Archive for the ‘Breaches Of Security’ Category

Chuck Leaver – Your Guide To Patch Validation

Written By Logan Gilbert And Presented By Chuck Leaver

 

Intro

A current report shows nearly twenty thousand brand-new software vulnerabilities were found in 2017 – an all time high. Think about that for a second. That’s approximately fifty five new vulnerabilities daily. That’s a lot for any IT store to handle.

Now there’s good news and bad news. The good news is that patches were offered for eighty six percent of those vulnerabilities on the day of disclosure. The bad news is that most companies continue to deal with patch validation, prioritization and application. And as IT tasks increasingly migrate to the cloud, vulnerability visibility tends to reduce – exacerbating an already tough challenge.

Let’s take a better look at how to manage cloud patch validating effectively.

Initially, a Patch Management Guide

Patch management is the practice of updating software applications with code modifications that resolve vulnerabilities exploitable by cyber assailants. Despite the fact that it’s been around for decades, patch management remains a tough procedure for many IT companies.

Modern businesses have complex IT environments with several integration points between company systems. That means it is challenging for software application developers to account for all unexpected effects, e.g., a piece of code that might close a port, disable critical infrastructure interaction, and even crash its host server.

And focusing on the efficient patching of recognized vulnerabilities is the undeniable ‘big bang for the buck’ play. In 2017, Gartner stated that ninety nine percent of exploits are based upon vulnerabilities that have actually currently been understood to security and IT experts for at least one year.

Cloud Patching Fundamentals

The very first key to shutting down the correct vulnerabilities in your cloud IT infrastructure is being able to see everything. Without being able to see into your cloud systems and applications, you can’t really understand if both those systems and applications are patched where it is most important. The 2nd key is patch validation. Just shooting off a patch is no warranty that it triggered correctly. It may, or might not, have deployed successfully.

How would you be sure of this?

The Ziften Method

Ziften provides the visibility and recognition you require to guarantee your cloud IT environment is safe and safe and secure from the vulnerabilities that matter:

– Detailed capture of discovered OS and application vulnerabilities

– Findings mapped to vulnerability insight references, e.g., OWASP, CIS, CVE, CWE, and OSVDB

– Comprehensive explanations of the implications of findings, business effects, and dangers for each of the recognized exposures

– Vulnerability prioritization based upon asset criticality and threat of attack

– Remediation suggestions to close determined deficiencies

– In-depth actions to follow while reducing reported shortages

– Detection and mitigation of attacks that take advantage of unpatched systems with quarantine treatments

Far too frequently we discover that the data from customer’s patching systems incorrectly report that vulnerabilities are certainly patched. This creates a false sense of security that is inappropriate for security operations and IT operations groups.

Chuck Leaver – Understanding GDPR And Cyber Security Monitoring

Written By Dr Al Hartmann And Presented By Chuck Leaver

 

Robust enterprise cybersecurity naturally includes tracking of network, endpoint, application, database, and user activity to avert, spot, and react to cyber dangers that might breach personal privacy of enterprise staff, partners, providers, or customers. In cyber space, any obstructions to your view end up being totally free fire zones for the legions of attackers seeking to do harm. But tracking also captures event records that might include user “individual data” under the broad European Union GDPR interpretation of that term. Business staff are “natural individuals” and for this reason “data subjects” under the guideline. Wisely stabilizing security and privacy concerns across the business can be challenging – let’s talk about this.

The Requirement for Cybersecurity Tracking

GDPR Chapter 4 governs controller and processor roles under the guideline. While not clearly mandating cyber security monitoring, this can be presumed from its text:

-” … When it comes to a personal data breach, the controller shall without undue delay and, where practical, not more than seventy two hours after having become aware of it, inform the individual data breach to the supervisory authority …” [Art. 33( 1)]

-” … the controller and the processor will implement proper technical and organizational steps to make sure a level of security appropriate to the risk …” [Art. 32( 1)]

-” Each supervisory authority will have [the authority] to perform investigations through data security audits.” [Art. 58( 1)]

One can well reason that to discover a breach one has to monitor, or that to confirm and to scope a breach and provide timely breach notification to the supervisory authority that a person must also monitor, or that to execute appropriate technical steps that one need to monitor, or that to respond to a data security audit that one ought to have an audit path and that audit trails are produced by monitoring. In short, for an enterprise to protect its cyberspace and the personal data therein and verify its compliance, it reasonably needs to monitor that area.

The Enterprise as Data Controller

Under the GDPR it is the controller that “determines the functions and ways of the processing of individual data.” The business decides the functions and scope of tracking, picks the tools for such monitoring, identifies the probe, sensor, and agent releases for the tracking, picks the services or staff which will access and review the monitored data, and chooses the actions to take as a result. In short, the business serves in the controller function. The processor supports the controller by providing processing services on their behalf.

