Chuck Leaver – Your Guide To Patch Validation

Written By Logan Gilbert And Presented By Chuck Leaver



A current report shows nearly twenty thousand brand-new software vulnerabilities were found in 2017 – an all time high. Think about that for a second. That’s approximately fifty five new vulnerabilities daily. That’s a lot for any IT store to handle.

Now there’s good news and bad news. The good news is that patches were offered for eighty six percent of those vulnerabilities on the day of disclosure. The bad news is that most companies continue to deal with patch validation, prioritization and application. And as IT tasks increasingly migrate to the cloud, vulnerability visibility tends to reduce – exacerbating an already tough challenge.

Let’s take a better look at how to manage cloud patch validating effectively.

Initially, a Patch Management Guide

Patch management is the practice of updating software applications with code modifications that resolve vulnerabilities exploitable by cyber assailants. Despite the fact that it’s been around for decades, patch management remains a tough procedure for many IT companies.

Modern businesses have complex IT environments with several integration points between company systems. That means it is challenging for software application developers to account for all unexpected effects, e.g., a piece of code that might close a port, disable critical infrastructure interaction, and even crash its host server.

And focusing on the efficient patching of recognized vulnerabilities is the undeniable ‘big bang for the buck’ play. In 2017, Gartner stated that ninety nine percent of exploits are based upon vulnerabilities that have actually currently been understood to security and IT experts for at least one year.

Cloud Patching Fundamentals

The very first key to shutting down the correct vulnerabilities in your cloud IT infrastructure is being able to see everything. Without being able to see into your cloud systems and applications, you can’t really understand if both those systems and applications are patched where it is most important. The 2nd key is patch validation. Just shooting off a patch is no warranty that it triggered correctly. It may, or might not, have deployed successfully.

How would you be sure of this?

The Ziften Method

Ziften provides the visibility and recognition you require to guarantee your cloud IT environment is safe and safe and secure from the vulnerabilities that matter:

– Detailed capture of discovered OS and application vulnerabilities

– Findings mapped to vulnerability insight references, e.g., OWASP, CIS, CVE, CWE, and OSVDB

– Comprehensive explanations of the implications of findings, business effects, and dangers for each of the recognized exposures

– Vulnerability prioritization based upon asset criticality and threat of attack

– Remediation suggestions to close determined deficiencies

– In-depth actions to follow while reducing reported shortages

– Detection and mitigation of attacks that take advantage of unpatched systems with quarantine treatments

Far too frequently we discover that the data from customer’s patching systems incorrectly report that vulnerabilities are certainly patched. This creates a false sense of security that is inappropriate for security operations and IT operations groups.

Chuck Leaver – Understanding GDPR And Cyber Security Monitoring

Written By Dr Al Hartmann And Presented By Chuck Leaver


Robust enterprise cybersecurity naturally includes tracking of network, endpoint, application, database, and user activity to avert, spot, and react to cyber dangers that might breach personal privacy of enterprise staff, partners, providers, or customers. In cyber space, any obstructions to your view end up being totally free fire zones for the legions of attackers seeking to do harm. But tracking also captures event records that might include user “individual data” under the broad European Union GDPR interpretation of that term. Business staff are “natural individuals” and for this reason “data subjects” under the guideline. Wisely stabilizing security and privacy concerns across the business can be challenging – let’s talk about this.

The Requirement for Cybersecurity Tracking

GDPR Chapter 4 governs controller and processor roles under the guideline. While not clearly mandating cyber security monitoring, this can be presumed from its text:

-” … When it comes to a personal data breach, the controller shall without undue delay and, where practical, not more than seventy two hours after having become aware of it, inform the individual data breach to the supervisory authority …” [Art. 33( 1)]

-” … the controller and the processor will implement proper technical and organizational steps to make sure a level of security appropriate to the risk …” [Art. 32( 1)]

-” Each supervisory authority will have [the authority] to perform investigations through data security audits.” [Art. 58( 1)]

One can well reason that to discover a breach one has to monitor, or that to confirm and to scope a breach and provide timely breach notification to the supervisory authority that a person must also monitor, or that to execute appropriate technical steps that one need to monitor, or that to respond to a data security audit that one ought to have an audit path and that audit trails are produced by monitoring. In short, for an enterprise to protect its cyberspace and the personal data therein and verify its compliance, it reasonably needs to monitor that area.

