Monthly Archives: April 2015

Charles Leaver – Lessons Learned From The Target Cyber Attack. Slow Recovery And Financial Losses

By Charles Leaver CEO Ziften


After Target was breached it took several months for the business to recover and be offered a clean bill of health.

Continuous Recovery Effort And Reports Of Financial Loss

It was a significant story when Target struggled with its data breach. Like all significant news releases it faded into the background as far as being covered nationally, however as far as the company is concerned it was still a significant top priority. The store lowered its revenue forecasts for 2014 once again, which implies that the business had actually underestimated the impact of the malicious attack that they were exposed to, according CNN Money.

The decrease in earnings was actually significant and the company wound up declaring 62% less profits. In addition to this they needed to pay $111 million as a direct result of the breach in the second fiscal quarter and all of this adds up to a business that was at one time robust now looking a shadow of its previous self because of a cyber attack.

As the fallout continued, the scale of the cyber attack began to emerge. Data for around 110 million people was jeopardized, and taken credit card data was experienced by 40 million of those people. As news got out about the breach, the business made some major changes which included the implementation of more stringent cyber security steps and the change out of the system admin. Long standing CEO, Gregg Steinhafel, also resigned. However it is not deemed enough to reduce the impact of the attack. The stakeholders of Target are soaking up the negative results of the attack as much as the business itself according to Brian Sozzi of Belus Capital.

In an email to CNN Money Sozzi said “Target simply dropped an epic full year earnings warning onto the heads of its remaining shareholders.” “Target has offered financiers ZERO reason to be encouraged that a worldwide turn-around is covertly emerging.”

Target Offers A Lesson For All Organizations About Improved Pre-emptive Procedures

No matter how proactive a company is to a cyber attack, there is no assurance that the recovery time will be quicker. The bottom line is that a data breach is bad news for any organization no matter how you call it or aim to repair it. Preventative procedures are the very best way forward and you have to take actions to make sure an attack does not happen to your organization in the first place. Making use of endpoint threat detection systems can have a substantial role in preserving strong defenses for any organization that opts to implement it.


Russian Hacking Team That Stole Billions Of Profiles Proves The Need For Continuous Endpoint Monitoring – Charles Leaver

Charles Leaver Ziften CEO

It is thought that the greatest recognized cyber attack in the history of data breaches has actually been discovered by an American cyber security company. It is believed by the company that a team of cyber bad guys from Russia that they have been examining for numerous months is responsible for taking passwords in the billions and other sensitive individual data. It is declared that the Russian team stole 4.5 billion credentials, although a lot were duplicated, and the final outcome was 1.2 billion unique data profiles being taken. The group took the info from 420,000 sites of different sizes, from large brand name websites to smaller sized mom and pop stores.

The New York Times mentioned that the cyber bad guys comprised of about 12 people. Beginning with small scale spamming methods in 2011 they acquired the majority of the data by purchasing stolen databases.

In an interview with PCMag, the founder of the company that discovered the breach, Alex Holden, stated “the gang begun by simply buying the databases that were available over the Internet.” The group used to buy at fire sales and were referred to as “bottom feeders”. As time went by they started the purchase of higher quality databases. It’s kind of like graduating from taking bikes to stealing pricey automobiles.”

A Progression From Spamming To Using Botnets

The cyber criminal team began to alter their habits. Botnets were employed by the team to gather the stolen data on a much bigger scale. Through the use of the botnets the group were able to automate the procedure of determining sites that were vulnerable and this enabled them to work 24/7. Anytime that a contaminated user would go to a site, the bot would inspect to see if the vulnerability would undergo an SQL injection automatically. Utilizing these injections, which is a typically utilized hacking tool, the database of the website would be forced to reveal its contents through the entering of a simple query. The botnets would flag those sites that were susceptible and the hackers returned later on to extract the information from the site. Using the bot was the supreme downfall of the group as they were identified by the security business using it.

It is believed by the security business that the billions of pieces of information that were stolen were not taken at the same time, and that the majority of the records were most likely bought from other cyber bad guys. According to the Times, very few of the records that were taken have been offered online, rather the hacking group have chosen to use the info for the sending out of spam messages on social media for other groups so that they can earn money. Various cyber security experts are asserting that the magnitude of this breach signifies a pattern of cyber lawbreakers stockpiling huge amounts of personal profiles gradually and conserving them for use later on, according to the Wall Street Journal.

Security expert at the research firm Gartner, Avivah Litan, said “businesses that depend on user names and passwords have to develop a sense of urgency about changing this.” “Until they do, criminals will simply keep stockpiling individuals’s credentials.”

Cyber attacks and breaches on this scale underline the need for companies to safeguard themselves with the current cyber security defenses. Systems that use endpoint threat detection and response will assist companies to create a clearer picture of the threats facing their networks and receive information that is actionable on how best to prevent attacks. Today, when big data breaches are going to occur more and more, the use of continuous endpoint visibility is vital for the security of a business. If the network of the company is constantly monitored, dangers can be identified in real time, and this will minimize the damage that a data breach can inflict on the credibility and bottom line of an organization.


Charles Leaver – Here Is Why The Ziften And Splunk Active Response Framework Was Created

Written By Charles Leaver CEO Ziften



We were the sponsor in Las Vegas for a fantastic Splunk.conf2014 program, we returned stimulated and raring to go to push on even more forward with our solution here at Ziften. A talk that was of specific interest was by the Security Solutions Architect for Splunk, Jose Hernandez. “Using Splunk to Automatically Alleviate Threats” was the name of his presentation. If you want to see his slides and a recording of the talk then please go to

Making use of Splunk to assist with mitigation, or as I like to refer to it as “Active Response” is a great concept. Having all your intelligence data flowing into Splunk is extremely effective, and it can be endpoint data, outside risk feeds etc, and then you will be able to act on this data actually finishes the loop. At Ziften we have our powerful continuous monitoring on the endpoint system, and being wed to Splunk is something that we are actually extremely proud of. It is a really strong move in the right direction to have real time information analysis paired with the capability to react and act against incidents.

Ziften have actually created a mitigation action which utilizes the offered Active Response code. There is a demonstration video included in this blog below. Here we had the ability to produce a mitigation action within our Ziften App for Splunk as proof of concept. After the action is produced, results within Splunk ES (Enterprise Security) can be observed and tracked. This actually is a major addition and now users will be able to monitor and track mitigations within Splunk ES, which offers you with the major benefit of being able to complete the loop and develop a history of your actions.

The fact that Splunk is driving such an initiative thrills us, this is highly likely to progress and we are committed to constantly support it and make additional development with it. It is really exciting at the moment in the Endpoint Detection and Response space and the Active Response Framework integrated into Splunk being included will certainly promote a high degree of interest in my opinion.

For any questions concerning the Ziften App for Splunk, please send out an e-mail to