Archive for May, 2015

Chuck Leaver – Data Breaches Are On The Rise So Organizations Must Pursue Data Loss Prevention

By Ziften CEO Chuck Leaver

For United States businesses the occurrence of a significant cyber attack and consequential data leak is looking more like “when” rather than “if”, because of the new risks that are presenting themselves with fragmented endpoint strategies, cloud computing and data extensive applications. All too frequently companies are ignoring or improperly resolving vulnerabilities that are understood to them, and with aging IT assets that are not properly secured the cyber criminals begin to take notice.

The number of data breaches that are taking place is very disturbing. In a report from the Verizon Risk Team there were 855 substantial breaches which resulted in 174 million records being lost back in 2011. The stakes are very high for businesses that deal with personally identifiable information (PII), due to the fact that if employees are not informed on compliance and inadequate endpoint data security steps remain in place then expensive legal action is most likely to take place.

” The possibility of a data breach or personal privacy problem happening in any business has become a virtual certainty,” Jeffrey Vagle, legal expert writing for Mondaq mentioned. He recommended that record keepers need to reassess their approach to network and device security, employee data access controls and the administration of PII details. The increase in the use of cloud services can make the prevention of data breaches more of a challenge, as these services make it possible for the enormous exchange of info every time. It would just take one occurrence and countless files could be lost.

Known Vulnerabilities Require Focus

A great deal of IT departments stress continually about zero day attacks that will cause a data breach and catch them off guard. As an example of this, Dirk Smith of Network World discussed an Adobe Acrobat exploit that provided access for hackers to perform advanced surveillance. A lot of IT vulnerabilities can come when software is not patched up to date, and a great deal of zero day threats can take place from weak points in legacy code that includes a bug in Windows which targeted functions that were first presented Twenty Years back.

Security expert, Jim Kennedy wrote in a Continuity Central post “one thing that I have discovered is that much of the breaches and invasions which were successful did so by attacking known vulnerabilities that had actually been determined and had actually been around for years: not from some sophisticated ‘zero-day’ attack which was unidentified and unknown up until just the other day by the security community at large.” “And, even more troubling, social engineering continues to be a most effective way to start and/precipitate an attack.”

Now the cyber criminal fraternity has access to an extensive series of pre packaged malware. These tools have the ability to carry out network and computer system analytics that are complicated in nature and after that suggest the optimum attack strategy. Another risk is a human one, where staff members are not trained correctly to screen out calls or messages from individuals who lie about being a member of the technical support group of an external security provider.

It is definitely essential to proactively prevent zero day attacks with robust endpoint protection software, however also companies need to combine efficient training and procedures with the software and hardware solutions. While many companies will have a number of security policies in place there is typically an issue with enforcing them. This can result in risky fluctuations in the motion of data and network traffic that should be reviewed by security staff being ignored and not being attended to.


Chuck Leaver – The Endpoint Is Now The Target For Malicious Widely Distributed Attacks

From The Desk Of Chuck Leaver CEO Ziften Technologies

With the development of bring your own device (BYOD) strategies and cloud computing the protecting of particular endpoints has actually ended up being more difficult, as administrators could be making ease of data access a priority over security. The threats exist however, because most of the existing generation of endpoint security software have not been modified to protect from aggressive hacking and harmful cyber attack methods that target specific endpoints as the launch pad for attacks that are widely distributed.

There was a really well-known endpoint attack that occurred in recent times where a malware family called Comfoo was utilized to jeopardize the networks of lots of multinational organizations back in 2010. The Comfoo malware consisted of a number of custom developed backdoor Trojans and exploits that could continuously disperse malware. A more serious repercussion was that this malware could cause harmful data leakage by scraping account and network information and monitor all user input, according to CRN contributor Robert Westervelt. It is believed that the Comfoo malware could have been a part of a sophisticated cyber espionage project, because of the method that was used and the evasion of traditional endpoint monitoring.