The Enterprise as Data Controller

Under the GDPR it is the controller that “determines the functions and ways of the processing of individual data.” The business decides the functions and scope of tracking, picks the tools for such monitoring, identifies the probe, sensor, and agent releases for the tracking, picks the services or staff which will access and review the monitored data, and chooses the actions to take as a result. In short, the business serves in the controller function. The processor supports the controller by providing processing services on their behalf.

The enterprise also uses the personnel whose individual data may be included in any event records caught by tracking. Individual data is defined rather broadly under GDPR and may consist of login names, system names, network addresses, filepaths that consist of the user profile directory, or any other incidental details that could reasonably be linked to “a natural individual”. Event data will frequently consist of these elements. An event data stream from a specific probe, sensing unit, or agent could then be connected to an individual, and expose elements of that person’s work performance, policy compliance, and even elements of their individual lives (if business devices or networks are not used correctly for personal business). Although not the object of cybersecurity monitoring, prospective personal privacy or profiling concerns may be raised.

Achieving Clarity by means of Fair Processing Notices

As the enterprise employs the staff whose individual data might be captured in the cyber security tracking dragnet, they have the opportunity in employment contracts or in separate disclosures to notify staff of the need and function of cybersecurity tracking and acquire educated approval straight from the data topics. While it might be argued that the legal basis for cybersecurity monitoring does not necessarily require informed consent (per GDPR Art, 6( 1 )), but is a consequence of the data security level the business need to keep to otherwise comply with law, it is far preferable to be open and transparent with personnel. Employment agreements have long included such provisions specifying that staff members consent to have their office communications and devices kept track of, as a condition of work. However the GDPR raises the bar considerably for the specificity and clarity of such approvals, termed Fair Processing Notices, which have to be “freely given, specific, informed and unambiguous”.

Fair Processing Notifications need to plainly set out the identity of the data controller, the kinds of data gathered, the function and legal basis for this collection, the data topic rights, as well as contact info for the data controller and for the supervisory authority having jurisdiction. The notice has to be clear and quickly understood, and not buried in some prolonged legalistic employment contract. While many sample notices can be found with a simple web search, they will need adjustment to fit a cybersecurity monitoring context, where data subject rights may conflict with forensic data retention mandates. For instance, an insider assailant may demand the deletion of all their activity data (to ruin evidence), which would overturn personal privacy regulations into a tool for the obstruction of justice. For other guidance, the extensively utilized NIST Cyber Security Framework addresses this balance in Sec. 3.6 (” Method to Secure Personal Privacy and Civil Liberties”).

Think Worldwide, Act Locally

Given the viral jurisdictional nature of the GDPR, the oppressive charges imposed upon violators, the difficult characteristics of filtering out EEA from non-EEA data subjects, and the most likely spread of comparable guidelines globally – the safe course is to apply stringent personal privacy policies across the board, as Microsoft has done.

In contrast to international application stands local implementation, where the safe course is to put cybersecurity tracking infrastructure in geographical locales, instead of to come to grips with trans border data transfers. Even remotely querying and having sight of personal data may count as such a transfer and argue for pseudonymization (tokenizing individual data fields) or anonymization (editing personal data fields) across non-cooperating jurisdictional boundaries. Only in the last stages of cybersecurity analytics would natural person identification of data subjects become appropriate, and then most likely just be of actionable worth in your area.

Chuck Leaver – Should You Whitelist Or Blacklist?

Written By Roark Pollock And Presented By Chuck Leaver



Similar to any form of security, the world of IT security is one of establishing and imposing a set of allow/disallow guidelines – or more formally titled, security policies. And, simply stated, allow/disallow guidelines can be expressed as a ‘whitelist’ or a ‘blacklist’.

In the distant past, many guidelines were blacklist in nature. The good ‘ole days were when we trusted practically everyone to act well, and when they did this, it would be quite simple to identify bad behavior or anomalies. So, we would just need to compose a couple of blacklist rules. For instance, “don’t enable anybody into the network coming from an IP address in say, Russia”. That was kind of the same thing as your grandparents never locking the doors to your home on the farm, considering that they were aware of everybody within a twenty mile radius.

Then the world altered. Good behavior became an exception, and bad actors/behavior became legion. Naturally, it took place slowly – and in stages – dating to the beginning of the true ‘Internet’ back in the early 1990’s. Remember script kiddies unlawfully accessing public and secure sites, simply to show to their high school pals that they could?

