Chuck Leaver – Make Your Security Awareness Training Count

Written By Chuck Leaver Ziften CEO


Reliable business cybersecurity assumes that people – your workers – do the best thing. That they don’t turn over their passwords to a caller who declares to be from the IT department doing a “credentials audit.” That they do not wire $10 million to an Indonesian savings account after getting a midnight demand from “the CEO”.

That they don’t install an “immediate update” to Flash Player based on a pop-up on a porn site. That they do not overshare on social media. That they don’t save company information on file-sharing services outside the firewall software. That they don’t link to unsecure WiFi networks. And they don’t click on links in phishing emails.

Our research study reveals that over 75% of security incidents are triggered or helped by employee errors.

Sure, you’ve set up endpoint security, email filters, and anti-malware options. Those precautions will most likely be for nothing, though, if your staff members do the incorrect thing time and again when in a hazardous circumstance. Our cybersecurity efforts are like having a fancy vehicle alarm: If you don’t teach your teenager to lock the vehicle when it’s at the shopping mall, the alarm is worthless.

Security awareness isn’t really enough, obviously. Employees will make errors, and there are some attacks that do not need a worker misstep. That’s why you need endpoint security, email filters, anti-malware, and so on. But let’s discuss reliable security awareness training.

Why Training Often Doesn’t Have an Effect

First – in my experience, a lot of employee training, well, sucks. That’s especially true of training online, which is normally awful. However in most cases, whether live or canned, the training lacks credibility, in part due to the fact that many IT specialists are poor and unconvincing communicators. The training frequently focuses on interacting and enforcing rules – not changing risky behavior and habits. And it resembles getting necessary copy machine training: There’s absolutely nothing in it for the staff members, so they don’t take it on board it.

It’s not about imposing rules. While security awareness training might be “owned” by various departments, such as IT, CISO, or HR, there’s often a lack of knowledge about exactly what a safe awareness program is. First of all, it’s not a checkbox; it has to be continuous. The training must be delivered in various methods and times, with a combination of live training, newsletters, small-group conversations, lunch-and-learns, and yes, even online resources.

Safeguarding yourself is not complicated!

However a huge issue is the lack of goals. If you have no idea what you’re aiming to do, you can’t see if you have actually done a good job in the training – and if risky behaviors really alter.

Here are some sample goals that can cause reliable security awareness training:

Offer staff members with the tools to acknowledge and handle continuous day-to-day security dangers they may receive online and by means of email.

Let workers know they become part of the group, and they cannot just rely on the IT/CISO groups to manage security.

Stop the cycle of “unexpected lack of knowledge” about safe computing practices.

Modify mindsets toward more safe and secure practices: “If you see something, state something”.

Evaluation of business guidelines and procedures, which are described in actionable ways that are relevant to them.

Make it Appropriate

No matter who “owns” the program, it’s necessary that there is visible executive support and management buy-in. If the officers don’t care, the staff members won’t either. Effective training won’t talk about tech buzzwords; instead, it will concentrate on changing habits. Relate cybersecurity awareness to your staff members’ personal life. (And while you’re at it, teach them how to keep themselves, their household, and their home safe. Chances are they do not know and are reluctant to ask).

To make security awareness training really pertinent, obtain employee concepts and motivate feedback. Procedure success – such as, did the number of external links clicked by staff members decrease? How about calls to tech assistance originating from security offenses? Make the training timely and real-world by including current frauds in the news; unfortunately, there are so many to select from.

In other words: Security awareness training isn’t really fun, and it’s not a silver bullet. Nevertheless, it is necessary for making sure that dangerous worker habits don’t weaken your IT/CISO efforts to secure your network, devices, applications, and data. Make sure that you continually train your employees, which the training works.


Chuck Leaver – So Much Energy And Interest At Splunk .conf

Written By Josh Applebaum And Presented By Chuck Leaver



Like a lot of you, we’re still recuperating from Splunk.conf last week. As usual,. conf had terrific energy and the individuals who remained in attendance were enthusiastic about Splunk and the numerous usage cases that it provides through the large app ecosystem.

One important announcement throughout the 7 days worth discussing was a brand-new security offering known as “Content Updates,” which essentially is pre-built Splunk searches for helping to discover security occurrences.

