Author Archives: leavmecha

Why Patch Validation Is Vital – Charles Leaver

Written By Logan Gilbert And Presented By Charles Leaver



A current report shows almost twenty thousand new software vulnerabilities were discovered in 2017 – an all-time record. Consider that for a second. That’s an average of fifty five brand-new vulnerabilities each day. That’s a lot for any IT shop to manage.

Now there’s good news and bad news. The good news is that patches were readily available for 86% of those vulnerabilities on the day of disclosure. The bad news is that a lot of companies continue to fight with patch prioritization, application, and validation. And as IT workloads increasingly migrate to the cloud, vulnerability visibility has the tendency to decrease – worsening a currently difficult challenge.

Let’s take a more detailed look at how to manage cloud patch validation successfully.

Initially, a Patch Management Primer

Patch management is the practice of upgrading software applications with code modifications that address vulnerabilities exploitable by cyber assailants. Despite the fact that it’s been around for years, patch management remains a challenging procedure for most IT companies.

Modern enterprises have intricate IT environments with multiple integration points in between organization systems. That means it is difficult for software designers to account for all unexpected consequences, e.g., a condition that might close a port, disable critical infrastructure interaction, and even crash its host server.

And focusing on the effective patching of recognized vulnerabilities is the undeniable ‘big bang for the buck’ play. In 2017, Gartner reported ninety nine percent of exploits are based upon vulnerabilities that have already been understood to security and IT specialists for at least one year.

Cloud Patching Basics

The very first key to shutting down the correct vulnerabilities in your cloud IT infrastructure is visibility. Without visibility into your cloud systems and applications, you cannot truly know if both those systems and applications are patched where it is crucial. The 2nd key is patch validating. Just shooting off a patch is no warranty that it triggered appropriately. It may, or might not, have actually deployed successfully.

How would you be sure of this?

The Ziften Approach

Ziften supplies the visibility and validation you require to guarantee your cloud IT environment is safe and protected from the vulnerabilities that are the most crucial:

– In-depth capture of discovered OS and application vulnerabilities

– Findings mapped to vulnerability insight references, e.g., OWASP, CIS, CVE, CWE, and OSVDB

– In-depth descriptions of the ramifications of findings, business effects, and risks for each of the determined exposures

– Vulnerability prioritization based on asset criticality and threat of attack

– Remediation suggestions to close determined deficiencies

– Comprehensive actions to follow while alleviating reported deficiencies

– Detection and mitigation of attacks that take advantage of unpatched systems with quarantine procedures

Far too frequently we find that the data from client’s patching systems incorrectly report that vulnerabilities are undoubtedly patched. This produces complacency that is undesirable for IT operations and security operations groups.

The Effect Of GDPR On Cyber Security Monitoring – Charles Leaver

Written By Dr Al Hartmann And Presented By Charles Leaver


Robust enterprise cybersecurity naturally consists of monitoring of network, end point, application, database, and user activity to avoid, detect, and respond to cyber dangers that could breach personal privacy of enterprise staff, partners, suppliers, or clients. In cyberspace, any obstructions to your view end up being totally free fire zones for the legions of opponents seeking to do harm. But tracking likewise catches event records that may include user “individual data” under the broad European Union GDPR interpretation of that term. Enterprise personnel are “natural individuals” and for this reason “data subjects” under the regulation. Prudently balancing security and privacy issues throughout the business can be difficult – let’s discuss.

The Requirement for Cyber Security Tracking

GDPR Chapter 4 governs controller and processor functions under the policy. While not clearly mandating cybersecurity monitoring, this can be presumed from its text:

-” … When it comes to an individual data breach, the controller shall without unnecessary hold-up and, where possible, not more than 72 hours after having actually become aware of it, alert the personal data breach to the supervisory authority …” [Art. 33( 1)]

-” … the controller and the processor will execute suitable technical and organizational procedures to ensure a level of security appropriate to the risk …” [Art. 32( 1)]

-” Each supervisory authority will have [the power] to perform investigations in the form of data security audits.” [Art. 58( 1)]

It can be reasoned that to detect a breach one must monitor, or that to verify and to scope a breach and supply timely breach alerting to the supervisory authority that one need to likewise monitor, or that to carry out suitable technical measures that one need to monitor, or that to react to a data protection audit that a person need to have an audit path and that audit paths are produced by tracking. Simply put, for a business to safeguard its cyberspace and the personal data therein and confirm its compliance, it reasonably needs to monitor that area.