The enterprise also uses the personnel whose individual data may be included in any event records caught by tracking. Individual data is defined rather broadly under GDPR and may consist of login names, system names, network addresses, filepaths that consist of the user profile directory, or any other incidental details that could reasonably be linked to “a natural individual”. Event data will frequently consist of these elements. An event data stream from a specific probe, sensing unit, or agent could then be connected to an individual, and expose elements of that person’s work performance, policy compliance, and even elements of their individual lives (if business devices or networks are not used correctly for personal business). Although not the object of cybersecurity monitoring, prospective personal privacy or profiling concerns may be raised.

Achieving Clarity by means of Fair Processing Notices

As the enterprise employs the staff whose individual data might be captured in the cyber security tracking dragnet, they have the opportunity in employment contracts or in separate disclosures to notify staff of the need and function of cybersecurity tracking and acquire educated approval straight from the data topics. While it might be argued that the legal basis for cybersecurity monitoring does not necessarily require informed consent (per GDPR Art, 6( 1 )), but is a consequence of the data security level the business need to keep to otherwise comply with law, it is far preferable to be open and transparent with personnel. Employment agreements have long included such provisions specifying that staff members consent to have their office communications and devices kept track of, as a condition of work. However the GDPR raises the bar considerably for the specificity and clarity of such approvals, termed Fair Processing Notices, which have to be “freely given, specific, informed and unambiguous”.

Fair Processing Notifications need to plainly set out the identity of the data controller, the kinds of data gathered, the function and legal basis for this collection, the data topic rights, as well as contact info for the data controller and for the supervisory authority having jurisdiction. The notice has to be clear and quickly understood, and not buried in some prolonged legalistic employment contract. While many sample notices can be found with a simple web search, they will need adjustment to fit a cybersecurity monitoring context, where data subject rights may conflict with forensic data retention mandates. For instance, an insider assailant may demand the deletion of all their activity data (to ruin evidence), which would overturn personal privacy regulations into a tool for the obstruction of justice. For other guidance, the extensively utilized NIST Cyber Security Framework addresses this balance in Sec. 3.6 (” Method to Secure Personal Privacy and Civil Liberties”).

Think Worldwide, Act Locally

Given the viral jurisdictional nature of the GDPR, the oppressive charges imposed upon violators, the difficult characteristics of filtering out EEA from non-EEA data subjects, and the most likely spread of comparable guidelines globally – the safe course is to apply stringent personal privacy policies across the board, as Microsoft has done.

In contrast to international application stands local implementation, where the safe course is to put cybersecurity tracking infrastructure in geographical locales, instead of to come to grips with trans border data transfers. Even remotely querying and having sight of personal data may count as such a transfer and argue for pseudonymization (tokenizing individual data fields) or anonymization (editing personal data fields) across non-cooperating jurisdictional boundaries. Only in the last stages of cybersecurity analytics would natural person identification of data subjects become appropriate, and then most likely just be of actionable worth in your area.

Chuck Leaver – Should You Whitelist Or Blacklist?

Written By Roark Pollock And Presented By Chuck Leaver

 

Intro

Similar to any form of security, the world of IT security is one of establishing and imposing a set of allow/disallow guidelines – or more formally titled, security policies. And, simply stated, allow/disallow guidelines can be expressed as a ‘whitelist’ or a ‘blacklist’.

In the distant past, many guidelines were blacklist in nature. The good ‘ole days were when we trusted practically everyone to act well, and when they did this, it would be quite simple to identify bad behavior or anomalies. So, we would just need to compose a couple of blacklist rules. For instance, “don’t enable anybody into the network coming from an IP address in say, Russia”. That was kind of the same thing as your grandparents never locking the doors to your home on the farm, considering that they were aware of everybody within a twenty mile radius.

Then the world altered. Good behavior became an exception, and bad actors/behavior became legion. Naturally, it took place slowly – and in stages – dating to the beginning of the true ‘Internet’ back in the early 1990’s. Remember script kiddies unlawfully accessing public and secure sites, simply to show to their high school pals that they could?

Fast forward to the modern age. Everything is on-line. And if it has value, somebody on the planet is aiming to steal or damage it – constantly. And they have lots of tools at their disposal. In 2017, 250,000 brand-new malware versions were presented – per day. We used to count on desktop and network anti-virus solutions to include brand-new blacklist signatures – every week – to counter the bad guys utilizing harmful code for their bidding. But at over 90 million brand-new malware variations each year, blacklist strategies alone will not cut it.

Network whitelisting technologies have been an essential line of defense for on premises network security – and with a lot of companies rapidly moving their work to the cloud, the same systems will be needed there also.

Let’s take a more detailed look at both approaches.

Blacklisting

A blacklist lines out understood destructive or suspicious “entities” that should not be permitted access, or execution rights, in a network or system. Entities consist of bad software applications (malware) including infections, Trojans, worms, spyware, and keystroke loggers. Entities also consist of any user, application, procedure, IP address, or organization understood to position a threat to a business.

