Archive for August, 2015

Chuck Leaver – The Investment In Cyber Security Continues To Grow At Record Pace

Written By Patrick Kilgore And Presented By Chuck Leaver Ziften CEO

A report was released called “Investors put billions into cyber security companies” by CEO of Cybersecurity Ventures, Steve Morgan. This is not conjecture. The previous year alone, venture backed cyber security companies raised practically $2 billion dollars. With this increase of capital, you would be forgiven for believing that things have actually achieved their peak. But you would be incorrect …

At the midpoint of 2015, start ups in cyber security had already raised $1.2 billion in funding. There seems to be no end in sight when it comes to cyber security as Morgan indicates. Leading companies like Allegis Capital have actually even raised funds (to the tune of $100M) to back cyber security innovation, exclusively.

The typical suspects are not there on the list of names. Morgan’s post specifies that the majority of the funding announcements are for quick growing organizations like ours. Ziften remains in good company among innovators who are keeping up with the demands of modern cyber security. While we lead the pack in constant endpoint visibility – others companies have actually taken distinct approaches, like applying artificial intelligence to the fight against cyber attacks or simplifying essential lookups to bring public key file encryption to the masses. They are all taking on a various pieces of the puzzle.

And it definitely is a puzzle. Since lots of services are highly specialized, working together is going to be very important. The requirement for integrating the different elements in the market for an advanced view of the issue set is clear. That’s why we developed Ziften Open Visibility ™ – to provide APIs, connectors, and indicators to integrate endpoint context and attribution data with existing financial investments.

Market Vision That Is 20/20

It might seem like market saturation to the layman however it is simply the tip of the cyber security iceberg. Every day, cyber attacks end up being more sophisticated, discovering new methods to ravage customers and companies. This list of endorsed companies is a testament to the notion that legacy endpoint and network security is falling short. The notion of prevention is a good one, but security specialists now understand that a two pronged strategy is required that integrates detection and response.

You can have a 20/20 view of your security landscape, or you can keep your current blind spots. Which one do you believe will help you to sleep at night?


Chuck Leaver – Cisco 2015 Midyear Security Report Is Not All Negative

Written By Michael Bunyard And Presented By Ziften CEO Chuck Leaver

Having a look through the Cisco 2015 Midyear Security Report, the consensus was that “the bad guys are innovating faster than the security community.” This is not an unique statement and can be discovered in a great deal of cyber security reports, due to the fact that they are reactive studies to past cyber attacks.

If all you do is concentrate on negative results and losses then any report is going to look negative. The fact is that the vendors that are releasing these reports have a lot to gain from companies that wish to buy more cyber security solutions.

If you look carefully within these reports you will find good pieces of guidance that might considerably enhance the security arrangements of your organization. So why do these reports not start with this info? Well it’s all about offering solutions right?

One anecdote stood apart after checking out the report from Cisco that would be simple for organization security groups to deal with. The increasing vulnerabilities and exploits of Adobe Flash were detailed, and they are being integrated typically into exploit packages such as Angler and Nuclear. The Flash Player is regularly updated by Adobe, but a variety of users are sluggish to use these updates that would provide them with the security that they require. This indicates that hackers are making the most of the gap between the vulnerability being discovered and the update patch being applied.

Vulnerability Management Is Not Resolving The Issue

You would be forgiven for believing that since there are a whole variety of services in the marketplace which scan endpoints for vulnerabilities that are understood, it would be very simple to make sure that endpoints were updated with the most recent patches. All that is required is for a scan to be run, the endpoints that require updating identified, run the updates and job done right? The issue here is that scans are only run periodically, patches fail, users will introduce susceptible apps unintentionally, and the company is now wide open up until the next scan. In addition, scans will report on applications that are installed but not utilized, which results in considerable numbers of vulnerabilities that make it difficult for an analyst to prioritize and control.

What Is So Simple To Address Then?

The scans need to be run continuously and all endpoints monitored so that as quickly as a system is not compliant you will know about it and can respond right away. Constant visibility that provides real time notification and comprehensive reporting is the new requirement as endpoint security is redefined and people realize the age of avoidance – first is over. Leveraging the National Vulnerabilities Database (NVD), each application that is in fact running a known vulnerability can instantly be recognized, security personnel notified, and the patch used. Additionally, services can search for suspicious activity from susceptible applications, like abrupt application crashes, which is a possible indication of an exploit effort. Finally, they can likewise identify when a user’s system has not been rebooted since the last security patch was available.

There Certainly Is Hope

The good news about real-time endpoint visibility is that it works on any vulnerable application (not just Adobe Flash) because, hackers will move from app to app to develop their methods. There are basic services to big issues. Security teams simply have to be warned that there is a better method of managing and securing their endpoints. It just takes the proper endpoint detection and response service.


Chuck Leaver – Did You Know That The Human Hack Is The Oldest Trick In The Book?

Written By Patrick Kilgore And Presented By Charles Leaver CEO Ziften



When you are at the Black Hat annual conference there are conversations going on all over about hacking and cyber security and it can make you paranoid. For a lot of people this is just an appetiser for the DEF CON hacking show.