Generally, it has a look at the latest attacks, and the Splunk security team produces new searches for how they would hunt through Splunk ES data to find these kinds of attacks, and then ships those brand-new searches down to client’s Splunk ES environments for automated notifications when seen.

The best part? Since these updates are using primarily CIM (Common Info Model) data, and Ziften populates a lot of the CIM models, Ziften’s data is currently being matched against the brand-new Content Updates Splunk has produced.

A fast demonstration revealed which suppliers are contributing to each type of “detection” and Ziften was discussed in a great deal of them.

For instance, we have a current post that shares how Ziften’s data in Splunk is used to spot and react to WannaCry.

Overall, with the roughly 500 people who visited the cubicle over the course of.conf I need to say it was one of the very best occasions we have actually carried out in terms of quality discussions and interest. We had nothing but positive evaluations from our extensive discussions with all walks of corporate life – from highly technical experts in the public sector to CISOs in the monetary sector.

The most typical conversation normally began with, “We are just starting to roll out Splunk and are new to the platform.” I like those, given that individuals can get our Apps totally free and we can get them an agent to try and it gets them something to use right out of the box to demonstrate value right away. Other folks were very skilled and truly liked our technique and architecture.

Bottom line: Individuals are genuinely delighted about Splunk and real options are offered to help people with genuine problems!

Curious? The Ziften ZFlow App and Technology Add-on assists users of Splunk and Splunk ES usage Ziften-generated prolonged NetFlow from end points, servers, and cloud VMs to see exactly what they are missing out on at the perimeters of their network, their data centers, and in their cloud implementations.

Chuck Leaver – Our Services Will Help You

Written By Josh Harriman And Presented By Chuck Leaver


Having the right tools to hand is a given in our market. But having the correct tools and services is one thing. Getting the most worth out of them can be a difficulty. Even with all the best objectives and effectively experienced personnel, there can be spaces. Ziften Services can assist to fill those spaces and keep you on track for success.

Ziften Services can enhance, or perhaps outright lead your IT Operations and Security teams to better equip your organization with three great offerings. Every one is customized for a particular need and in light of the stats from a recent report by ESG (Enterprise Strategy Group) entitled “Trends in Endpoint Security Study”, which mentioned 51% of responders in the research study said they will be deploying and using an EDR (endpoint detection and response) option now and 35% of them plan to use managed services for the implementation, proves the requirement is out there for correct services around these products and solutions. Therefore, Ziften is providing our services understanding that numerous companies lack the scale or know-how to implement and completely use needed tools such as EDR.

Ziften services are as follows:

Ziften Assess Service
Ziften Hunt Service
Ziften Respond Service

While each of the three services cover a special function, the latter 2 are more complementary to each other. Let’s look at each in a little bit more detail to much better comprehend the benefits.

Assess Service

This service covers both IT operational and security teams. To measure your success in proper documents and adherence of processes and policies, you need to start with a good solid base line. The Assess services start by conducting extensive interviews with crucial decision makers to really understand what remains in place. From there, a Ziften Zenith release provides tracking and data collection of essential metrics within customer device networks, data centers and cloud implementations. The reporting covers asset management and efficiency, licensing, vulnerabilities, compliance as well as anomalous habits. The result can cover a range of concerns such as M&An evaluations, pre cloud migration planning and periodic compliance checks.

Hunt Service

This service is a real 24 × 7 managed endpoint detection and response (MDR) offering. Organizations struggle to completely cover this key element to security operations. That could be because of minimal personnel or crucial know-how in risk hunting techniques. Once again, using the Ziften Zenith platform, this service utilizes continuous tracking throughout client devices, servers, cloud VMs supporting Windows, Mac OSX and Linux operating systems. One of the primary outcomes of this service is dramatically minimizing threat dwell times within the environment. This has actually been discussed on a regular basis in the past few years and the numbers are shocking, normally in the order of 100s of days that dangers stay concealed within organizations. You require somebody that can actively search for these enemies and even can historically recall to previous occasions to find habits you were not aware of. This service does offer some hours of dedicated Incident Response too, so you have all your bases covered.

Respond Service

When you are against the ropes and have a real emergency situation, this service is what you require. This is a proven and true IR team all set for battle 24 × 7 with a broad series of response tool sets at hand. You will get instant event evaluation and triage. Advised actions line up with the intensity of the risk and what response actions have to occur. The groups are very flexible and will work remotely or if needed, can be on-site where conditions require. This could be your whole IR team, or will enhance and blend right in with your current group.

