Author Archives: leavmecha

You Need Effective Training On Security Awareness For Employees – Charles Leaver

Written By Charles Leaver Ziften CEO


Effective corporate cybersecurity assumes that people – your workers – do the best thing. That they do not hand over their passwords to a caller who claims to be from the IT department doing a “credentials audit.” That they do not wire $10 million to an Indonesian savings account after getting a midnight request from “the CEO”.

That they don’t set up an “urgent upgrade” to Flash Player based on a pop-up on a porn website. That they do not overshare on social media. That they do not store business info on file-sharing services outside the firewall. That they don’t link to unsecure WiFi networks. And they don’t click on links in phishing emails.

Our research study reveals that over 75% of security events are triggered or helped by staff member mistakes.

Sure, you have actually installed endpoint security, e-mail filters, and anti-malware services. Those precautions will most likely be for nothing, though, if your employees do the wrong thing time and again when in a dangerous situation. Our cybersecurity efforts resemble having an expensive car alarm: If you do not teach your teenager to lock the car when it’s at the shopping mall, the alarm is worthless.

Security awareness isn’t enough, of course. Employees will make errors, and there are some attacks that don’t need a worker bad move. That’s why you need endpoint security, email filters, anti-malware, etc. However let’s speak about effective security awareness training.

Why Training Often Doesn’t Have an Effect

First – in my experience, a great deal of employee training, well, is poor. That’s specifically true of online training, which is normally horrible. But most of the times, whether live or canned, the training lacks trustworthiness, in part because many IT professionals are poor and unconvincing communicators. The training often focuses on interacting and imposing guidelines – not changing risky habits and habits. And it resembles getting compulsory photocopier training: There’s absolutely nothing in it for the employees, so they don’t accept it.

It’s not about imposing rules. While security awareness training might be “owned” by various departments, such as IT, CISO, or HR, there’s typically a lack of understanding about exactly what a safe awareness program is. First of all, it’s not a checkbox; it needs to be continuous. The training needs to be delivered in different ways and times, with a combination of live training, newsletters, small-group discussions, lunch-and-learns, and yes, even resources online.

Securing yourself is not complex!

But a huge problem is the lack of objectives. If you have no idea what you’re aiming to do, you can’t see if you have actually done a good job in the training – and if risky behaviors really change.

Here are some sample objectives that can lead to effective security awareness training:

Provide employees with the tools to recognize and handle ongoing daily security threats they might get online and by means of email.

Let staff members understand they are part of the team, and they cannot simply rely on the IT/CISO teams to manage security.

Halt the cycle of “unintentional lack of knowledge” about safe computing practices.

Change state of minds towards more safe practices: “If you observe something, state something”.

Evaluation of company guidelines and procedures, which are discussed in actionable terms which relate to them.

Make it Appropriate

No matter who “owns” the program, it’s necessary that there is visible executive backiong and management buy-in. If the execs don’t care, the workers won’t either. Efficient training won’t discuss tech buzzwords; rather, it will focus on changing behaviors. Relate cybersecurity awareness to your workers’ personal life. (And while you’re at it, teach them the best ways to keep themselves, their family, and their house safe. Odds are they do not know and hesitate to ask).

To make security awareness training really pertinent, solicit worker ideas and encourage feedback. Procedure success – such as, did the number of external links clicked by staff members go down? How about contacts to tech assistance originating from security infractions? Make the training timely and real-world by including current rip-offs in the news; unfortunately, there are a lot of to choose from.

In other words: Security awareness training isn’t really enjoyable, and it’s not a silver bullet. However, it is vital for making sure that dangerous staff member habits do not undermine your IT/CISO efforts to protect your network, devices, applications, and data. Make certain that you continuously train your staff members, which the training works.

Splunk And Ziften Generate Passion At Splunk .conf – Charles Leaver

Written By Josh Applebaum And Presented By Charles Leaver


Like a number of you, we’re still recuperating from Splunk.conf recently. As usual,. conf had terrific energy and the people who were in attendance were enthusiastic about Splunk and the many usage cases that it offers through the big app ecosystem.

One crucial statement during the 7 days worth discussing was a brand-new security offering known as “Content Updates,” which basically is pre-built Splunk searches for helping to find security occurrences.

