Chuck Leaver – Our Services Will Help You

Written By Josh Harriman And Presented By Chuck Leaver

 

Having the right tools to hand is a given in our market. But having the correct tools and services is one thing. Getting the most worth out of them can be a difficulty. Even with all the best objectives and effectively experienced personnel, there can be spaces. Ziften Services can assist to fill those spaces and keep you on track for success.

Ziften Services can enhance, or perhaps outright lead your IT Operations and Security teams to better equip your organization with three great offerings. Every one is customized for a particular need and in light of the stats from a recent report by ESG (Enterprise Strategy Group) entitled “Trends in Endpoint Security Study”, which mentioned 51% of responders in the research study said they will be deploying and using an EDR (endpoint detection and response) option now and 35% of them plan to use managed services for the implementation, proves the requirement is out there for correct services around these products and solutions. Therefore, Ziften is providing our services understanding that numerous companies lack the scale or know-how to implement and completely use needed tools such as EDR.

Ziften services are as follows:

Ziften Assess Service
Ziften Hunt Service
Ziften Respond Service

While each of the three services cover a special function, the latter 2 are more complementary to each other. Let’s look at each in a little bit more detail to much better comprehend the benefits.

Assess Service

This service covers both IT operational and security teams. To measure your success in proper documents and adherence of processes and policies, you need to start with a good solid base line. The Assess services start by conducting extensive interviews with crucial decision makers to really understand what remains in place. From there, a Ziften Zenith release provides tracking and data collection of essential metrics within customer device networks, data centers and cloud implementations. The reporting covers asset management and efficiency, licensing, vulnerabilities, compliance as well as anomalous habits. The result can cover a range of concerns such as M&An evaluations, pre cloud migration planning and periodic compliance checks.

Hunt Service

This service is a real 24 × 7 managed endpoint detection and response (MDR) offering. Organizations struggle to completely cover this key element to security operations. That could be because of minimal personnel or crucial know-how in risk hunting techniques. Once again, using the Ziften Zenith platform, this service utilizes continuous tracking throughout client devices, servers, cloud VMs supporting Windows, Mac OSX and Linux operating systems. One of the primary outcomes of this service is dramatically minimizing threat dwell times within the environment. This has actually been discussed on a regular basis in the past few years and the numbers are shocking, normally in the order of 100s of days that dangers stay concealed within organizations. You require somebody that can actively search for these enemies and even can historically recall to previous occasions to find habits you were not aware of. This service does offer some hours of dedicated Incident Response too, so you have all your bases covered.

Respond Service

When you are against the ropes and have a real emergency situation, this service is what you require. This is a proven and true IR team all set for battle 24 × 7 with a broad series of response tool sets at hand. You will get instant event evaluation and triage. Advised actions line up with the intensity of the risk and what response actions have to occur. The groups are very flexible and will work remotely or if needed, can be on-site where conditions require. This could be your whole IR team, or will enhance and blend right in with your current group.

At the end of the day, you need services to assist optimize your chances of success in today’s world. Ziften has three great offerings and wants all our clients to feel safeguarded and lined up with the very best functional and security posture offered. Please reach out to us so we can help you. It’s exactly what we love to do!

Chuck Leaver – You Must Take Care Of Vulnerability Lifecycle Management

Written By Dr Al Hartmann And Presented By Chuck Leaver

The following heading struck the news recently on September 7, 2017:

Equifax Inc. today revealed a cyber security incident possibly impacting approximately 143 million U.S. customers. Bad guys made use of a U.S. website application vulnerability to gain access to certain files. Based upon the business’s examination, the unauthorized access happened from mid-May through July 2017.

Lessons from Past Debacles

If you like your career, appreciate your role, and wish to keep it, then do not leave the door open to hackers. A major data breach often begins with an unpatched vulnerability that is easily exploitable. And after that the inescapable happens, the hackers are inside your defenses, the crown jewels have actually left the building, the press launches fly, expensive experts and external legal counsel rack up billable hours, regulators come down, suits are flung, and you have “some major ‘splainin’ to do”!

We are unsure if the head splainer in the present Equifax debacle will survive, as he is still in ‘splainin’ mode, asserting the infiltration started with the exploitation of an application vulnerability.