Fast forward to the modern age. Everything is on-line. And if it has value, somebody on the planet is aiming to steal or damage it – constantly. And they have lots of tools at their disposal. In 2017, 250,000 brand-new malware versions were presented – per day. We used to count on desktop and network anti-virus solutions to include brand-new blacklist signatures – every week – to counter the bad guys utilizing harmful code for their bidding. But at over 90 million brand-new malware variations each year, blacklist strategies alone will not cut it.

Network whitelisting technologies have been an essential line of defense for on premises network security – and with a lot of companies rapidly moving their work to the cloud, the same systems will be needed there also.

Let’s take a more detailed look at both approaches.


A blacklist lines out understood destructive or suspicious “entities” that should not be permitted access, or execution rights, in a network or system. Entities consist of bad software applications (malware) including infections, Trojans, worms, spyware, and keystroke loggers. Entities also consist of any user, application, procedure, IP address, or organization understood to position a threat to a business.

The critical word above is “known”. With 250,000 new variants appearing each day, the number that are out there we have no idea about – at least until much later in time, which could be days, weeks, or perhaps years?


So, exactly what is whitelisting? Well, as you might have thought, it is the reverse of blacklisting. Whitelisting begins from a point of view that nearly everything is bad. And, if that is true, it ought to be more effective just to specify and allow “excellent entities” into the network. An easy example would be “all employees in the finance department that are director level or higher are enabled to access our financial reporting application on server X.” By extension, everybody else is denied access.

Whitelisting is frequently described as a “zero trust” method – reject all, and allow just select entities access based on a set of ‘excellent’ characteristics related to user and device identity, behavior, location, time, etc

Whitelisting is commonly accepted for high-risk security environments, where strict rules take precedence over user flexibility. It is likewise highly valued in environments where companies are bound by rigorous regulative compliance.

Black, White, or Both?

First, there are not many that would suggest blacklisting is totally aged out. Definitely at the endpoint device level, it remains reasonably simple to install and preserve and rather reliable – especially if it is kept up to date by third party danger intelligence companies. But, in and of itself, is it enough?

Second, depending upon your security background or experience, you’re likely thinking, “Whitelisting could never work for us. Our business applications are just too varied and complicated. The time, effort, and resources required to compile, monitor, and update whitelists at a business level would be untenable.”

Thankfully, this isn’t actually an either-or choice. It’s possible to take a “finest of both worlds” stance – blacklisting for malware and invasion detection, operating alongside whitelisting for system and network access at large.

Ziften and Cloud Whitelisting

The key to whitelisting boils down to ease of execution – specifically for cloud-based work. And ease of execution becomes a function of scope. Think about whitelisting in two ways – application and network. The previous can be a quagmire. The latter is far simpler to execute and maintain – if you have the best visibility within your cloud environment.

This is where Ziften comes in.

With Ziften, it ends up being easy to:

– Identify and establish visibility within all cloud servers and virtual machines

– Gain constant visibility into devices and their port usage activity

– See east-west traffic flows, consisting of comprehensive tracking into protocols in use over particular port sets

– Convert ‘seeing’ what’s taking place into a discernable variety of whitelists, finished off with accurate protocol and port mappings

– Establish near real time notifications on any anomalous or suspicious resource or service activations

Chuck Leaver – Using Powerful Hunting In Windows Defender ATP

Written By Josh Harrimen And Presented By Chuck Leaver


Following on the heels of our recent partnership announcement with Microsoft, our Ziften Security Research group has actually begun leveraging a very cool part of the Windows Defender Advanced Threat Protection (Windows Defender ATP) platform from their Security Center. The Advanced Searching feature lets users run queries in line with the information that has actually been sent out by products and tools, for example Ziften, to discover interesting behaviors rapidly. These queries can be kept and shared amongst the user base of Windows Defender ATP users.

We have included a handful of shared inquiries up until now, but the outcomes are rather intriguing, and we like the ease of use of the searching interface. Considering that Ziften sends endpoint data collected from macOS and Linux systems to Windows Defender ATP, we are focusing on those operating systems in our query development efforts to display the total coverage of the platform.

You can access the Advanced Searching user interface by choosing the database icon on the left hand side as revealed in the image below.

You can observe the top-level schema on the top left of that page with occasions such as Machineinfo, ProcessCreation, NetworkCommunication and some others. We ran some current malware within our Redlab and produced some inquiries to find that data and produce the outcomes for examination. An example of this was OceanLotus. We developed a few queries to discover both the dropper and files connected with this risk.

After running the queries, you get outcomes with which you can interact with.

Upon evaluation of the results, we see some systems that have exhibited the looked for habits. When you pick these systems, you can see the information of the system under examination. From there you can see alerts set off and an event timeline. Information from the destructive process are revealed in the image below.