Utilizing e-mail phishing and social engineering the malware was able to jeopardize targeted gadgets, which highlights how ripe endpoints have ended up being for malware infestation, so states Jason O’Reilly, security executive. When he was speaking with ITWeb, O’Reilly stated that standard endpoint software does not sufficiently account for access from places beyond the IT department most of the time, and it does not restrict data exposure to authorized parties through using access controls.

O’Reilly stated that “endpoint security services need to offer layered security that surpasses signature-based detection just to include heuristic-based detection and polymorphic-based detection.” “Today’s networks are exposed to dangers from various sources.”

Real Time Threat Capturing And Report Creation

The high stakes for control techniques and endpoint security were recognized by business consulting company Frost & Sullivan, as they felt both of these areas were under pressure from both external attackers and the pressing demand from employees for device choice versatility.

Chris Rodriguez, Frost & Sullivan analyst mentioned “business IT organizations now deal with tremendous pressure to allow employees to access the business network and files from their own individual devices.” “Considering their apparently omnipresent nature, fast data connections, and powerful hardware and os, these gadgets represent prime targets for hackers.”

When asked exactly what organizations can do to tighten up on the distinct weaknesses of mobile hardware, O’Reilly advised that any solutions need to provide clear and comprehensive visibility into exactly what is happening on each endpoint so that action can be taken rapidly when any dangers are spotted.


Chuck Leaver – Two Thirds Of Organizations Believe That They Are Immune To Cyber Attacks

By Chuck Leaver Ziften Technologies CEO

A large number of organizations have the belief that there is no need for them to pursue assiduous data loss avoidance, they regard cyber attacks as either extremely unlikely to happen or have minimal financial effect if they do take place. There is a boost in the recorded cases of cyber attacks and advanced relentless risks have contributed to this complacency. These destructive attacks have the tendency to avert conventional endpoint security software applications, and while they lack the teeth of denial-of-service attacks, they have the potential to cause significant damage.

Over 67% of organizations declare that they have actually not been the victims of a cyber attack in the last 18 months, or that they had little or no visibility into whether an attack had actually jeopardized their network according to Infosecurity. The planners of the survey were skeptical about the results and highlighted the numerous vulnerable desktop and mobile endpoints that are now typical in businesses.

Security specialist and survey planner Tom Cross said “Any system you link to the Internet is going to be targeted by attackers very quickly afterwards.” “I would assert that if you’re uncertain whether or not your company has had a security incident, the chances are really high that the answer is yes.”

Around 16% stated that they had experienced a DDoS attack over the very same period, and 18% reported malware infestations. Regardless of this, most of the companies examined the repercussions as minor and not validating the installation of new endpoint security and control systems. Around 38% stated that they had not struggled with discovered security breaches, and only 20% did admit to financial losses.

The loss of reputation was more widespread, affecting around 25% of the respondents. Highlighting the potential effect of a cyber attack on finances and reputation, an event at The University of Delaware led to 74,000 individuals having their sensitive data exposed, according to Amy Cherry, WDEL contributor. The hackers targeted the school’s website and scraped information about university identifications and Social Security Numbers, which forced it to supply complimentary credit monitoring of the affected individuals.



Keynote Address From RSA President Discusses Moving On From The Dark Ages Of Cyber Security – Chuck Leaver

Written By Dr Al Hartmann And Presented By Chuck Leaver CEO Ziften Technologies

A 5 Point Plan For A New Security Approach Proposed By Amit Yoran

Amit Yoran’s, RSA President provided an excellent keynote speech at the RSA Conference which reinforced the Ziften philosophy. Ziften is intently focused on continuous endpoint monitoring, silo-busting Ziften Open Visibility ™, risk-focused security analytics, and to offer robust defenses in a brand-new age of advanced cyber attacks. Present organization security strategy was criticized as being bogged down in the Dark Ages of cyber moats and castle walls by Yoran, it was described as an “epic fail”, and he outlined his vision for the way forward with 5 main points, and commentary from Ziften’s point of view has actually been included.

