Archive for the ‘Breaches Of Security’ Category

Chuck Leaver – The Girl Scouts Are Raising The Profile Of Women In Cybersecurity

Written By Kim Foster And Presented By Chuck Leaver


It’s clear that cybersecurity is getting more international attention than before, and businesses are rightfully worried if they are training sufficient security specialists to fulfill growing security dangers. While this issue is felt across the commercial world, numerous people did not anticipate Girl Scouts to hear the call.

Beginning this fall, countless Girl Scouts nationwide have the chance to receive cybersecurity badges. Girl Scouts of the U.S.A teamed up with Security Company (and Ziften tech partner) Palo Alto Networks to create a curriculum that informs girls about the essentials of computer system security. In accordance with Sylvia Acevedo, CEO of GSUSA, they developed the program based upon need from the ladies themselves to safeguard themselves, their computers, and their household networks.

The timing is good, given that in accordance with a study launched in 2017 by (ISC), 1.8 million cybersecurity positions will be unfilled by 2022. Combine increased need for security pros with stagnant growth for females – only 11 percent for the past several years – our cybersecurity staffing difficulties are poised to get worse without significant effort on behalf of the industry for better inclusion.

Obviously, we can’t rely on the Girl Scouts to do all of the heavy lifting. Broader educational efforts are a given: according to the Computing Technology Industry Association, 69% of U.S. ladies who do not have a career in infotech pointed out not knowing exactly what chances were readily available to them as the reason they did not pursue one. One of the great untapped chances of our market is the recruitment of more diverse specialists. Targeted educational programs and increased awareness must be high concern. Raytheon’s Ladies Cyber Security Scholarship is a fine example.

To gain the rewards of having women invested in shaping the future of technology, it is very important to dispel the exclusionary understanding of “the boys’ club” and keep in mind the groundbreaking contributions made by females of the past. Numerous folk know that the very first computer system developer was a female – Ada Lovelace. Then there is the work of other well-known leaders such as Grace Hopper, Hedy Lamarr, or Ida Rhodes, all who may stimulate some vague recollection among those in our market. Female mathematicians produced programs for one of the world’s first fully electronic general-purpose computers: Kay McNulty, Jean Jennings Bartik, Betty Snyder, Marlyn Meltzer, Fran Bilas, and Ruth Lichterman were simply a few of the initial developers of the Electronic Numerical Integrator and Computer system (better known as ENIAC), though their important work was not commonly recognized for over half a century. In fact, when historians initially discovered photos of the ladies in the mid-1980s, they misinterpreted them for “Refrigerator Ladies” – models posing in front of the machines.

It’s worth noting that many think the same “boys’ club” mentality that neglected the accomplishments of women in history has led to restricted leadership positions and lower wages for contemporary women in cybersecurity, along with outright exclusion of female stars from speaking chances at market conferences. As trends go, excluding brilliant people with suitable knowledge from affecting the cybersecurity market is an unsustainable one if we wish to stay up to date with the bad guys.

Whether or not we jointly take action to promote more inclusive offices – like informing, hiring, and promoting females in larger numbers – it is heartening to see an organization synonymous with fundraising event cookies successfully alert an entire industry to the fact that girls are really interested in the field. As the Girls Scouts these days are offered the tools to pursue a profession in info security, we must expect that they will become the very ladies who eventually reprogram our expectations of what a cybersecurity professional appears like.

Chuck Leaver – A Mac Is A Security Risk Too

Written By Roark Pollock And Presented By Chuck Leaver


Got Macs? Great. I have one too. Have you locked your Macs down? If not, your enterprise has a possibly major security weak point.

It’s a misconception to believe that Macintosh computer systems are inherently protected and don’t need to be protected against malware or hacking. Many believe Macs are certainly arguably more protected than Windows desktops and notebooks, due to the style of the Unix-oriented kernel. Definitely, we see less security patches issued for macOS from Apple, compared to security patches for Windows from Microsoft.

Fewer security defects is not absolutely no problems. And safer doesn’t imply 100% safe.