Additional behavior based queries can likewise be run. For instance, we executed another malicious sample which leveraged a small number of methods that we queried. The screenshot directly below shows an inquiry we ran when looking for the Gatekeeper program on a macOS being disabled from the command line. While this action could be an administrative action, it is definitely something you would want to know is taking place within your environment.

From these query outcomes, you can once again choose the system under examination and further examine the suspicious behaviors.

This blog definitely does not work as an in-depth tutorial on using the Advanced Searching function within the Windows Defender Advanced Threat Protection platform. However we wanted to put something together quickly to share our passion about how simple it is to leverage this feature to perform your own custom danger hunting in a multi-system environment, and throughout Windows, macOS and Linux systems.

We look forward to sharing more of our experimentation and research studies using queries built utilizing the Advanced Hunting feature. We share our successes with everybody here, so check out this blog often.

Chuck Leaver – Good News About RSA 2018

Written By Logan Gilbert And Presented By Chuck Leaver


After investing a couple of days with the Ziften team at the 2018 RSA Conference, my innovation observation was: more of the very same, the typical suspects and the typical buzzwords. Buzz words like – “AI”, “machine learning”, “predictive” were incredibly worn out. Lots of attention paid to avoidance, everybody’s favorite attack vector – email, and everybody’s preferred vulnerability – ransomware.

The only surprise to me was seeing a smattering of NetFlow analysis companies – great deals of smaller companies attempting to make their mark using a very rich, but tough to work with, data set. Really cool stuff! Discover the little cubicles and you’ll discover tons of innovation. Now, in fairness to the larger suppliers I know there are some genuinely cool technologies therein, but RSA barely positions itself to cutting through the buzzwords to actual value.

RSA Buzz

I may have a biased view because Ziften has been partnering with Microsoft for the last six plus months, however Microsoft appeared to play a lot more prominent leading role at RSA this year. Initially, on Monday, Microsoft revealed it’s all new Intelligent Security Association uniting their security collaborations “to concentrate on defending clients in a world of increased dangers”, and more importantly – strengthening that defense through the sharing of security intelligence across this community of partners. Ziften is obviously proud to be a founding member in the Intelligent Security Association.

In addition, on Tuesday, Microsoft revealed a ground breaking collaboration with numerous players in the cybersecurity industry named the “Cybersecurity Tech Accord.” This accord requires a “digital Geneva Convention” that sets standards of habits for the online world just as the Geneva Conventions set rules for the conduct of war in the physical world.

People who Attended the RSA

A real interesting point to me though was the makeup of the exhibition attendees. As I was likewise an exhibitor at RSA, I noted that of my visitors, I saw more “suits” and less t-shirts.

Ok, possibly not suits per se, however more security Supervisors, Directors, VPs, CISOs, and security leaders than I remember seeing at previous events. I was encouraged to see what I believe are business decision makers taking a look at security businesses first hand, as opposed to doling that task to their security group. From this audience I frequently heard the same overtones:

– This is frustrating.
– I can’t tell the difference in between one technology and another.

Those who were Absent from RSA

What I saw less of were “technology trolls”. What, you might ask, are technology trolls? Well, as a vendor and security engineer, these are the guys (constantly guys) that show up five minutes prior to the close of the day and drag you into a technical due-diligence exercise for an hour, or a minimum of up until the happy hour celebrations begin. Their goal – definitely nothing helpful to anyone – and here I’m presuming that the troll in fact works for a company, so nothing useful for the company that actually paid thousands of dollars for their participation. The only thing acquired is the troll’s self affirmation that they are able to “beat down the supplier” with their technical prowess. I’m being severe, however I have actually experienced the trolls from both sides of the fence, both as a vendor, and as a buyer – and back at the office nobody is basing purchasing decisions based on troll recommendations. I can just assume that businesses send tech trolls to RSA and comparable expos due to the fact that they do not desire them in their workplace.

Discussions about Holistic Security

Which brings me back to the type of individuals I did see a great deal of at RSA: security savvy (not just tech savvy) security leaders, who understand the corporate argument and choices behind security technologies. Not just are they influencers however in a lot of cases the business owners of security for their particular companies. Now, aside from the previously mentioned concerns, these security leaders appeared less concentrated on an innovation or specific usage case, but rather an emphasis on a desire for “holistic” security. As we understand, excellent security requires a collection of technologies, practice and policy. Security savvy clients wanted to know how our innovation fitted into their holistic solution, which is a rejuvenating change of dialog. As such, the types of questions I would hear:

– How does your innovation partner with other products I already use?
– More notably: Does your business really buy into that partnership?