The Enterprise as Controller of Data

Under the GDPR it is the controller that “figures out the functions and ways of the processing of personal data.” The business decides the functions and scope of tracking, picks the tools for such monitoring, determines the probe, sensor, and agent deployments for the tracking, selects the solutions or personnel which will access and examine the monitored data, and decides the actions to be taken as a result. In short, the business serves in the controller role. The processor provides support to the controller by providing processing services on their behalf.

The enterprise also uses the staff whose individual data might be included in the event records caught by monitoring. Personal data is specified quite broadly under GDPR and may include login names, system names, network addresses, filepaths that include the user profile directory site, or any other incidental info that could fairly be connected to “a natural person”. Event data will frequently include these elements. An event data stream from a specific probe, sensing unit, or agent might then be linked to an individual, and expose aspects of that person’s work efficiency, policy compliance, or perhaps aspects of their personal lives (if enterprise devices or networks are not used correctly for private business). Although not the aim of cybersecurity tracking, potential personal privacy or profiling concerns could be raised.

Attaining Clarity via Fair Processing Notices

As the business employs the staff whose personal data might be caught in the cybersecurity monitoring dragnet, they have the opportunity in employment agreements or in different disclosures to inform personnel of the need and purpose of cyber security monitoring and acquire educated authorization directly from the data topics. While it might be argued that the lawful basis for cybersecurity tracking does not always require informed consent (per GDPR Art, 6( 1 )), however is a consequence of the data security level the enterprise need to keep to otherwise comply with law, it is far more preffered to be open and transparent with personnel. Employment contracts have actually long contained such arrangements specifying that workers consent to have their work environment interactions and devices kept track of, as a condition of work. But the GDPR raises the bar significantly for the specificity and clarity of such permissions, termed Fair Processing Notices, which must be “freely provided, specific, informed and unambiguous”.

Fair Processing Notifications should clearly set out the identity of the data controller, the types of data collected, the function and legal basis for this collection, the data subject rights, along with contact info for the data controller and for the supervisory authority having jurisdiction. The notification must be clear and quickly understood, and not buried in some prolonged legalistic employment agreement. While various sample notifications can be discovered with a simple web search, they will require adaptation to fit a cyber security tracking context, where data subject rights may contravene forensic data retention requirements. For example, an insider assailant may demand the deletion of all their activity data (to destroy evidence), which would overturn privacy guidelines into a tool for the obstruction of justice. For other guidance, the widely used NIST Cyber Security Framework addresses this balance in Sec. 3.6 (” Method to Protect Privacy and Civil Liberties”).

Think Internationally, Act In Your Area

with the viral jurisdictional nature of the GDPR, the exorbitant penalties imposed upon lawbreakers, the challenging dynamics of tweezing out EEA from non-EEA data subjects, and the most likely spread of comparable regulations worldwide – the safe path is to apply stringent privacy guidelines across the board, as Microsoft has done.

In contrast to global application stands local application, where the safe path is to position cybersecurity tracking infrastructure in geographical areas, rather than to face trans-border data transfers. Even remotely querying and having sight of individual data may count as such a transfer and argue for pseudonymization (tokenizing personal data fields) or anonymization (editing individual data fields) across non-cooperating jurisdictional boundaries. Only in the last stages of cybersecurity analytics would natural person recognition of data subjects end up being appropriate, and after that likely just be of actionable worth in your area.

Why You Should Use Network Whitelisting – Charles Leaver

Written By Roark Pollock And Presented By Charles Leaver



As with any kind of security, the world of IT security is concerned with developing and implementing a set of allow/disallow guidelines – or more officially entitled, security policies. And, simply stated, allow/disallow guidelines can be revealed as a ‘whitelist’ or a ‘blacklist’.

Back in the good ‘ole days, a lot of guidelines were blacklist in nature. In those days past we trusted almost everybody to act well, and if they did, it would be rather simple to identify bad habits or abnormalities. So, we would just need to write a few blacklist guidelines. For instance, “do not enable anyone into the network originating from an IP address in say, Russia”. That was sort of the same thing as your grandparents never ever locking the doors to the house on the farm, given that they were aware of everybody within a 20 mile radius.

Then the world changed. Good behavior became an exception, and bad actors/behavior ended up being legion. Of course, it occurred slowly – and in stages – dating to the start of the true ‘Web’ back in the early 90’s. Remember script kids illegally accessing public and private websites, simply to prove to their high school friends that they were able to?

