Monthly Archives: August 2015

Charles Leaver – Cyber Security Investment Will Continue To Grow At Record Levels And Here’s Why

Written By Patrick Kilgore And Presented By Charles Leaver Ziften CEO

A report was released called “Investors pour billions into cyber security companies” by CEO of Cybersecurity Ventures, Steve Morgan. This is not guesswork. The previous year alone, venture backed cyber security organizations raised practically $2 billion dollars. With this increase of capital, you would be forgiven for believing that things have actually hit their peak. However you would be incorrect …

At the midpoint of 2015, start ups in cyber security had actually already raised $1.2 billion in funding. There seems to be no end in sight when it concerns cyber security as Morgan indicates. Top companies like Allegis Capital have actually even raised funds (to the tune of $100M) to back cyber security development, exclusively.

The normal suspects are not there on the list of names. Morgan’s post mentions that the majority of the financing statements are for quick growing organizations like ours. Ziften remains in excellent company among innovators who are keeping pace with the demands of contemporary cyber security. While we lead the pack in constant endpoint visibility – others businesses have taken unique approaches, like using artificial intelligence to the battle against cyber attacks or simplifying crucial lookups to bring public key encryption to the masses. They are all dealing with a different piece of the puzzle.

And it certainly is a puzzle. Because lots of services are extremely specialized, working together is going to be crucial. The requirement for incorporating the different elements in the market for a sophisticated view of the issue set is clear. That’s why we developed Ziften Open Visibility ™ – to offer APIs, connectors, and alerts to incorporate endpoint context and attribution data with existing investments.

Market Vision That Is 20/20

It may seem like market saturation to the layperson but it is just the tip of the cyber security iceberg. Every day, cyber attacks become more sophisticated, finding brand-new methods to devastate customers and companies. This list of backed companies is a testimony to the concept that legacy endpoint and network security is failing. The notion of avoidance is a good one, however security specialists now understand that a 2 pronged strategy is needed that integrates detection and response.

You can have a 20/20 view of your security landscape, or you can keep your present blind spots. Which one do you believe will assist you to sleep at night?


Charles Leaver – Something Easily Addressed From The Cisco 2015 Midyear Security Report

Written By Michael Bunyard And Presented By Ziften CEO Charles Leaver

Having a look through the Cisco 2015 Midyear Security Report, the view was that “the bad guys are innovating faster than the security community.” This is not a distinct declaration and can be discovered in a lot of cyber security reports, since they are reactive documents to previous cyber attacks.

If all you do is concentrate on unfavorable outcomes and losses then any report is going to look negative. The reality is that the suppliers that are releasing these reports have a lot to gain from companies that wish to buy more cyber security products.

If you look thoroughly within these reports you will discover excellent pieces of advice that might considerably enhance the security arrangements of your organization. So why do these reports not start with this info? Well it’s all about selling solutions isn’t it?

One anecdote stood apart after reading the report from Cisco that would be simple for organization security groups to address. The increasing vulnerabilities and exploits of Adobe Flash were detailed, and they are being incorporated often into exploit packages such as Angler and Nuclear. The Flash Player is often updated by Adobe, however a number of users are slow to apply these updates that would offer them with the defense that they require. This implies that hackers are benefiting from the gap between the vulnerability being discovered and the update patch being applied.

Vulnerability Management Is Not Resolving The Problem

You would be forgiven for believing that because there are a whole range of solutions in the market which scan endpoints for vulnerabilities that are known, it would be extremely basic to guarantee that endpoints were updated with the latest patches. All that is required is for a scan to be run, the endpoints that need upgrading identified, run the updates and task done right? The concern here is that scans are just run from time to time, patches fail, users will present vulnerable apps inadvertently, and the company is now wide open till the next scan. Furthermore, scans will report on applications that are installed but not utilized, which results in substantial numbers of vulnerabilities that make it hard for an analyst to prioritize and manage.

What Is So Easy To Address Then?

The scans have to be run continually and all endpoints monitored so that as quickly as a system is not compliant you will learn about it and can respond immediately. Constant visibility that supplies real time alerting and comprehensive reporting is the brand-new requirement as endpoint security is redefined and people recognize the era of avoidance – first is over. Leveraging the National Vulnerabilities Database (NVD), each application that is in fact running a known vulnerability can quickly be acknowledged, security workers alerted, and the patch used. Further, solutions can try to find suspicious activity from vulnerable applications, like sudden application crashes, which is a possible sign of an exploit effort. Lastly, they can likewise find when a user’s system has not been restarted since the last security patch was available.

There Definitely Is Hope

Fortunately about real-time endpoint visibility is that it works on any susceptible application (not only Adobe Flash) because, hackers will move from app to app to progress their techniques. There are easy solutions to huge issues. Security teams simply need to be warned that there is a better method of managing and protecting their endpoints. It simply takes the proper endpoint detection and response service.


Charles Leaver – If You Want To Win The Cyber Security War Then Accept That Hacking Is Human

Written By Patrick Kilgore And Presented By Charles Leaver CEO Ziften

When you are at the Black Hat annual conference there are discussions going on all over about hacking and cyber security and it can make you paranoid. For a lot of people this is simply an appetiser for the DEF CON hacking program.