Basically, it has a look at the most recent attacks, and the Splunk security team creates brand-new searches for how they would look through Splunk ES data to discover these kinds of attacks, and then ships those brand-new searches down to customer’s Splunk ES environments for automated signals when seen.

The very best part? Because these updates are using primarily CIM (Common Info Model) data, and Ziften populates a great deal of the CIM models, Ziften’s data is currently being matched against the new Content Updates Splunk has created.

A fast demonstration revealed which suppliers are adding to each kind of “detection” and Ziften was mentioned in a great deal of them.

For instance, we have a current article that shares how Ziften’s data in Splunk is utilized to find and react to WannaCry.

Overall, with the around 500 people who came by the cubicle over the course of.conf I need to say it was among the very best occasions we’ve performed in regards to quality discussions and interest. We had nothing but favorable reviews from our extensive discussions with all walks of business life – from highly technical analysts in the public sector to CISOs in the monetary sector.

The most typical conversation normally started with, “We are just starting to implement Splunk and are brand-new to the platform.” I like those, given that people can get our Apps free of charge and we can get them an agent to try out and it gets them something to use right out of the box to show worth instantly. Other folks were very skilled and truly liked our approach and architecture.

Bottom line: People are genuinely thrilled about Splunk and genuine services are readily available to help people with real problems!

Curious? The Ziften ZFlow App and Technology Add-on assists users of Splunk and Splunk ES usage Ziften-generated prolonged NetFlow from endpoints, servers, and cloud VMs to see exactly what they are missing out on at the edge of their network, their data centers, and in their cloud deployments.

Safeguard Yourself From Cyber Security Problems With Ziften Services – Charles Leaver

Written By Josh Harriman And Presented By Charles Leaver

Having the right tools in place is a given in our market. However having the right tools and services is one thing. Getting the most value out of them can be a difficulty. Even with all the best intents and properly skilled personnel, there can be gaps. Ziften Services can help fill those spaces and keep you on track for success.
Ziften Services can augment, or even straight-out lead your IT Operations and Security groups to much better arm your company with 3 excellent offerings. Every one is customized for a particular requirement and given the statistics from a recent report by ESG (Enterprise Strategy Group) entitled “Trends in Endpoint Security Research Study”, which mentioned 51% of responders in the study said they will be deploying and using an EDR (endpoint detection and response) option now and 35% of them prepare to utilize managed services for the implementation, shows the requirement is out there for correct services around these products and solutions. Therefore, Ziften is offering our services understanding that many companies do not have the scale or proficiency to execute and totally make use of required tools such as EDR.
Ziften services are as follows:
Ziften Assess Service
Ziften Hunt Service
Ziften Respond Service
While each of the 3 services cover a distinct function, the latter two are more complementary to each other. Let’s look at each in a little bit more detail to much better understand the benefits.
Assess Service
This service covers both IT functional and security groups. To determine your success in proper documents and adherence of processes and policies, you need to begin with a good solid baseline. The Assess services begin by carrying out extensive interviews with key decision makers to truly comprehend exactly what is in place. From there, a Ziften Zenith release provides tracking and data collection of key metrics within customer device networks, data centers and cloud deployments. The reporting covers asset management and performance, licensing, vulnerabilities, compliance as well as anomalous behaviors. The result can cover a range of concerns such as M&An evaluations, pre-cloud migration planning and periodic compliance checks.
Hunt Service
This service is a true 24 × 7 managed endpoint detection and response (MDR) offering. Organizations struggle to fully cover this essential aspect to security operations. That could be because of limited personnel or crucial know-how in risk hunting methods. Again, utilizing the Ziften Zenith platform, this service utilizes continuous monitoring throughout client devices, servers, cloud VMs supporting Windows, Mac OSX and Linux operating systems. Among the primary results of this service is dramatically reducing threat dwell times within the environment. This has been discussed frequently in the past few years and the numbers are shocking, generally in the order of 100s of days that risks stay covert within companies. You require someone that can actively hunt for these foes as well as can retrospectively look back to past occasions to find behaviors you were not aware of. This service does provide some hours of dedicated Incident Response as well, so you have all your bases covered.
Respond Service
When you are against the ropes and have a true emergency, this service is what you require. This is a tried and true IR team prepared for battle 24 × 7 with a broad series of response tool sets at their disposal. You will get instant event examination and triage. Suggested actions align with the severity of the danger and what response actions have to take place. The groups are really versatile and will work from another location or if required, can be on site where conditions require. This could be your whole IR team, or will enhance and mix right in with your existing group.
At the end of the day, you need services to help optimize your possibilities of success in today’s world. Ziften has 3 fantastic offerings and wants all our customers to feel protected and lined up with the best operational and security posture available. Please connect to us so we can help you. It’s exactly what we love to do!