At the end of the day, you need services to assist optimize your chances of success in today’s world. Ziften has three great offerings and wants all our clients to feel safeguarded and lined up with the very best functional and security posture offered. Please reach out to us so we can help you. It’s exactly what we love to do!

Chuck Leaver – You Must Take Care Of Vulnerability Lifecycle Management

Written By Dr Al Hartmann And Presented By Chuck Leaver

The following heading struck the news recently on September 7, 2017:

Equifax Inc. today revealed a cyber security incident possibly impacting approximately 143 million U.S. customers. Bad guys made use of a U.S. website application vulnerability to gain access to certain files. Based upon the business’s examination, the unauthorized access happened from mid-May through July 2017.

Lessons from Past Debacles

If you like your career, appreciate your role, and wish to keep it, then do not leave the door open to hackers. A major data breach often begins with an unpatched vulnerability that is easily exploitable. And after that the inescapable happens, the hackers are inside your defenses, the crown jewels have actually left the building, the press launches fly, expensive experts and external legal counsel rack up billable hours, regulators come down, suits are flung, and you have “some major ‘splainin’ to do”!

We are unsure if the head splainer in the present Equifax debacle will survive, as he is still in ‘splainin’ mode, asserting the infiltration started with the exploitation of an application vulnerability.

In such cases the normal rhumba line of resignations is – CISO initially, followed by CIO, followed by CEO, followed by the board of directors shakeup (specifically the audit and corporate duty committees). Do not let this occur to your career!

Steps to Take Immediately

There are some common sense steps to take to prevent the unavoidable breach catastrophe resulting from unpatched vulnerabilities:

Take inventory – Stock all system and data assets and map your network topology and connected devices and open ports. Know your network, it’s division, what devices are connected, exactly what those devices are running, what vulnerabilities those systems and apps expose, what data assets they access, the sensitivity of those assets, what defenses are layered around those assets, and what checks remain in place along all possible access paths.

Improve and toughen up – Implement best practices recommendations for identity and access management, network segmentation, firewall and IDS configurations, operating system and application setups, database access controls, and data encryption and tokenization, while simplifying and cutting the number and complexity of subsystems across your enterprise. Anything too intricate to handle is too complex to protect. Select setup solidifying heaven over breach response hell.

Constantly monitor and scrutinize – Periodic audits are needed but inadequate. Continually monitor, track, and evaluate all relevant security events and exposed vulnerabilities – create visibility, event capture, analysis, and archiving of every system and session login, every application launch, every active binary and vulnerability exposure, every script execution, every command issued, every networking contact, every database transaction, and every delicate data access. Any holes in your security event visibility produce an opponent free-fire zone. Develop essential efficiency metrics, monitor them ruthlessly, and drive for ruthless enhancement.

Do not accept functional reasons for inadequate security – There are constantly protected and effective operational policies, however they may not be pain-free. Not suffering a catastrophic data breach is way down the organizational pain scale from the alternative. Operational expedience or operating legacy or misaligned top priorities are not valid excuses for extenuation of poor cyber practices in an intensifying risk environment. Make your voice heard.

Chuck Leaver – Here Is How To Protect Yourself After The Equifax Breach

Written By Michael Levin And Presented By Chuck Leaver


Equifax, among the three significant U.S. based credit reporting services just revealed a major data breach where cyber criminals have stolen delicate information from 143 million United States customers.

Ways that the Equifax security infiltration WILL impact you:

– Personal – Your individual and family’s identity info is now at risk and will be targeted!

– Business – Your businesses could be affected and targeted.

– Nationally – Terrorist, Country States and organized crime groups could be involved or utilize this data to commit cybercrime to acquire funds.

Safeguarding yourself is not complicated!

5 recommendations to protect yourself immediately:

– Sign up for a credit monitoring service and/or lock your credit. The quickest way to be informed that your credit is jeopardized is through a credit tracking service. Equifax has currently started the process of setting up complimentary credit monitoring for those impacted. Other credit tracking services are offered and should be thought about.

– Track all your financial accounts including credit cards and all checking accounts. Guarantee that all alerts are switched on. Ensure you are getting instant text and e-mail notices for any modifications in your account or enhanced balances or transactions.