The critical word above is “known”. With 250,000 new variants appearing each day, the number that are out there we have no idea about – at least until much later in time, which could be days, weeks, or perhaps years?

Whitelisting

So, exactly what is whitelisting? Well, as you might have thought, it is the reverse of blacklisting. Whitelisting begins from a point of view that nearly everything is bad. And, if that is true, it ought to be more effective just to specify and allow “excellent entities” into the network. An easy example would be “all employees in the finance department that are director level or higher are enabled to access our financial reporting application on server X.” By extension, everybody else is denied access.

Whitelisting is frequently described as a “zero trust” method – reject all, and allow just select entities access based on a set of ‘excellent’ characteristics related to user and device identity, behavior, location, time, etc

Whitelisting is commonly accepted for high-risk security environments, where strict rules take precedence over user flexibility. It is likewise highly valued in environments where companies are bound by rigorous regulative compliance.

Black, White, or Both?

First, there are not many that would suggest blacklisting is totally aged out. Definitely at the endpoint device level, it remains reasonably simple to install and preserve and rather reliable – especially if it is kept up to date by third party danger intelligence companies. But, in and of itself, is it enough?

Second, depending upon your security background or experience, you’re likely thinking, “Whitelisting could never work for us. Our business applications are just too varied and complicated. The time, effort, and resources required to compile, monitor, and update whitelists at a business level would be untenable.”

Thankfully, this isn’t actually an either-or choice. It’s possible to take a “finest of both worlds” stance – blacklisting for malware and invasion detection, operating alongside whitelisting for system and network access at large.

Ziften and Cloud Whitelisting

The key to whitelisting boils down to ease of execution – specifically for cloud-based work. And ease of execution becomes a function of scope. Think about whitelisting in two ways – application and network. The previous can be a quagmire. The latter is far simpler to execute and maintain – if you have the best visibility within your cloud environment.

This is where Ziften comes in.

With Ziften, it ends up being easy to:

– Identify and establish visibility within all cloud servers and virtual machines

– Gain constant visibility into devices and their port usage activity

– See east-west traffic flows, consisting of comprehensive tracking into protocols in use over particular port sets

– Convert ‘seeing’ what’s taking place into a discernable variety of whitelists, finished off with accurate protocol and port mappings

– Establish near real time notifications on any anomalous or suspicious resource or service activations

Chuck Leaver – Good News About RSA 2018

Written By Logan Gilbert And Presented By Chuck Leaver

 

After investing a couple of days with the Ziften team at the 2018 RSA Conference, my innovation observation was: more of the very same, the typical suspects and the typical buzzwords. Buzz words like – “AI”, “machine learning”, “predictive” were incredibly worn out. Lots of attention paid to avoidance, everybody’s favorite attack vector – email, and everybody’s preferred vulnerability – ransomware.

The only surprise to me was seeing a smattering of NetFlow analysis companies – great deals of smaller companies attempting to make their mark using a very rich, but tough to work with, data set. Really cool stuff! Discover the little cubicles and you’ll discover tons of innovation. Now, in fairness to the larger suppliers I know there are some genuinely cool technologies therein, but RSA barely positions itself to cutting through the buzzwords to actual value.

RSA Buzz

I may have a biased view because Ziften has been partnering with Microsoft for the last six plus months, however Microsoft appeared to play a lot more prominent leading role at RSA this year. Initially, on Monday, Microsoft revealed it’s all new Intelligent Security Association uniting their security collaborations “to concentrate on defending clients in a world of increased dangers”, and more importantly – strengthening that defense through the sharing of security intelligence across this community of partners. Ziften is obviously proud to be a founding member in the Intelligent Security Association.

In addition, on Tuesday, Microsoft revealed a ground breaking collaboration with numerous players in the cybersecurity industry named the “Cybersecurity Tech Accord.” This accord requires a “digital Geneva Convention” that sets standards of habits for the online world just as the Geneva Conventions set rules for the conduct of war in the physical world.

People who Attended the RSA

A real interesting point to me though was the makeup of the exhibition attendees. As I was likewise an exhibitor at RSA, I noted that of my visitors, I saw more “suits” and less t-shirts.

Ok, possibly not suits per se, however more security Supervisors, Directors, VPs, CISOs, and security leaders than I remember seeing at previous events. I was encouraged to see what I believe are business decision makers taking a look at security businesses first hand, as opposed to doling that task to their security group. From this audience I frequently heard the same overtones:

– This is frustrating.
– I can’t tell the difference in between one technology and another.

