Archive for November, 2015

Chuck Leaver – Breach Defense Requires Endpoint Threat Detection Investment

Written By Chuck Leaver Ziften CEO



Preventing data breaches is a difficult thing to achieve, but essential to prosper in the present business climate. Because of the large amount of cyber wrongdoers waiting in the wings to take personal details, credit card information, and other important data from consumers, companies need to know the high amount of hazards to info online, and take steps to prevent it. Making use of endpoint threat detection and response software is among the best ways to take care of this issue, as it can allow for a simple way to combat against a variety of various exploits hackers can utilize to obtain access to a company network.

In order to produce a much better, more attack proof system, developing a strong sense of back-end security is necessary. The New York Times’ short article on safeguarding data discusses a couple of, extremely important steps that can make a big difference in keeping client information from falling into the wrong hands. Some of the steps the article discusses consist of using point-of-sale systems for consumer transactions only, committing one computer to all monetary company, and keeping software applications up to date. These are wise pointers due to the fact that they secure against a number of manners in which hackers want to utilize to breach systems. A PoS system that doesn’t link to the Web other than to send data to bank servers is more secure than one that isn’t so limited because it decreases the danger of a virus getting onto the network through the Internet. Making one computer the single access point for monetary transactions and absolutely nothing else can keep viruses or other harmful monitoring software from getting in. In this way, a company can considerably protect its clients while not in fact taking on that many additional expenses.

Make Sure That Security And Safety Come First

Property Casualty 360 has a similar list of suggestions, including automating patches to business systems, utilizing file encryption on all devices, enforcing strong passwords, and keeping an eagle-eyed approach to e-mail. Encrypting information, specifically financial info, is extremely essential. It is possible for a hacker to get monetary details saved as plain text really simply without making use of file encryption measures. Of course, strong endpoint threat response systems ought to be used to handle this danger, but security, like clothing in Fall, is best when layered. Utilizing a number of different strategies simultaneously greatly decreases the possibility of a given organization’s data from being breached, which can, in time, make it a lot easier to secure against any type of damage that could be done.

Lots of breaches take place not when a piece of malware has successfully planted itself on a server, however when an employee’s email account contains an insecure password. Dictionary words, like “cat” or “password,” ought to never ever be used. They are easy to hack and to break in to, and they can lead to whole stores of data being stolen. Likewise, an employee accidentally sending out a list of clients to someone without checking their desired recipients list can wind up sending an entire fleet of details out to the wrong person, easily causing massive data loss. This kind of leakage needs to be prevented by solid training.

In response to the multitude of risks out there presently, the very best method to handle them is to use strong endpoint threat response systems in order to avoid losing crucial data. Utilizing a large variety of various security methods in order to secure against all inbound attacks in a wise way to make sure that your organization is able to weather a variety of knocks. This kind of attitude can keep a company from being sunk by the big amount of attacks presently hitting companies.

Chuck Leaver – During The Holiday Season Hackers Will Still Be Working

Written by Ziften CEO Charles Leaver



Throughout the Christmas season it is a time of opportunity for the cyber bad guys, syndicates and state-sponsored cyber teams to attack your organization. A decreased number of IT personnel at work might enhance the chances for undiscovered endpoint compromise, sneaky lateral pivoting, and unnoticed data exfiltration. Experienced attack groups are most likely appointing their leading skills for a well-coordinated holiday hackathon. Penetration of your business would likely start with an endpoint compromise through the normal targeted techniques of spear phishing, social engineering, watering hole attacks, etc

With countless enterprise client endpoints available, preliminary infiltration hardly postures an obstacle to experienced assailants. Traditional endpoint security suites are there to secure against previously-encountered known malware, and are basically ineffective against the one-off crafted exploits utilized in targeted attacks. The attack organization will have examined your business and assembled your basic cyber defense systems in their labs for pre-deployment avoidance testing of planned exploits. This pre-testing may consist of suitable sandbox evasion approaches if your defenses consist of sandbox detonation safeguards at the business boundary, although this is not always required, for example with off-VPN laptops going to jeopardized market watering holes.

The methods which enterprise endpoints may end up being jeopardized are too numerous to list. In a lot of cases the compromise might simply include jeopardized credentials, with no malware needed or present, as validated by industry studies of malicious command and control traffic observed from pristine endpoints. Or the user, and it only takes one amongst thousands, may be an insider opponent or an unhappy employee. In any large enterprise, some incidence of compromise is unavoidable and continuous, and the holiday period is ripe for it.

