Archive for August, 2017

Chuck Leaver – Go Extensible Not Generic

Written By Chuck Leaver Ziften CEO


Whether you call them extensions, or call them modifications – no matter what you call it, the very best technology platforms can be tailored to fit an organization’s specific service requirements. Generic operations tools are great at carrying out generic operations tasks. Generic security tools are great at attending to generic security difficulties. Generic can only take you so far, though, and that’s where extensibility takes over.

Extensibility comes up frequently when I’m talking to clients and potential clients, and I’m proud that a Global 10 business chose Ziften over everyone else in the marketplace mainly on that basis. For that client, and lots of others, the ability to deeply personalize platforms is a necessity.

This isn’t about merely developing custom reports or customized signals. Let’s be truthful – the ability to create reports are baseline capability of numerous IT operations and security management tools. Real extensibility goes deep into the solution to provide it capabilities that resolve real problems for the company.

One client used great deals of mobile IoT devices, and had to have our Zenith real-time visibility and control system be able to access (and monitor) the memory of those devices. That’s not a basic feature provided by Zenith, due to the fact that our low-footprint agent doesn’t hook into the os kernel or operate through basic device drivers. However, we worked with the client to tailor Zenith with that capability – and it ended up being simpler than anybody thought.

Another client looked at the standard set of endpoint data that the agent collects, and wished to add extra data fields. They also wanted to setup the administrative console with customized actions utilizing those data fields, and press those actions back out to those end points. No other endpoint tracking and security service could provide the facilities for including that functionality aside from Ziften.

What’s more, the customer developed those extensions themselves … and owns the code and IP. It becomes part of their own secret sauce, their own organization differentiator, and unique to their organization. They could not be happier. And neither could we.

With lots of other IT operations and security systems, if clients desire additional functions or capabilities, the only alternative is to send that as a future function request, and hope that it appears in an upcoming version of the product. Till then, regrettable.

That’s not how we developed our flagship solutions, Zenith and ZFlow. Since our end point agent isn’t really based upon device drivers or kernel hooks, we can allow for remarkable extensibility, and open up that extensibility for clients to gain access to directly.

Similarly, with our administrative consoles and back end monitoring systems; anything is customizable. This was built in right from the beginning.

Another area of modification is that our real time and historical visibility database can integrate into your other IT operations and security platforms, including SIEM tools, threat intelligence, IT ticketing system, job orchestration systems, and data analytics. With Zenith and ZFlow, there are no more silos. Ever.

When it comes to endpoint monitoring and management, extensions are significantly where it’s at. IT operations and business security groups need the ability to personalize their tools platforms to fit their exact requirements for monitoring and handling IoT, traditional endpoints, the data center, and the cloud. In many customer discussions, our integrated extensibility has actually caused eyes to light up, and won us trials and deployments. Inform us about your custom requirements, and let’s see what we can do.

Chuck Leaver – Our Endpoint Security Architecture Exposed

Written By Mike Hamilton And Presented By Ziften CEO Chuck Leaver


End Point security is all the rage nowadays. And there are great deals of different suppliers out there touting their wares in this market. But it’s sometimes challenging to comprehend what exactly each supplier provides. What’s much more tough is to comprehend how each supplier option is architected to provide their services.

I think that the back-end architecture of whatever you pick can have a profound impact on the future scalability of your application. And it can produce lots of unanticipated work and costs if you’re not mindful.

So, in the spirit of openness, and because we believe our architecture is different, special and powerful, we invite all endpoint security vendors to “reveal to us your architecture”.

I’ll kick this off in the video below where I show you the Ziften architecture, and a number of exactly what I consider legacy architectures for contrast. Specifically, I’ll talk about:

– Ziften’s architecture developed using next-gen cloud concepts.
– One company’s peer-to-peer “mish-mash” architecture.
– Tradition hub-spoke-hub architectures.