Those who were Absent from RSA

What I saw less of were “technology trolls”. What, you might ask, are technology trolls? Well, as a vendor and security engineer, these are the guys (constantly guys) that show up five minutes prior to the close of the day and drag you into a technical due-diligence exercise for an hour, or a minimum of up until the happy hour celebrations begin. Their goal – definitely nothing helpful to anyone – and here I’m presuming that the troll in fact works for a company, so nothing useful for the company that actually paid thousands of dollars for their participation. The only thing acquired is the troll’s self affirmation that they are able to “beat down the supplier” with their technical prowess. I’m being severe, however I have actually experienced the trolls from both sides of the fence, both as a vendor, and as a buyer – and back at the office nobody is basing purchasing decisions based on troll recommendations. I can just assume that businesses send tech trolls to RSA and comparable expos due to the fact that they do not desire them in their workplace.

Discussions about Holistic Security

Which brings me back to the type of individuals I did see a great deal of at RSA: security savvy (not just tech savvy) security leaders, who understand the corporate argument and choices behind security technologies. Not just are they influencers however in a lot of cases the business owners of security for their particular companies. Now, aside from the previously mentioned concerns, these security leaders appeared less concentrated on an innovation or specific usage case, but rather an emphasis on a desire for “holistic” security. As we understand, excellent security requires a collection of technologies, practice and policy. Security savvy clients wanted to know how our innovation fitted into their holistic solution, which is a rejuvenating change of dialog. As such, the types of questions I would hear:

– How does your innovation partner with other products I already use?
– More notably: Does your business really buy into that partnership?

That last question is important, basically asking if our partnerships are just fodder for a site, or, if we truly have an acknowledgment with our partner that the whole is greater than the parts.

The latter is exactly what security specialists are searching for and require.

To Conclude

In general, RSA 2018 was terrific from my point of view. After you get past the jargon, much of the buzz centered on things that matter to clients, our industry, and us as people – things like security partner ecosystems that include worth, more holistic security through real partnership and significant integrations, and face to face conversations with company security leaders, not technology trolls.

Chuck Leaver – Guarding Against Cloud Unmanaged Assets

Written By Logan Gilbert And Presented By Chuck Leaver

 

We all relate to the vision of the masked villain hovering over his laptop late in the evening – accessing a business network, stealing important data, disappearing without a trace. We personify the assailant as smart, determined, and crafty. But the reality is the huge bulk of attacks are enabled by easy human negligence or recklessness – making the job of the cyber criminal a simple one. He’s checking all the doors and windows continuously. All it takes is one error on your part and hegets in.

Exactly what do we do? Well, you know the answer. We invest a hefty piece of our IT spending plan on security defense-in-depth layers – created to discover, trick, fool, or outright obstruct the bad guys. Let’s ignore the discussion on whether or not we are winning that war. Because there is a far much easier war underway – the one where the assailant enters into your network, business crucial application, or IP/PPI data through a vector you didn’t even know you had – the unmanaged asset – often described as Shadow IT.

Believe this is not your business? A current study suggests the average business has 841 cloud apps in use. Surprisingly, most IT executives think the variety of cloud apps in use by their company is in the order of thirty to forty – meaning they are off by a factor of 20X. The same report discloses that more than 98% of cloud apps are not GDPR prepared, and 95% of enterprise-class cloud apps are not SOC 2 compliant.

Defining Unmanaged Assets/Shadow IT

Shadow IT is specified as any SaaS application used – by staff members, departments, or whole organization groups – without the comprehension or approval of the business’s IT department. In addition, the development of ‘everything as a service’ has made it even easier for workers to gain access to whatever software application they feel is required to make them more productive.

The Effect

Well-intentioned employees generally don’t understand they’re breaking corporate guidelines by activating a brand-new server instance, or downloading unauthorized apps or software application offerings. But, it happens. When it does, three problems can occur:

1. Business requirements within an organization are compromised considering that unauthorized software suggests each computer has different abilities.

2. Rogue software applications frequently includes security defects, putting the whole network at risk and making it much more hard for IT to handle security dangers.

3. Asset blind spots not just drive up security and compliance threats, they can increase legal dangers. Info retention policies designed to restrict legal liability are being compromised with info contained on unapproved cloud assets.

Three Essential Considerations for Attending To Unmanaged Asset Dangers

1. First, deploy tools that can offer thorough visibility into all cloud assets- managed and unmanaged. Know what brand-new virtual machines have actually been activated this week, in addition to exactly what other devices and applications with which each VM instance is interacting.

2. Second, make certain your tooling can offer continuous inventory of licensed and unauthorized virtual devices running in the cloud. Ensure you can see all IP connections made to each asset.

3. Third, for compliance and/or forensic analysis functions try to find a service that supplies a capture of any and all assets (physical and virtual) that have actually ever been on the network – not just a solution that is limited to active assets – and within a brief look back window.