A long time ago a story was released by the Daily Dot which was named “The art of hacking humans” which talked about the Social Engineering “Capture the Flag” contest that has been running from 2010. In it, individuals utilize the best tool a hacker has at their disposal – their intelligence – and utilize tall tales and social subterfuge to convince unsuspecting victims to provide delicate information in exchange for points. A couple of slip ups here, a comment about applications there, and a boom! You’re hacked and on the front page of the New York Times.

For the businesses being “Targeted” (such as huge box merchants who will remain nameless …), the contest was initially considered as an annoyance. In the years since its creation nevertheless, the Capture the Flag contest has actually gotten the thumbs up from many a corporate security experts. Its participants engage every year to test their mettle and assist possible hacking victims understand their vulnerabilities. It’s a white hat education in exactly what not to do and has actually made strides for corporate awareness.

Human Hacking Begins With … Humans (duh).

As we understand, a lot of destructive attacks start at the endpoint, because that is where the humans in your business live. All it takes is access from an ambiguous area to do serious damage. But rather than consider hacks as something to respond to or a simple process to be eliminated, we have to advise ourselves that behind every attack there is an individual. And eventually, that’s who we need to equip ourselves against. How do we do that?

Because companies operate in the real world, we need to all accept that there are those who would do us harm. Rather than trying to prevent hacks from happening, we have to re-wire our brains on the matter. The secret is recognizing destructive user behavior as it is happening so that you can respond appropriately. The new age of endpoint security is concentrated on this ability to imagine user habits, check and examine it rapidly, then respond quickly. At Black Hat we are showing folks how they can continuously monitor the fringes of their network so that when (not if) breaches occur, they can be promptly tackled.

As a wise man once stated, “You cannot protect what you cannot manage and you can’t manage what you can’t see.” The outcome dramatically reduces time to discover and time to respond (TTR). And that’s no lie.


Consider Cyber Security To Be A Person Versus Person Battle And You Will Win – Charles Leaver

Written By Michael Bunyard And Presented By Charles Leaver CEO Ziften

Cyber security is everything about people vs. people. Each day that we sort through the latest attack news (like the current Planned Parenthood breach) it becomes increasingly more apparent that not only are people the problem, in many ways, however people are also the solution. The opponents come in different categories from insiders to hackers to organized crime and State sponsored terrorists, but at the end of the day, it’s individuals that are directing the attacks on organizations and are for that reason the problem. And it’s individuals that are the main targets exploited in the cyber attack, usually at the endpoint, where people access their connected corporate and personal worlds.

The endpoint (laptop computer, desktop, smart phone, tablet) is the device that individuals utilize throughout their day to get their tasks done. Consider how often you are connected to your endpoint( s). It’s a lot, right? Not only are these endpoints susceptible (see the Stagefright Android vuln for a good example), the people at the endpoint are typically the weak spot in the chain that offers the opening for the attackers to make use of. All it takes is someone to open the incorrect e-mail, click to the wrong website or open the wrong file and it’s game on. Despite all the security awareness in the world, individuals will make errors. When talking about the Planned Parenthood breach my colleague Mike Hamilton, who directs the product vision here at Ziften, provided a really fascinating insight:

” Every organization will have people against it, and now those people have the methods and objective to interrupt them or take their data. Leveraging existing blind spots, cyber criminals and even hackers have easy access through vulnerable endpoints and utilize them as a point of entry to conceal their activities, avert detection, make use of the network and victimize the targeted organization. It is now more crucial than ever for companies to be able to see suspicious behavior beyond the network, and definitely beyond merely their web server.”

People Powered Security

It makes sense that cyber security services ought to be purpose built for individuals that are protecting our networks, and keeping track of the habits of the people as they utilize their endpoints. But generally this hasn’t been the case. In fact, the endpoint has actually been a virtual black box when it comes to having constant visibility of user habits. This has caused a lack of info about what is really taking place on the endpoint – the most susceptible part in the security stacks. And cyber security services certainly don’t appear to have the people defending the network in mind when silos of diverse pieces of information flood the SIEM with so many false positive alerts that they cannot see the genuine hazards from the benign.

People powered security allows viewing, inspecting, and responding by analyzing endpoint user habits. This needs to be done in a manner that is pain-free and quick due to the fact that there is a substantial lack of abilities in companies today. The best technology will enable a level one responder to deal with the majority of suspected risks by delivering basic and succinct information to their fingertips.

My security master coworker (yeah, I’m fortunate that on one corridor I can talk with all these folks) Dr. Al Hartmann says “Human-Directed Attacks require Human Directed Response”. In a recent blog, he nailed this:

” Human intelligence is more flexible and creative than machine intelligence and will always ultimately adjust and defeat an automatic defense. This is the cyber-security versio of the Turing test, where a machine defense is trying to rise to the intellectual level of a skilled human hacker. At least here in the 21st Century, machine learning and artificial intelligence are not up to the task of completely automating cyber defense, the cyber attacker undoubtedly triumphs, while the victims lament and count their losses. Only in sci-fi do thinking machines overpower people and take over the planet. Don’t subscribe to the cyber fiction that some autonomous security software will outwit a human hacker enemy and conserve your organization.”

Individual powered security empowers well informed dynamic response by the people trying to thwart the opponents. With any other method we are simply kidding ourselves that we can keep up with opponents.