With Vulnerability Lifecycle Management Your Job Will Be Safer – Charles Leaver

Written By Dr Al Hartmann And Presented By Charles Leaver


The following heading hit the news recently on September 7, 2017:

Equifax Inc. today revealed a cybersecurity event potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. site application vulnerability to access to particular files. Based on the business’s investigation, the unauthorized access occurred from mid-May through July 2017.

Lessons from Past Debacles

If you like your occupation, value your role, and dream to retain it, then don’t leave the door ajar for attackers. A significant data breach frequently begins with an unpatched vulnerability that is easily exploitable. Then the inescapable happens, the hackers are inside your defenses, the crown jewels have actually left the building, the press releases fly, high-priced specialists and external legal counsel accumulate billable hours, regulators descend, lawsuits are flung, and you have “some serious ‘splainin’ to do”!

We have yet to see if the head splainer in the current Equifax breach will make it through, as he is still in ‘splainin’ mode, asserting the breach started with the exploitation of an application vulnerability.

In such cases the normal rhumba line of resignations is – CISO initially, followed by CIO, followed by CEO, followed by the board of directors shakeup (specifically the audit and business duty committees). Don’t let this take place to your professional life!

Actions to Take Immediately

There are some common sense actions to take to prevent the inescapable breach disaster resulting from unpatched vulnerabilities:

Take stock – Inventory all data and system assets and map your network topology and attached devices and open ports. Know your network, it’s division, what devices are attached, what those devices are running, what vulnerabilities those systems and apps expose, what data assets they gain access to, the level of sensitivity of those assets, what defenses are layered around those assets, and what checks remain in place along all potential access points.

Improve and toughen up – Execute best practices recommendations for identity and access management, network division, firewall software and IDS setups, operating system and application configurations, database access controls, and data file encryption and tokenization, while streamlining and trimming the number and intricacy of subsystems throughout your business. Anything too complex to handle is too complex to protect. Select setup hardening heaven over breach response hell.

Constantly monitor and scrutinize – Routine audits are necessary but not enough. Continually monitor, track, and assess all pertinent security events and exposed vulnerabilities – have visibility, event capture, analysis, and archiving of every system and session login, every application launch, every active binary and vulnerability exposure, every script execution, every command issued, every networking contact, every database transaction, and every delicate data access. Any holes in your security event visibility develop an opponent free-fire zone. Establish key performance metrics, monitor them ruthlessly, and drive for unrelenting enhancement.

Don’t accept operational reasons for insufficient security – There are always safe and secure and reliable functional policies, but they might not be pain-free. Not suffering a catastrophic data breach is long down the organizational discomfort scale from the alternative. Functional expedience or running traditional or misaligned priorities are not valid excuses for extenuation of bad cyber practices in an intensifying threat environment. Make your voice heard.

Don’t Dismiss The Equifax Data Breach Take Action Now – Charles Leaver

Written By Michael Levin And Presented By Charles Leaver


Equifax, among the 3 major U.S. based credit reporting services simply revealed a significant data breach where cyber criminals have actually taken sensitive info from 143 million United States consumers.

Ways that the Equifax security breach WILL impact you:

– Personal – Your individual and family’s identity details is now at risk and will be targeted!

– Company – Your businesses may be affected and targeted.

– Nationally – Terrorist, Nation States and organized criminal groups could be included or use this data to commit cyber crimes to acquire financial gain.

Safeguarding yourself is not complicated!

Five recommendations to secure yourself right away:

– Register for a credit tracking service and/or lock your credit. The quickest way to be informed that your credit is jeopardized is through a credit monitoring service. Equifax has actually already started the process of setting up free credit tracking for those impacted. Other credit monitoring services are available and should be considered.

– Track all your financial accounts including credit cards and all bank accounts. Guarantee that all notices are switched on. Make sure you are getting instant text and e-mail notices for any modifications in your account or increased balances or transactions.

