Monthly Archives: November 2015

Charles Leaver – Guard Against Data Breaches By Investment In Endpoint Threat Detection

Written By Charles Leaver Ziften CEO



Defending against data breaches is a tough thing to achieve, but vital to prosper in the current business environment. Because of the sheer amount of cyber crooks waiting in the wings to steal individual information, charge card information, and other essential data from customers, businesses need to be aware of the high quantity of dangers to information online, and take action to prevent it. Utilizing endpoint threat detection and response software is one of the very best ways to look after this issue, as it can allow for a simple way to fight against a range of different exploits hackers can utilize to obtain access to a business network.

In order to produce a better, more hack proof system, developing a strong sense of back-end security is important. The New York Times’ post on securing data touches on a couple of, crucial steps that can make a huge difference in keeping client information from falling into the wrong hands. A few of the steps the article touches on include using point-of-sale systems for customer deals only, committing one computer to all monetary organization, and keeping software applications updated. These are wise ideas because they secure against several ways that hackers like to use to breach systems. A PoS system that doesn’t link to the Web except to transmit data to bank servers is much safer than one that isn’t really so limited since it reduces the danger of an infection getting onto the network through the Internet. Making one computer the single access point for monetary transactions and nothing else can keep infections or other destructive monitoring software applications from getting in. In this way, a company can significantly protect its consumers while not actually taking on that many extra costs.

Make Certain That Security And Safeguarding Precede

Property Casualty 360 has a comparable list of suggestions, consisting of automating patches to enterprise systems, utilizing encryption on all devices, imposing strong passwords, and keeping an eagle-eyed approach to e-mail. Encrypting details, specifically monetary details, is highly essential. It is possible for a hacker to obtain monetary information kept as plain text extremely simply without the use of encryption measures. Naturally, strong endpoint threat response systems ought to be utilized to handle this hazard, but security, like clothing in Fall, is best when layered. Using several different techniques simultaneously tremendously minimizes the opportunity of a given company’s data from being leaked, which can, in time, make it much easier to safeguard against any type of damage that might be done.

Many breaches occur not when a piece of malware has actually effectively planted itself on a server, but when a staff member’s e-mail account includes an insecure password. Dictionary words, like ” pet” or “password,” need to never ever be used. They are simple to hack and to break in to, and they can lead to entire stores of data being taken. Similarly, an employee mistakenly sending a list of clients to somebody without checking their intended recipients list can wind up sending an entire fleet of details out to the wrong individual, effortlessly triggering massive data loss. This type of leakage needs to be prevented by solid training.

In response to the myriad of threats out there presently, the very best method to deal with them is to use strong endpoint threat response software in order to avoid losing crucial data. Using a big variety of different security strategies in order to protect against all incoming attacks in a wise way to ensure that your organization is able to weather a range of blows. This type of attitude can keep a company from being sunk by the big amount of attacks currently hitting businesses.


Charles Leaver – Hackers Will Not Take A Christmas Holiday

Written by Ziften CEO Charles Leaver

During the holiday period it is a prime time for the cyber crooks, syndicates and state-sponsored cyber groups to attack your organization. A lowered variety of IT staff on duty might improve the odds for undiscovered endpoint compromise, stealthy lateral pivoting, and undetected data exfiltration. Experienced attack groups are probably designating their top skills for a well-coordinated Christmas hackathon. Penetration of your business would likely begin with an endpoint compromise through the normal targeted techniques of spear phishing, social engineering, watering hole attacks, and so on

With thousands of business client endpoints available, preliminary penetration hardly positions a difficulty to skilled assailants. Traditional endpoint security suites exist to safeguard against previously-encountered commodity malware, and are essentially worthless against the one-off crafted exploits used in targeted attacks. The attack group will have examined your enterprise and assembled your standard cyber defense products in their laboratories for pre-deployment avoidance testing of prepared exploits. This pre-testing may include suitable sandbox evasion methods if your defenses include sandbox detonation safeguards at the enterprise perimeter, although this is not always needed, for instance with off-VPN laptops going to jeopardized market watering holes.

The methods which business endpoints may end up being compromised are too many to list. In many cases the compromise may just involve compromised credentials, with no malware needed or present, as verified by industry studies of malicious command and control traffic observed from pristine endpoints. Or the user, and it just takes one among thousands, may be an insider opponent or an unhappy worker. In any large business, some incidence of compromise is unavoidable and continual, and the holiday period is ripe for it.