That last question is important, basically asking if our partnerships are just fodder for a site, or, if we truly have an acknowledgment with our partner that the whole is greater than the parts.

The latter is exactly what security specialists are searching for and require.

To Conclude

In general, RSA 2018 was terrific from my point of view. After you get past the jargon, much of the buzz centered on things that matter to clients, our industry, and us as people – things like security partner ecosystems that include worth, more holistic security through real partnership and significant integrations, and face to face conversations with company security leaders, not technology trolls.

Chuck Leaver – Guarding Against Cloud Unmanaged Assets

Written By Logan Gilbert And Presented By Chuck Leaver


We all relate to the vision of the masked villain hovering over his laptop late in the evening – accessing a business network, stealing important data, disappearing without a trace. We personify the assailant as smart, determined, and crafty. But the reality is the huge bulk of attacks are enabled by easy human negligence or recklessness – making the job of the cyber criminal a simple one. He’s checking all the doors and windows continuously. All it takes is one error on your part and hegets in.

Exactly what do we do? Well, you know the answer. We invest a hefty piece of our IT spending plan on security defense-in-depth layers – created to discover, trick, fool, or outright obstruct the bad guys. Let’s ignore the discussion on whether or not we are winning that war. Because there is a far much easier war underway – the one where the assailant enters into your network, business crucial application, or IP/PPI data through a vector you didn’t even know you had – the unmanaged asset – often described as Shadow IT.

Believe this is not your business? A current study suggests the average business has 841 cloud apps in use. Surprisingly, most IT executives think the variety of cloud apps in use by their company is in the order of thirty to forty – meaning they are off by a factor of 20X. The same report discloses that more than 98% of cloud apps are not GDPR prepared, and 95% of enterprise-class cloud apps are not SOC 2 compliant.

Defining Unmanaged Assets/Shadow IT

Shadow IT is specified as any SaaS application used – by staff members, departments, or whole organization groups – without the comprehension or approval of the business’s IT department. In addition, the development of ‘everything as a service’ has made it even easier for workers to gain access to whatever software application they feel is required to make them more productive.

The Effect

Well-intentioned employees generally don’t understand they’re breaking corporate guidelines by activating a brand-new server instance, or downloading unauthorized apps or software application offerings. But, it happens. When it does, three problems can occur:

1. Business requirements within an organization are compromised considering that unauthorized software suggests each computer has different abilities.

2. Rogue software applications frequently includes security defects, putting the whole network at risk and making it much more hard for IT to handle security dangers.

3. Asset blind spots not just drive up security and compliance threats, they can increase legal dangers. Info retention policies designed to restrict legal liability are being compromised with info contained on unapproved cloud assets.

Three Essential Considerations for Attending To Unmanaged Asset Dangers

1. First, deploy tools that can offer thorough visibility into all cloud assets- managed and unmanaged. Know what brand-new virtual machines have actually been activated this week, in addition to exactly what other devices and applications with which each VM instance is interacting.

2. Second, make certain your tooling can offer continuous inventory of licensed and unauthorized virtual devices running in the cloud. Ensure you can see all IP connections made to each asset.

3. Third, for compliance and/or forensic analysis functions try to find a service that supplies a capture of any and all assets (physical and virtual) that have actually ever been on the network – not just a solution that is limited to active assets – and within a brief look back window.

Unmanaged Asset Discovery with Ziften

Ziften makes it simple to rapidly find cloud assets that have actually been commissioned beyond IT’s purview. And we do it continually and with deep historic recall at your fingertips – including when each device initially linked to the network, when it last appeared, and how typically it reconnects. And if a virtual device is decommissioned, no problem, we still have all its historical behavior data.

Identify and secure hidden attack vectors stemming from shadow IT – before a disaster. Know what’s going on in your cloud environment.

Chuck Leaver – New Intelligent Security Association From Microsoft Is Great

Written By David Shefter And Presented By Chuck Leaver


It’s an excellent strategy: Microsoft has actually developed a mechanism for third-party security businesses, like Ziften, to work together to much better protect our clients. Everybody wins with the brand-new Microsoft Intelligent Security Association, revealed very recently – and we overjoyed to be a founding member and included in the launch. Kudos to Microsoft!