Some Mac Vulnerability Examples

Take, for example, the macOS 10.13.3 update, released on January 23, 2018, for the current versions of the Mac’s operating system. Like a lot of present computer systems running Intel processors, the Mac was susceptible to the Meltdown flaw, which indicated that harmful applications may be able to check out kernel memory.

Apple needed to patch this defect – as well as numerous others.

For instance, another problem could allow harmful audio files to carry out random code, which might break the system’s security integrity. Apple had to patch it.

A kernel flaw meant that a harmful application may be able to execute random code with kernel opportunities, giving hackers access to anything on the device. Apple needed to patch the kernel.

A defect in the WebKit library indicated that processing maliciously crafted web content may result in arbitrary code execution. Apple had to patch WebKit.

Another defect suggested that processing a malicious text message may result in application denial of service, freezing the system. Whoops. Apple had to patch that flaw also.

Don’t Make The Same Errors as Customers

Numerous consumers, believing all the hype about how wonderful macOS is, opt to run without defense, relying on the macOS and its integrated application firewall program to block all manner of bad code. Bad news: There’s no integrated anti virus or anti malware, and the firewall program can just do so much. And lots of businesses wish to overlook macOS when it comes to visibility for posture tracking and hardening, and hazard detection/ risk hunting.

Consumers frequently make these assumptions because they do not know any better. IT and Security experts ought to never ever make the very same mistakes – we must know much better.

If a Mac user sets up bad software applications, or adds a malicious browser extension, or opens a bad email attachment, or clicks a phishing link or a nasty ad, their machine is corrupted – much like a Windows computer. However within the enterprise, we need to be prepared to handle these issues, even with Mac computers.

What To Do?

What do you need to do?

– Set up anti-virus and anti malware on corporate Mac computers – or any Mac that has access to your organization’s material, servers, or networks.
– Track the state of Macs, much like you would with Windows computers.
– Be proactive in applying patches and fixes to Mac computers, again, much like with Windows.

You must also eliminate Macs from your corporate environment which are old and cannot run the most recent variation of macOS. That’s a lot of them, since Apple is pretty good at keeping old hardware. Here is Apple’s list of Mac models that can run macOS 10.13:

– MacBook (Late 2009 or newer).
– MacBook Pro (Mid 2010 or more recent).
– MacBook Air (Late 2010 or more recent).
– Mac mini (Mid 2010 or newer).
– iMac (Late 2009 or newer).
– Mac Pro (Mid 2010 or newer).

When the next version of macOS comes out, some of your older devices might fall off the list. They ought to fall off your inventory as well.

Ziften’s Perspective.

At Ziften, with our Zenith security platform, we strive to preserve visibility and security feature parity between Windows systems, macOS systems, and Linux-based systems.

In fact, we have actually partnered with Microsoft to incorporate our Zenith security platform with Microsoft Windows Defender Advanced Threat Protection (ATP) for macOS and Linux tracking and threat detection and response coverage. The integration makes it possible for customers to detect, see, investigate, and respond to advanced cyber-attacks on macOS computers (as well as Windows and Linux-based endpoints) straight within the Microsoft WDATP Management Console.

From our perspective, it has actually always been very important to offer your security teams confidence that every desktop/ laptop endpoint is safeguarded – and therefore, the enterprise is protected.

It can be hard to believe, 91% of businesses state they have some Mac computers. If those computers aren’t safeguarded, and also appropriately incorporated into your endpoint security systems, the enterprise is not secured. It’s just that basic.

Chuck Leaver – Why You Must Have Flexibility With SysSecOps

Written by Chuck Leaver


You will discover that endpoints are everywhere. The device you read this on is an endpoint, whether it’s a desktop, notebook, tablet, or phone. The HEATING AND COOLING controller for your structure is an endpoint, assuming it’s linked to a network, and the WiFi access points and the security cams too. So is the linked vehicle. So are the Web servers, storage servers, and Active Directory servers in the data center. So are your IaaS/PaaS services in the cloud, where you are in control of bare-metal servers, VMware virtual machines, or containers working on Windows and/or Linux.