A long time ago a story was released by the Daily Dot which was named “The art of hacking humans” which talked about the Social Engineering “Capture the Flag” contest that has been running from 2010. In it, participants utilize the best tool a hacker has at their disposal – their wits – and take advantage of tall tales and social subterfuge to persuade unsuspecting victims to provide delicate information in exchange for points. A few mistakes here, a comment about applications there, and a bang! You’re hacked and on the front page of the New York Times.

For the businesses being “Targeted” (such as huge box retailers who will remain nameless …), the contest was originally deemed an annoyance. In the years since its beginning nevertheless, the Capture the Flag contest has gotten the thumbs up from lots of a business security specialists. Its participants engage annually to evaluate their nerve and help possible hacking victims comprehend their vulnerabilities. It’s a white hat education in what not to do and has made strides for business awareness.

Human Hacking Begins With … Humans (duh).

As we know, most malicious attacks start at the endpoint, because that is where the humans in your company live. All it takes is access from an ambiguous place to do severe damage. But rather than consider hacks as something to react to or a mere procedure to be killed, we have to remind ourselves that behind every attack there is an individual. And eventually, that’s who we have to equip ourselves against. But how?

Considering that companies exist in the real world, we must all accept that there are those who would do us damage. Rather than aiming to prevent hacks from taking place, we have to re-wire our brains on the matter. The secret is recognizing harmful user habits as it is occurring so that you can respond appropriately. The new period of endpoint security is concentrated on this ability to visualize user behavior, examine and examine it rapidly, and then react rapidly. At Black Hat we are revealing folks how they can continually monitor the fringes of their network so that when (not if) breaches take place, they can be promptly tackled.

As a wise man once stated, “You cannot protect what you cannot manage and you cannot manage what you cannot see.” The outcome significantly decreases time to detect and time to respond (TTR). And that’s no lie.

Why Cyber Security Is A Person Versus Person Battle – Chuck Leaver

Written By Michael Bunyard And Presented By Chuck Leaver CEO Ziften

Cyber security is everything about people vs. people. Each day that we sift through the current attack news (like the current Planned Parenthood breach) it becomes increasingly more apparent that not only are people the issue, in lots of respects, but people are also the answer. The aggressors are available in different classifications from insiders to hackers to organized crime and State sponsored terrorists, but at the end of the day, it’s individuals that are directing the attacks on companies and are for that reason the problem. And it’s people that are the primary targets exploited in the cyber attack, normally at the endpoint, where people access their connected corporate and personal worlds.

The endpoint (laptop computer, desktop, phone, tablet) is the device that people utilize throughout their day to get their jobs done. Consider how frequently you are connected to your endpoint( s). It’s a lot, right? Not only are these endpoints susceptible (see the Stagefright Android vuln for a fine example), the people at the endpoint are typically the weak spot in the chain that offers the opening for the aggressors to exploit. All it takes is one person to open the incorrect email, click to the wrong site or open the incorrect file and it’s game on. Despite all the security awareness available, individuals will make mistakes. When speaking about the Planned Parenthood breach my associate Mike Hamilton, who directs the product vision here at Ziften, provided a truly interesting insight:

” Every organization will have individuals against it, and now those people have the methods and objective to interrupt them or take their data. Leveraging existing blind spots, cyber criminals and even hackers have easy access through vulnerable endpoints and utilize them as a point of entry to conceal their activities, avert detection, exploit the network and take advantage of the targeted organization. It is now more crucial than ever for companies to be able to see suspicious habits beyond the network, and definitely beyond just their web server.”

People Powered Security

It makes sense that cyber security solutions should be purpose built for the people that are protecting our networks, and keeping an eye on the habits of the people as they utilize their endpoints. But typically this hasn’t been the case. In fact, the endpoint has been a virtual black box when it comes to having continuous visibility of user behaviors. This has caused a lack of info about what is really taking place on the endpoint – the most vulnerable element in the security stacks. And cyber security services certainly do not appear to have the people safeguarding the network in mind when silos of disparate pieces of information flood the SIEM with so many false positive signals that they cannot see the real dangers from the benign.

People powered security makes it possible for seeing, examining, and reacting by examining endpoint user habits. This has to be carried out in a manner that is painless and quick due to the fact that there is a big lack of abilities in companies today. The best technology will allow a level one responder to handle the majority of suspected dangers by providing simple and succinct information to their fingertips.

My security expert associate (yeah, I’m fortunate that on one corridor I can talk to all these folks) Dr. Al Hartmann states “Human-Directed Attacks require Human Directed Response”. In a current blog, he nailed this:

” Human intelligence is more flexible and innovative than machine intelligence and will always eventually adapt and beat an automated defense. This is the cyber-security versio of the Turing test, where a machine defense is attempting to rise to the intellectual level of a skilled human hacker. At least here in the 21st Century, machine learning and artificial intelligence are not up to the task of totally automating cyber defense, the cyber assailant inevitably triumphs, while the victims lament and count their losses. Just in sci-fi do thinking machines overpower humans and take control of the planet. Don’t accept the cyber fiction that some self-governing security software application will outsmart a human hacker foe and conserve your company.”

Individual powered security empowers well briefed dynamic response by the individuals trying to prevent the opponents. With any other technique we are simply kidding ourselves that we can stay up to date with attackers.