Archive for January, 2017

Chuck Leaver – The Security Fabric Buzz Delivered At Fortinet Accelerate 2017

Written By Josh Applebaum And Presented By Ziften CEO Chuck Leaver

The Fortinet Accelerate 2017 conference was held recently in Las Vegas. Ziften has sponsored Fortinet’s annual International Partner Conference for the 2nd time, and it was a pleasure to be in attendance! The energy at the program was palpable, and this was not due to the energy beverages you always see people carting around in Las Vegas. The buzz and energy was contributed by a key theme the entire week: the Fortinet Security Fabric.

The premise of Fortinet’s Security Fabric is simple: take the disparate security “point items” that an organization has actually released, and interweave them to leverage the deep intelligence each item has in their own security vault to supply a combined end-to-end security blanket over the whole organization. Though Fortinet is normally thought of as a network security business, their method to supplying a complete security service spans more than the conventional network to include endpoints, IoT devices, along with the cloud. By exposing APIs to the Fabric Ready partners in addition to enabling the exchange of actionable risk intelligence, Fortinet is opening the door for a more collective strategy throughout the entire security market.

It is refreshing to see that Fortinet has the very same beliefs as those held by Ziften, which is that the only way that we as a market are going to reach (and surpass) the enemies is through combination and cooperation throughout all reaches of security, despite which supplier offers each part of the total service. This is not a problem we are going to solve on our own, but rather one that will be resolved through a combined technique like the one laid out by Fortinet with their Security Fabric. Ziften is proud to be an establishing member of Fortinet’s Fabric-Ready Alliance program, integrating our special technique to endpoint security with Fortinet’s “think different” mindset of what it means to incorporate and work together.

Throughout the week, Fortinet’s (really passionate) channel partners had the chance to walk the program floor to see the incorporated services provided by the various innovation partners. Ziften showcased our combinations with Fortinet, containing the combination of our solution with Fortinet’s FortiSandbox.

The Ziften service collects unidentified files from endpoints (clients or servers running OS X, Linux or Windows) and sends them to the FortiSandbox for detonation and analysis. Outcomes are immediately fed back into Ziften for alerting, reporting, and (if possible) automated mitigation actions.

It was amazing to see that the Fortinet channel partners plainly got the worth of a Security Fabric technique. It was clear to them, in addition to Ziften, that the Security Fabric is not a marketing trick, however rather a real strategy assembled by, and led by, Fortinet. While this is only the start of Fortinet’s Security Fabric story, Ziften is excited to collaborate with Fortinet and see the story continue to unfold!

 

Chuck Leaver – Prepare Yourself For 3 Tiers Of Cyber Espionage This Year

Written By Jesse Sampson And Presented By Ziften CEO Charles Leaver

There is a lot of debate at this time about the hacking danger from Russia and it would be simple for security specialists to be overly worried about cyber espionage. Since the goals of any cyber espionage campaign determine its targets, ZiftenLabs can help answer this concern by diving into the reasons why states carry out these campaigns.

Last Friday, the three major US intelligence agencies released a detailed declaration on Russia’s activities related to the 2016 United States elections: Assessing the Activities of Russia and Intents in Current US Elections (Activities and Objectives). While some doubters remain doubtful by the new report, the risks determined by the report that we cover in this post are engaging enough to demand examination and realistic countermeasures – in spite of the near impossibility of incontrovertibly recognizing an attack’s source. Naturally, the official Russian position has actually been winking rejection of hacks.

“Typically these kinds of leakages occur not since hackers gained access, but, as any professional will inform you, due to the fact that somebody simply forgot the password or set the simple password 123456.” German Klimenko, Putin’s top Internet adviser.

While agencies get criticized for administrative language like “high confidence,” the considered rigor of instructions like Activities and Intentions contrasts with the headline friendly “1000% certainty” of a mathematically disinclined hustler of the media like Julian Assange.

Activities and Objectives is most perceptive when it locates the use of hacking and cyber espionage in “multifaceted” Russian teaching:

” Moscow’s use of disclosures during the United States election was unprecedented, however its influence project otherwise followed a longstanding Russia messaging strategy that blends covert intelligence operations – like cyber activities – with obvious efforts by Russian Government agencies, state funded media, third party intermediaries, and paid social media users or “giants.”

The report is at its weakest when evaluating the intentions behind the teaching, a.k.a. strategy. Aside from some incantations about fundamental Russian opposition to the liberal democratic order, it declares that:.

” Putin more than likely wished to discredit Secretary Clinton since he has publicly blamed her since 2011 for prompting mass protests against his regime in late 2011 and early 2012, and because he deeply resents comments he probably saw as disparaging him.”.

A more nuanced evaluation of Russian motivations and their cyber symptoms will assist us better determine security strategy in this environment. ZiftenLabs has determined three significant tactical imperatives at work.

First, as Kissinger would say, through history “Russia came to see itself as a beleaguered outpost of civilization for which security could be found only through applying its absolute will over its next-door neighbors (52)”. US policy in the Bill Clinton era threatened this imperative to the growth of NATO and dislocating economic interventions, maybe contributing to a Russian preference for a Trump presidency.

Russia has used cyber warfare methods to safeguard its influence in previous Soviet territories (Estonia, 2007, Georgia, 2008, Ukraine, 2015).

Second, President Putin desires Russia to be a fantastic force in geopolitics once again. “Above all, we must acknowledge that the collapse of the Soviet Union was a major geopolitical catastrophe of the century,” he said in 2005. Hacking identities of prominent individuals in political, academic, defense, technology, and other institutions that operatives might leak to awkward or scandalous result is a simple way for Russia to challenge the United States. The perception that Russia can affect election outcomes in the US with a keystroke calls into question the legitimacy of US democracy, and muddles discussion around comparable issues in Russia. With other prestige boosting efforts like leading the ceasefire talks in Syria (after leveling lots of cities), this technique could enhance Russia’s global profile.

Lastly, President Putin might have issues about his job security. In spite of very favorable election results, in accordance with Activities and Intents, demonstrations in 2011 and 2012 still loom large with him. With several regimes altering in his neighborhood in the 2000s and 2010s (he said it was an “epidemic of disintegration”), a few of which came about as a result of intervention by NATO and the US, President Putin watches out for Western interventionists who wouldn’t mind a comparable result in Russia. A collaborated campaign could help challenge competitors and put the least hawkish candidates in power.

In light of these factors for Russian hacking, who are the most likely targets?

Due to the overarching goals of discrediting the authenticity of the United States and NATO and assisting non interventionist prospects where possible, federal government agencies, particularly those with functions in elections are at highest danger. So too are campaign agencies and other NGOs near politics like think tanks. These have actually supplied softer targets for hackers to gain access to sensitive information. This indicates that organizations with account info for, or access to, prominent people whose information could lead to humiliation or confusion for US political, organizations, academic, and media institutions need to be extra careful.

The next tier of risk consists of vital infrastructure. While current Washington Post reports of a jeopardized United States electrical grid turned out to be over hyped, Russia truly has hacked power networks and perhaps other parts of physical infrastructure like gas and oil. Beyond important physical infrastructure, innovation, financing, telecommunications, and media could be targeted as happened in Estonia and Georgia.

Lastly, although the intelligence agencies efforts over the past few months has actually caught some heat for presenting “apparent” recommendations, everyone truly would gain from the pointers presented in the Homeland Security/FBI report, and in this blog about solidifying your setup by Ziften’s Dr Hartmann. With significant elections showing up this year in important NATO members Germany, France, and The Netherlands, only one thing is certain: it will be a hectic year for Russian hackers and these recs should be a leading priority.