All of them are endpoints, and each and every one is very important to manage.

They have to be handled from the IT side (from IT administrators, who ideally have appropriate IT-level visibility of each connected thing like those security cams). That management means making sure they’re connected to the right network zones or VLANs, that their software and setups are up to date, that they’re not creating a flood on the network with bad packets due to electrical faults and so-on.

Those endpoints also need to be handled from the security perspective by CISO teams. Every endpoint is a prospective entrance into the business network, which indicates the devices should be locked down – default passwords never used, all security patches used, no unapproved software set up on the device’s embedded web server. (Kreb’s outlines how, in 2014, hackers got into Target’s network via its HVAC system.).

Systems and Security Operations.

Systems Security Operations, or SysSecOps, brings those two worlds together. With the best kind of SysSecOps frame of mind, and tools that support the correct workflows, IT and security workers get the exact same data and can collaborate together. Sure, they each have various tasks, and react differently to problem signals, however they’re all managing the same endpoints, whether in the pocket, on the desk, in the energy closet, in the data center, or in the cloud.

Ziften Zenith Test Report.

We were thrilled when the just recently released Broadband-Testing report applauded Zenith, Ziften’s flagship endpoint security and management platform, as being perfect for this kind of situation. To quote from the recent report, “With its Zenith platform, Ziften has a solution that ticks all the SysSecOps boxes and more. Because its meaning of ‘endpoints’ extends into the Data Centre (DC) and the world of virtualisation, it holds true blanket protection.”.

Broadband-Testing is an independent testing facility and service based in Andorra. They explain themselves as, “Broadband-Testing communicates with suppliers, media, investment groups and VCs, experts and consultancies alike. Testing covers all elements of networking hardware and software, from ease of use and performance, through to progressively important aspects such as device power intake measurement.”

Back to flexibility. With endpoints all over (once again, on the desk, in the energy closet, in the data center, or in the cloud), a SysSecOps-based endpoint security and management system should go everywhere and do anything, at scale. Broadband-Testing wrote:

“The configuration/deployment options and architecture of Ziften Zenith permit a really flexible implementation, on or off-premise, or hybrid. Agent deployment is simpleness itself with zero user requirements and no endpoint invasion. Agent footprint is also very little, unlike numerous endpoint security services. Scalability also looks to be excellent – the most significant customer implementation to this day remains in excess of 110,000 endpoints.”

We cannot help but be proud of our product Zenith, and exactly what Broadband-Testing concluded:

“The introduction of SysSecOps – integrating systems and security operations – is an uncommon moment in IT; a hype-free, sound judgment approach to refocusing on how systems and security are managed inside a business.

Key to Ziften’s endpoint technique in this category is total visibility – after all, how can you protect what you can’t see or do not know exists in the first place? With its Zenith platform, Ziften has a product that ticks all the SysSecOps boxes and more.

Deployment is simple, specifically in a cloud-based situation as evaluated. Scalability also looks to be excellent – the most significant customer implementation to this day is in excess of 110,000 endpoints.

Data analysis options are comprehensive with a huge quantity of info offered from the Ziften console – a single view of the whole endpoint infrastructure. Any object can be analysed – e.g. Binaries, applications, systems – and, from a procedure, an action can be defined as an automated function, such as quarantining a system in case of a possibly harmful binary being found. Several reports are predefined covering all aspects of analysis. Alerts may be set for any occurrence. Furthermore, Ziften provides the principle of extensions for customized data collection, beyond the reach of a lot of vendors.

And with its External API performance, endpoint data gathered by Ziften can be shared with most third party applications, thus including more worth to a client’s existing security and analytics infrastructure investment.

Overall, Ziften has an extremely competitive offering in what is a really worthwhile and emerging IT classification through SysSecOps that is extremely deserving of evaluation.”.

