Monthly Archives: September 2015

Ziften Has Won A Red Herring Award And We Are All So Proud – Charles Leaver

Written By Rachel Munsch And Presented By Charles Leaver CEO Ziften

There is some interesting news to share: For 2015 Ziften has actually been selected as a Top 100 North America award winner. There were around 1200 companies from the United States and Canada assessed in the annual competition and our Endpoint Detection and Response solution was able to raise us into the leading 100.

It is well recognized that the Red Herring 100 Awards are extensively known to be one of the industry’s more prominent recognitions. Those that reach the finals need to go through an extensive selection procedure which is based upon over 20 criteria that includes technological development, addressable market, business model, consumer footprint and level of specialty. Alex Vieux, CEO and Red Herring Publisher, felt that the competition was truly strong this year and the procedure of selection was tough:

“However after much thought, strenuous contemplation and discussion, we narrowed our list down from hundreds of prospects from throughout The United States and Canada to the North America winners. We believe Ziften embodies the vision, drive and innovation that specify an effective entrepreneurial venture. Ziften ought to take pride in its accomplishment, as the competition was extremely strong.”

Here at Ziften we are really proud to be named a Red Herring award winner. It’s always gratifying to have our work validated and be recognized, particularly when you think about the well-regarded list of finalists. Our dedication to helping companies protect themselves from the sophisticated threats that exist today stays strong, and this award will serve as an inspiration moving forward as we continue to strive to be the leader in endpoint security and defense.

 

Charles Leaver – Vishing Scams Are On The Rise So Take Steps To Protect Yourself

Written By David Shefter And Presented By Ziften CEO Charles Leaver

I was enjoying TV in August, 2015 and I had a call from a 347 area code phone number. I believed that it was a business associate of mine who lives in the external districts, so I answer the call.

The call was a total surprise, “Roy Callahan from the New York City Police Department” threatens me with a warrant for my arrest within minutes, and mentions that I need to turn myself into the regional police department. So, I talked to my buddy Josh Linder. He says that it’s widespread in the area where he lives and similarly happened to him, however they threatened him if he didn’t comply by buying a $9000 Green Dot prepaid card.

If You Believe This Sounds Embellished …

This occurs thousands of times every day. Law enforcement agencies (LEA’s) ranging from local towns to the FBI, and everything in between are under immense pressure. They cannot compete – poor actors are speedy, smart, and ahead of the curve.

These lawbreakers likewise understand how budget, skill and resource constrained the LEA’s are. The local ones are best at capturing thieves and pulling over speeding vehicles, not tracking terrorists to their origin across federal or state borders. With little coordination or interest and an absence of tools, over 99% of these rip-offs go unsettled.

How Did They Find Me?

First, social networking has created a treasure trove of info. Individuals trust their name, address, phone number, work history, educational background, and social circles to the public domain. This is where the threat lies, not the much promoted hacks at federal government agencies, banks, health care companies and merchants.

However, the large exposures at merchants like Home Depot, Target and Michael’s along with the more recent hacks at the United States Office of Personal Management (OPM), United Airlines and Anthem should be of remarkable concern. This information enables perpetrators the ability to triangulate data, and build an abundant persona of people like you and me.

Putting this into context, 10s of millions of records were exposed, which could be utilized to go far beyond extortion payments, and move towards the exploit physical susceptibilities in military personnel, executives and even regular people.

How Rapidly Will I Be Exposed?

According to a 2014 FBI scam alert, victims reported having cash unlawfully withdrawn from their bank accounts within ten minutes of receiving a vishing call, and another of having hundreds or thousands of fraudulent withdrawals in the following days.

What Can You Do About It?

As a citizen, it is best to be vigilant and utilize sound judgment. Despite what a “vishing” caller ID states, the U.S. IRS will not demand cash or account numbers. Don’t succumb to Vishing’s wicked cousin Phishing and click links in e-mails which might take you to a malware site – invest an extra 2 seconds confirming that the e-mail is really who it is from, not simply a familiar name.

Second, it’s sensible to protect your social profiles online. Facebook, LinkedIn, Twitter, and the trove of other tools have most likely currently exposed you. Carry out a simple Google search, then move to tidy up the public elements of your online persona.

Third, act like an enterprise to safeguard your staff members as if they were your family. Large companies have invested greatly in anti-viruses, drive encryption, e-mail security, and next generation firewall programs. None of this matters – phishing and vishing rip-offs go right around these. You require training, ongoing education, watchfulness, and technology which is smarter. A key technique to this is carrying out continuous endpoint visibility on your devices. At Ziften, our software plugs security gaps to form a more durable wall.

The fight for cyber security defense is consuming your resources, from your individuals to your budget. Dangers are faster, more intelligent, and more focused than ever before, and working their way around traditional avoidance services and getting straight to the point; your endpoints. As soon you have been breached you have less than an hour before the attack discovers extra victims within your company. Time is of the essence, and considering that we cannot produce more of that, we concentrate on maximizing continuous intelligence so your group can make the correct decision, right now.