Unmanaged Asset Discovery with Ziften

Ziften makes it simple to rapidly find cloud assets that have actually been commissioned beyond IT’s purview. And we do it continually and with deep historic recall at your fingertips – including when each device initially linked to the network, when it last appeared, and how typically it reconnects. And if a virtual device is decommissioned, no problem, we still have all its historical behavior data.

Identify and secure hidden attack vectors stemming from shadow IT – before a disaster. Know what’s going on in your cloud environment.

Chuck Leaver – The Improved Ziften Channel Program

Written By Greg McCreight And Presented By Chuck Leaver

 

If you are a reseller, integrator, distributor, managed service provider – the brand-new Ziften Activate Partner Program is here, it’s ready to go, and will be terrific for your profitability (and for reducing your customers’ stress and anxiety about cybersecurity).

Ziften is 100 percent dedicated to the channel, and as we grow and progress in the market, we understand that your success is our success – and also our success is your success. And it shows: 96 percent of our sales in 2017 were through the channel! That’s why we built the new Activate Partner Program to provide you the resources you need to grow your organization with Ziften security services.

We kicked it all off with a very effective, cross-platform Endpoint Detection and Response (EDR) solution, Ziften Zenith. Customers really love it. Innovation Partners really love it. Resellers really love it. The market loves it. And analysts love it.

I have to share this from the conclusion of our broadband testing report, which discusses SysSecOps, or Systems Security Operations – an emerging classification where Ziften is a market leader:

Critical to Ziften’s endpoint technique in this category is total visibility – let’s face it, how can you secure if you cannot see or have no idea what is there in the first place? With its Zenith platform, Ziften has a solution that ticks all the SysSecOps boxes and more …

Overall, Ziften has a really competitive offering in the extremely legitimate, emerging IT category in the form of SysSecOps and one that should be on the examination short-list.

By the way: Microsoft recently partnered with Ziften to produce an integration of Zenith and Microsoft Windows Defender ATP, to permit Microsoft customers to secure Linux and Mac systems with the exact same single pane of glass as they use to secure Windows systems.

Enough about Ziften. Let’s concentrate on you. How you will benefit with the Activate Partner Program.

We have actually assembled a multi-tier partner program that has improved discount rates, more resources, and strong market advancement support. We understand a one-size-fits-all program does not work, not in the market today.

With Activate, we take a hands-on stance to onboarding brand-new partners; making it simple for those for whom security is a relatively small part of your services; and rewarding top-tier partners who have actually committed to Ziften.

Here’s what you get with the Activate Partner Program – and we’ll work with you to make sure that Activate fits your requirements perfectly:

Security for more of your consumer’s environment – endpoints, servers, and the cloud

Visibility and security for your client’s complex, multi-cloud deployments

Simple security tool integrations to provide genuinely custom, differentiated solutions

Hands-on, personalized assistance and life-cycle know-how

Rich financial rewards that encourage your long-term financial investment and reward on-going success

Market advancement support to drive incremental need and list building

First-rate, hands on assistance from our field sales, sales engineers, technical support, and marketing experts

The Activate program combines our effective security services, financial investments, and hands on assistance to help you develop more opportunity and close more deals.

Chuck Leaver – Be Prepared For Migrating Assets To The Cloud

Written By Logan Gilbert And Presented By Chuck Leaver

 

It bears reiterating – the Internet has actually permanently altered the world for individuals and companies alike. When it comes to the latter, every element of modern IT is undergoing digital change. IT departments everywhere are under pressure to make information extremely available and at lower expense – all while protecting critical data from corruption, leakage, or cyber theft.

Central to this strategy is the migration of data centers to the cloud. In fact, nineteen percent of company workloads are anticipated to be in the general public cloud by the end of 2019, and 50% over the next ten years.

Exactly What is Cloud Asset Migration?

Cloud migration is the process of moving data, applications or other service components from a company’s on-premise infrastructure to the cloud or moving them from one cloud service to another.

The diagram shown below illustrates this migration of file-server(s), data, and application(s) from an on premise server infrastructure to a cloud environment.

Cloud service providers make it possible for companies to move some or all IT infrastructure to the cloud for scale, speed, service flexibility, ease of management, and lowered costs. The advantages are absolutely nothing except compelling.

Utilizing Cloud Computing is changing the corporate landscape. With the technological developments, individuals are leaning more towards a virtual workplace meaning that you can work from anywhere and anytime making use of cloud computing.

Cloud Asset Migration Considerations

But, similar to any considerable IT infrastructure change, a relocate to the cloud requires thoughtful planning and execution for the procedure to occur within the budget plan and on time. Moving a server, database, application, or all of the above to the cloud is not without threat. System outages, performance degradation, data loss and more are likely to happen as a result of misconfigurations, system failures, and security exploits.

Case in point: 43% of those who have actually gone through a cloud asset migration have actually experienced a failed or delayed application. Why? Due to the fact that each asset migration is a ‘snowflake’ with its own level of complexity.