I have actually shown you the power of our really cloud based platform. Now it’s my competitor’s turn. Come on folks – reveal to us your architectures!

Chuck Leaver – The Best Way To Manage Security And Risk

Written By Roark Pollock And Presented By Chuck Leaver Ziften CEO


Danger management and security management have long been dealt with as separate functions frequently performed by different practical teams within an organization. The recognition of the need for constant visibility and control throughout all assets has actually increased interest in searching for commonalities in between these disciplines and the schedule of a new generation of tools is enabling this effort. This discussion is extremely timely given the continued trouble most business companies experience in attracting and retaining qualified security workers to handle and safeguard IT infrastructure. A marriage of activity can help to better leverage these vital workers, minimize costs, and assist automate response.

Historically, risk management has actually been deemed an offensive mandate, and is normally the field of play for IT operations groups. Sometimes described as “systems management”, IT operations teams actively perform device state posture tracking and policy enforcement, and vulnerability management. The goal is to proactively mitigate possible threats. Activities that enhance risk reduction and that are carried out by IT operations include:

Offending Danger Mitigation – Systems Management

Asset discovery, inventory, and refresh

Software application discovery, usage tracking, and license justification

Mergers and acquisition (M&A) threat assessments

Cloud workload migration, monitoring, and enforcement

Vulnerability assessments and patch installs

Proactive help desk or systems analysis and concern response/ repair

On the other side of the field, security management is deemed a defensive strategy, and is typically the field of play for security operations groups. These security operations groups are typically responsible for hazard detection, incident response, and remediation. The objective is to react to a risk or a breach as rapidly as possible in order to minimize effects to the company. Activities that fall directly under security management which are carried out by security operations consist of:

Defensive Security Management – Detection and Response

Hazard detection and/or risk hunting

User habits monitoring / insider danger detection and/or hunting

Malware analysis and sandboxing

Incident response and risk containment/ removal

Lookback forensic examinations and origin determination

Tracing lateral hazard motions, and further threat elimination

Data exfiltration determination

Successful companies, obviously, have to play both offense AND defense equally well. This need is driving companies to acknowledge that IT operations and security operations have to be as aligned as possible. Therefore, as much as possible, it assists if these 2 groups are playing utilizing the very same playbook, or at least dealing with the same data or single source of fact. This implies both groups must aim to utilize some of the exact same analytic and data collection tools and approaches when it concerns handling and protecting their endpoint systems. And if companies rely on the exact same personnel for both jobs, it definitely assists if those people can pivot between both tasks within the very same tools, leveraging a single data set.

Each of these offending and defensive jobs is crucial to securing a company’s intellectual property, track record, and brand name. In fact, handling and focusing on these tasks is what often keeps CIOs and CISOs up at night. Organizations should acknowledge opportunities to align and combine teams, innovations, and policies as much as possible to guarantee they are focused on the most urgent requirement along the current danger and security management spectrum.

When it pertains to handling endpoint systems, it is clear that organizations are approaching an “all the time” visibility and control design that permits continuous danger evaluations, constant risk monitoring, and even continuous efficiency management.

Therefore, organizations need to try to find these 3 key capabilities when assessing brand-new endpoint security investments:

Solutions that supply “all the time” visibility and control for both IT operations groups and security operations groups.

Solutions that provide a single source of truth that can be utilized both offensively for danger management, and defensively for security detection and response.

Architectures that easily integrate into existing systems management and security tool environments to deliver even higher worth for both IT and security groups.

Chuck Leaver – Our Experiences From Black Hat And Defcon 2017

Written by Michael Vaughn And Presented By Ziften CEO Chuck Leaver


Here are my experiences from Black Hat 2017. There is a small addition in approaching this year’s synopsis. It is really in part because of the style of the opening presentation offered by Facebook’s Chief Security Officer, Alex Stamos. Stamos projected the significance of re focusing the security community’s efforts in working much better together and diversifying security services.