In Closing

Today, people are so concentrated on deceitful credit card charges, and organizations are locking down endpoints at a record pace.

More needs to be done. The bad guys are much faster, smarter, more equipped – and outside the bounds of the law. While news will continue to come concerning the success of capturing massive scammers and untouchable foreign nationals in China and Russia, there will be countless small-scale exploits every day.

At Ziften, we have one mission, to make endpoint security fast and easy for the end user to not just implement, but manage and drive day-to-day value. By integrating real-time user, device, and behavior monitoring with effective analytics and reporting, Ziften instantly empowers any organization to see, check, and respond to the very latest attacks.

My thanks to Josh Linder for his conversations on this topic.

 

Charles Leaver – Ziften Can Help You Implement Your Gartner SOC Nuclear Triad

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO

Anton Chuvakin, VP and security analyst at Gartner Research posted about the 3 essential Security Operations Center (SOC) tools required to supply effective cyber attack visibility. Chuvakin compared them to the cold war’s “nuclear triad” idea of siloed, airborne, and nuclear submarine capabilities needed to guarantee survival in an overall nuclear exchange. Similarly, the SOC visibility triad is essential to ensuring the survival of a cyber attack, “your SOC triad looks to substantially decrease the chance that the assailant will operate on your network long enough to accomplish their goals” as Chuvakin wrote in his post.

Now we will look at the Gartner designated essentials of the SOC triad and how Ziften supports each capability.

SIEM (Security Information and Event Management) – Ziften Open Visibility ™ extends existing security, event monitoring tools and system management by delivering essential open intelligence of any business endpoint. Ziften’s Open Visibility platform now consists of integration with Splunk, ArcSight, and QRadar, along with any SIEM supporting Common Event Format (CEF) alerts. Unlike competing product integrations that just provide summary data, Ziften Open Visibility exposes all Ziften gathered endpoint data for full featured integration exploitation.

NFT (Network Forensics Tools)– Ziften ZFlow ™ extends network flow based cyber security tools with crucial endpoint context and attribution, significantly boosting visibility to network events. This new standards based innovation extends network visibility down within the endpoint, gathering crucial context unobservable over the wire. Ziften has an existing product integration with Lancope, and also has the capability to quickly integrate with other network flow collectors using Ziften Open Visibility architecture.

EDR (Endpoint Detection and Response)– The Ziften Endpoint Detection and Response system constantly evaluates user and device habits and highlights abnormalities in real time, permitting security analysts to hone in on sophisticated threats faster and lessen Time To Resolution (TTR). Ziften EDR allows companies to more quickly determine the origin of a breach and choose the essential restorative actions.

While other security tools play supporting roles, these are the 3 basics that Gartner asserts do constitute the core defender visibility into enemy actions within the targeted organization. Arm up your SOC triad with Ziften. For a no commitment complimentary trial, check out: http://ziften.com/free-trial to learn more.

 

Your Incident Response Costs Will Be High Without Endpoint Visibility – Charles Leaver

Written By Kyle Flaherty And Presented By Ziften CEO Charles Leaver

 

It was rather a day on July 9 2015 in the world of cyber security. The first thing to occur was the grounding of flights by United Airlines due to a technical problem, this was followed soon afterwards by the New York Stock Exchange (NYSE) revealing they needed to halt trading. This report originated from the Wall Street Journal as you would expect, and they went offline just after.

This led to total panic on the Internet! There was a huge buzz on Twitter and there were a great deal of rumors that a well coordinated cyber attack was taking place. Individuals were jumping off the virtual bridge and declaring a virtual Armageddon.

There was general turmoil up until the three companies stated in public that the concerns were not associated with cyber attacks however the feared unknown “technical glitch”.

Visibility Is The Concern For Attacks Or Glitches

In today’s world it is assumed that “glitch” suggests “attack” and it is true to state that a good team of hackers can make them look the very same. There are still no information about the events on that day and there most likely never ever will (although there are rumors about network resiliency concerns with one of the largest ISPs). At the end of the day, when an incident like this occurs all companies require answers.

Statistics recommend that each hour of incident response might cost thousands of dollars an hour, and when it comes to businesses such as United and NYSE, downtime has actually not been taken into account. The board of directors at these businesses don’t want to hear that something like this will take hours, and they may not even care how it occurred, they just desire it solved quickly.

This is why visibility is always in the spotlight. It is vital when emergencies strike that a company knows all of the endpoints in their environment and the contextual behavior behind those endpoints. It might be a desktop, a server, a laptop computer and it might be offline or online. In this modern-day era of security, where the principle of “prevent & obstruct” is no longer a suitable strategy, our ability to “quickly find & respond” has become increasingly more critical.

So how are you making the transition to this brand-new period of cyber security? How do you minimize the time in figuring out whether it was an attack or a glitch, and exactly what to do about it?