– Secure your bank and monetary accounts, ensure that two level authentication is turned on for all accounts. Find out about two level authentication and turn it on for all monetary accounts.

– Phishing email messages can be your greatest daily risk! Slow down when managing e-mail messages. Stop immediately clicking every email link and attachment you get. Instead of clicking on links and attachments in e-mail messages, go separately to the websites beyond the email message. When you receive an email, you were not expecting from a name you recognize think about getting in touch with the sender separately before you click links or attachments.

– Strong passwords – consider altering all your passwords. Develop strong passwords and protect them. Utilize various passwords for your accounts.

Other Security Considerations:

– Backup all computers and update operating systems and software frequently.

– Social network security – Sharing too much info on social networks increases the risk that you will be preyed on. For example, telling the world, you are on a getaway with images opens the risk your house will be robbed.

– Protect your devices – Don’t leave your laptop, phone or tablet unattended even for a second. Do not leave anything in your automobile you do not want stolen because it’s just a matter of time.

– Internet of things and device management – Understand how all your devices connect to the Internet and what information you are sharing. Inspect security settings for all devices including smart watches and fitness bands.

The worth of training on security awareness:

– This is another crime, where security awareness training can assist to reduce risk. Understanding brand-new criminal activities and rip-offs in the news is an essential part of security awareness training. Making sure that workers, friends and family understand this fraud will greatly minimize the possibility that you will be victimized.

– Sharing new rip-offs and crimes you hear about in the news with others, is very important to ensure that individuals you appreciate do not come down with these kinds of crimes.

Chuck Leaver – Go Extensible Not Generic

Written By Chuck Leaver Ziften CEO


Whether you call them extensions, or call them modifications – no matter what you call it, the very best technology platforms can be tailored to fit an organization’s specific service requirements. Generic operations tools are great at carrying out generic operations tasks. Generic security tools are great at attending to generic security difficulties. Generic can only take you so far, though, and that’s where extensibility takes over.

Extensibility comes up frequently when I’m talking to clients and potential clients, and I’m proud that a Global 10 business chose Ziften over everyone else in the marketplace mainly on that basis. For that client, and lots of others, the ability to deeply personalize platforms is a necessity.

This isn’t about merely developing custom reports or customized signals. Let’s be truthful – the ability to create reports are baseline capability of numerous IT operations and security management tools. Real extensibility goes deep into the solution to provide it capabilities that resolve real problems for the company.

One client used great deals of mobile IoT devices, and had to have our Zenith real-time visibility and control system be able to access (and monitor) the memory of those devices. That’s not a basic feature provided by Zenith, due to the fact that our low-footprint agent doesn’t hook into the os kernel or operate through basic device drivers. However, we worked with the client to tailor Zenith with that capability – and it ended up being simpler than anybody thought.

Another client looked at the standard set of endpoint data that the agent collects, and wished to add extra data fields. They also wanted to setup the administrative console with customized actions utilizing those data fields, and press those actions back out to those end points. No other endpoint tracking and security service could provide the facilities for including that functionality aside from Ziften.

What’s more, the customer developed those extensions themselves … and owns the code and IP. It becomes part of their own secret sauce, their own organization differentiator, and unique to their organization. They could not be happier. And neither could we.

With lots of other IT operations and security systems, if clients desire additional functions or capabilities, the only alternative is to send that as a future function request, and hope that it appears in an upcoming version of the product. Till then, regrettable.

That’s not how we developed our flagship solutions, Zenith and ZFlow. Since our end point agent isn’t really based upon device drivers or kernel hooks, we can allow for remarkable extensibility, and open up that extensibility for clients to gain access to directly.

Similarly, with our administrative consoles and back end monitoring systems; anything is customizable. This was built in right from the beginning.

Another area of modification is that our real time and historical visibility database can integrate into your other IT operations and security platforms, including SIEM tools, threat intelligence, IT ticketing system, job orchestration systems, and data analytics. With Zenith and ZFlow, there are no more silos. Ever.

When it comes to endpoint monitoring and management, extensions are significantly where it’s at. IT operations and business security groups need the ability to personalize their tools platforms to fit their exact requirements for monitoring and handling IoT, traditional endpoints, the data center, and the cloud. In many customer discussions, our integrated extensibility has actually caused eyes to light up, and won us trials and deployments. Inform us about your custom requirements, and let’s see what we can do.