Fast forward to the modern age. Everything is on-line. And if it has value, somebody on earth is aiming to steal or damage it – constantly. And they have plenty of tools that they can use. In 2017, 250,000 brand-new malware variations were presented – per day. We used to count on desktop and network anti-virus packages to include new blacklist signatures – on a weekly basis – to fend off the bad guys utilizing harmful strings of code to do their bidding. But at over 90 million brand-new malware variations per year, blacklist strategies alone will not cut it.

Network whitelisting technologies have actually been a crucial line of defense for on premises network security – and with many companies rapidly moving their work to the cloud, the exact same systems will be required there also.

Let’s take a more detailed look at both techniques.

What is Blacklisting?

A blacklist lines out known destructive or suspicious “entities” that should not be allowed access, or rights of execution, in a system or network. Entities include bad software applications (malware) including viruses, Trojans, worms, spyware, and keystroke loggers. Entities also include any user, application, process, IP address, or organization known to position a danger to a business.

The essential word above is “known”. With 250,000 brand-new versions appearing daily, how many are out there we don’t know about – at least till much later on in time, which may be days, weeks, or even years?


So, what is whitelisting? Well, as you may have thought, it is the opposite of blacklisting. Whitelisting begins from a point of view that nearly everything is bad. And, if that holds true, it should be more efficient simply to specify and enable “good entities” into the network. A simple example would be “all employees in the financial department that are director level or greater are allowed to access our financial reporting application on server X.” By extension, everybody else is locked out.

Whitelisting is typically described as a “zero trust” method – reject all, and permit only certain entities access based on a set of ‘good’ properties associated with user and device identity, habits, place, time, and so on

Whitelisting is extensively accepted for high-risk security environments, where strict guidelines take precedence over user freedom. It is likewise extremely valued in environments where companies are bound by stringent regulatory compliance.

Black, White, or Both?

Initially, few would tell you that blacklisting is absolutely aged out. Definitely at the endpoint device level, it is fairly simple to set up and maintain and somewhat efficient – especially if it is kept up to date by third party hazard intelligence companies. However, on its own, is it enough?

Second, depending upon your security background or experience, you’re most likely thinking, “Whitelisting could never work for us. Our company applications are just too diverse and complex. The time, effort, and resources needed to compile, monitor, and upgrade whitelists at an enterprise level would be untenable.”

Thankfully, this isn’t really an either-or option. It’s possible to take a “best of both worlds” stance – blacklisting for malware and invasion detection, running along with whitelisting for system and network access at large.

Cloud Whitelisting with Ziften

The key to whitelisting boils down to ease of execution – specifically for cloud-based workloads. And ease of execution becomes a function of scope. Think of whitelisting in two ways – application and network. The previous can be a quagmire. The latter is far easier to execute and maintain – if you have the right visibility within your cloud environment.

This is where Ziften scores well.

With Ziften, it becomes easy to:

– Identify and develop visibility within all cloud servers and virtual machines

– Gain constant visibility into devices and their port usage activity

– See east-west traffic streams, including detailed tracking into protocols being used over specific port pairs

– Convert ‘seeing’ what’s taking place into a discernable variety of whitelists, complete with exact procedure and port mappings

– Establish near real time notifications on any anomalous or suspicious resource or service activations

A Look Inside Windows Defender ATP And Its Great Hunting Power – Charles Leaver

Written By Josh Harrimen And Presented By Charles Leaver


Following on from our recent collaboration announcement with Microsoft, our Ziften Security Research team has begun leveraging an extremely fantastic element of the Windows Defender Advanced Threat Protection (Windows Defender ATP) Security Center platform. The Advanced Hunting feature lets users run inquiries in line with the information that has been sent by products and tools, for example Ziften, to find intriguing behaviors quickly. These queries can be saved and shared among the user base of Windows Defender ATP users.

We have actually added a handful of shared queries so far, however the results are rather interesting, and we like the ease of use of the hunting user interface. Because Ziften sends out endpoint data collected from Linux and macOS systems to Windows Defender ATP, we are concentrating on those OS in our query advancement efforts to showcase the complete protection of the platform.

You can access the Advanced Hunting user interface by choosing the database icon on the left-hand side as shown in the image below.

You can observe the top-level schema on the top left of that page with events such as ProcessCreation, Machineinfo, NetworkCommunication and others. We ran some current malware within our Redlab and developed some inquiries to find that data and produce the results for investigation. An example of this was OceanLotus. We developed a small number of queries to find both the dropper and files connected with this threat.

After running the inquiries, you get results with which you can interact with.