Let’s look at three aspects to think about for effective cloud asset migration.

1. Have a Plan

First, there has to be a strategic migration strategy. That plan needs to assist respond to concerns like the following:

Which IT assets should be migrated in the first place?
If you are moving some, or all, of your infrastructure to the cloud, how will you develop and preserve asset control?
How will you inventory what you have – before and after the move?
Do you even have to move all of it?
What comes first?

2. Clean Up Exactly What remains in Place Today

To answer these strategic questions successfully, you’ll require definitive visibility into each asset under roof now, along with appropriate characteristics of each asset. Whether your assets today are running on physical or virtual server infrastructure, you need to understand:

What assets are there now? Discover all the connected assets and comprehend whether they are currently handled and unmanaged.
Recognize low usage and/or unused systems. Should these systems be eliminated or repurposed prior to migration?
Recognize low usage and/or unused applications. Are these applications needed at all? Should they be gotten rid of prior to migration?
Determine and tidy up aspects of duplication, be it systems and/or applications.
Now identify those business-critical systems and applications that will now be migrated as part of your plan. With this detailed asset data in hand, you can sharpen your migration method by segmenting exactly what should – and ought to not be migrated – or at least clearly prioritize based upon business significance.

3. Prepare For Cloud Visibility Post Migration

Now that you’re equipped with thorough, precise existing and historical asset data, how will you preserve this level of visibility after your successful cloud asset migration?

While the expense benefits of moving to the cloud are often incredibly compelling, uncontrolled asset/ virtual machine proliferation can quickly wear down those cost benefits. So, before performing your cloud asset migration, ensure you have a cloud visibility service in place that:

Discovers/ monitors all connected assets throughout your single or multi-cloud environment
Inventories, fingerprints, and categorizes found assets
Alerts on new or unanticipated asset discovery and/or habits within the cloud environment
Incorporates with existing ticketing, workflow, and/or CMDB systems

Cloud Visibility and Security with Ziften

Continuous cloud visibility into each device, user, and application means you can administer all parts of your infrastructure more effectively. You’ll avoid squandering resources by preventing VM expansion, plus you’ll have an in-depth body of data to satisfy audit requirements for NIST 800-53, HIPAA, and other compliance regulations.

Follow the above when you migrate to the cloud, and you’ll stay away from weak security, incomplete compliance, or functional SNAFUs. Ziften’s method to cloud visibility and security offers you the intelligence you need for cloud asset migration without the difficulties.

Chuck Leaver – The Girl Scouts Are Raising The Profile Of Women In Cybersecurity

Written By Kim Foster And Presented By Chuck Leaver

 

It’s clear that cybersecurity is getting more international attention than before, and businesses are rightfully worried if they are training sufficient security specialists to fulfill growing security dangers. While this issue is felt across the commercial world, numerous people did not anticipate Girl Scouts to hear the call.

Beginning this fall, countless Girl Scouts nationwide have the chance to receive cybersecurity badges. Girl Scouts of the U.S.A teamed up with Security Company (and Ziften tech partner) Palo Alto Networks to create a curriculum that informs girls about the essentials of computer system security. In accordance with Sylvia Acevedo, CEO of GSUSA, they developed the program based upon need from the ladies themselves to safeguard themselves, their computers, and their household networks.

The timing is good, given that in accordance with a study launched in 2017 by (ISC), 1.8 million cybersecurity positions will be unfilled by 2022. Combine increased need for security pros with stagnant growth for females – only 11 percent for the past several years – our cybersecurity staffing difficulties are poised to get worse without significant effort on behalf of the industry for better inclusion.

Obviously, we can’t rely on the Girl Scouts to do all of the heavy lifting. Broader educational efforts are a given: according to the Computing Technology Industry Association, 69% of U.S. ladies who do not have a career in infotech pointed out not knowing exactly what chances were readily available to them as the reason they did not pursue one. One of the great untapped chances of our market is the recruitment of more diverse specialists. Targeted educational programs and increased awareness must be high concern. Raytheon’s Ladies Cyber Security Scholarship is a fine example.

To gain the rewards of having women invested in shaping the future of technology, it is very important to dispel the exclusionary understanding of “the boys’ club” and keep in mind the groundbreaking contributions made by females of the past. Numerous folk know that the very first computer system developer was a female – Ada Lovelace. Then there is the work of other well-known leaders such as Grace Hopper, Hedy Lamarr, or Ida Rhodes, all who may stimulate some vague recollection among those in our market. Female mathematicians produced programs for one of the world’s first fully electronic general-purpose computers: Kay McNulty, Jean Jennings Bartik, Betty Snyder, Marlyn Meltzer, Fran Bilas, and Ruth Lichterman were simply a few of the initial developers of the Electronic Numerical Integrator and Computer system (better known as ENIAC), though their important work was not commonly recognized for over half a century. In fact, when historians initially discovered photos of the ladies in the mid-1980s, they misinterpreted them for “Refrigerator Ladies” – models posing in front of the machines.