– Protect your bank and monetary accounts, guarantee that two-factor authentication is switched on for all accounts. Learn more about 2 level authentication and turn it on for all monetary accounts.

– Phishing email messages can be your greatest day-to-day danger! Slow down when managing e-mail messages. Stop immediately clicking on every email link and attachment you get. Instead of clicking on links and attachments in e-mail messages, go independently to the sites outside of the e-mail message. When you receive an e-mail, you were not anticipating from a name you recognize consider calling the sender separately before you click links or attachments.

– Strong passwords – consider altering all your passwords. Establish strong passwords and secure them. Use different passwords for your accounts.

Other Security Thoughts:

– Backup all computers and update operating systems and software routinely.

– Social media security – Sharing too much details on social networks increases the risk that you will be taken advantage of. For instance, informing the world, you are on a trip with pictures opens the danger your house will be broken into.

– Secure your devices – Do not leave your laptop computer, phone or tablet unattended even for a moment. Do not leave anything in your automobile you do not want taken because it’s just a matter of time.

– Internet of things and device management – Understand how all your devices connect to the Internet and what info you are sharing. Inspect security settings for all devices and be sure to include smart watches and physical fitness bands.

The worth of training on security awareness:

– This is another cyber crime, where security awareness training can help to lower risk. Being aware of brand-new cyber crimes and frauds in the news is a basic part of security awareness training. Making sure that staff members, family and friends know this scam will significantly reduce the probability that you will be victimized.

– Sharing new frauds and cyber crimes you find out about in the news with others, is very important to guarantee that individuals you care about do not fall victim to these kinds of criminal activities.

Generic Will Not Fit So Choose Extensible – Charles Leaver

Written By Charles Leaver Ziften CEO


Whether you call them extensions, or call them personalizations – no matter what they are called, the best technology platforms can be tailored to fit an organization’s specific business requirements. Generic operations tools are great at performing generic operations jobs. Generic security tools are great at dealing with generic security challenges. Generic can just take you so far, though, which’s where extensibility takes over.

Extensibility turns up often when I’m speaking to customers and potential customers, and I’m proud that a Global 10 company selected Ziften over everyone else in the market mainly on that basis. For that client, and numerous others, the capability to deeply tailor platforms is a need.

This isn’t really about merely creating custom-made reports or custom-made notifications. Let’s be truthful – the ability to develop reports are baseline ability of many IT operations and security management tools. Real extensibility goes deep into the service to offer it abilities that resolve real problems for the company.

One client used lots of mobile IoT devices, and had to have our Zenith real time visibility and control system have the ability to access (and monitor) the memory of those devices. That’s not a standard function used by Zenith, due to the fact that our low-footprint agent does not hook into the operating system kernel or work through basic device drivers. Nevertheless, we dealt with the customer to personalize Zenith with that ability – and it ended up being simpler than anybody imagined.

Another customer looked at the basic set of end point data that the agent collects, and wanted to add additional data fields. They likewise wished to setup the administrative console with custom-made actions utilizing those data fields, and press those actions back out to those end points. No other endpoint tracking and security option was able to offer the function for adding that functionality besides Ziften.

What’s more, the client established those extensions themselves … and owns the code and IP. It becomes part of their own secret sauce, their own company differentiator, and distinct to their company. They could not be any more happy. And neither could we.

With many other IT operations and security systems, if clients desire additional functions or capabilities, the only option is to submit that as a future feature demand, and hope that it appears in an upcoming release of the solution. Until then, regrettable.

That’s not how we developed our flagship solutions, Zenith and ZFlow. Due to the fact that our endpoint agent isn’t based on kernel hooks or device drivers, we can allow for significant extensibility, and open up that extensibility for clients to access directly.

Likewise, with our administrative consoles and back-end tracking systems; everything is adjustable. And that was integrated in right from the beginning.

Another aspect of customization is that our real time and historic visibility database can integrate into your other IT operations and security platforms, such as SIEM tools, risk intelligence, IT ticketing system, task orchestration systems, and data analytics. With Zenith and ZFlow, there are no more silos. Ever.