Upon inspection of the outcomes, we see some systems that have shown the looked for habits. When you select these systems, you can view the information of the system under examination. From there you can view signals set off and a timeline of events. Information from the harmful process are revealed below.

Additional behavior based inquiries can likewise be run. For instance, we executed another destructive sample which leveraged a couple of strategies that we queried. The screenshot directly below shows an inquiry we ran when trying to find the Gatekeeper program on a macOS which was disabled from the command line. While this action may be an administrative action, it is certainly something you would like to know is taking place within your environment.

From these query outcomes, you can again select the system under examination and further investigate the suspicious behaviors.

This blog post certainly does not act as an in-depth tutorial on using the Advanced Searching function within the Windows Defender Advanced Threat Protection platform. However we wanted to put something together rapidly to share our excitement about how easy it is to utilize this function to conduct your own customized threat searching in a multi-system environment, and across Linux, Windows and macOS systems.

We look forward to sharing more of our experimentation and research studies utilizing queries built utilizing the Advanced Searching function. We share our successes with everyone here, so look out for future posts.

Great To See This At The 2018 RSA Conference – Charles Leaver

Written By Logan Gilbert And Presented By Charles Leaver


After spending a few days with the Ziften group at the 2018 RSA Conference, my technology point of view was: more of the same, the typical suspects and the normal buzzwords. Buzz words like – “AI”, “machine learning”, “predictive” were wonderfully worn out. Great deals of attention paid to avoidance, everybody’s preferred attack vector – email, and everybody’s favorite exploit – ransomware.

About the only surprise to me was seeing a small number of NetFlow analysis businesses – great deals of smaller businesses aiming to make their mark using an extremely abundant, but tough to work with, data set. Extremely cool stuff! Find the small cubicles and you’ll discover lots of innovation. Now, in fairness to the bigger suppliers I understand there are some truly cool technologies in there, but RSA barely positions itself to cutting through the buzzwords to actual value.

RSA Buzz

I may have a biased view considering that Ziften has actually been partnering with Microsoft for the last six plus months, but Microsoft seemed to play a far more popular leadership role at RSA this year. First, on Monday, Microsoft revealed it’s all brand-new Intelligent Security Association bringing together their security collaborations “to concentrate on defending customers in a world of increased hazards”, and more notably – enhancing that protection through shared security intelligence throughout this environment of partners. Ziften is of course proud to be a founding member in the Intelligent Security Association.

In addition, on Tuesday, Microsoft announced a ground-breaking collaboration with numerous players in the cyber security industry named the “Cybersecurity Tech Accord.” This accord requires a “digital Geneva Convention” that sets standards of behavior for the online world just as the Geneva Conventions set guidelines for the conduct of war in the physical world.

People who Attended the RSA

A real point of interest to me though was the makeup of the expo audience itself. As I was also an exhibitor at RSA, I noted that of my visitors, I saw more “suits” and less tee shirts.

Ok, maybe not suits as such, but more security Supervisors, Directors, VPs, CISOs, and security leaders than I recall seeing in the past. I was motivated to see what I think are the business decision makers having a look at security businesses first hand, as opposed to delegating that job to their security team. From this audience I often heard the very same overtones:

– This is overwhelming.
– I can’t discriminate in between one technology and another.

Those who were Absent from RSA

What I saw less of were “technology trolls”. What, you might ask, are technology trolls? Well, as a supplier and security engineer, these are the people (constantly guys) that show up five minutes prior to the close of the day and drag you into a technical due diligence workout for an hour, or at least until the happy hour celebrations start. Their objective – absolutely nothing helpful to anyone – and here I’m presuming that the troll actually works for a company, so nothing useful for the business that really paid thousands of dollars for their participation. The only thing acquired is the troll’s self affirmation that they are able to “beat down the supplier” with their technical prowess. I’m being harsh, however I’ve known the trolls from both sides, both as a vendor, and as a purchaser – and back at the office nobody is basing buying choices based upon troll suggestions. I can only assume that companies send tech trolls to RSA and similar expos because they don’t desire them in their office.

Discussions about Holistic Security

Which makes me return to the kind of people I did see a great deal of at RSA: security savvy (not simply tech savvy) security leaders, who understand the business argument and choices behind security innovations. Not only are they influencers but in most cases the business owners of security for their respective organizations. Now, aside from the previously mentioned concerns, these security leaders appeared less focused on a technology or specific usage case, but rather a focus on a desire for “holistic” security. As we know, great security requires a collection of technologies, practice and policy. Security smart consumers wanted to know how our technology fitted into their holistic service, which is a refreshing change of dialog. As such, the kinds of questions I would hear:

– How does your innovation partner with other solutions I already utilize?
– More importantly: Does your company actually buy into that partnership?