“Working much better together” is relatively an oxymoron when taking a look at the mass competitiveness amongst hundreds of security businesses fighting for customers during Black Hat. Based off Stamos’s messaging during the opening presentation this year, I felt it important to include some of my experiences from Defcon as well. Defcon has traditionally been an occasion for learning and includes independent hackers and security professionals. Last week’s Black Hat style concentrated on the social aspect of how companies need to get along and truly help others and each other, which has actually constantly been the overlying message of Defcon.

Individuals checked in from all over the world last week:

Jeff Moss, aka ‘Dark Tangent’, the creator of Black Hat and Defcon, likewise wishes that to be the theme: Where you aim to assist people get understanding and gain from others. Moss wants guests to stay ‘excellent’ and ‘practical’ throughout the conference. That is on par with exactly what Alex Stamos from Facebook conveyed in his keynote about security businesses. Stamos asked that all of us share in the duty of helping those that can not assist themselves. He likewise raised another valid point: Are we doing enough in the security market to truly help individuals as opposed to simply doing it to make money? Can we attain the goal of actually helping people? As such is the juxtaposition of the two occasions. The main distinctions in between Black Hat and Defcon is the more corporate consistency of Black Hat (from supplier hall to the talks) to the true hacker community at Defcon, which showcases the innovative side of what is possible.

The business I work for, Ziften, provides Systems and Security Operations software – giving IT and security teams visibility and control across all end points, on or off a business network. We also have a pretty sweet sock game!

Numerous attendees displayed their Ziften support by decorating prior year Ziften sock designs. Looking good, feeling great!

The concept of joining forces to fight versus the corrupt is something most participants from all over the world welcome, and we are no different. Here at Ziften, we make every effort to really help our clients and the neighborhood with our options. Why provide or count on a service which is limited to only what’s inside package? One that provides a single or handful of specific functions? Our software application is a platform for combination and offers modular, individualistic security and operational solutions. The whole Ziften group takes the imagination from Defcon, and we motivate ourselves to attempt and develop new, customized features and forensic tools in which conventional security companies would shy away from or merely stay consumed by daily tasks.

Delivering all-the-time visibility and control for any asset, anywhere is among Ziften’s primary focuses. Our unified systems and security operations (SysSecOps) platform empowers IT and security operations teams to quickly fix endpoint concerns, reduce overall risk posture, speed hazard response, and enhance operations efficiency. Ziften’s safe and secure architecture provides continuous, streaming end point monitoring and historical data collection for enterprises, federal governments, and managed security providers. And remaining with 2017’s Black Hat theme of collaborating, Ziften’s partner integrations extend the value of incumbent tools and fill the gaps in between siloed systems.

Journalists are not allowed to take pictures of the Defcon crowd, however I am not the press and this was prior to entering a badge required area:P The Defcon hoards and hooligans (Defcon mega-bosses using red shirts) were at a standstill for a solid twenty minutes awaiting preliminary access to the 4 massive Track conference rooms on opening day.

The Voting Machine Hacking Village gained a lot of attention at the event. It was intriguing however absolutely nothing brand-new for veteran guests. I expect it takes something noteworthy to garner attention around specific vulnerabilities.? All vulnerabilities for most of the talks and especially this village have currently been divulged to the appropriate authorities before the event. Let us know if you need aid locking down any of these (looking at you federal government folks).

Increasingly more individual data is becoming available to the general public. For example, Google & Twitter APIs are freely and publicly readily available to query user data metrics. This data is making it easier for hackers to social engineer concentrated attacks on individuals and particularly individuals of power and rank, like judges and executives. This discussion entitled, Dark Data, showed how a simple yet brilliant de-anonymization algorithm and some data allowed these 2 white hats to recognize individuals with extreme accuracy and reveal extremely personal info about them. This need to make you hesitate about what you have set up on your systems and individuals in your office. The majority of the above raw metadata was gathered through a popular browser add-on. The fine tuning accompanied the algothrim and public APIs. Do you know what web browser add-ons are operating in your environment? If the response is no, then Ziften can help.