In the world of endpoint tracking and management, extensions are significantly where it’s at. IT operations and enterprise security groups need the capability to tailor their tools platforms to fit their specific requirements for tracking and handling IoT, conventional endpoints, the data center, and the cloud. In numerous client discussions, our integrated extensibility has actually caused eyes to light up, and won us trials and implementations. Inform us about your custom requirements, and let’s see what we can do.

Ziften Is The First To Reveal Its Endpoint Security Architecture So Will Others Follow? – Charles Leaver

Written By Mike Hamilton And Presented By Ziften CEO Charles Leaver


Endpoint security is really in vogue these days. And there are lots of different vendors out there touting their services in this market. But it’s in some cases hard to understand exactly what each vendor offers. What’s much more hard is to comprehend how each vendor solution is architected to offer their services.

I believe that the back end architecture of whatever you pick can have a profound influence on the future scalability of your application. And it can develop lots of unexpected work and costs if you’re not cautious.

So, in the spirit of openness, and due to the fact that we believe our architecture is not the same, unique and effective, we welcome all endpoint security vendors to “reveal to us your architecture”.

I’ll kick this off in the following video where I reveal to you the Ziften architecture, and a couple of exactly what I think about tradition architectures for contrast. Specifically, I’ll discuss:

– Ziften’s architecture designed utilizing next-gen cloud principles.
– One business peer-to-peer “mish-mash” architecture.
– Tradition hub-spoke-hub architectures.

I have actually revealed you the power of our really cloud-based platform. Now it’s my rival’s turn. Come on folks – reveal to us your architectures!

Offensive And Defensive Risk And Security Strategies – Charles Leaver

Written By Roark Pollock And Presented By Charles Leaver Ziften CEO


Threat management and security management have long been dealt with as separate functions often performed by separate functional groups within an organization. The recognition of the need for continuous visibility and control across all assets has increased interest in looking for common ground between these disciplines and the availability of a brand-new generation of tools is allowing this effort. This conversation is really current offered the continued trouble the majority of enterprise organizations experience in drawing in and keeping certified security workers to handle and secure IT infrastructure. A marriage of activity can help to better utilize these critical personnel, lower expenses, and assist automate response.

Historically, danger management has actually been viewed as an attack mandate, and is typically the field of play for IT operations groups. Sometimes referred to as “systems management”, IT operations groups actively carry out device state posture monitoring and policy enforcement, and vulnerability management. The goal is to proactively alleviate possible dangers. Activities that further risk decreasing and that are carried out by IT operations include:

Offending Threat Mitigation – Systems Management

Asset discovery, inventory, and revitalize

Software application discovery, use tracking, and license rationalization

Mergers and acquisition (M&A) danger evaluations

Cloud work migration, tracking, and enforcement

Vulnerability assessments and patch installs

Proactive help desk or systems analysis and issue response/ repair work

On the other side of the field, security management is considered as a protective game, and is normally the field of play for security operations groups. These security operations teams are typically responsible for hazard detection, event response, and resolution. The objective is to react to a risk or a breach as rapidly as possible in order to decrease effects to the organization. Activities that fall directly under security management which are performed by security operations consist of:

Defensive Security Management – Detection and Response

Hazard detection and/or risk searching

User habits monitoring / insider hazard detection and/or searching

Malware analysis and sandboxing

Occurrence response and threat containment/ removal

Lookback forensic examinations and root cause decision

Tracing lateral risk motions, and even more danger removal

Data exfiltration identification

Successful companies, naturally, have to play both offense AND defense similarly well. This requirement is pressing organizations to acknowledge that IT operations and security operations need to be as lined up as possible. Thus, as much as possible, it helps if these two teams are playing utilizing the same playbook, or a minimum of dealing with the same data or single source of truth. This indicates both groups should aim to use a few of the exact same analytic and data collection tools and methods when it pertains to managing and securing their endpoint systems. And if organizations count on the same workers for both jobs, it definitely helps if those people can pivot between both jobs within the exact same tools, leveraging a single data set.

Each of these offensive and protective tasks is critical to protecting an organization’s copyright, credibility, and brand. In fact, managing and prioritizing these jobs is exactly what often keeps CIOs and CISOs up during the night. Organizations must acknowledge opportunities to align and consolidate teams, technologies, and policies as much as possible to ensure they are focused on the most urgent requirement along the present danger and security management spectrum.