In such cases the normal rhumba line of resignations is – CISO initially, followed by CIO, followed by CEO, followed by the board of directors shakeup (specifically the audit and corporate duty committees). Do not let this occur to your career!

Steps to Take Immediately

There are some common sense steps to take to prevent the unavoidable breach catastrophe resulting from unpatched vulnerabilities:

Take inventory – Stock all system and data assets and map your network topology and connected devices and open ports. Know your network, it’s division, what devices are connected, exactly what those devices are running, what vulnerabilities those systems and apps expose, what data assets they access, the sensitivity of those assets, what defenses are layered around those assets, and what checks remain in place along all possible access paths.

Improve and toughen up – Implement best practices recommendations for identity and access management, network segmentation, firewall and IDS configurations, operating system and application setups, database access controls, and data encryption and tokenization, while simplifying and cutting the number and complexity of subsystems across your enterprise. Anything too intricate to handle is too complex to protect. Select setup solidifying heaven over breach response hell.

Constantly monitor and scrutinize – Periodic audits are needed but inadequate. Continually monitor, track, and evaluate all relevant security events and exposed vulnerabilities – create visibility, event capture, analysis, and archiving of every system and session login, every application launch, every active binary and vulnerability exposure, every script execution, every command issued, every networking contact, every database transaction, and every delicate data access. Any holes in your security event visibility produce an opponent free-fire zone. Develop essential efficiency metrics, monitor them ruthlessly, and drive for ruthless enhancement.

Do not accept functional reasons for inadequate security – There are constantly protected and effective operational policies, however they may not be pain-free. Not suffering a catastrophic data breach is way down the organizational pain scale from the alternative. Operational expedience or operating legacy or misaligned top priorities are not valid excuses for extenuation of poor cyber practices in an intensifying risk environment. Make your voice heard.

Chuck Leaver – Here Is How To Protect Yourself After The Equifax Breach

Written By Michael Levin And Presented By Chuck Leaver

 

Equifax, among the three significant U.S. based credit reporting services just revealed a major data breach where cyber criminals have stolen delicate information from 143 million United States customers.

Ways that the Equifax security infiltration WILL impact you:

– Personal – Your individual and family’s identity info is now at risk and will be targeted!

– Business – Your businesses could be affected and targeted.

– Nationally – Terrorist, Country States and organized crime groups could be involved or utilize this data to commit cybercrime to acquire funds.

Safeguarding yourself is not complicated!

5 recommendations to protect yourself immediately:

– Sign up for a credit monitoring service and/or lock your credit. The quickest way to be informed that your credit is jeopardized is through a credit tracking service. Equifax has currently started the process of setting up complimentary credit monitoring for those impacted. Other credit tracking services are offered and should be thought about.

– Track all your financial accounts including credit cards and all checking accounts. Guarantee that all alerts are switched on. Ensure you are getting instant text and e-mail notices for any modifications in your account or enhanced balances or transactions.

– Secure your bank and monetary accounts, ensure that two level authentication is turned on for all accounts. Find out about two level authentication and turn it on for all monetary accounts.

– Phishing email messages can be your greatest daily risk! Slow down when managing e-mail messages. Stop immediately clicking every email link and attachment you get. Instead of clicking on links and attachments in e-mail messages, go separately to the websites beyond the email message. When you receive an email, you were not expecting from a name you recognize think about getting in touch with the sender separately before you click links or attachments.

– Strong passwords – consider altering all your passwords. Develop strong passwords and protect them. Utilize various passwords for your accounts.

Other Security Considerations:

– Backup all computers and update operating systems and software frequently.

– Social network security – Sharing too much info on social networks increases the risk that you will be preyed on. For example, telling the world, you are on a getaway with images opens the risk your house will be robbed.

– Protect your devices – Don’t leave your laptop, phone or tablet unattended even for a second. Do not leave anything in your automobile you do not want stolen because it’s just a matter of time.

– Internet of things and device management – Understand how all your devices connect to the Internet and what information you are sharing. Inspect security settings for all devices including smart watches and fitness bands.

The worth of training on security awareness:

– This is another crime, where security awareness training can assist to reduce risk. Understanding brand-new criminal activities and rip-offs in the news is an essential part of security awareness training. Making sure that workers, friends and family understand this fraud will greatly minimize the possibility that you will be victimized.