Sharing of Security Intelligence

Among the most interesting tasks coming out of Microsoft has actually been the new Microsoft Intelligent Security Graph, a danger intelligence engine built on artificial intelligence. The Intelligent Security Graph forms the structure of the new association – and the structure of a great deal of brand-new opportunities for development.

As Microsoft says, “At the present time, with the immense computing benefits offered by the cloud, the Machine learning and Artificial Intelligence is finding new ways to use its rich analytics engines and by applying a mix of automated and manual processes, artificial intelligence and human experts, we are able to develop a smart security graph that develops from itself and develops in real time, minimizing our cumulative time to discover and respond to brand-new incidents.”

The need for much better, more intelligent, security is significant, which is why we’re thrilled to be an establishing member of the new association.

Brad Anderson, Microsoft Corporate Vice President, Enterprise Mobility + Security, recently wrote, “Approximately 96 percent of all malware is polymorphic – meaning that it is only experienced by a single user and device prior to being changed with yet another malware variant. This is because for the most part malware is captured nearly as quick as it’s developed, so malware developers constantly develop to try and stay ahead. Data such as this hammers home how crucial it is to have security solutions in place that are as nimble and ingenious as the attacks.”

Endpoint Detection and Response that is Advanced

Which brings us to the kind of advanced endpoint detection and response (EDR) that Ziften provides to desktops, servers, and cloud assets – providing the organization special 24/7 visibility and control for any asset, anywhere. Nobody provides the functionality you’ll find in Ziften’s Zenith security platform.

That’s where the Microsoft Intelligent Security Association comes in. At the end of the day, even the very best defenses may be breached, and security groups should react faster and more strongly to ensure the security of their data and systems.

Ziften and Microsoft are delivering totally integrated hazard protection that covers customers’ endpoints – indicating customer devices, servers, and the cloud – with a structure of shared intelligence and the power of the cloud to transform tracking of organizational systems.

What Microsoft is Stating

“The Intelligent Security Association improves cooperation from leading sources to protect customers,” said Microsoft. “Having actually already attained strong client momentum with our integrated Ziften and Microsoft Windows Defender ATP option, clients stand to further gain from continued partnership.”

Additionally, “Continued integration and intelligence sharing within the context of the Microsoft Intelligent Security Graph enables joint customers to more quickly and properly discover, examine and react to attacks throughout their whole endpoint and cloud base.”

What Ziften is Saying

Ziften’s CEO, Chuck Leaver, is telling everybody that our founding subscription in the Microsoft Intelligent Security Association is a significant win for our joint customers and prospects – and it unites everybody in the Microsoft universe and beyond (note that Ziften’s Mac and Linux products are also part of the Microsoft partnership). “As security vendors, we all recognize the need to work together and team up to protect our clients and their workers. Congratulations to Microsoft for pioneering this industry effort,” Chuck said.

The outcome: Improved security for our clients, and tighter integration and more innovation in the industry. It’s a genuine win for everybody. Apart from the hackers, naturally. They lose. No apologies people.

Chuck Leaver – The Improved Ziften Channel Program

Written By Greg McCreight And Presented By Chuck Leaver


If you are a reseller, integrator, distributor, managed service provider – the brand-new Ziften Activate Partner Program is here, it’s ready to go, and will be terrific for your profitability (and for reducing your customers’ stress and anxiety about cybersecurity).

Ziften is 100 percent dedicated to the channel, and as we grow and progress in the market, we understand that your success is our success – and also our success is your success. And it shows: 96 percent of our sales in 2017 were through the channel! That’s why we built the new Activate Partner Program to provide you the resources you need to grow your organization with Ziften security services.

We kicked it all off with a very effective, cross-platform Endpoint Detection and Response (EDR) solution, Ziften Zenith. Customers really love it. Innovation Partners really love it. Resellers really love it. The market loves it. And analysts love it.

I have to share this from the conclusion of our broadband testing report, which discusses SysSecOps, or Systems Security Operations – an emerging classification where Ziften is a market leader:

Critical to Ziften’s endpoint technique in this category is total visibility – let’s face it, how can you secure if you cannot see or have no idea what is there in the first place? With its Zenith platform, Ziften has a solution that ticks all the SysSecOps boxes and more …

Overall, Ziften has a really competitive offering in the extremely legitimate, emerging IT category in the form of SysSecOps and one that should be on the examination short-list.

By the way: Microsoft recently partnered with Ziften to produce an integration of Zenith and Microsoft Windows Defender ATP, to permit Microsoft customers to secure Linux and Mac systems with the exact same single pane of glass as they use to secure Windows systems.