Stop Believing That Even Advanced Protections Suffice

” No matter how high or wise the walls, focused foes will find ways over, under, around, and through.”

A great deal of the previous, more sophisticated attacks did not use malware as the primary strategy. Standard endpoint antivirus, firewalls and traditional IPS were criticized by Yoran as examples of the Dark Ages. He specified that these traditional defenses could be quickly scaled by skilled hackers and that they were largely inadequate. A signature based anti-virus system can only secure against previously seen dangers, however unseen threats are the most threatening to a company (since they are the most common targeted attacks). Targeted cyber wrongdoers utilize malware only 50% of the time, perhaps only briefly, at the start of the attack. The attack artifacts are readily altered and not utilized again in targeted campaigns. The build-up of transient indicators of compromise and malware signatures in the billions in large antivirus signature databases is a pointless defensive approach.

Embrace a Deep and Prevalent Level of Real Visibility All over – from the Endpoint to the Cloud

“We require prevalent and real visibility into our enterprise environments. You simply can’t do security today without the visibility of both constant complete packet capture and endpoint compromise assessment visibility.”

This suggests continuous endpoint monitoring throughout the enterprise endpoint population for generic indicators of compromise (not stale attack artifacts) that reflect timeless techniques, not fleeting hex string happenstance. And any company implementing constant complete packet capture (comparatively expensive) can quickly pay for endpoint threat assessment visibility (comparatively low-cost). The logging and auditing of endpoint process activity supplies a wealth of security insight utilizing only primary analytics approaches. A targeted hacker relies on the relative opacity of endpoint user and system activity to cloak and hide any attacks – while true visibility offers an intense light.

Identity and Authentication Matter More than Ever

” In a world with no border and with less security anchor points, identity and authentication matter more than ever … At some point in [any effective attack] campaign, the abuse of identity is a stepping stone the assailants use to impose their will.”

Making use of more powerful authentication is good, but it just makes for higher walls that are still not impenetrable. Exactly what the hacker does when they overcome the wall is the most crucial thing. The tracking of user endpoint logins (both local and remote), and the engagement of applications for indications of irregular user activity (insider attack or prospective compromised credentials). Any activity that is observed that is different from normal patterns is possibly suspicious. One departure from normality does not make a case, however security analytics that triangulates several normality departures concentrates security attention on the highest danger anomalies for triage.

External Threat Intelligence Is A Core Capability

” There are incredible sources for the best risk intelligence … [which] should be machine-readable and automated for increased speed and leverage. It must be operationalized into your security program and tailored to your organization’s assets and interests so that experts can rapidly resolve the threats that present the most risk.”

Many targeted attacks typically do not utilize readily signatured artifacts again or recycle network addresses and C2 domains, but there is still value in risk intelligence feeds that aggregate prompt discoveries from countless endpoint and network risk sensors. Here at Ziften we incorporate third party risk feeds through the Ziften Knowledge Cloud, plus the exposure of Ziften discoveries into SIEM and other enterprise security and operations infrastructure via our Open Visibility ™ architecture. With the developing of more machine-readable threat intelligence (MRTI) feeds, this capability will effectively grow.

Understand What Matters Most To Your Company And Exactly what Is Mission Critical

” You must comprehend what matters to your company and exactly what is mission critical. You have to … defend exactly what is very important and safeguard it with everything you have.”

This holds true for threat driven analytics and instrumentation that focuses security attention and effort on areas of greatest enterprise threat exposure. Yoran promotes that asset value prioritization is only one side of enterprise risk analysis, and that this goes much deeper, both pragmatically and academically. Security analytics that focus security personnel attention on the most common dynamic risks (for example by filtering, correlating and scoring SIEM alert streams for security triage) need to be well-grounded in all sides of enterprise risk analysis.

At Ziften we applaud Amit Yoran’s messages in his RSA 2015 keynote address as the cyber security market progresses beyond the existing Dark Ages of facile targeted attacks and entrenched exploitations.