We hope you’ll think about an assessment of Zenith, and will concur that when it concerns SysSecOps and endpoint security and management, we do tick all the boxes with the true blanket coverage that both your IT and CISO teams have actually been looking for.

Chuck Leaver – Ziften Can Assist With Meltdown And Spectre

Written By Josh Harriman And Presented By Chuck Leaver


Ziften is aware of the latest exploits impacting practically everyone who deals with a computer system or digital device. While this is a very large statement, we at Ziften are working diligently assisting our clients find susceptible assets, repairing those vulnerable systems, and keeping an eye on systems after the repair for prospective performance concerns.

This is an ongoing investigation by our group in Ziften Labs, where we keep up to date on the most recent harmful attacks as they develop. Today, the majority of the conversations are around PoC code (Proof of Concept) and exactly what can in theory take place. This will quickly change as hackers benefit from these opportunities. The exploits I’m speaking, of course, are Meltdown and Spectre.

Much has actually been written about how these exploits were found and exactly what is being done by the market to discover workarounds to these hardware concerns. To get more information, I feel it’s appropriate to go right to the source here (

What Do You Need To Do, and How Can Ziften Help?

A key area that Ziften helps with in case of an attack by either method is keeping track of for data exfiltration. Given that these attacks are essentially taking data they should not have access to, our company believe the first and simplest techniques to protect yourself is to take this confidential data and remove it from these systems. This data might be passwords, login qualifications or perhaps security keys for SSH or VPN access.

Ziften checks and alerts when processes that typically do not make network connections begin showing this uncommon behavior. From these notifications, users can quarantine systems from the network and / or eliminate procedures connected with these circumstances. Ziften Labs is keeping an eye on the development of the attacks that are likely to become readily available in the real world related to these vulnerabilities, so we can better safeguard our consumers.

Discover – How am I Susceptible?

Let’s look at areas we can monitor for susceptible systems. Zenith, Ziften’s flagship product, can easily and quickly find Operating Systems that need to be patched. Although these exploits remain in the CPU chips themselves (Intel, AMD and ARM), the repairs that will be available will be upgraded to the Operating System, and in other cases, the web browser you use as well.

In Figure 1 below, you can see one example of how we report on the readily available patches by name, and what systems have actually successfully installed each patch, and which have yet to set up. We can also track patch installs that stopped working. The example shown below is not for Meltdown or Spectre, however the KB and / or patch number for the environment could be populated on this report to reveal the vulnerable systems.

The same is true for browser updates. Zenith keeps an eye out for software application variations running in the environment. That data can be utilized to comprehend if all browsers are up to date once the fixes appear.

Speaking of internet browsers, one area that has actually already picked up steam in the attack scenarios is utilizing Javascript. A working copy is shown here (

Products like Edge browsers do not use Javascript any longer and mitigations are readily available for other web browsers. Firefox has a fix offered here ( A Chrome fix is coming out soon.

Fix – Exactly What Can I Do Now?

Once you have actually recognized susceptible systems in your environment you certainly want to patch and repair them as soon as possible. Some safeguards you have to take into consideration are reports of specific Anti-Virus products causing stability issues when the patches are applied. Details about these problems are here ( and here (

Zenith also has the ability to help patch systems. We can monitor for systems that require patches, and direct our solution to apply those patches for you and then report success / failure and the status of those still requiring patching.

Considering that the Zenith backend is cloud-based, we can even track your endpoint systems and use the needed patches when and if they are not linked to your business network.

Track – How is it all Running?

Last but not least, there could be some systems that exhibit performance degradation after the OS repairs are applied. These problems seem to be restricted to high load (IO and network) systems. The Zenith platform assists both security and operational groups within your environment. What we want to call SysSecOps (

We can help reveal issues such as hangs or crashes of applications, and system crashes. Plus, we monitor system usage for Memory and CPU gradually. This data can be utilized to monitor and notify on systems that start to exhibit high usage compared with the period prior to the patch was used. An example of this tracking is shown in Figure 2 below (system names deliberately removed).