That last concern is vital, basically asking if our partnerships are merely fodder for a site, or, if we truly have a recognition with our partner that the sum is greater than the parts.

The latter is what security specialists are searching for and need.

In Conclusion

In general, RSA 2018 was fantastic from my point of view. After you go beyond the lingo, much of the buzz focussed on things that matter to customers, our market, and us as people – things like security partner ecosystems that add worth, more holistic security through genuine partnership and meaningful integrations, and face to face conversations with business security leaders, not technology trolls.

Don’t Let Unmanaged Assets In The Cloud Cause You A Big Problem – Charles Leaver

Written By Logan Gilbert And Presented By Charles Leaver


We all relate to the image of the hooded bad guy hovering over his computer late at night – accessing a corporate network, stealing important data, vanishing without a trace. We personify the assailant as smart, persistent, and crafty. However the reality is the vast majority of attacks are made possible by simple human negligence or recklessness – making the task of the hacker a simple one. He’s inspecting all the doors and windows constantly. All it takes is one mistake on your part and he’s in.

Exactly what do we do? Well, you know the action you need to take. We invest a hefty piece of our IT budget on security defense-in-depth systems – created to discover, trick, fool, or outright block the villains. Let’s forget the discourse on whether or not we are winning that game. Since there is a far simpler game taking place – the one where the enemy enters your network, company critical application, or IP/PPI data through a vector you didn’t even comprehend you had – the asset that is unmanaged – frequently referred to as Shadow IT.

Think this is not your company? A recent study recommends the average business has 841 cloud apps in use. Remarkably, most IT executives think the variety of cloud apps in use by their organization is around 30-40 – suggesting they are off by a factor of 20X. The very same report discloses that over 98% of cloud apps are not GDPR ready, and 95% of enterprise class cloud apps are not SOC 2 compliant.

Defining Unmanaged Assets/Shadow IT

Shadow IT is defined as any SaaS application utilized – by workers, departments, or whole organization groups – without the comprehension or permission of the business’s IT department. And, the development of ‘everything as a service’ has made it even easier for workers to gain access to whatever software they feel is needed to make them more productive.

The Effect

Well intentioned workers typically don’t realize they’re breaking business guidelines by activating a brand-new server instance, or downloading unapproved apps or software offerings. However, it occurs. When it does, three problems can develop:

1. Business standards within a company are compromised given that unauthorized software implies each computer has different abilities.

2. Rogue software frequently includes security flaws, putting the entire network at risk and making it a lot more tough for IT to manage security dangers.

3. Asset blind spots not only drive up security and compliance risk, they can increase legal threats. Info retention policies created to limit legal liability are being compromised with details contained on unapproved cloud assets.

3 Essential Considerations for Resolving Unmanaged Asset Threats

1. First, deploy tools that can provide thorough visibility into all cloud assets- managed and unmanaged. Know what new virtual machines have been activated recently, in addition to what other machines and applications with which each VM instance is communicating.

2. Second, make certain your tooling can provide constant inventory of licensed and unauthorized virtual devices operating in the cloud. Make certain you have visibility into all IP connections made to each asset.

3. Third, for compliance and/or forensic analysis functions try to find a solution that provides a capture of any and all assets (physical and virtual) that have ever been on the network – not just a service that is restricted to active assets – and constrained with a short look back window.

Ziften approach to Unmanaged Asset Discovery

Ziften makes it simple to quickly find cloud assets that have actually been commissioned beyond IT’s province. And we do it continually and with deep historical recall within your reach – including when each device first connected to the network, when it last appeared, and how often it reconnects. And if a virtual machine is decommissioned, this is not a problem, we still have all its historic habits data.

Identify and secure surprise attack vectors coming from shadow IT – prior to a calamity. Know exactly what’s going on in your cloud environment.

Pioneering Intelligent Security Association From Microsoft – Charles Leaver

Written By David Shefter And Presented By Charles Leaver


It’s an excellent strategy: Microsoft has actually produced a mechanism for third party security companies, like Ziften, to work together to much better protect our customers. Everyone wins with the new Microsoft Intelligent Security Association, revealed this week – and we overjoyed to be an establishing member and part of the launch. Congratulations to Microsoft!