– Sharing new rip-offs and crimes you hear about in the news with others, is very important to ensure that individuals you appreciate do not come down with these kinds of crimes.

Chuck Leaver – Go Extensible Not Generic

Written By Chuck Leaver Ziften CEO

 

Whether you call them extensions, or call them modifications – no matter what you call it, the very best technology platforms can be tailored to fit an organization’s specific service requirements. Generic operations tools are great at carrying out generic operations tasks. Generic security tools are great at attending to generic security difficulties. Generic can only take you so far, though, and that’s where extensibility takes over.

Extensibility comes up frequently when I’m talking to clients and potential clients, and I’m proud that a Global 10 business chose Ziften over everyone else in the marketplace mainly on that basis. For that client, and lots of others, the ability to deeply personalize platforms is a necessity.

This isn’t about merely developing custom reports or customized signals. Let’s be truthful – the ability to create reports are baseline capability of numerous IT operations and security management tools. Real extensibility goes deep into the solution to provide it capabilities that resolve real problems for the company.

One client used great deals of mobile IoT devices, and had to have our Zenith real-time visibility and control system be able to access (and monitor) the memory of those devices. That’s not a basic feature provided by Zenith, due to the fact that our low-footprint agent doesn’t hook into the os kernel or operate through basic device drivers. However, we worked with the client to tailor Zenith with that capability – and it ended up being simpler than anybody thought.

Another client looked at the standard set of endpoint data that the agent collects, and wished to add extra data fields. They also wanted to setup the administrative console with customized actions utilizing those data fields, and press those actions back out to those end points. No other endpoint tracking and security service could provide the facilities for including that functionality aside from Ziften.

What’s more, the customer developed those extensions themselves … and owns the code and IP. It becomes part of their own secret sauce, their own organization differentiator, and unique to their organization. They could not be happier. And neither could we.

With lots of other IT operations and security systems, if clients desire additional functions or capabilities, the only alternative is to send that as a future function request, and hope that it appears in an upcoming version of the product. Till then, regrettable.

That’s not how we developed our flagship solutions, Zenith and ZFlow. Since our end point agent isn’t really based upon device drivers or kernel hooks, we can allow for remarkable extensibility, and open up that extensibility for clients to gain access to directly.

Similarly, with our administrative consoles and back end monitoring systems; anything is customizable. This was built in right from the beginning.

Another area of modification is that our real time and historical visibility database can integrate into your other IT operations and security platforms, including SIEM tools, threat intelligence, IT ticketing system, job orchestration systems, and data analytics. With Zenith and ZFlow, there are no more silos. Ever.

When it comes to endpoint monitoring and management, extensions are significantly where it’s at. IT operations and business security groups need the ability to personalize their tools platforms to fit their exact requirements for monitoring and handling IoT, traditional endpoints, the data center, and the cloud. In many customer discussions, our integrated extensibility has actually caused eyes to light up, and won us trials and deployments. Inform us about your custom requirements, and let’s see what we can do.

Chuck Leaver – Our Endpoint Security Architecture Exposed

Written By Mike Hamilton And Presented By Ziften CEO Chuck Leaver

 

End Point security is all the rage nowadays. And there are great deals of different suppliers out there touting their wares in this market. But it’s sometimes challenging to comprehend what exactly each supplier provides. What’s much more tough is to comprehend how each supplier option is architected to provide their services.

I think that the back-end architecture of whatever you pick can have a profound impact on the future scalability of your application. And it can produce lots of unanticipated work and costs if you’re not mindful.

So, in the spirit of openness, and because we believe our architecture is different, special and powerful, we invite all endpoint security vendors to “reveal to us your architecture”.

I’ll kick this off in the video below where I show you the Ziften architecture, and a number of exactly what I consider legacy architectures for contrast. Specifically, I’ll talk about:

– Ziften’s architecture developed using next-gen cloud concepts.
– One company’s peer-to-peer “mish-mash” architecture.
– Tradition hub-spoke-hub architectures.

I have actually shown you the power of our really cloud based platform. Now it’s my competitor’s turn. Come on folks – reveal to us your architectures!