Chuck Leaver – Our Endpoint Security Architecture Exposed

Written By Mike Hamilton And Presented By Ziften CEO Chuck Leaver


End Point security is all the rage nowadays. And there are great deals of different suppliers out there touting their wares in this market. But it’s sometimes challenging to comprehend what exactly each supplier provides. What’s much more tough is to comprehend how each supplier option is architected to provide their services.

I think that the back-end architecture of whatever you pick can have a profound impact on the future scalability of your application. And it can produce lots of unanticipated work and costs if you’re not mindful.

So, in the spirit of openness, and because we believe our architecture is different, special and powerful, we invite all endpoint security vendors to “reveal to us your architecture”.

I’ll kick this off in the video below where I show you the Ziften architecture, and a number of exactly what I consider legacy architectures for contrast. Specifically, I’ll talk about:

– Ziften’s architecture developed using next-gen cloud concepts.
– One company’s peer-to-peer “mish-mash” architecture.
– Tradition hub-spoke-hub architectures.

I have actually shown you the power of our really cloud based platform. Now it’s my competitor’s turn. Come on folks – reveal to us your architectures!

Chuck Leaver – The Best Way To Manage Security And Risk

Written By Roark Pollock And Presented By Chuck Leaver Ziften CEO


Danger management and security management have long been dealt with as separate functions frequently performed by different practical teams within an organization. The recognition of the need for constant visibility and control throughout all assets has actually increased interest in searching for commonalities in between these disciplines and the schedule of a new generation of tools is enabling this effort. This discussion is extremely timely given the continued trouble most business companies experience in attracting and retaining qualified security workers to handle and safeguard IT infrastructure. A marriage of activity can help to better leverage these vital workers, minimize costs, and assist automate response.

Historically, risk management has actually been deemed an offensive mandate, and is normally the field of play for IT operations groups. Sometimes described as “systems management”, IT operations teams actively perform device state posture tracking and policy enforcement, and vulnerability management. The goal is to proactively mitigate possible threats. Activities that enhance risk reduction and that are carried out by IT operations include:

Offending Danger Mitigation – Systems Management

Asset discovery, inventory, and refresh

Software application discovery, usage tracking, and license justification

Mergers and acquisition (M&A) threat assessments

Cloud workload migration, monitoring, and enforcement

Vulnerability assessments and patch installs

Proactive help desk or systems analysis and concern response/ repair

On the other side of the field, security management is deemed a defensive strategy, and is typically the field of play for security operations groups. These security operations groups are typically responsible for hazard detection, incident response, and remediation. The objective is to react to a risk or a breach as rapidly as possible in order to minimize effects to the company. Activities that fall directly under security management which are carried out by security operations consist of:

Defensive Security Management – Detection and Response

Hazard detection and/or risk hunting

User habits monitoring / insider danger detection and/or hunting

Malware analysis and sandboxing

Incident response and risk containment/ removal

Lookback forensic examinations and origin determination

Tracing lateral hazard motions, and further threat elimination

Data exfiltration determination

Successful companies, obviously, have to play both offense AND defense equally well. This need is driving companies to acknowledge that IT operations and security operations have to be as aligned as possible. Therefore, as much as possible, it assists if these 2 groups are playing utilizing the very same playbook, or at least dealing with the same data or single source of fact. This implies both groups must aim to utilize some of the exact same analytic and data collection tools and approaches when it concerns handling and protecting their endpoint systems. And if companies rely on the exact same personnel for both jobs, it definitely assists if those people can pivot between both tasks within the very same tools, leveraging a single data set.

Each of these offending and defensive jobs is crucial to securing a company’s intellectual property, track record, and brand name. In fact, handling and focusing on these tasks is what often keeps CIOs and CISOs up at night. Organizations should acknowledge opportunities to align and combine teams, innovations, and policies as much as possible to guarantee they are focused on the most urgent requirement along the current danger and security management spectrum.

When it pertains to handling endpoint systems, it is clear that organizations are approaching an “all the time” visibility and control design that permits continuous danger evaluations, constant risk monitoring, and even continuous efficiency management.