Security Intelligence Sharing

Among the most interesting tasks coming out of Microsoft has actually been the brand-new Microsoft Intelligent Security Graph, a danger intelligence engine built on artificial intelligence. The Intelligent Security Graph forms the structure of the brand-new association – and the structure of a great deal of new opportunities for innovation.

As Microsoft states, “Today, with the immense computing advantages presented by the cloud, the Machine learning and Artificial Intelligence is finding new ways to utilize its rich analytics engines and by applying a mix of automated and manual procedures, artificial intelligence and human professionals, we are able to produce an intelligent security graph that learns from itself and evolves in real time, minimizing our cumulative time to find and react to new events.”

The need for much better, more intelligent, security is huge, and that’s why we’re delighted to be an establishing member of the brand-new association.

Brad Anderson, Corporate Vice President at Microsoft, Enterprise Mobility + Security, recently composed, “Around 96% of all malware is polymorphic – meaning that it is only experienced by a single user and device before being changed with yet another malware version. This is because in most cases malware is captured nearly as fast as it’s developed, so malware developers continually develop to attempt and stay ahead. Data like this reinforces how essential it is to have security solutions in place that are as nimble and ingenious as the attacks.”

Advanced Endpoint Detection and Response

And that brings us to the type of innovative endpoint detection and response (EDR) that Ziften offers to desktops, servers, and cloud assets – providing the enterprise unique 24/7 visibility and control for any asset, anywhere. No one offers the functionality you’ll discover in Ziften’s Zenith security platform.

That’s where the Microsoft Intelligent Security Association comes in. At the end of the day, even the very best defenses can be breached, and security teams should respond more quickly and more aggressively to guarantee the security of their data and systems.

Ziften and Microsoft are providing totally integrated risk security that covers clients’ endpoints – meaning client devices, servers, and the cloud – with a structure of shared intelligence and the power of the cloud to change tracking of organizational systems.

What Microsoft is Saying

“The Intelligent Security Association improves cooperation from leading sources to safeguard customers,” stated Microsoft. “Having currently accomplished strong customer momentum with our incorporated Ziften and Microsoft Windows Defender ATP solution, customers stand to further benefit from continued collaboration.”

What’s more, “Continued integration and intelligence sharing within the context of the Microsoft Intelligent Security Graph allows joint customers to quicker and accurately detect, investigate and react to attacks across their entire endpoint and cloud base.”

What Ziften is Stating

Chuck Leaver, Ziften CEO, is telling everybody that our founding membership in the Microsoft Intelligent Security Association is a substantial win for our joint clients and prospects – and it brings together everybody in the Microsoft world and beyond (note that Ziften’s Mac and Linux solutions are also part of the Microsoft partnership). “As security suppliers, all of us acknowledge the requirement to work together and collaborate to protect our customers and their staff members. Kudos to Microsoft for pioneering this industry effort,” Chuck said.

The result: Improved security for our clients, and tighter integration and more development in the market. It’s a real win for everybody. Except for the hackers, obviously. They will lose. No apologies people.

We Have Made Our Channel Program Even Better For You – Charles Leaver

Written By Greg McCreight And Presented By Charles Leaver


If you are a reseller, integrator, distributor, managed service provider – the brand-new Ziften Activate Partner Program is here, it’s ready to go, and will be fantastic for your profitability (and for decreasing your customers’ stress and anxiety about cybersecurity).

Ziften is 100 percent focused on the channel, and as we grow and develop in the market, we understand that your success is our success – and that our success is your success. And it is already happening: 96% of our sales in 2017 were through the channel! This is the reason that we built the brand-new Activate Partner Program to provide you the resources you require to grow your organization with Ziften security solutions.

We kicked it all off with a powerful, cross-platform Endpoint Detection and Response (EDR) solution, Ziften Zenith. Customers really love it. Innovation Partners love it. Resellers really love it. The market really love it. And analysts love it.

I have to share this from the conclusion of our broadband testing report, which talks about SysSecOps, or Systems Security Operations – an emerging category where Ziften is leading the market:

Critical to Ziften’s endpoint method in this classification is total visibility – let’s face it, how can you protect what you cannot see or don’t know is there to start with? With its Zenith platform, Ziften has a solution that delivers on all the essential SysSecOps requirements and more …

Overall, Ziften has an extremely competitive solution in what is a really legitimate, emerging IT category through SysSecOps and one that must be on the assessment short-list.

In addition to this: Microsoft recently partnered with Ziften to produce an integration between Zenith and Microsoft Windows Defender ATP, to enable Microsoft clients to protect Linux and Mac systems with the same single pane of glass as they use to protect Windows systems.