Chuck Leaver – The Best Way To Manage Security And Risk

Written By Roark Pollock And Presented By Chuck Leaver Ziften CEO

 

Danger management and security management have long been dealt with as separate functions frequently performed by different practical teams within an organization. The recognition of the need for constant visibility and control throughout all assets has actually increased interest in searching for commonalities in between these disciplines and the schedule of a new generation of tools is enabling this effort. This discussion is extremely timely given the continued trouble most business companies experience in attracting and retaining qualified security workers to handle and safeguard IT infrastructure. A marriage of activity can help to better leverage these vital workers, minimize costs, and assist automate response.

Historically, risk management has actually been deemed an offensive mandate, and is normally the field of play for IT operations groups. Sometimes described as “systems management”, IT operations teams actively perform device state posture tracking and policy enforcement, and vulnerability management. The goal is to proactively mitigate possible threats. Activities that enhance risk reduction and that are carried out by IT operations include:

Offending Danger Mitigation – Systems Management

Asset discovery, inventory, and refresh

Software application discovery, usage tracking, and license justification

Mergers and acquisition (M&A) threat assessments

Cloud workload migration, monitoring, and enforcement

Vulnerability assessments and patch installs

Proactive help desk or systems analysis and concern response/ repair

On the other side of the field, security management is deemed a defensive strategy, and is typically the field of play for security operations groups. These security operations groups are typically responsible for hazard detection, incident response, and remediation. The objective is to react to a risk or a breach as rapidly as possible in order to minimize effects to the company. Activities that fall directly under security management which are carried out by security operations consist of:

Defensive Security Management – Detection and Response

Hazard detection and/or risk hunting

User habits monitoring / insider danger detection and/or hunting

Malware analysis and sandboxing

Incident response and risk containment/ removal

Lookback forensic examinations and origin determination

Tracing lateral hazard motions, and further threat elimination

Data exfiltration determination

Successful companies, obviously, have to play both offense AND defense equally well. This need is driving companies to acknowledge that IT operations and security operations have to be as aligned as possible. Therefore, as much as possible, it assists if these 2 groups are playing utilizing the very same playbook, or at least dealing with the same data or single source of fact. This implies both groups must aim to utilize some of the exact same analytic and data collection tools and approaches when it concerns handling and protecting their endpoint systems. And if companies rely on the exact same personnel for both jobs, it definitely assists if those people can pivot between both tasks within the very same tools, leveraging a single data set.

Each of these offending and defensive jobs is crucial to securing a company’s intellectual property, track record, and brand name. In fact, handling and focusing on these tasks is what often keeps CIOs and CISOs up at night. Organizations should acknowledge opportunities to align and combine teams, innovations, and policies as much as possible to guarantee they are focused on the most urgent requirement along the current danger and security management spectrum.

When it pertains to handling endpoint systems, it is clear that organizations are approaching an “all the time” visibility and control design that permits continuous danger evaluations, constant risk monitoring, and even continuous efficiency management.

Therefore, organizations need to try to find these 3 key capabilities when assessing brand-new endpoint security investments:

Solutions that supply “all the time” visibility and control for both IT operations groups and security operations groups.

Solutions that provide a single source of truth that can be utilized both offensively for danger management, and defensively for security detection and response.

Architectures that easily integrate into existing systems management and security tool environments to deliver even higher worth for both IT and security groups.

Chuck Leaver – Our Experiences From Black Hat And Defcon 2017

Written by Michael Vaughn And Presented By Ziften CEO Chuck Leaver

 

Here are my experiences from Black Hat 2017. There is a small addition in approaching this year’s synopsis. It is really in part because of the style of the opening presentation offered by Facebook’s Chief Security Officer, Alex Stamos. Stamos projected the significance of re focusing the security community’s efforts in working much better together and diversifying security services.

“Working much better together” is relatively an oxymoron when taking a look at the mass competitiveness amongst hundreds of security businesses fighting for customers during Black Hat. Based off Stamos’s messaging during the opening presentation this year, I felt it important to include some of my experiences from Defcon as well. Defcon has traditionally been an occasion for learning and includes independent hackers and security professionals. Last week’s Black Hat style concentrated on the social aspect of how companies need to get along and truly help others and each other, which has actually constantly been the overlying message of Defcon.