With relentless attack activity with unavoidable endpoint compromise, how can businesses best respond? Endpoint detection and response (EDR) with continuous tracking and security analytics is a powerful method to recognize and react to anomalous endpoint activity, and to perform it at-scale across many business endpoints. It also enhances and synergizes with business network security, by offering endpoint context around suspicious network activity. EDR provides visibility at the endpoint level, comparable to the visibility that network security supplies at the network level. Together this provides the complete picture needed to identify and respond to uncommon and possibly considerable security events throughout the enterprise.

Some examples of endpoint visibility of possible forensic value are:

  • Tracking of user login activity, especially remote logins that might be attacker-directed
  • Tracking of user presence and user foreground activity, including common work patterns, activity durations, etc
  • Tracking of active procedures, their resource usage patterns, network connections, process hierarchy, etc
  • Collection of executable image metadata, including cryptographic hashes, version info, file paths, date/times of first appearance, and so on
  • Collection of endpoint log/audit incidents, ideally with ideal logging and auditing setup settings (to take full advantage of forensic value, reduce noise and overhead).
  • Security analytics to score and rank endpoint activity and bubble substantial operating pattern abnormalities to the enterprise SIEM for SOC attention.
  • Support for agile traversal and drill down of endpoint forensic data for quick analyst vetting of endpoint security anomalies.

Don’t get a lump of coal in your stocking by being caught unawares this Christmas. Arm your enterprise to contend with the hazards arrayed against you.

Happy Christmas!


Charles Leaver – Is There A Watcher Of The Watchers In Your Enterprise?

Written By Charles Leaver CEO Ziften

High level hacks underline how an absence of auditing on existing compliance products can make the worst kind of front page news.

In the previous Java attacks into Facebook, Microsoft and Apple as well as other giants of the industry, didn’t have to dig too much into their playbooks to find an approach to attack. As a matter of fact they employed one of, if not the oldest axiom in the book – they used a remote vulnerability in massively distributed software and exploited it to install remote access to software application ability. And in this case on an application that (A) wasn’t the latest version and (B) probably didn’t need to be running.

While the hacks themselves have actually been headline news, the methods organizations can utilize to prevent or reduce them is quite dull stuff. All of us hear “keep boxes up to date with patch management software applications” and “guarantee uniformity with compliance tools”. That is industry standard and old news. But to present a question: who is “watching the watchers”? Which in this case the watchers being compliance, patch and systems management innovations. I believe Facebook and Apple found out that even if a management product tells you that a software application current does not mean you ought to believe it! Here at Ziften our results in the field say as much where we regularly reveal lots of variations of the SAME significant application running on Fortune 1000 sites – which by the way all are using compliance and systems management products.

In the case of the exploited Java plug-in, this was a SIGNIFICANT application with huge circulation. This is the type of software that gets tracked by systems management, compliance and patch products. The lesson from this could not be clearer – having some type of check against these products is essential (simply ask any of the organizations that were attacked…). However this just makes up a portion of the problem – this is a significant (debatably necessary) application we are discussing here. If companies struggle to get their arms around maintaining updates on known authorized applications being used, then exactly what about all the unknown and unneeded running applications and plug-ins and their vulnerabilities? Stated simply – if you can’t even know what you are expected to understand then how on Earth can you understand (and in this case safeguard) about the things you don’t know or are concerned about?


Charles Leaver – Extraneous Software Can Really Threaten Your Cyber Security

Written By Dr Al Hartmann And Presented By Charles Leaver CEO Ziften

The fact about the PC ecosystem is such that extraneous processes are all over and enter enterprise computers by every ruse you can possibly imagine. Leading software ISVs and hardware OEMs and IHVs have no ethical qualms with straining business PCs with unneeded and undesirable software applications if they can grab a few royalty dollars on the side at your expense. This one flew up on my screen just this morning as I dealt with the current headline-making Java security vulnerabilities.

Here is the background – zero-day vulnerabilities were found just recently in Java, a key software component in lots of enterprise applications. Department of Homeland Security specialists encouraged switching off Java totally, however that cuts off Java enterprise apps.

The option for where Java is essential (within lots of enterprises) is to upgrade Java, an Oracle software product, to get a minimum of the latest partial software patches from Oracle. But Oracle defaults installation of undesirable extraneous software through the Ask Toolbar, which many security-conscious but naïve users will presume is handy given the Oracle suggestion (and golly gee it doesn’t cost anything), despite the fact that browser add-ons are a notorious security risk.

Just Ziften combines security consciousness with extraneous procedure recognition and remediation abilities to assist enterprises boost both their security and their performance-driving operating effectiveness Don’t opt for half-measures that ignore extraneous procedures proliferating throughout your business client landscape – employ Ziften to get visibility and control over your endpoint population.