When it pertains to managing endpoint systems, it is clear that companies are moving toward an “all the time” visibility and control model that allows continuous danger evaluations, constant threat monitoring, and even continuous efficiency management.

Hence, organizations need to look for these 3 essential capabilities when assessing new endpoint security systems:

Solutions that supply “all the time” visibility and control for both IT operations groups and security operations groups.

Solutions that supply a single source of reality that can be used both offensively for risk management, and defensively for security detection and response.

Architectures that easily integrate into current systems management and security tool environments to deliver even greater value for both IT and security groups.

Here Is What We Experienced At Defcon And Black Hat 2017 – Charles Leaver

Written by Michael Vaughn And Presented By Ziften CEO Charles Leaver


Here are my experiences from Black Hat 2017. There is a slight addition in approaching 2017’s synopsis. It is large in part due to the theme of the opening talk given by Facebook’s Chief Security Officer, Alex Stamos. Stamos predicted the importance of re focusing the security neighborhood’s efforts in working better together and diversifying security options.

“Working much better together” is relatively an oxymoron when taking a look at the mass competition amongst numerous security businesses fighting for customers during Black Hat. Based off Stamos’s messaging during the opening presentation this year, I felt it important to add a few of my experiences from Defcon as well. Defcon has actually traditionally been an occasion for learning and consists of independent hackers and security specialists. Last week’s Black Hat theme concentrated on the social element of how companies need to get along and really assist others and one another, which has constantly been the overlying message of Defcon.

Individuals visited from all over the world last week:

Jeff Moss, aka ‘Dark Tangent’, the creator of Black Hat and Defcon, also wishes that to be the theme: Where you aim to help individuals get knowledge and learn from others. Moss desires attendees to remain ‘great’ and ‘helpful’ during the conference. That is on par with exactly what Alex Stamos from Facebook conveyed in his keynote about security businesses. Stamos asked that all of us share in the obligation of assisting those that can not help themselves. He likewise raised another valid point: Are we doing enough in the security industry to really help people rather than simply doing it to make cash? Can we achieve the goal of actually assisting people? As such is the juxtaposition of the two events. The primary differences between Black Hat and Defcon is the more corporate consistency of Black Hat (from vendor hall to the presentations) to the true hacker community at Defcon, which showcases the innovative side of what is possible.

The business I work for, Ziften, offers Systems and Security Operations software applications – offering IT and security teams visibility and control across all endpoints, on or off a business network. We likewise have a pretty sweet sock game!

Lots of guests flaunted their Ziften assistance by adorning previous year Ziften sock designs. Looking good, feeling great!

The idea of joining forces to combat against the corrupt is something most guests from around the world accept, and we are no different. Here at Ziften, we aim to genuinely help our customers and the community with our solutions. Why offer or count on a service which is restricted to only exactly what’s inside the box? One that offers a single or handful of specific functions? Our software application is a platform for integration and offers modular, individualistic security and functional solutions. The whole Ziften team takes the creativity from Defcon, and we push ourselves to try and develop new, customized functions and forensic tools where standard security companies would avoid or simply remain consumed by day-to-day tasks.

Providing continuous visibility and control for any asset, anywhere is one of Ziften’s primary focuses. Our combined systems and security operations (SysSecOps) platform empowers IT and security operations teams to rapidly fix endpoint concerns, decrease overall threat posture, speed threat response, and improve operations efficiency. Ziften’s protected architecture provides constant, streaming end point monitoring and historic data collection for enterprises, governments, and managed security service providers. And remaining with this year’s Black Hat style of interacting, Ziften’s partner integrations extend the worth of incumbent tools and fill the gaps in between siloed systems.

Journalists are not enabled to take images of the Defcon crowd, however I am not the press and this was prior to going into a badge needed area:P The Defcon hoards and goons (Defcon mega-bosses using red t-shirts) were at a standstill for a solid 20 minutes waiting for initial access to the four massive Track meeting rooms on opening day.

The Voting Machine Hacking Village got a lot of attention at the event. It was interesting but nothing brand-new for veteran attendees. I suppose it takes something notable to amass attention around particular vulnerabilities.? All vulnerabilities for the majority of the talks and particularly this town have actually already been revealed to the proper authorities prior to the occasion. Let us understand if you need aid locking down one of these (looking at you federal government folks).