Individuals checked in from all over the world last week:

Jeff Moss, aka ‘Dark Tangent’, the creator of Black Hat and Defcon, likewise wishes that to be the theme: Where you aim to assist people get understanding and gain from others. Moss wants guests to stay ‘excellent’ and ‘practical’ throughout the conference. That is on par with exactly what Alex Stamos from Facebook conveyed in his keynote about security businesses. Stamos asked that all of us share in the duty of helping those that can not assist themselves. He likewise raised another valid point: Are we doing enough in the security market to truly help individuals as opposed to simply doing it to make money? Can we attain the goal of actually helping people? As such is the juxtaposition of the two occasions. The main distinctions in between Black Hat and Defcon is the more corporate consistency of Black Hat (from supplier hall to the talks) to the true hacker community at Defcon, which showcases the innovative side of what is possible.

The business I work for, Ziften, provides Systems and Security Operations software – giving IT and security teams visibility and control across all end points, on or off a business network. We also have a pretty sweet sock game!

Numerous attendees displayed their Ziften support by decorating prior year Ziften sock designs. Looking good, feeling great!

The concept of joining forces to fight versus the corrupt is something most participants from all over the world welcome, and we are no different. Here at Ziften, we make every effort to really help our clients and the neighborhood with our options. Why provide or count on a service which is limited to only what’s inside package? One that provides a single or handful of specific functions? Our software application is a platform for combination and offers modular, individualistic security and operational solutions. The whole Ziften group takes the imagination from Defcon, and we motivate ourselves to attempt and develop new, customized features and forensic tools in which conventional security companies would shy away from or merely stay consumed by daily tasks.

Delivering all-the-time visibility and control for any asset, anywhere is among Ziften’s primary focuses. Our unified systems and security operations (SysSecOps) platform empowers IT and security operations teams to quickly fix endpoint concerns, reduce overall risk posture, speed hazard response, and enhance operations efficiency. Ziften’s safe and secure architecture provides continuous, streaming end point monitoring and historical data collection for enterprises, federal governments, and managed security providers. And remaining with 2017’s Black Hat theme of collaborating, Ziften’s partner integrations extend the value of incumbent tools and fill the gaps in between siloed systems.

Journalists are not allowed to take pictures of the Defcon crowd, however I am not the press and this was prior to entering a badge required area:P The Defcon hoards and hooligans (Defcon mega-bosses using red shirts) were at a standstill for a solid twenty minutes awaiting preliminary access to the 4 massive Track conference rooms on opening day.

The Voting Machine Hacking Village gained a lot of attention at the event. It was intriguing however absolutely nothing brand-new for veteran guests. I expect it takes something noteworthy to garner attention around specific vulnerabilities.? All vulnerabilities for most of the talks and especially this village have currently been divulged to the appropriate authorities before the event. Let us know if you need aid locking down any of these (looking at you federal government folks).

Increasingly more individual data is becoming available to the general public. For example, Google & Twitter APIs are freely and publicly readily available to query user data metrics. This data is making it easier for hackers to social engineer concentrated attacks on individuals and particularly individuals of power and rank, like judges and executives. This discussion entitled, Dark Data, showed how a simple yet brilliant de-anonymization algorithm and some data allowed these 2 white hats to recognize individuals with extreme accuracy and reveal extremely personal info about them. This need to make you hesitate about what you have set up on your systems and individuals in your office. The majority of the above raw metadata was gathered through a popular browser add-on. The fine tuning accompanied the algothrim and public APIs. Do you know what web browser add-ons are operating in your environment? If the response is no, then Ziften can help.

This discussion was clearly about exploiting Point-of-Sale systems. Although quite amusing, it was a little bit frightening at the quickness at which one of the most commonly used POS systems could be hacked. This specific POS hardware is most commonly used when leaving payment in a taxi. The base os is Linux and although on an ARM architecture and safeguarded by tough firmware, why would a company risk leaving the security of client charge card information entirely in the hands of the hardware supplier? If you look for additional security on your POS systems, then don’t look beyond Ziften. We secure the most frequently utilized enterprise operating systems. If you wish to do the enjoyable thing and install the video game Doom on one, I can send you the slide pack.