Enough about Ziften. Let’s concentrate on you. How you will benefit with the Activate Partner Program.

We have actually assembled a multi-tier partner program that has improved discount rates, more resources, and strong market advancement support. We understand a one-size-fits-all program does not work, not in the market today.

With Activate, we take a hands-on stance to onboarding brand-new partners; making it simple for those for whom security is a relatively small part of your services; and rewarding top-tier partners who have actually committed to Ziften.

Here’s what you get with the Activate Partner Program – and we’ll work with you to make sure that Activate fits your requirements perfectly:

Security for more of your consumer’s environment – endpoints, servers, and the cloud

Visibility and security for your client’s complex, multi-cloud deployments

Simple security tool integrations to provide genuinely custom, differentiated solutions

Hands-on, personalized assistance and life-cycle know-how

Rich financial rewards that encourage your long-term financial investment and reward on-going success

Market advancement support to drive incremental need and list building

First-rate, hands on assistance from our field sales, sales engineers, technical support, and marketing experts

The Activate program combines our effective security services, financial investments, and hands on assistance to help you develop more opportunity and close more deals.

Chuck Leaver – Be Prepared For Migrating Assets To The Cloud

Written By Logan Gilbert And Presented By Chuck Leaver


It bears reiterating – the Internet has actually permanently altered the world for individuals and companies alike. When it comes to the latter, every element of modern IT is undergoing digital change. IT departments everywhere are under pressure to make information extremely available and at lower expense – all while protecting critical data from corruption, leakage, or cyber theft.

Central to this strategy is the migration of data centers to the cloud. In fact, nineteen percent of company workloads are anticipated to be in the general public cloud by the end of 2019, and 50% over the next ten years.

Exactly What is Cloud Asset Migration?

Cloud migration is the process of moving data, applications or other service components from a company’s on-premise infrastructure to the cloud or moving them from one cloud service to another.

The diagram shown below illustrates this migration of file-server(s), data, and application(s) from an on premise server infrastructure to a cloud environment.

Cloud service providers make it possible for companies to move some or all IT infrastructure to the cloud for scale, speed, service flexibility, ease of management, and lowered costs. The advantages are absolutely nothing except compelling.

Utilizing Cloud Computing is changing the corporate landscape. With the technological developments, individuals are leaning more towards a virtual workplace meaning that you can work from anywhere and anytime making use of cloud computing.

Cloud Asset Migration Considerations

But, similar to any considerable IT infrastructure change, a relocate to the cloud requires thoughtful planning and execution for the procedure to occur within the budget plan and on time. Moving a server, database, application, or all of the above to the cloud is not without threat. System outages, performance degradation, data loss and more are likely to happen as a result of misconfigurations, system failures, and security exploits.

Case in point: 43% of those who have actually gone through a cloud asset migration have actually experienced a failed or delayed application. Why? Due to the fact that each asset migration is a ‘snowflake’ with its own level of complexity.

Let’s look at three aspects to think about for effective cloud asset migration.

1. Have a Plan

First, there has to be a strategic migration strategy. That plan needs to assist respond to concerns like the following:

Which IT assets should be migrated in the first place?
If you are moving some, or all, of your infrastructure to the cloud, how will you develop and preserve asset control?
How will you inventory what you have – before and after the move?
Do you even have to move all of it?
What comes first?

2. Clean Up Exactly What remains in Place Today

To answer these strategic questions successfully, you’ll require definitive visibility into each asset under roof now, along with appropriate characteristics of each asset. Whether your assets today are running on physical or virtual server infrastructure, you need to understand:

What assets are there now? Discover all the connected assets and comprehend whether they are currently handled and unmanaged.
Recognize low usage and/or unused systems. Should these systems be eliminated or repurposed prior to migration?
Recognize low usage and/or unused applications. Are these applications needed at all? Should they be gotten rid of prior to migration?
Determine and tidy up aspects of duplication, be it systems and/or applications.
Now identify those business-critical systems and applications that will now be migrated as part of your plan. With this detailed asset data in hand, you can sharpen your migration method by segmenting exactly what should – and ought to not be migrated – or at least clearly prioritize based upon business significance.

3. Prepare For Cloud Visibility Post Migration

Now that you’re equipped with thorough, precise existing and historical asset data, how will you preserve this level of visibility after your successful cloud asset migration?