These ‘defects’ are still new to the public, and far more will be gone over and discovered for days / weeks / months to come. Here at Ziften, we continue to monitor the circumstance and how we can best educate and secure our clients and partners.

Chuck Leaver – Why You Need SysSecOps

Written By Alan Zeichick And Presented By Chuck Leaver


SysSecOps. That’s a new phrase, still unseen by many IT and security administrators – however it’s being discussed within the market, by analysts, and at technical conferences. SysSecOps, or Systems & Security Operations, describes the practice of combining security groups and IT operations groups to be able to make sure the health of enterprise technology – and having the tools to be able to respond most effectively when issues happen.

SysSecOps concentrates on taking down the info walls, disrupting the silos, that get between security groups and IT administrators.

IT operations personnel are there to make sure that end-users can access applications, and that important infrastructure is running at all times. They want to optimize access and availability, and require the data required to do that job – like that a new employee needs to be provisioned, or a hard disk drive in a RAID array has actually stopped working, that a new partner needs to be provisioned with access to a secure document repository, or that an Oracle database is ready to be moved to the cloud. It’s everything about innovation to drive business.

Very Same Data, Various Use-Cases

While using endpoint and network monitoring details and analytics are clearly customized to fit the diverse needs of IT and security, it ends up that the underlying raw data is in fact the exact same. The IT and security groups simply are looking at their own domain’s issues and scenarios – and doing something about it based upon those use-cases.

Yet in some cases the IT and security groups have to interact. Like provisioning that brand-new organization partner: It must touch all the ideal systems, and be done securely. Or if there is a problem with a remote endpoint, such as a mobile phone or a mechanism on the Industrial Internet of Things, IT and security might have to work together to identify exactly what’s going on. When IT and security share the exact same data sources, and have access to the very same tools, this job becomes a lot easier – and hence SysSecOps.

Envision that an IT administrator spots that a server hard drive is nearing full capacity – and this was not anticipated. Perhaps the network had actually been breached, and the server is now being utilized to steam pirated films throughout the Web. It happens, and finding and resolving that issue is a task for both IT and security. The data gathered by endpoint instrumentation, and showed through a SysSecOps-ready tracking platform, can assist both sides working together more effectively than would happen with conventional, distinct, IT and security tools.

SysSecOps: It’s a brand-new term, and a brand-new idea, and it’s resonating with both IT and security groups. You can discover more about this in a brief 9 minute video, where I talk with numerous market specialists about this subject: “Exactly what is SysSecOps?”

Chuck Leaver – Collaboration With Microsoft To Defend You Against Attacks

Written By David Shefter And Presented By Chuck Leaver


Recently we announced a partnership with Microsoft that combines Ziften’s Zenith ® systems and security operations platform, and Windows Defender Advanced Threat Protection (ATP) delivering a cloud-based, “single pane of glass” to find, see, examine, and respond to innovative cyber attacks and breaches on Windows, macOS, and Linux-based devices (desktops, laptop computers, servers, cloud, etc).

Windows Defender ATP plus Ziften Zenith is a security service that enables business clients to spot, investigate, respond and remediate sophisticated hazards on their networks, off-network, and in the data center and cloud.

Imagine a single solution throughout all the devices in your business, offering scalable, cutting-edge security in a cost-effective and simple to use platform. Making it possible for enterprises across the globe to protect and handle devices through this ‘single pane of glass’ provides the pledge of lower operational expenses with real improved security providing real time worldwide threat security with information collected from billions of devices worldwide.

The Architecture Of Microsoft And Ziften

The diagram listed below provides an introduction of the service parts and integration between Windows Defender ATP and Ziften Zenith.

Endpoint investigation capabilities let you drill down into security notifications and understand the scope and nature of a potential breach. You can submit files for deep analysis, get the results and take remediation without leaving the Windows Defender ATP console.

Discover and Contain Hazards

With the Windows Defender ATP and Ziften Zenith integration, companies can readily detect and contain dangers on Windows, macOS, and Linux systems from an individual console. Windows Defender ATP and Ziften Zenith offer:

Behavior-based, cloud-powered, sophisticated attack detection. Discover the attacks that make it past all other defenses (after a breach has been detected).