This discussion was clearly about exploiting Point-of-Sale systems. Although quite amusing, it was a little bit frightening at the quickness at which one of the most commonly used POS systems could be hacked. This specific POS hardware is most commonly used when leaving payment in a taxi. The base os is Linux and although on an ARM architecture and safeguarded by tough firmware, why would a company risk leaving the security of client charge card information entirely in the hands of the hardware supplier? If you look for additional security on your POS systems, then don’t look beyond Ziften. We secure the most frequently utilized enterprise operating systems. If you wish to do the enjoyable thing and install the video game Doom on one, I can send you the slide pack.

This man’s slides were off the charts excellent. Exactly what wasn’t outstanding was how exploitable the MacOS is throughout the installation process of very common applications. Generally each time you set up an application on a Mac, it requires the entry of your intensified opportunities. However what if something were to slightly change code a moment prior to you entering your Administrator qualifications? Well, the majority of the time, most likely something bad. Concerned about your Mac’s running malware wise adequate to identify and alter code on common vulnerable applications prior to you or your user base entering qualifications? If so, we at Ziften Technologies can assist.

We help you by not changing all of your toolset, although we often discover ourselves doing just that. Our objective is to utilize the guidance and present tools that work from numerous suppliers, guarantee they are running and installed, make sure the perscribed hardening is certainly undamaged, and guarantee your operations and security teams work more effectively together to attain a tighter security matrix throughout your environment.

Secret Takeaways from Black Hat & Defcon 2017:

1) Stronger together

– Alex Stamos’s keynote
– Jeff Moss’s message
– Visitors from around the world interacting
– Black Hat should preserve a friendly neighborhood spirit

2) Stronger together with Ziften

– Ziften plays nice with other software application suppliers

3) Popular current vulnerabilities Ziften can help avoid and solve

– Point-of-Sale accessing
– Voting machine tampering
– Escalating MacOS benefits
– Targeted individual attacks

Chuck Leaver – Even Movie Subtitles Can Be A Threat To Your Security

Written By Josh Harriman And Presented By Chuck Leaver Ziften CEO


Do you like viewing motion pictures with all the rage apps like Kodi, SmartTV or VLC on your devices? How about requiring or desiring subtitles with those movies and simply getting the current pack from OpenSubtitles. No problem, seems like a great night in the house. Problem is, in accordance with a research study by Check Point, you could be in for a nasty surprise.

For the bad guys to take control of your ‘realm’, they require a vector or some method to gain entry to your system. There are some common methods that takes place these days, such as creative (and not so smart) social engineering techniques. Getting e-mails that appear to come from good friends or co-workers which were spoofed and you opened an attachment, or went to some site and if the stars lined up, you were pwned. Usually the star alignment part is not that difficult, only that you have some vulnerable software running that can be accessed.

Since the technique is getting users to cooperate, the target audience can often be tough to find. But with this latest research posted, many of the significant media players have a special vulnerability when it comes to accessing and deciphering subtitle plans. The 4 primary media players noted in the short article are fixed to date, but as we have actually seen in the past (just look at the current SMB v1 vulnerability problem) even if a fix is readily available, does not indicate that users are updating. The research study has likewise omitted to reveal the technical information around the exploit to permit other suppliers time to patch. That is a good indication and the proper technique I believe scientists must take. Notify the vendor so they can repair the problem in addition to announce it openly so ‘we the people’ are notified and understand exactly what to watch out for.

It’s difficult to stay up to date with the multiple methods you can get infected, but at least we have scientists who tirelessly try and ‘break’ things to find those vulnerabilities. By performing the proper disclosure methods, they help everyone take pleasure in a more secure experience with their devices, and in this scenario, a terrific night in viewing motion pictures.