Enough about Ziften. Let’s concentrate on you. You and the Activate Partner Program.

We have actually assembled a multi tier partner program that has better discounts, more resources, and strong market development support. We understand a one-size-fits-all program doesn’t work, not in today’s market.

With Activate, we take a hands-on stance to bringing on board brand-new partners; making it easy for those for whom security is a relatively small element of your services; and rewarding top tier partners who have devoted themselves to Ziften.

Here’s what you will receive with the Activate Partner Program – and we’ll work alongside with you to make sure that Activate fulfills your needs completely:

Security for more of your customer’s environment – end points, servers, and cloud

Visibility and security for your customer’s complex, multi-cloud deployments

Easy security tool integrations to deliver genuinely custom, differentiated solutions

Hands on, customized support and life-cycle expertise

Abundant monetary rewards that motivate your long-term investment and reward on-going success

Market advancement assistance to drive incremental demand and list building

First-rate, hands-on support from our field sales, sales engineers, technical support, and marketing experts

The Activate program combines our effective security solutions, financial investments, and hands on help to assist you develop more business opportunities and close more deals.

Your Essential Guide To Cloud Asset Migration – Charles Leaver

Written By Logan Gilbert And Presented By Charles Leaver


It bears reiterating – the Web has forever altered the world for individuals and companies alike. When it comes to the latter, every aspect of modern IT is going through digital transformation. IT departments everywhere are under pressure to make info extremely available and at lower expense – all while securing vital data from corruption, loss, or cyber theft.

Central to this technique is the migration of data centers to the cloud. In fact, nineteen percent of service workloads are anticipated to be in the public cloud by the end of 2019, and 50% over the next ten years.

What is Cloud Asset Migration?

Cloud migration is the process of moving data, applications or other service elements from a company’s on premise infrastructure to the cloud or moving them from one cloud service to another.

The diagram shown below highlights this migration of file-server(s), data, and application(s) from an on premise server infrastructure to a cloud environment.

Cloud providers make it possible for businesses to migrate some or all IT infrastructure to the cloud for scale, speed, service flexibility, ease of handling, and decreased expenses. The advantages are absolutely nothing short of compelling.

Utilizing Cloud Computing is changing the corporate landscape. With the technological advancements, people are leaning more to a virtual office meaning that you can work from anywhere and anytime utilizing cloud computing.

Cloud Asset Migration Considerations

However, as with any significant IT infrastructure change, a move to the cloud needs thoughtful preparation and execution for the procedure to occur within the budget plan and on-time. Moving a server, database, application, or all of the above to the cloud is not without risk. System failures, efficiency degradation, loss of data and more are likely to happen as a result of misconfigurations, system failures, and security exploits.

Case in point: forty three percent of those who have actually gone through a cloud asset migration have actually experienced a failure or delayed application. Why is this? Since each asset migration is a ‘snowflake’ with its own level of intricacy.

Let’s look at three areas to consider for successful cloud asset migration.

1. Have a Plan

Initially, there needs to be a tactical migration plan. That plan ought to help address questions such as the following:

Which IT assets should be migrated in the first place?
If you are migrating some, or all, of your infrastructure to the cloud, how will you establish and maintain asset control?
How will you identify what you have – prior to and after the relocation?
Do you even have to migrate all of it?
What comes first?

2. Tidy up Exactly What remains in Place Today

To answer these strategic concerns efficiently, you’ll need definitive visibility into each asset under roof today, as well as pertinent characteristics of each asset. Whether your assets today are running on physical or virtual server infrastructure, you have to comprehend:

What assets exist today? Discover all the linked assets and comprehend whether they are currently handled and unmanaged.
Recognize low usage and/or unused systems. Should these systems be removed or repurposed prior to migration?
Determine low usage and/or unused applications. Are these applications required at all? Should they be gotten rid of prior to migration?
Recognize and clean up aspects of duplication, be it systems and/or applications.
Now determine those business-critical systems and applications that will now be moved as part of your strategy. With this comprehensive asset data in hand, you can sharpen your migration method by segmenting exactly what must – and ought to not be moved – or at least crisply prioritize based on business value.

3. Prepare For Cloud Visibility Post Migration

Now that you’re armed with extensive, precise existing and historic asset data, how will you preserve this level of visibility after your effective cloud asset migration?