This man’s slides were off the charts excellent. Exactly what wasn’t outstanding was how exploitable the MacOS is throughout the installation process of very common applications. Generally each time you set up an application on a Mac, it requires the entry of your intensified opportunities. However what if something were to slightly change code a moment prior to you entering your Administrator qualifications? Well, the majority of the time, most likely something bad. Concerned about your Mac’s running malware wise adequate to identify and alter code on common vulnerable applications prior to you or your user base entering qualifications? If so, we at Ziften Technologies can assist.

We help you by not changing all of your toolset, although we often discover ourselves doing just that. Our objective is to utilize the guidance and present tools that work from numerous suppliers, guarantee they are running and installed, make sure the perscribed hardening is certainly undamaged, and guarantee your operations and security teams work more effectively together to attain a tighter security matrix throughout your environment.

Secret Takeaways from Black Hat & Defcon 2017:

1) Stronger together

– Alex Stamos’s keynote
– Jeff Moss’s message
– Visitors from around the world interacting
– Black Hat should preserve a friendly neighborhood spirit

2) Stronger together with Ziften

– Ziften plays nice with other software application suppliers

3) Popular current vulnerabilities Ziften can help avoid and solve

– Point-of-Sale accessing
– Voting machine tampering
– Escalating MacOS benefits
– Targeted individual attacks

Chuck Leaver – Even Movie Subtitles Can Be A Threat To Your Security

Written By Josh Harriman And Presented By Chuck Leaver Ziften CEO

 

Do you like viewing motion pictures with all the rage apps like Kodi, SmartTV or VLC on your devices? How about requiring or desiring subtitles with those movies and simply getting the current pack from OpenSubtitles. No problem, seems like a great night in the house. Problem is, in accordance with a research study by Check Point, you could be in for a nasty surprise.

For the bad guys to take control of your ‘realm’, they require a vector or some method to gain entry to your system. There are some common methods that takes place these days, such as creative (and not so smart) social engineering techniques. Getting e-mails that appear to come from good friends or co-workers which were spoofed and you opened an attachment, or went to some site and if the stars lined up, you were pwned. Usually the star alignment part is not that difficult, only that you have some vulnerable software running that can be accessed.

Since the technique is getting users to cooperate, the target audience can often be tough to find. But with this latest research posted, many of the significant media players have a special vulnerability when it comes to accessing and deciphering subtitle plans. The 4 primary media players noted in the short article are fixed to date, but as we have actually seen in the past (just look at the current SMB v1 vulnerability problem) even if a fix is readily available, does not indicate that users are updating. The research study has likewise omitted to reveal the technical information around the exploit to permit other suppliers time to patch. That is a good indication and the proper technique I believe scientists must take. Notify the vendor so they can repair the problem in addition to announce it openly so ‘we the people’ are notified and understand exactly what to watch out for.

It’s difficult to stay up to date with the multiple methods you can get infected, but at least we have scientists who tirelessly try and ‘break’ things to find those vulnerabilities. By performing the proper disclosure methods, they help everyone take pleasure in a more secure experience with their devices, and in this scenario, a terrific night in viewing motion pictures.

Chuck Leaver – Now Integrating Advanced Endpoint Products Into Existing Security Architectures Is Possible

Written By Roark Pollock And Presented By Ziften CEO Chuck Leaver

 

Security practitioners are by nature a careful lot. Cautiousness is a quality most folks likely have entering into this market given its mission, however it’s also undoubtedly a characteristic that is learned gradually. Ironically this holds true even when it pertains to adding additional security controls into an existing security architecture. While one might presume that more security is better security, experience teaches us that’s not always the case. There are actually many issues connected with releasing a brand-new security service. One that often shows up near the top of the list is how well a brand-new product integrates with other incumbent products.

Integration concerns can be found in numerous tastes. Most importantly, a new security control shouldn’t break anything. But additionally, brand-new security services need to willingly share risk intelligence and act on hazard intelligence gathered across a company’s entire security infrastructure. To put it simply, the brand-new security tools need to collaborate with the existing ecosystem of tools in place such that “1 + 1 = 3”. The last thing that many IT and security operations teams require is more siloed products/ tools.