Therefore, organizations need to try to find these 3 key capabilities when assessing brand-new endpoint security investments:

Solutions that supply “all the time” visibility and control for both IT operations groups and security operations groups.

Solutions that provide a single source of truth that can be utilized both offensively for danger management, and defensively for security detection and response.

Architectures that easily integrate into existing systems management and security tool environments to deliver even higher worth for both IT and security groups.

Chuck Leaver – Our Experiences From Black Hat And Defcon 2017

Written by Michael Vaughn And Presented By Ziften CEO Chuck Leaver


Here are my experiences from Black Hat 2017. There is a small addition in approaching this year’s synopsis. It is really in part because of the style of the opening presentation offered by Facebook’s Chief Security Officer, Alex Stamos. Stamos projected the significance of re focusing the security community’s efforts in working much better together and diversifying security services.

“Working much better together” is relatively an oxymoron when taking a look at the mass competitiveness amongst hundreds of security businesses fighting for customers during Black Hat. Based off Stamos’s messaging during the opening presentation this year, I felt it important to include some of my experiences from Defcon as well. Defcon has traditionally been an occasion for learning and includes independent hackers and security professionals. Last week’s Black Hat style concentrated on the social aspect of how companies need to get along and truly help others and each other, which has actually constantly been the overlying message of Defcon.

Individuals checked in from all over the world last week:

Jeff Moss, aka ‘Dark Tangent’, the creator of Black Hat and Defcon, likewise wishes that to be the theme: Where you aim to assist people get understanding and gain from others. Moss wants guests to stay ‘excellent’ and ‘practical’ throughout the conference. That is on par with exactly what Alex Stamos from Facebook conveyed in his keynote about security businesses. Stamos asked that all of us share in the duty of helping those that can not assist themselves. He likewise raised another valid point: Are we doing enough in the security market to truly help individuals as opposed to simply doing it to make money? Can we attain the goal of actually helping people? As such is the juxtaposition of the two occasions. The main distinctions in between Black Hat and Defcon is the more corporate consistency of Black Hat (from supplier hall to the talks) to the true hacker community at Defcon, which showcases the innovative side of what is possible.

The business I work for, Ziften, provides Systems and Security Operations software – giving IT and security teams visibility and control across all end points, on or off a business network. We also have a pretty sweet sock game!

Numerous attendees displayed their Ziften support by decorating prior year Ziften sock designs. Looking good, feeling great!

The concept of joining forces to fight versus the corrupt is something most participants from all over the world welcome, and we are no different. Here at Ziften, we make every effort to really help our clients and the neighborhood with our options. Why provide or count on a service which is limited to only what’s inside package? One that provides a single or handful of specific functions? Our software application is a platform for combination and offers modular, individualistic security and operational solutions. The whole Ziften group takes the imagination from Defcon, and we motivate ourselves to attempt and develop new, customized features and forensic tools in which conventional security companies would shy away from or merely stay consumed by daily tasks.

Delivering all-the-time visibility and control for any asset, anywhere is among Ziften’s primary focuses. Our unified systems and security operations (SysSecOps) platform empowers IT and security operations teams to quickly fix endpoint concerns, reduce overall risk posture, speed hazard response, and enhance operations efficiency. Ziften’s safe and secure architecture provides continuous, streaming end point monitoring and historical data collection for enterprises, federal governments, and managed security providers. And remaining with 2017’s Black Hat theme of collaborating, Ziften’s partner integrations extend the value of incumbent tools and fill the gaps in between siloed systems.

Journalists are not allowed to take pictures of the Defcon crowd, however I am not the press and this was prior to entering a badge required area:P The Defcon hoards and hooligans (Defcon mega-bosses using red shirts) were at a standstill for a solid twenty minutes awaiting preliminary access to the 4 massive Track conference rooms on opening day.

The Voting Machine Hacking Village gained a lot of attention at the event. It was intriguing however absolutely nothing brand-new for veteran guests. I expect it takes something noteworthy to garner attention around specific vulnerabilities.? All vulnerabilities for most of the talks and especially this village have currently been divulged to the appropriate authorities before the event. Let us know if you need aid locking down any of these (looking at you federal government folks).