Abundant timeline for forensic investigation and mitigation. Quickly examine the scope of any breach or believed behaviors on any device through a rich, 6-month machine timeline.

Built in unique danger intelligence knowledge base. Hazard intelligence to quickly identify attacks based upon tracking and data from millions of devices.

The image below shows many of the macOS and Linux threat detection and response capabilities now available with Windows Defender ATP.

At the end of the day, if you’re seeking to secure your endpoints and infrastructure, you have to take a tough look at Windows Defender ATP and Ziften Zenith.

Chuck Leaver – KRACK Vulnerability 4 Steps To Protect Yourself

Written By Dr Al Hartmann And Presented By Chuck Leaver


Enough media attention has actually been generated over the Wi-Fi WPA2 defeating Key Reinsertion Attack (KRACK), that we do not need to re-cover that again. The original finder’s website is a good place to review the concerns and connect to the comprehensive research paper. This might be the most attention paid to a core communications security failure since the Heartbleed attack. During that earlier attack, a patched variation of the vulnerable OpenSSL code was launched on the very same day as the general disclosure. In this brand-new KRACK attack, similar accountable disclosure guidelines were followed, and patches were either already released or soon to follow. Both wireless end points and wireless network devices need to be properly patched. Oh, and best of luck getting that Chinese knockoff wireless security web cam bought off eBay patched quickly.

Here we will just make a few points:

Take stock of your wireless devices and follow up to ensure correct patching. (Ziften can carry out passive network inventory, consisting of wireless networks. For Ziften-monitored endpoints, the offered network interfaces along with applied patches are reported.) For business IT personnel, it is patch, patch, patch every day anyway, so nothing new here. However any unmanaged wireless devices should be located and vetted.

iOS and Windows endpoints are less susceptible, while unpatched Linux and Android end points are highly prone. The majority of Linux endpoints will be servers without wireless networking, so not as much direct exposure there. But Android is another story, especially given the balkanized state of Android upgrading across device manufacturers. Most likely your enterprise’s biggest direct exposure will be Android and IoT devices, so do your danger analysis.

Prevent wireless access through unencrypted protocols such as HTTP. Adhere to HTTPS or other encrypted protocols or utilize a safe VPN, however know some default HTTPS websites permit compromised devices to force downgrade to HTTP. (Note that Ziften network monitoring reports IP addresses and ports used, so take a look at any wireless port 80 traffic on unpatched endpoints.).

Continue whatever wireless network hygiene practices you have actually been employing to recognize and silence rogue access points, wireless devices that are unapproved, etc. Grooming access point placement and transmission zones to decrease signal spillage outside your physical limits is also a wise practice, considering that KRACK hackers must be present locally within the wireless network. Do not give them advantaged positioning opportunities within or close by to your environment.

For a more broad discussion around the KRACK vulnerability, have a look at our recent video on the topic:


Chuck Leaver – Make Your Security Awareness Training Count

Written By Chuck Leaver Ziften CEO


Reliable business cybersecurity assumes that people – your workers – do the best thing. That they don’t turn over their passwords to a caller who declares to be from the IT department doing a “credentials audit.” That they do not wire $10 million to an Indonesian savings account after getting a midnight demand from “the CEO”.

That they don’t install an “immediate update” to Flash Player based on a pop-up on a porn site. That they do not overshare on social media. That they don’t save company information on file-sharing services outside the firewall software. That they don’t link to unsecure WiFi networks. And they don’t click on links in phishing emails.

Our research study reveals that over 75% of security incidents are triggered or helped by employee errors.

Sure, you’ve set up endpoint security, email filters, and anti-malware options. Those precautions will most likely be for nothing, though, if your staff members do the incorrect thing time and again when in a hazardous circumstance. Our cybersecurity efforts are like having a fancy vehicle alarm: If you don’t teach your teenager to lock the vehicle when it’s at the shopping mall, the alarm is worthless.