At Ziften, this is why we’ve constantly focused on building and providing a completely open visibility architecture. Our company believe that any brand-new systems and security operations tools have to be developed with improved visibility and information sharing as key design requirements. However this isn’t a one-way street. Producing easy integrations requires innovation partnerships with market suppliers. We consider it our duty to deal with other innovation businesses to mutually integrate our products, thus making it easy on customers. Unfortunately, many suppliers still think that integration of security services, specifically brand-new endpoint security services is incredibly difficult. I hear the issue continuously in consumer discussions. But information is now appearing revealing this isn’t necessarily the case.

Current survey work by NSS Labs on “sophisticated endpoint” products, they report that Global 2000 clients based in the United States and Canada have been happily shocked with how well these types of services integrate into their existing security architectures. In accordance with the NSS research study titled “Advanced Endpoint Protection – Market Analysis and Survey Results CY2016”, which NSS subsequently presented in the BrightTalk webinar below, respondents that had actually already deployed advanced endpoint products were a lot more positive concerning their capability to integrate into already established security architectures than were participants that were still in the planning stages of acquiring these products.

Specifically, for participants that have currently released advanced endpoint services: they rank integration with existing security architectures as follows:

● Excellent 5.3 %
● Good 50.0 %
● Average 31.6 %
● Poor 13.2 %
● (Horrible) 0.0 %

Compare that to the more conservative responses from folks still in the planning stage:

● Excellent 0.0 %
● Good 39.3 %
● Average 42.9 %
● Poor 14.3 %
● (Horrible) 3.6 %

These reactions are motivating. Yes, as kept in mind, security folks tend to be pessimists, but in spite of low expectations respondents are reporting positive results when it comes to integration experiences. In fact, Ziften customers generally show the same initial low expectations when we initially talk about integrating Ziften products into their existing environment of products. But in the end, consumers are wowed by how simple it is to share info with Ziften services and their already established infrastructure.

These survey results will hopefully help reduce issues as newer product adopters might check out and depend on peer suggestions before making purchase choices. Early mainstream adopters are clearly having success releasing these products which will ideally help to reduce the natural cautiousness of the real mainstream.

Definitely, there is considerable distinction with services in the space, and companies must continue to carry out proper due diligence in comprehending how and where services integrate into their wider security architectures. But, fortunately is that there are products not just satisfying the needs of customers, however really out performing their initial expectations.

 

Chuck Leaver – Ziften Clients Are Protected From The Flaw In Petya Variant

Written By Josh Harriman And Presented By Chuck Leaver Ziften CEO

 

Another outbreak, another problem for those who were not prepared. While this most current attack is similar to the earlier WannaCry danger, there are some differences in this most current malware which is a variant or new strain just like Petya. Dubbed, NotPetya by some, this strain has a great deal of problems for anybody who experiences it. It may encrypt your data, or make the system entirely unusable. And now the email address that you would be needed to call to ‘maybe’ unencrypt your files, has been removed so you’re out of luck getting your files back.

Plenty of details to the actions of this threat are openly offered, however I wanted to touch on that Ziften consumers are secured from both the EternalBlue threat, which is one mechanism used for its propagation, and even better still, an inoculation based upon a possible defect or its own type of debug check that removes the risk from ever executing on your system. It could still spread out nevertheless in the environment, but our security would already be presented to all existing systems to halt the damage.

Our Ziften extension platform enables our consumers to have protection in place against specific vulnerabilities and harmful actions for this threat and others like Petya. Besides the particular actions taken versus this particular version, we have taken a holistic approach to stop particular strains of malware that perform different ‘checks’ against the system before performing.

We can likewise utilize our Search capability to try to find residues of the other proliferation strategies utilized by this risk. Reports show WMIC and PsExec being utilized. We can search for those programs and their command lines and usage. Although they are legitimate procedures, their usage is normally rare and can be notified.

With WannaCry, and now NotPetya, we expect to see a continued rise of these kinds of attacks. With the release of the recent NSA exploits, it has provided ambitious cyber criminals the tools required to push out their wares. And though ransomware risks can be a high commodity vehicle, more damaging threats could be launched. It has actually constantly been ‘how’ to get the risks to spread (worm-like, or social engineering) which is most tough to them.