Given incessant attack activity with unavoidable endpoint compromise, how can businesses best respond? Endpoint detection and response (EDR) with continuous tracking and security analytics is an effective method to determine and respond to anomalous endpoint activity, and to perform it at-scale throughout numerous enterprise endpoints. It likewise enhances and synergizes with enterprise network security, by providing endpoint context around suspicious network activity. EDR provides visibility at the endpoint level, equivalent to the visibility that network security provides at the network level. Together this supplies the full picture needed to identify and respond to unusual and possibly significant security incidents across the enterprise.

Some examples of endpoint visibility of prospective forensic worth are:

  • Tracking of user login activity, specifically remote logins that may be attacker-directed
  • Tracking of user presence and user foreground activity, consisting of normal work patterns, activity durations, etc
  • Tracking of active procedures, their resource usage patterns, network connections, process hierarchy, and so on
  • Collection of executable image metadata, consisting of cryptographic hashes, version info, file paths, date/times of first appearance, etc
  • Collection of endpoint log/audit events, ideally with optimal logging and auditing setup settings (to take full advantage of forensic worth, lessen noise and overhead).
  • Security analytics to score and rank endpoint activity and bubble considerable operating pattern abnormalities to the business SIEM for SOC attention.
  • Assistance for nimble traversal and drilldown of endpoint forensic data for quick expert vetting of endpoint security anomalies.

Don’t get a lump of coal in your stocking by being caught unawares this holiday season. Arm your enterprise to contend with the risks arrayed against you.

Happy Christmas!

Chuck Leaver – Who Is Watching The Watchers In Your Organization?

Written By Charles Leaver CEO Ziften



High level cyber attacks underline how a lack of auditing on existing compliance products can make the worst type of headlines.

In the previous Java attacks into Facebook, Microsoft and Apple along with other giants of the market, didn’t need to dig too much into their playbooks to find a technique to attack. As a matter of fact they used one of, if not the oldest axiom in the book – they utilized a remote vulnerability in massively distributed software and exploited it to install remote access to software application ability. And in this case on an application that (A) wasn’t the latest version and (B) probably didn’t need to be running.

While the hacks themselves have actually been headline news, the methods companies can utilize to prevent or curtail them is quite boring stuff. All of us hear “keep boxes current with patch management software applications” and “ensure harmony with compliance tools”. That is industry standard and old news. However to posture a question: who is “watching the watchers”? Which in this case the watchers being compliance, patch and systems management technologies. I think Facebook and Apple discovered that just because a management system tells you that a software application current doesn’t suggest you must believe it! Here at Ziften our results in the field state as much where we regularly uncover dozens of variations of the SAME significant application running at Fortune 1000 websites – which by the way all are utilizing compliance and systems management products.

When it comes to the exploited Java plug-in, this was a SIGNIFICANT application with large circulation. This is the kind of software that gets tracked by systems management, compliance and patch products. The lesson from this could not be clearer – having some type of check against these products is necessary (just ask any of the organizations that were hacked…). But this only constitutes a part of the issue – this is a major (debatably important) application we are speaking about here. If companies struggle to get their arms around maintaining updates on recognized licensed applications being utilized, then exactly what about all the unknown and unneeded running applications and plug-ins and their vulnerabilities? Simply speaking – if you cannot even understand what you are supposed to know then how on Earth can you understand (and in this case secure) about the important things you do not know or are concerned about?


Chuck Leaver – Ziften Will Help Counter The Threat Of Extraneous Software

Written By Dr Al Hartmann And Presented By Chuck Leaver CEO Ziften

The fact about the PC ecosystem is such that extraneous procedures are all over and go into enterprise computers by every ploy you can possibly imagine. Leading software ISVs and hardware OEMs and IHVs have no ethical qualms with straining enterprise PCs with unneeded and undesirable software applications if they can grab a few royalty bucks on the side at your cost. This one flew up on my screen only today as I handled the recent headline-making Java security vulnerabilities.

Here is the setting – zero-day vulnerabilities were found just recently in Java, a key software element in many business applications. Department of Homeland Security professionals encouraged shutting off Java entirely, however that cuts off Java enterprise apps.

The option for where Java is required (within lots of enterprises) is to update Java, an Oracle software product, to obtain a minimum of the latest partial software application fixes from Oracle. But Oracle defaults installation of unwanted extraneous software through the Ask Toolbar, which many security-conscious however naïve users will assume is useful given the Oracle suggestion (and golly gee there is no charge), although browser add-ons are a notorious security risk.

Just Ziften integrates security awareness with extraneous procedure recognition and remediation abilities to help businesses boost both their security and their performance-driving operating efficiency Don’t choose half-measures that ignore extraneous processes multiplying throughout your business client landscape – employ Ziften to get visibility and control over your client population.