Security awareness isn’t really enough, obviously. Employees will make errors, and there are some attacks that do not need a worker misstep. That’s why you need endpoint security, email filters, anti-malware, and so on. But let’s discuss reliable security awareness training.

Why Training Often Doesn’t Have an Effect

First – in my experience, a lot of employee training, well, sucks. That’s especially true of training online, which is normally awful. However in most cases, whether live or canned, the training lacks credibility, in part due to the fact that many IT specialists are poor and unconvincing communicators. The training frequently focuses on interacting and enforcing rules – not changing risky behavior and habits. And it resembles getting necessary copy machine training: There’s absolutely nothing in it for the staff members, so they don’t take it on board it.

It’s not about imposing rules. While security awareness training might be “owned” by various departments, such as IT, CISO, or HR, there’s often a lack of knowledge about exactly what a safe awareness program is. First of all, it’s not a checkbox; it has to be continuous. The training must be delivered in various methods and times, with a combination of live training, newsletters, small-group conversations, lunch-and-learns, and yes, even online resources.

Safeguarding yourself is not complicated!

However a huge issue is the lack of goals. If you have no idea what you’re aiming to do, you can’t see if you have actually done a good job in the training – and if risky behaviors really alter.

Here are some sample goals that can cause reliable security awareness training:

Offer staff members with the tools to acknowledge and handle continuous day-to-day security dangers they may receive online and by means of email.

Let workers know they become part of the group, and they cannot just rely on the IT/CISO groups to manage security.

Stop the cycle of “unexpected lack of knowledge” about safe computing practices.

Modify mindsets toward more safe and secure practices: “If you see something, state something”.

Evaluation of business guidelines and procedures, which are described in actionable ways that are relevant to them.

Make it Appropriate

No matter who “owns” the program, it’s necessary that there is visible executive support and management buy-in. If the officers don’t care, the staff members won’t either. Effective training won’t talk about tech buzzwords; instead, it will concentrate on changing habits. Relate cybersecurity awareness to your staff members’ personal life. (And while you’re at it, teach them how to keep themselves, their household, and their home safe. Chances are they do not know and are reluctant to ask).

To make security awareness training really pertinent, obtain employee concepts and motivate feedback. Procedure success – such as, did the number of external links clicked by staff members decrease? How about calls to tech assistance originating from security offenses? Make the training timely and real-world by including current frauds in the news; unfortunately, there are so many to select from.

In other words: Security awareness training isn’t really fun, and it’s not a silver bullet. Nevertheless, it is necessary for making sure that dangerous worker habits don’t weaken your IT/CISO efforts to secure your network, devices, applications, and data. Make sure that you continually train your employees, which the training works.


Chuck Leaver – So Much Energy And Interest At Splunk .conf

Written By Josh Applebaum And Presented By Chuck Leaver



Like a lot of you, we’re still recuperating from Splunk.conf last week. As usual,. conf had terrific energy and the individuals who remained in attendance were enthusiastic about Splunk and the numerous usage cases that it provides through the large app ecosystem.

One important announcement throughout the 7 days worth discussing was a brand-new security offering known as “Content Updates,” which essentially is pre-built Splunk searches for helping to discover security occurrences.

Generally, it has a look at the latest attacks, and the Splunk security team produces new searches for how they would hunt through Splunk ES data to find these kinds of attacks, and then ships those brand-new searches down to client’s Splunk ES environments for automated notifications when seen.

The best part? Since these updates are using primarily CIM (Common Info Model) data, and Ziften populates a lot of the CIM models, Ziften’s data is currently being matched against the brand-new Content Updates Splunk has produced.

A fast demonstration revealed which suppliers are contributing to each type of “detection” and Ziften was discussed in a great deal of them.

For instance, we have a current post that shares how Ziften’s data in Splunk is used to spot and react to WannaCry.

