should go everywhere and do anything, at scale. Broadband-Testing composed:

“The configuration/deployment choices and architecture of Ziften Zenith allow for a really flexible deployment, on or off-premise, or hybrid. Agent implementation is simplicity itself with zero user requirements and no endpoint intrusion. Agent footprint is likewise very little, unlike numerous endpoint security solutions. Scalability also seems exceptional – the biggest customer implementation to this day is in excess of 110,000 endpoints.”

We can’t help but take pride in our product Zenith, and exactly what Broadband-Testing concluded:

“The emergence of SysSecOps – combining systems and security operations – is an unusual milestone in IT; a hype-free, sound judgment method to refocusing on how systems and security are managed inside a business.

Key to Ziften’s endpoint method in this category is overall visibility – after all, how can you protect what you cannot see or have no idea exists in the first place? With its Zenith platform, Ziften has a product that ticks all the SysSecOps boxes and more.

Implementation is basic, specifically in a cloud-based scenario as checked. Scalability also seems outstanding – the greatest customer implementation to this day remains in excess of 110,000 endpoints.

Data analysis choices are extensive with a big amount of information readily available from the Ziften console – a single view of the whole endpoint infrastructure. Any object can be analysed – e.g. Binaries, applications, systems – and, from a procedure, an action can be defined as an automatic function, such as quarantining a system in the event of a potentially harmful binary being found. Numerous reports are predefined covering all areas of analysis. Alerts may be set for any occurrence. Furthermore, Ziften supplies the principle of extensions for custom data collection, beyond the reach of most suppliers.

And with its External API functionality, endpoint data gathered by Ziften can be shared with a lot of 3rd party applications, thereby including more value to a consumer’s existing security and analytics infrastructure financial investment.

In general, Ziften has a really competitive offering in exactly what is an extremely worthy and emerging IT classification through SysSecOps that is extremely worthy of examination.”.

We hope you’ll consider an examination of Zenith, and will agree that when it comes to SysSecOps and endpoint security and management, we do tick all the boxes with the true blanket protection that both your IT and CISO groups have been searching for.

Be Warned Of Spectre And Meltdown And Find Out How We Help – Charles Leaver

Written By Josh Harriman And Presented By Charles Leaver

 

Ziften understands the most recent exploits affecting almost everybody who works on a computer system or digital device. While this is a very large statement, we at Ziften are working diligently assisting our consumers discover susceptible assets, fixing those vulnerable systems, and keeping track of systems after the fix for prospective performance problems.

This is a continuous investigation by our team in Ziften Labs, where we keep up to date on the latest malicious attacks as they progress. Today, the majority of the discussions are around PoC code (Proof of Concept) and what can theoretically occur. This will soon alter as opponents take advantage of these opportunities. The exploits I’m speaking, naturally, are Meltdown and Spectre.

Much has actually been blogged about how these exploits were found and what is being done by the industry to find workarounds to these hardware problems. To get more information, I feel it’s best to go right to the source here (https://spectreattack.com/).

What Should You Do, and How Can Ziften Assist?

An essential location that Ziften aids with in case of an attack by either method is keeping an eye out for data exfiltration. Since these attacks are basically taking data they shouldn’t have access to, our company believe the first and most convenient approaches to secure yourself is to take this confidential data and remove it from these systems. This data might be passwords, login qualifications or even security secrets for SSH or VPN access.

Ziften checks and alerts when procedures that typically do not make network connections begin showing this unusual behavior. From these signals, users can quarantine systems from the network and / or eliminate processes related to these situations. Ziften Labs is keeping track of the advancement of the attacks that are likely to become readily available in the real world related to these vulnerabilities, so we can better protect our customers.

Find – How am I Vulnerable?

Let’s look at areas we can monitor for vulnerable systems. Zenith, Ziften’s flagship product, can simply and rapidly find OS’s that need to be patched. Despite the fact that these exploits are in the CPU chips themselves (Intel, AMD and ARM), the repairs that will be available will be updated to the OS, and in other cases, the web browser you utilize as well.