While the cost benefits of migrating to the cloud are typically extremely compelling, uncontrolled asset/ virtual device expansion can rapidly deteriorate those cost benefits. So, prior to performing your cloud asset migration, make certain you have a cloud visibility solution in place that:

Finds/ monitors all linked assets throughout your single or multi-cloud environment
Inventories, fingerprints, and classifies found assets
Informs on new or unforeseen asset discovery and/or behavior within the cloud environment
Incorporates with existing ticketing, workflow, and/or CMDB systems

Cloud Visibility and Security with Ziften

Ongoing cloud visibility into each device, user, and application means you can administer all elements of your infrastructure better. You’ll avoid losing resources by preventing VM proliferation, plus you’ll have a comprehensive body of data to satisfy audit requirements for NIST 800-53, HIPAA, and other compliance guidelines.

Follow the above when you move to the cloud, and you’ll avoid weak security, insufficient compliance, or functional SNAFUs. Ziften’s technique to cloud visibility and security gives you the intelligence you need for cloud asset migration without the difficulties.

Microsoft Channel Partners Can Benefit From This Golden Security Opportunity – Charles Leaver

Written By Greg McCreight And Presented By Charles Leaver


Windows Defender Advanced Threat Protection (WDATP) is a winner, popular with Microsoft channel partners around the globe. It is highly likely you’re currently dealing with Microsoft clients to install and look after WDATP on their Windows end points.

I’m delighted to inform you about a brand-new chance: Get a fast start with an industry leading service that integrates right into WDATP: Ziften Zenith. For a restricted time, Microsoft channel partners can utilize our brand-new “Fast Start” program to onboard with Ziften.

With “Fast Start,” you delight in all the advantages of Ziften’s top tier partner status for a complete year, and we’ll assist you to get up to speed quickly with joint market and organization advancement resources – and with a waiver of the typical sales volume dedication connected with Gold Status.

If you don’t know Ziften, we supply infrastructure visibility and coordinated threat detection, avoidance, and response throughout all endpoint devices and cloud environments. Zenith, our flagship security platform, quickly deploys to client devices, virtual machines and servers.

As soon as it is installed, Zenith continuously gathers all the information necessary to precisely examine the existing and historical state of all managed devices including system, user behavior, network connection, application, binary, and procedure data. Zenith supplies your clients’ IT and security groups with continuous visibility and control of all handled assets consisting of continuous monitoring, informing, and automated or manual actions.

Zenith is cross-platform – it works with and secures Windows, Mac, Linux, and other endpoints.

What’s particularly noteworthy – and here’s the chance – is that Ziften has teamed up with Microsoft to integrate Zenith with Windows Defender ATP. That indicates your customers can use WDATP on Windows systems and Zenith on their macOS and Linux systems to spot, see, and react to cyber attacks all using only the WDATP Management Console for all the systems. Zenith is concealed in the background.

A single pane of glass, to handle Windows, Mac, Linux end points, which can include desktops, laptops, and servers. That makes Zenith the best option to offer your existing WDATP customers… and to make your bids for new WDATP business more comprehensive for multi-platform enterprise prospects.

Furthermore, providing Zenith can assist you speed customer migrations to Windows 10, and sell more Enterprise E5 commercial editions.

” Fast Start” for a Year with Gold Status

Ziften is completely concentrated on the channel: 96% of our sales in 2017 were achieved via the channel. We are very excited to bring the “Fast Start” program to current Microsoft channel partners, throughout the world.

With “Fast Start,” you can sign up for the Ziften Channel Program with these advantages:

Expedited Acceptance and On-Boarding – Ziften channel managers and field sales work straight with you to get up and running offering the Zenith endpoint security solution incorporated with Windows Defender ATP.

Superior Security Worth – You’ll be uniquely positioned to offer clients and potential customers higher security worth across more of their overall environment than ever, increasing the variety of supported and protected Windows, Mac, and Linux systems.

Hands-On Collaboration – Ziften commits field sales, sales engineers, and marketing to support your daily pre-sales engagements, drive brand-new sales chances, and assist to close more business opportunities with Microsoft and Ziften endpoint security.

Here’s exactly what one major Microsoft channel partner, says about this – this is Ronnie Altit, creator and CEO of Insentra, a “partner-obsessed” Australian IT services company that works exclusively through the IT channel:

” As a big Microsoft reseller, teaming with Ziften to provide their Zenith security platform integrated with Microsoft Windows Defender ATP was a no-brainer. We’re delighted at the seamless integration between Zenith and Windows Defender ATP offering our clients holistic security and visibility across their Windows and non-Windows systems. Ziften has actually been a pleasure to deal with, and encouraging at every step of the procedure. We expect to be extremely effective offering this effective security solution to our clients.”