It’s worth noting that many think the same “boys’ club” mentality that neglected the accomplishments of women in history has led to restricted leadership positions and lower wages for contemporary women in cybersecurity, along with outright exclusion of female stars from speaking chances at market conferences. As trends go, excluding brilliant people with suitable knowledge from affecting the cybersecurity market is an unsustainable one if we wish to stay up to date with the bad guys.

Whether or not we jointly take action to promote more inclusive offices – like informing, hiring, and promoting females in larger numbers – it is heartening to see an organization synonymous with fundraising event cookies successfully alert an entire industry to the fact that girls are really interested in the field. As the Girls Scouts these days are offered the tools to pursue a profession in info security, we must expect that they will become the very ladies who eventually reprogram our expectations of what a cybersecurity professional appears like.

Chuck Leaver – A Mac Is A Security Risk Too

Written By Roark Pollock And Presented By Chuck Leaver

 

Got Macs? Great. I have one too. Have you locked your Macs down? If not, your enterprise has a possibly major security weak point.

It’s a misconception to believe that Macintosh computer systems are inherently protected and don’t need to be protected against malware or hacking. Many believe Macs are certainly arguably more protected than Windows desktops and notebooks, due to the style of the Unix-oriented kernel. Definitely, we see less security patches issued for macOS from Apple, compared to security patches for Windows from Microsoft.

Fewer security defects is not absolutely no problems. And safer doesn’t imply 100% safe.

Some Mac Vulnerability Examples

Take, for example, the macOS 10.13.3 update, released on January 23, 2018, for the current versions of the Mac’s operating system. Like a lot of present computer systems running Intel processors, the Mac was susceptible to the Meltdown flaw, which indicated that harmful applications may be able to check out kernel memory.

Apple needed to patch this defect – as well as numerous others.

For instance, another problem could allow harmful audio files to carry out random code, which might break the system’s security integrity. Apple had to patch it.

A kernel flaw meant that a harmful application may be able to execute random code with kernel opportunities, giving hackers access to anything on the device. Apple needed to patch the kernel.

A defect in the WebKit library indicated that processing maliciously crafted web content may result in arbitrary code execution. Apple had to patch WebKit.

Another defect suggested that processing a malicious text message may result in application denial of service, freezing the system. Whoops. Apple had to patch that flaw also.

Don’t Make The Same Errors as Customers

Numerous consumers, believing all the hype about how wonderful macOS is, opt to run without defense, relying on the macOS and its integrated application firewall program to block all manner of bad code. Bad news: There’s no integrated anti virus or anti malware, and the firewall program can just do so much. And lots of businesses wish to overlook macOS when it comes to visibility for posture tracking and hardening, and hazard detection/ risk hunting.

Consumers frequently make these assumptions because they do not know any better. IT and Security experts ought to never ever make the very same mistakes – we must know much better.

If a Mac user sets up bad software applications, or adds a malicious browser extension, or opens a bad email attachment, or clicks a phishing link or a nasty ad, their machine is corrupted – much like a Windows computer. However within the enterprise, we need to be prepared to handle these issues, even with Mac computers.

What To Do?

What do you need to do?

– Set up anti-virus and anti malware on corporate Mac computers – or any Mac that has access to your organization’s material, servers, or networks.
– Track the state of Macs, much like you would with Windows computers.
– Be proactive in applying patches and fixes to Mac computers, again, much like with Windows.

You must also eliminate Macs from your corporate environment which are old and cannot run the most recent variation of macOS. That’s a lot of them, since Apple is pretty good at keeping old hardware. Here is Apple’s list of Mac models that can run macOS 10.13:

– MacBook (Late 2009 or newer).
– MacBook Pro (Mid 2010 or more recent).
– MacBook Air (Late 2010 or more recent).
– Mac mini (Mid 2010 or newer).
– iMac (Late 2009 or newer).
– Mac Pro (Mid 2010 or newer).

When the next version of macOS comes out, some of your older devices might fall off the list. They ought to fall off your inventory as well.

Ziften’s Perspective.

At Ziften, with our Zenith security platform, we strive to preserve visibility and security feature parity between Windows systems, macOS systems, and Linux-based systems.

In fact, we have actually partnered with Microsoft to incorporate our Zenith security platform with Microsoft Windows Defender Advanced Threat Protection (ATP) for macOS and Linux tracking and threat detection and response coverage. The integration makes it possible for customers to detect, see, investigate, and respond to advanced cyber-attacks on macOS computers (as well as Windows and Linux-based endpoints) straight within the Microsoft WDATP Management Console.

From our perspective, it has actually always been very important to offer your security teams confidence that every desktop/ laptop endpoint is safeguarded – and therefore, the enterprise is protected.