Increasingly more individual data is becoming available to the general public. For example, Google & Twitter APIs are freely and publicly readily available to query user data metrics. This data is making it easier for hackers to social engineer concentrated attacks on individuals and particularly individuals of power and rank, like judges and executives. This discussion entitled, Dark Data, showed how a simple yet brilliant de-anonymization algorithm and some data allowed these 2 white hats to recognize individuals with extreme accuracy and reveal extremely personal info about them. This need to make you hesitate about what you have set up on your systems and individuals in your office. The majority of the above raw metadata was gathered through a popular browser add-on. The fine tuning accompanied the algothrim and public APIs. Do you know what web browser add-ons are operating in your environment? If the response is no, then Ziften can help.

This discussion was clearly about exploiting Point-of-Sale systems. Although quite amusing, it was a little bit frightening at the quickness at which one of the most commonly used POS systems could be hacked. This specific POS hardware is most commonly used when leaving payment in a taxi. The base os is Linux and although on an ARM architecture and safeguarded by tough firmware, why would a company risk leaving the security of client charge card information entirely in the hands of the hardware supplier? If you look for additional security on your POS systems, then don’t look beyond Ziften. We secure the most frequently utilized enterprise operating systems. If you wish to do the enjoyable thing and install the video game Doom on one, I can send you the slide pack.

This man’s slides were off the charts excellent. Exactly what wasn’t outstanding was how exploitable the MacOS is throughout the installation process of very common applications. Generally each time you set up an application on a Mac, it requires the entry of your intensified opportunities. However what if something were to slightly change code a moment prior to you entering your Administrator qualifications? Well, the majority of the time, most likely something bad. Concerned about your Mac’s running malware wise adequate to identify and alter code on common vulnerable applications prior to you or your user base entering qualifications? If so, we at Ziften Technologies can assist.

We help you by not changing all of your toolset, although we often discover ourselves doing just that. Our objective is to utilize the guidance and present tools that work from numerous suppliers, guarantee they are running and installed, make sure the perscribed hardening is certainly undamaged, and guarantee your operations and security teams work more effectively together to attain a tighter security matrix throughout your environment.

Secret Takeaways from Black Hat & Defcon 2017:

1) Stronger together

– Alex Stamos’s keynote
– Jeff Moss’s message
– Visitors from around the world interacting
– Black Hat should preserve a friendly neighborhood spirit

2) Stronger together with Ziften

– Ziften plays nice with other software application suppliers

3) Popular current vulnerabilities Ziften can help avoid and solve

– Point-of-Sale accessing
– Voting machine tampering
– Escalating MacOS benefits
– Targeted individual attacks

Chuck Leaver – Even Movie Subtitles Can Be A Threat To Your Security

Written By Josh Harriman And Presented By Chuck Leaver Ziften CEO


Do you like viewing motion pictures with all the rage apps like Kodi, SmartTV or VLC on your devices? How about requiring or desiring subtitles with those movies and simply getting the current pack from OpenSubtitles. No problem, seems like a great night in the house. Problem is, in accordance with a research study by Check Point, you could be in for a nasty surprise.

For the bad guys to take control of your ‘realm’, they require a vector or some method to gain entry to your system. There are some common methods that takes place these days, such as creative (and not so smart) social engineering techniques. Getting e-mails that appear to come from good friends or co-workers which were spoofed and you opened an attachment, or went to some site and if the stars lined up, you were pwned. Usually the star alignment part is not that difficult, only that you have some vulnerable software running that can be accessed.

Since the technique is getting users to cooperate, the target audience can often be tough to find. But with this latest research posted, many of the significant media players have a special vulnerability when it comes to accessing and deciphering subtitle plans. The 4 primary media players noted in the short article are fixed to date, but as we have actually seen in the past (just look at the current SMB v1 vulnerability problem) even if a fix is readily available, does not indicate that users are updating. The research study has likewise omitted to reveal the technical information around the exploit to permit other suppliers time to patch. That is a good indication and the proper technique I believe scientists must take. Notify the vendor so they can repair the problem in addition to announce it openly so ‘we the people’ are notified and understand exactly what to watch out for.

It’s difficult to stay up to date with the multiple methods you can get infected, but at least we have scientists who tirelessly try and ‘break’ things to find those vulnerabilities. By performing the proper disclosure methods, they help everyone take pleasure in a more secure experience with their devices, and in this scenario, a terrific night in viewing motion pictures.