Overall, with the roughly 500 people who visited the cubicle over the course of.conf I need to say it was one of the very best occasions we have actually carried out in terms of quality discussions and interest. We had nothing but positive evaluations from our extensive discussions with all walks of corporate life – from highly technical experts in the public sector to CISOs in the monetary sector.

The most typical conversation normally began with, “We are just starting to roll out Splunk and are new to the platform.” I like those, given that individuals can get our Apps totally free and we can get them an agent to try and it gets them something to use right out of the box to demonstrate value right away. Other folks were very skilled and truly liked our technique and architecture.

Bottom line: Individuals are genuinely delighted about Splunk and real options are offered to help people with genuine problems!

Curious? The Ziften ZFlow App and Technology Add-on assists users of Splunk and Splunk ES usage Ziften-generated prolonged NetFlow from end points, servers, and cloud VMs to see exactly what they are missing out on at the perimeters of their network, their data centers, and in their cloud implementations.

Chuck Leaver – Our Services Will Help You

Written By Josh Harriman And Presented By Chuck Leaver


Having the right tools to hand is a given in our market. But having the correct tools and services is one thing. Getting the most worth out of them can be a difficulty. Even with all the best objectives and effectively experienced personnel, there can be spaces. Ziften Services can assist to fill those spaces and keep you on track for success.

Ziften Services can enhance, or perhaps outright lead your IT Operations and Security teams to better equip your organization with three great offerings. Every one is customized for a particular need and in light of the stats from a recent report by ESG (Enterprise Strategy Group) entitled “Trends in Endpoint Security Study”, which mentioned 51% of responders in the research study said they will be deploying and using an EDR (endpoint detection and response) option now and 35% of them plan to use managed services for the implementation, proves the requirement is out there for correct services around these products and solutions. Therefore, Ziften is providing our services understanding that numerous companies lack the scale or know-how to implement and completely use needed tools such as EDR.

Ziften services are as follows:

Ziften Assess Service
Ziften Hunt Service
Ziften Respond Service

While each of the three services cover a special function, the latter 2 are more complementary to each other. Let’s look at each in a little bit more detail to much better comprehend the benefits.

Assess Service

This service covers both IT operational and security teams. To measure your success in proper documents and adherence of processes and policies, you need to start with a good solid base line. The Assess services start by conducting extensive interviews with crucial decision makers to really understand what remains in place. From there, a Ziften Zenith release provides tracking and data collection of essential metrics within customer device networks, data centers and cloud implementations. The reporting covers asset management and efficiency, licensing, vulnerabilities, compliance as well as anomalous habits. The result can cover a range of concerns such as M&An evaluations, pre cloud migration planning and periodic compliance checks.

Hunt Service

This service is a real 24 × 7 managed endpoint detection and response (MDR) offering. Organizations struggle to completely cover this key element to security operations. That could be because of minimal personnel or crucial know-how in risk hunting techniques. Once again, using the Ziften Zenith platform, this service utilizes continuous tracking throughout client devices, servers, cloud VMs supporting Windows, Mac OSX and Linux operating systems. One of the primary outcomes of this service is dramatically minimizing threat dwell times within the environment. This has actually been discussed on a regular basis in the past few years and the numbers are shocking, normally in the order of 100s of days that dangers stay concealed within organizations. You require somebody that can actively search for these enemies and even can historically recall to previous occasions to find habits you were not aware of. This service does offer some hours of dedicated Incident Response too, so you have all your bases covered.

Respond Service

When you are against the ropes and have a real emergency situation, this service is what you require. This is a proven and true IR team all set for battle 24 × 7 with a broad series of response tool sets at hand. You will get instant event evaluation and triage. Advised actions line up with the intensity of the risk and what response actions have to occur. The groups are very flexible and will work remotely or if needed, can be on-site where conditions require. This could be your whole IR team, or will enhance and blend right in with your current group.

At the end of the day, you need services to assist optimize your chances of success in today’s world. Ziften has three great offerings and wants all our clients to feel safeguarded and lined up with the very best functional and security posture offered. Please reach out to us so we can help you. It’s exactly what we love to do!