It can be hard to believe, 91% of businesses state they have some Mac computers. If those computers aren’t safeguarded, and also appropriately incorporated into your endpoint security systems, the enterprise is not secured. It’s just that basic.

Chuck Leaver – Why You Must Have Flexibility With SysSecOps

Written by Chuck Leaver

 

You will discover that endpoints are everywhere. The device you read this on is an endpoint, whether it’s a desktop, notebook, tablet, or phone. The HEATING AND COOLING controller for your structure is an endpoint, assuming it’s linked to a network, and the WiFi access points and the security cams too. So is the linked vehicle. So are the Web servers, storage servers, and Active Directory servers in the data center. So are your IaaS/PaaS services in the cloud, where you are in control of bare-metal servers, VMware virtual machines, or containers working on Windows and/or Linux.

All of them are endpoints, and each and every one is very important to manage.

They have to be handled from the IT side (from IT administrators, who ideally have appropriate IT-level visibility of each connected thing like those security cams). That management means making sure they’re connected to the right network zones or VLANs, that their software and setups are up to date, that they’re not creating a flood on the network with bad packets due to electrical faults and so-on.

Those endpoints also need to be handled from the security perspective by CISO teams. Every endpoint is a prospective entrance into the business network, which indicates the devices should be locked down – default passwords never used, all security patches used, no unapproved software set up on the device’s embedded web server. (Kreb’s outlines how, in 2014, hackers got into Target’s network via its HVAC system.).

Systems and Security Operations.

Systems Security Operations, or SysSecOps, brings those two worlds together. With the best kind of SysSecOps frame of mind, and tools that support the correct workflows, IT and security workers get the exact same data and can collaborate together. Sure, they each have various tasks, and react differently to problem signals, however they’re all managing the same endpoints, whether in the pocket, on the desk, in the energy closet, in the data center, or in the cloud.

Ziften Zenith Test Report.

We were thrilled when the just recently released Broadband-Testing report applauded Zenith, Ziften’s flagship endpoint security and management platform, as being perfect for this kind of situation. To quote from the recent report, “With its Zenith platform, Ziften has a solution that ticks all the SysSecOps boxes and more. Because its meaning of ‘endpoints’ extends into the Data Centre (DC) and the world of virtualisation, it holds true blanket protection.”.

Broadband-Testing is an independent testing facility and service based in Andorra. They explain themselves as, “Broadband-Testing communicates with suppliers, media, investment groups and VCs, experts and consultancies alike. Testing covers all elements of networking hardware and software, from ease of use and performance, through to progressively important aspects such as device power intake measurement.”

Back to flexibility. With endpoints all over (once again, on the desk, in the energy closet, in the data center, or in the cloud), a SysSecOps-based endpoint security and management system should go everywhere and do anything, at scale. Broadband-Testing wrote:

“The configuration/deployment options and architecture of Ziften Zenith permit a really flexible implementation, on or off-premise, or hybrid. Agent deployment is simpleness itself with zero user requirements and no endpoint invasion. Agent footprint is also very little, unlike numerous endpoint security services. Scalability also looks to be excellent – the most significant customer implementation to this day remains in excess of 110,000 endpoints.”

We cannot help but be proud of our product Zenith, and exactly what Broadband-Testing concluded:

“The introduction of SysSecOps – integrating systems and security operations – is an uncommon moment in IT; a hype-free, sound judgment approach to refocusing on how systems and security are managed inside a business.

Key to Ziften’s endpoint technique in this category is total visibility – after all, how can you protect what you can’t see or do not know exists in the first place? With its Zenith platform, Ziften has a product that ticks all the SysSecOps boxes and more.

Deployment is simple, specifically in a cloud-based situation as evaluated. Scalability also looks to be excellent – the most significant customer implementation to this day is in excess of 110,000 endpoints.

Data analysis options are comprehensive with a huge quantity of info offered from the Ziften console – a single view of the whole endpoint infrastructure. Any object can be analysed – e.g. Binaries, applications, systems – and, from a procedure, an action can be defined as an automated function, such as quarantining a system in case of a possibly harmful binary being found. Several reports are predefined covering all aspects of analysis. Alerts may be set for any occurrence. Furthermore, Ziften provides the principle of extensions for customized data collection, beyond the reach of a lot of vendors.

And with its External API performance, endpoint data gathered by Ziften can be shared with most third party applications, thus including more worth to a client’s existing security and analytics infrastructure investment.

Overall, Ziften has an extremely competitive offering in what is a really worthwhile and emerging IT classification through SysSecOps that is extremely deserving of evaluation.”.

We hope you’ll think about an assessment of Zenith, and will concur that when it concerns SysSecOps and endpoint security and management, we do tick all the boxes with the true blanket coverage that both your IT and CISO teams have actually been looking for.