More and more individual data is appearing to the general public. For instance, Google & Twitter APIs are freely and openly readily available to query user data metrics. This data is making it easier for hackers to social engineer focused attacks on individuals and specifically persons of power and rank, like judges and executives. This discussion titled, Dark Data, showed how a simple yet dazzling de-anonymization algorithm and some data made it possible for these 2 white hats to recognize individuals with severe precision and reveal extremely private details about them. This must make you reconsider what you have actually installed on your systems and individuals in your work environment. The majority of the above raw metadata was gathered through a popular browser add-on. The fine tuning accompanied the algothrim and public APIs. Do you know exactly what browser add-ons are operating in your environment? If the answer is no, then Ziften can assist.

This presentation was clearly about making use of Point-of-Sale systems. Although quite humorous, it was a little scary at the speed at which one of the most commonly used POS systems can be hacked. This specific POS hardware is most commonly used when paying in a taxi. The base os is Linux and although on an ARM architecture and protected by durable firmware, why would a company risk leaving the security of client charge card information entirely up to the hardware supplier? If you look for extra protection on your POS systems, then don’t look beyond Ziften. We protect the most frequently utilized enterprise operating systems. If you want to do the fun thing and set up the video game Doom on one, I can send you the slide deck.

This guy’s slides were off the charts exceptional. What wasn’t exceptional was how exploitable the MacOS is throughout the setup process of very common applications. Essentially each time you install an application on a Mac, it needs the entry of your escalated benefits. However what if something were to a little modify code a few seconds prior to you entering your Administrator qualifications? Well, the majority of the time, most likely something bad. Anxious about your Mac’s running malware wise adequate to discover and change code on typical susceptible applications prior to you or your user base entering qualifications? If so, we at Ziften Technologies can assist.

We assist you by not changing all your toolset, although we often find ourselves doing simply that. Our objective is to utilize the advice and existing tools that work from different vendors, ensure they are running and installed, ensure the perscribed hardening is indeed undamaged, and guarantee your operations and security groups work more efficiently together to achieve a tighter security matrix throughout your environment.

Key Takeaways from Black Hat & Defcon 2017:

1) Stronger together

– Alex Stamos’s keynote
– Jeff Moss’s message
– Visitors from all over the world working together
– Black Hat must maintain a friendly neighborhood spirit

2) More powerful together with Ziften

– Ziften plays great with other software application vendors

3) Popular present vulnerabilities Ziften can help prevent and solve

– Point-of-Sale accessing
– Voting machine tampering
– Escalating MacOS advantages
– Targeted specific attacks

Downloading A Subtitle Package For Your Favorite Move App Can Leave You Exposed – Charles Leaver

Written By Josh Harriman And Presented By Chuck Leaver Ziften CEO


Do you like watching movies with popular apps like Kodi, SmartTV or VLC on your devices? How about needing or wanting subtitles with those films and simply getting the current pack from OpenSubtitles. No problem, sounds like an excellent night at home. Problem is, in accordance with research by Check Point, you could be in for a nasty surprise.

For the hackers to take control of your ‘realm’, they need a vector or some method to gain entry to your system. There are some common ways that occur nowadays, such as creative (and not so creative) social engineering techniques. Getting emails that appear to come from pals or colleagues which were spoofed and you opened an attachment, or went to some website and if the stars lined up, you were pwned. Typically the star alignment part is not that hard, only that you have some vulnerable software application running that can be accessed.

Since the trick is getting users to work together, the target audience can sometimes be hard to discover. But with this latest research study published, many of the major media players have a special vulnerability when it concerns accessing and translating subtitle bundles. The 4 main media giants noted in the post are fixed to date, but as we have seen in the past (just take a look at the current SMB v1 vulnerability problem) even if a repair is available, does not suggest that users are updating. The research has likewise omitted to show the technical details around the vulnerability to permit other suppliers time to patch. That is an excellent indication and the appropriate approach I believe scientists ought to take. Notify the vendor so they can repair the problem and also announce it publicly so ‘we the people’ are notified and understand what to keep an eye out for.

It’s tough to keep up with the numerous methods you can get infected, however at least we have researchers who tirelessly attempt to ‘break’ things to discover those vulnerabilities. By performing the appropriate disclosure approaches, they assist everybody take pleasure in a more secure experience with their devices, and in this scenario, a great night in at the movies.