Archive for September, 2015

Ziften Delighted At Being A Red Herring Award Winner – Chuck Leaver

Written By Rachel Munsch And Presented By Charles Leaver CEO Ziften


There is some amazing news to share: For 2015 Ziften has actually been selected as a Top 100 North America award winner. There were around 1200 businesses from the USA and Canada evaluated in the yearly competition and our Endpoint Detection and Response solution was able to lift us into the leading 100.

It is well known that the Red Herring 100 Awards are widely understood to be one of the sector’s more prestigious acknowledgments. Those that reach the finals have to go through an extensive selection procedure which is based on over 20 criteria that includes technological development, addressable market, business model, customer footprint and level of specialty. Alex Vieux, CEO and Red Herring Publisher, felt that the competition was really strong this year and the process of selection was hard:

“However after much thought, strenuous reflection and discussion, we narrowed our list down from hundreds of candidates from across North America to the North America winners. We believe Ziften embodies the vision, drive and innovation that specify a successful entrepreneurial venture. Ziften ought to be proud of its accomplishment, as the competition was really strong.”

Here at Ziften we are extremely proud to be selected as a Red Herring award winner. It’s always gratifying to have our work validated and be recognized, especially when you think about the renowned list of finalists. Our commitment to helping companies safeguard themselves from the sophisticated risks that exist today remains strong, and this award will work as an inspiration moving on as we continue to make every effort to be the leader in endpoint security and protection.

Chuck Leaver – Vishing Scams Are Making The World A More Dangerous Place

Written By David Shefter And Presented By Ziften CEO Chuck Leaver


I was enjoying television in August, 2015 and I had a call from a 347 location code phone number. I thought that it was an organization colleague of mine who resides in the external districts, so I answer the call.

The call was a complete surprise, “Roy Callahan from the NYC Police Department” threatens me with a warrant for my arrest within minutes, and mentions that I need to turn myself into the regional police department. So, I spoke with my buddy Josh Linder. He states that it’s rampant in the area where he lives and likewise happened to him, however they threatened him if he didn’t comply by purchasing a $9000 Green Dot pre-paid card.

If You Believe This Sounds Embellished …

This takes place thousands of times every day. Law enforcement agencies (LEA’s) ranging from local towns to the FBI, and everything in between are under immense pressure. They cannot compete – poor actors are quick, wise, and ahead of the curve.

These wrongdoers also know how budget, skill and resource constrained the LEA’s are. The regional ones are best at capturing thieves and pulling over speeding vehicles, not tracking terrorists to their origin across federal or state borders. With little coordination or interest and a lack of tools, over 99% of these frauds go unsettled.

How Did They Find Me?

First, social networking has actually developed a treasure trove of info. People entrust their name, address, telephone number, work history, educational background, and social circles to the public domain. This is where the danger lies, not the much promoted hacks at federal government agencies, financial institutions, healthcare organizations and retailers.

However, the big exposures at retailers like Home Depot, Target and Michael’s in addition to the more recent hacks at the United States Office of Personal Management (OPM), United Airlines and Anthem should be of incredible concern. This information permits wrongdoers the capability to triangulate data, and develop a rich persona of individuals like you and me.

Putting this into context, 10s of millions of records were exposed, which could be used to go far beyond extortion payments, and move towards the exploit physical susceptibilities in military workers, executives or even regular people.

How Quickly Will I Be Exposed?

In accordance with a 2014 FBI rip-off alert, victims reported having money illegally withdrawn from their accounts within 10 minutes of receiving a vishing call, and another of having hundreds or thousands of deceptive withdrawals in the days following.

What Can I Do About It?

As an individual, it is best to be watchful and use good sense. Regardless of what a “vishing” caller ID says, the U.S. IRS will not require cash or account numbers. Do not fall victim to Vishing’s wicked cousin Phishing and click links in e-mails which could take you to a malware website – spend an extra two seconds verifying that the e-mail is actually who it is from, not simply a familiar name.

Second, it’s sensible to protect your social profiles on the Internet. Facebook, LinkedIn, Twitter, and the trove of other tools have probably already exposed you. Perform a simple Google search, then move to tidy up the public aspects of your online persona.

Third, imitate an enterprise to secure your workers as if they were your relatives. Large companies have invested heavily in antivirus, drive encryption, email security, and next generation firewalls. None of this matters – phishing and vishing scams go right around these. You need training, continuous education, watchfulness, and innovation which is smarter. An essential method to this is executing continuous endpoint visibility on your devices. At Ziften, our software plugs security gaps to form a more resistant wall.

The battle for cyber security protection is consuming your resources, from your people to your budget plan. Hazards are faster, more intelligent, and more focused than ever before, and working their way around standard prevention solutions and getting straight to the point; your endpoints. Once breached you have less than an hour before the cyber attack finds additional victims within your company. Time is of the essence, and because we can’t create more of that, we focus on taking full advantage of constant intelligence so your group can make the right choice, immediately.