In Figure 1 below, you can see an example of how we report on the offered patches by name, and what systems have effectively set up each patch, and which have yet to install. We can also track failed patch installs. The example below is not for Meltdown or Spectre, however the KB and / or patch number for the environment could be populated on this report to show the susceptible systems.

The exact same is true for web browser updates. Zenith monitors for software application versions running in the environment. That data can be utilized to comprehend if all browsers are up to date once the repairs become available.

Mentioning browsers, one area that has actually currently gained momentum in the attack circumstances is utilizing Javascript. A working copy is revealed here (https://www.react-etc.net/entry/exploiting-speculative-execution-meltdown-spectre-via-javascript).

Products like Edge browsers do not utilize Javascript any longer and mitigations are available for other browsers. Firefox has a repair offered here (https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/). A Chrome repair is coming out this week.

Repair – Exactly What Can I Do Now?

When you have actually recognized susceptible systems in your environment you definitely want to patch and fix them as soon as possible. Some safeguards you need to think about are reports of specific Anti-Virus items triggering stability problems when the patches are applied. Details about these issues are here (https://www.cyberscoop.com/spectre-meltdown-microsoft-anti-virus-bsod/) and here (https://docs.google.com/spreadsheets/u/1/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true).

Zenith likewise has the capability to help patch systems. We can monitor for systems that require patches, and direct our solution to apply those patches for you then report success / failure and the status of those still needing patching.

Considering that the Zenith backend is cloud based, we can even monitor your endpoint systems and apply the required patches when and if they are not linked to your corporate network.

Monitor – How is Everything Running?

Lastly, there could be some systems that show performance deterioration after the OS fixes are used. These concerns appear to be restricted to high load (IO and network) systems. The Zenith platform helps both security and operational teams within your environment. Exactly what we like to call SysSecOps (https://ziften.com/introducing-systems-security-operations-syssecops/).

We can assist reveal problems such as application crashes or hangs, and system crashes. Plus, we monitor system usage for Memory and CPU gradually. This data can be used to monitor and inform on systems that start to exhibit high usage compared with the duration prior to the patch was used. An example of this tracking is shown in Figure 2 below (system names purposefully removed).

These ‘defects’ are still new to the general public, and far more will be gone over and discovered for days / weeks / months to come. Here at Ziften, we continue to monitor the circumstance and how we can best educate and safeguard our clients and partners.

SysSecOps Is Something That You Need Right Now – Charles Leaver

Written By Alan Zeichick And Presented By Charles Leaver

 

SysSecOps. That’s a new term, still unseen by many IT and security administrators – but it’s being talked about within the industry, by analysts, and at technical conferences. SysSecOps, or Systems & Security Operations, describes the practice of uniting security groups and IT operations teams to be able to guarantee the health of enterprise technology – and having the tools to be able to respond most efficiently when problems occur.

SysSecOps focuses on taking apart the information walls, disrupting the silos, that get in between security teams and IT administrators.

IT operations staff exist to make sure that end-users can access applications, and that crucial infrastructure is running 24 × 7. They wish to maximize access and availability, and require the data needed to do that task – like that a brand-new worker must be provisioned, or a disk drive in a RAID array has actually failed, that a new partner needs to be provisioned with access to a secure file repository, or that an Oracle database is ready to be migrated to the cloud. It’s all about innovation to drive business.

Exact Same Data, Different Use-Cases

While making use of endpoint and network monitoring info and analytics are clearly customized to fit the diverse needs of IT and security, it ends up that the underlying raw data is actually the same. The IT and security groups merely are looking at their own domain’s problems and circumstances – and acting based on those use-cases.