While the expense benefits of moving to the cloud are often incredibly compelling, uncontrolled asset/ virtual machine proliferation can quickly wear down those cost benefits. So, before performing your cloud asset migration, ensure you have a cloud visibility service in place that:

Discovers/ monitors all connected assets throughout your single or multi-cloud environment
Inventories, fingerprints, and categorizes found assets
Alerts on new or unanticipated asset discovery and/or habits within the cloud environment
Incorporates with existing ticketing, workflow, and/or CMDB systems

Cloud Visibility and Security with Ziften

Continuous cloud visibility into each device, user, and application means you can administer all parts of your infrastructure more effectively. You’ll avoid squandering resources by preventing VM expansion, plus you’ll have an in-depth body of data to satisfy audit requirements for NIST 800-53, HIPAA, and other compliance regulations.

Follow the above when you migrate to the cloud, and you’ll stay away from weak security, incomplete compliance, or functional SNAFUs. Ziften’s method to cloud visibility and security offers you the intelligence you need for cloud asset migration without the difficulties.

Chuck Leaver – Great Security Opportunity For Microsoft Channel Partners

Written By Greg McCreight And Presented By Chuck Leaver


Windows Defender Advanced Threat Protection (WDATP) is very good, popular with Microsoft channel partners around the world. It is probable that you’re currently dealing with Microsoft clients to set up and look after WDATP on their Windows end points.

I’m thrilled to tell you about a new opportunity: Get a fast start with an industry-leading service that integrates right into WDATP: Ziften Zenith. For a restricted time, Microsoft channel partners can utilize our brand-new “Fast Start” program to collaborate with Ziften.

With “Fast Start,” you delight in all the benefits of Ziften’s leading tier partner status for a complete year, and we’ll assist you to get up and running quickly with joint market and business advancement resources – and with a waiver of the usual sales volume dedication related to Gold Status.

If you do not know Ziften, we provide infrastructure visibility and collaborated risk detection, prevention, and response across all endpoint devices and cloud environments. Zenith, our flagship security platform, easily deploys to client devices, servers, and virtual machines.

Once installed, Zenith continuously collects all the info essential to properly assess the existing and historic state of all handled devices including system, user habits, network connection, application, binary, and procedure data. Zenith offers your clients’ IT and security teams with constant visibility and control of all managed assets including continuous monitoring, alerting, and automated or manual actions.

Zenith is cross-platform – it operates with and safeguards Windows, Mac, Linux, and other end points.

What’s specifically notable – and here’s the chance – is that Ziften has worked together with Microsoft to incorporate Zenith with Windows Defender ATP. That suggests your customers can utilize WDATP on Windows systems and Zenith on their macOS and Linux systems to discover, view, and respond to cyberattacks all using just the WDATP Management Console for all the systems. Zenith is hidden in the background.

A single pane of glass, to handle Windows, Mac, Linux endpoints, which can consist of desktops, notebooks, and servers. That makes Zenith an ideal solution to provide to your existing WDATP clients… and to make your bids for new WDATP business more comprehensive for multi-platform business potential customers.

Furthermore, offering Zenith can assist you speed client migrations to Windows 10, and offer more Business E5 commercial editions.

” Fast Start” with Gold Status for a Year

Ziften is absolutely concentrated on the channel: 96% of our sales in 2017 were through the channel. We are delighted to bring the “Fast Start” program to existing Microsoft channel partners, anywhere in the world.

With “Fast Start,” you can sign up for the Ziften Channel Program with these advantages:

Expedited Approval and On-Boarding – Ziften channel managers and field sales work directly with you to get operating providing the Zenith endpoint security service integrated with Windows Defender ATP.

Superior Security Value – You’ll be uniquely positioned to provide clients and potential customers higher security worth throughout more of their overall environment than ever, increasing the variety of supported and secured Windows, Mac, and Linux systems.

Hands-On Collaboration – Ziften dedicates field sales, sales engineers, and marketing to support your daily pre-sales engagements, drive brand-new sales opportunities, and assist to close more deals with Microsoft and Ziften endpoint security.

Here’s what one major Microsoft channel partner, states about this – this is Ronnie Altit, creator and CEO of Insentra, a “partner-obsessed” Australian IT services company that works solely through the IT channel:

” As a large Microsoft reseller, teaming with Ziften to provide their Zenith security platform integrated with Microsoft Windows Defender ATP was a no-brainer. We’re thrilled at the seamless integration between Zenith and Windows Defender ATP giving our customers holistic protection and visibility throughout their Windows and non-Windows systems. Ziften has actually been a pleasure to work with, and helpful at every step of the procedure. We expect to be exceptionally successful offering this powerful security service to our clients.”