In Conclusion

Today, people are so concentrated on deceptive credit card charges, and organizations are locking down endpoints at a record rate.

More has to be done. The bad guys are much faster, smarter, more enabled – and outside the bounds of the authorities. While news will continue to come concerning the success of capturing large-scale fraudsters and untouchable foreign nationals in China and Russia, there will be countless small-scale exploits daily.

At Ziften, we have one mission, to make endpoint security quick and easy for the end user to not only deploy, but manage and drive day-to-day value. By integrating real-time user, device, and habits monitoring with effective analytics and reporting, Ziften instantly empowers any company to view, check, and respond to the very latest attacks.

Many thanks to Josh Linder for his discussions on this topic.

Chuck Leaver – Ziften Can Be Your Gartner SOC Nuclear Triad

Written By Dr Al Hartmann And Presented By Chuck Leaver Ziften CEO


Anton Chuvakin, VP and security analyst at Gartner Research published about the three necessary Security Operations Center (SOC) tools needed to offer effective cyber attack visibility. Chuvakin compared them to the cold war’s “nuclear triad” concept of siloed, air-borne, and nuclear submarine abilities needed to guarantee survival in a total nuclear exchange. Similarly, the SOC visibility triad is essential to ensuring the survival of a cyber attack, “your SOC triad seeks to considerably minimize the chance that the aggressor will operate on your network long enough to accomplish their goals” as Chuvakin wrote in his post.

Now we will look at the Gartner designated basics of the SOC triad and how Ziften supports each capability.

SIEM (Security Information and Event Management) – Ziften Open Visibility ™ extends existing security, event tracking tools and system management by delivering vital open intelligence of any enterprise endpoint. Ziften’s Open Visibility platform now includes integration with Splunk, ArcSight, and QRadar, as well as any SIEM supporting Common Event Format (CEF) alerts. Unlike contending product integrations that just offer summary data, Ziften Open Visibility exposes all Ziften gathered endpoint data for complete featured integration exploitation.

NFT (Network Forensics Tools)– Ziften ZFlow ™ extends network flow based cyber security tools with vital endpoint context and attribution, greatly boosting visibility to network events. This new standards based technology extends network visibility down within the endpoint, collecting important context unobservable over the wire. Ziften has an existing product integration with Lancope, and also has the ability to rapidly integrate with other network flow collectors utilizing Ziften Open Visibility architecture.

EDR (Endpoint Detection and Response)– The Ziften Endpoint Detection and Response service constantly examines user and device habits and highlights abnormalities in real time, permitting security analysts to focus on advanced threats faster and reduce Time To Resolution (TTR). Ziften EDR allows organizations to more quickly determine the origin of a breach and pick the needed restorative actions.

While other security tools play supporting roles, these are the three fundamentals that Gartner asserts do make up the core defender visibility into opponent actions within the targeted company. Arm up your SOC triad with Ziften. For a no obligation free trial, check out: to read more.

Time Is Money With Incident Response – Chuck Leaver

Written By Kyle Flaherty And Presented By Ziften CEO Chuck Leaver

It was rather a day on July 9 2015 in the world of cyber security. The first thing to take place was the grounding of flights by United Airlines due to a technical glitch, this was followed soon later on by the New York Stock Exchange (NYSE) announcing they had to halt trading. This report came from the Wall Street Journal as you would expect, and they went offline soon after this.

This caused complete panic on the Internet! There was an enormous buzz on Twitter and there were a great deal of rumors that a well coordinated cyber attack was occurring. People were jumping off the virtual bridge and stating a virtual Armageddon.

There was general chaos until the 3 organizations declared in public that the issues were not associated with cyber attacks however the dreadful unknown “technical glitch”.

Visibility Is The Problem For Attacks Or Glitches

In today’s world it is assumed that “glitch” implies “attack” and it is true to say that an excellent team of hackers can make them look the same. There are still no details about the occurrences on that day and there probably never ever will (although there are rumors about network resiliency problems with one of the biggest ISPs). At the end of the day, when an event like this happens all organizations require answers.

Statistics suggest that each hour of incident response might cost thousands of dollars an hour, and in the case of businesses such as United and NYSE, downtime has actually not been considered. The board of directors at these companies don’t wish to hear that something like this will take hours, and they may not even care how it occurred, they just want it solved quickly.

This is why visibility is always in the spotlight. It is essential when emergency situations strike that a company understands all the endpoints in their environment and the contextual habits behind those endpoints. It might be a desktop, a server, a laptop computer and it might be offline or online. In this modern era of security, where the concept of “avoid & obstruct” is no longer a suitable method, our capability to “rapidly detect & react” has ended up being more and more vital.

So how are you making the transition to this new era of cyber security? How do you minimize the time in determining whether it was an attack or a glitch, and exactly what to do about it?