Archive for April, 2015

Chuck Leaver – It Took Target Months To Recover From A Cyber Attack And They Lost Millions Too

By Charles Leaver CEO Ziften



After Target was breached it took several months for the company to recuperate and be provided a clean bill of health.

Continuous Recovery Effort And Reports Of Financial Loss

It was a major story when Target suffered from its data breach. Like all significant news releases it faded into the background as far as being covered nationally, however as far as the company is concerned it was still a significant top priority. The store reduced its revenue projections for 2014 once again, which suggests that the business had undervalued the impact of the malicious attack that they were exposed to, according CNN Money.

The decrease in profits was really considerable and the company ended up stating 62% less earnings. In addition to this they had to pay out $111 million as a direct outcome of the breach in the 2nd financial quarter and all of this amounts to a business that was at one time robust now looking a shadow of its former self because of a cyber attack.

As the fallout continued, the scale of the cyber attack began to emerge. Data for around 110 million people was compromised, and stolen credit card data was experienced by 40 million of those people. As news went out about the breach, the business made some major modifications which included the application of more rigid cyber security measures and the change out of the system admin. Long standing CEO, Gregg Steinhafel, also resigned. However it is not deemed enough to reduce the effect of the attack. The stakeholders of Target are absorbing the unfavorable results of the attack as much as the business itself according to Brian Sozzi of Belus Capital.

In an e-mail to CNN Money Sozzi said “Target simply dropped an epic complete year earnings warning onto the heads of its remaining investors.” “Target has offered financiers ZERO reason to be encouraged that a worldwide turn-around is covertly emerging.”

Target Supplies A Lesson For All Organizations About Improved Pre-emptive Steps

No matter how proactive a company is to a cyber attack, there is no assurance that the recovery time will be quicker. The bottom line is that a data breach is bad news for any company no matter how you call it or try to fix it. Preventative procedures are the very best way forward and you need to take actions to make sure an attack does not happen to your organization in the first place. The use of endpoint threat detection systems can have a substantial role in preserving strong defenses for any company that decides to implement it.

Biggest Known Data Breach By Russian Cyber Criminals Highlights The Need For Continuous Endpoint Monitoring – Chuck Leaver

Charles Leaver Ziften CEO


It is believed that the most significant recognized cyber attack in the history of data breaches has been found by an American cyber security company. It is believed by the company that a team of cyber criminals from Russia that they have actually been examining for numerous months is responsible for stealing passwords in the billions and other delicate individual data. It is declared that the Russian team stole 4.5 billion credentials, although a lot were duplicated, and the end result was 1.2 billion unique data profiles being stolen. The group stole the info from 420,000 sites of various sizes, from big brand websites to smaller mom and pop shops.

The New York Times mentioned that the cyber wrongdoers consisted of about 12 people. Beginning with small scale spamming methods in 2011 they gained the majority of the data by purchasing stolen databases.

In an interview with PCMag, the founder of the company that found the breach, Alex Holden, said “the gang started by just purchasing the databases that were available online.” The group used to purchase at fire sales and were described as “bottom feeders”. As time progressed they started the purchase of higher quality databases. It’s kind of like graduating from taking bicycles to taking costly cars.”

A Graduation From Spamming To Utilizing Botnets

The cyber criminal group began to alter their behavior. Botnets were used by the team to collect the stolen data on a much larger scale. Through using the botnets the group were able to automate the procedure of determining websites that were susceptible and this enabled them to work 24/7. Anytime that an infected user would visit a website, the bot would check to see if the vulnerability would undergo an SQL injection automatically. Utilizing these injections, which is a frequently utilized hacking tool, the database of the website would be forced to display its contents through the entering of a basic query. The botnets would flag those websites that were susceptible and the hackers returned later on to extract the information from the site. The use of the bot was the ultimate downfall of the group as they were spotted by the security business using it.

It is thought by the security company that the billions of pieces of information that were stolen were not stolen at the same time, and that the majority of the records were probably purchased from other cyber criminals. According to the Times, few of the records that were taken have actually been sold online, instead the hacking team have decided to utilize the information for the sending of spam messages on social networks for other groups so that they can earn money. Other cyber security experts are asserting that the magnitude of this breach is part of a trend of cyber bad guys stockpiling big quantities of personal profiles gradually and saving them for usage later, according to the Wall Street Journal.

Security expert at the research study company Gartner, Avivah Litan, said “businesses that rely on user names and passwords have to establish a sense of urgency about changing this.” “Up until they do, wrongdoers will simply keep stockpiling individuals’s credentials.”

Cyber attacks and breaches on this scale highlight the requirement for companies to protect themselves with the most recent cyber security defenses. Systems that utilize endpoint threat detection and response will help organizations to produce a clearer picture of the dangers facing their networks and receive information that is actionable on how best to defend against attacks. Today, when huge data breaches are going to occur increasingly more, making use of continuous endpoint visibility is critical for the security of a company. If the network of the company is continuously monitored, risks can be identified in real time, and this will minimize the damage that a data breach can inflict on the reputation and bottom line of an organization.


Chuck Leaver – The Ziften And Splunk Active Response Framework Provides Significant Advantages

Written By Chuck Leaver CEO Ziften


We were the sponsor in Las Vegas for a fantastic Splunk.conf2014 program, we returned stimulated and chomping at the bit to push on even further forward with our servicen here at Ziften. A talk that was of particular interest was by the Security Solutions Architect for Splunk, Jose Hernandez. “Using Splunk to Automatically Alleviate Risks” was the name of his talk. If you want to see his slides and a recording of the talk then please go to

The use of Splunk to assist with mitigation, or as I like to describe it as “Active Response” is an excellent concept. Having all of your intelligence data flowing into Splunk is extremely powerful, and it can be endpoint data, outside risk feeds etc, and after that you will be able to act on this data really completes the loop. At Ziften we have our effective continuous monitoring on the endpoint solution, and being wed to Splunk is something that we are truly extremely proud of. It is a truly strong move in the right direction to have real time information analysis paired with the ability to react and take action against occurrences.

Ziften have actually produced a mitigation action which uses the available Active Response code. There is a demo video included in this post below. Here we had the ability to produce a mitigation action within our Ziften App for Splunk as proof of concept. After the action is created, results within Splunk ES (Enterprise Security) can be observed and tracked. This really is a major addition and now users will be able to monitor and track mitigations within Splunk ES, which offers you with the major benefit of being able to complete the loop and establish a history of your actions.

That Splunk is driving such an effort delights us, this is most likely to progress and we are dedicated to continually support it and make additional progress with it. It is extremely exciting at the moment in the Endpoint Detection and Response space and the Active Response Framework integrated into Splunk being added will definitely stimulate a high degree of interest in my viewpoint.

For any questions concerning the Ziften App for Splunk, please send an email to