Yet in some cases the IT and security groups need to work together. Like provisioning that brand-new service partner: It should touch all the ideal systems, and be done securely. Or if there is an issue with a remote endpoint, such as a mobile device or a mechanism on the Industrial Internet of Things, IT and security might have to collaborate to identify exactly what’s going on. When IT and security share the exact same data sources, and have access to the very same tools, this job ends up being a lot easier – and thus SysSecOps.

Think of that an IT administrator identifies that a server hard drive is nearing total capacity – and this was not expected. Possibly the network had been breached, and the server is now being used to steam pirated movies across the Web. It occurs, and finding and fixing that issue is a job for both IT and security. The data collected by endpoint instrumentation, and showed through a SysSecOps-ready tracking platform, can help both sides working together more efficiently than would occur with standard, distinct, IT and security tools.

SysSecOps: It’s a new term, and a brand-new concept, and it’s resonating with both IT and security teams. You can discover more about this in a brief nine minute video, where I talk to a number of market experts about this topic: “What is SysSecOps?”

Protect Yourself From Microsoft Word Phishing Attacks With Ziften – Charles Leaver

Written By Josh Harriman And Presented By Charles Leaver

 

An interesting multifaceted attack has actually been reported in a current blog by Cisco’s Talos Intelligence team. I wished to discuss the infection vector of this attack as it’s quite fascinating and something that Microsoft has actually promised not to fix, as it is a function and not a bug. Reports are becoming available about attacks in the wild which are making use of a function in Microsoft Word, called Dynamic Data Exchange (DDE). Information to how this is achieved are reported in this blog from SecureData.

Unique Phishing Attack with Microsoft Word

Attackers continuously look for brand-new ways to breach a company. Phishing attacks are among the most common as opponents are counting on the fact that someone will either open a file sent to them or go to a ‘faked’ URL. From there an exploit on a susceptible piece of software typically gives them access to start their attack.

However in this case, the documents didn’t have a destructive item embedded in the Word doc, which is a preferred attack vector, but rather a sly way of utilizing this function that enables the Word program to connect out to recover the genuine destructive files. In this manner they might hope or rely on a much better success rate of infection as harmful Word files themselves can be scanned and erased before reaching the recipient.

Searching for Suspicious Behaviors with Ziften Zenith

Here at Ziften, we wanted to be able to inform on this behavior for our clients. Finding conditions that display ‘unusual’ behavior such as Microsoft Word generating a shell is interesting and not expected. Taking it a bit further and searching for PowerShell running from that spawned shell and it gets ‘very’ intriguing. By using our Search API, we can discover these habits no matter when they occurred. We do not need the system to be on at the time of the search, if they have run a program (in this case Word) that exhibited these behaviors, we can discover that system. Ziften is always gathering and sending relevant process info which is why we can discover the data without counting on the system state at the time of browsing.

In our Zenith console, I looked for this condition by trying to find the following:

Process → Filepath contains word.exe, Child Process Filepath contains cmd.exe, Child Process commandline includes powershell

This returns the PIDs (Process ID) of the procedures we saw start-up with these conditions. After this we can drill down to see the important details.

In this very first screenshot, we can see information around the process tree (Word spawning CMD with Powershell under that) on the left, and to the right side you can observe information such as the System name and User, plus start time.

Below in the next image, we look at the CMD process and get information regarding what was passed to Powershell.

More than likely when the user had to address this Microsoft Word pop up dialog box, that is when the CMD shell used Powershell to head out and obtain some code that was hosted on the Louisiana Gov site. In the Powershell image shown below we can see more information such as Network Link info when it was reaching out to the site to pull the fonts.txt file.

That IP address (206.218.181.46) is in fact the Louisiana Gov site. Often we see interesting data within our Network Connect information that may not match exactly what you expect.

After developing our Saved Search, we can inform on these conditions as they occur throughout the environment. We can likewise develop extensions that change a GPO policy to not permit DDE and even take further action and go and discover these documents and eliminate them from the system if so desired. Having the ability to discover intriguing mixes of conditions within an environment is extremely powerful and we are delighted to have this feature in our offering.