Monthly Archives: January 2017

Charles Leaver – Fortinet’s Security Fabric Makes The 2017 Accelerate Conference Buzz

Written By Josh Applebaum And Presented By Ziften CEO Charles Leaver

The Fortinet Accelerate 2017 conference was held just recently in Las Vegas. Ziften has sponsored Fortinet’s yearly Worldwide Partner Conference for the 2nd time, and it was a pleasure to be in attendance! The energy at the program was palpable, and this was not due to the energy drinks you constantly see people carting around in Las Vegas. The buzz and energy was contributed by an essential theme throughout the week: the Fortinet Security Fabric.

The theme of Fortinet’s Security Fabric is basic: take the diverse security “point products” that a company has deployed, and link them to take advantage of the deep intelligence each item has in their own security vault to supply a combined end-to-end security blanket over the entire organization. Though Fortinet is usually thought of as a network security business, their method to offering a complete security service spans beyond the conventional network to include endpoints, IoT devices, in addition to the cloud. By exposing APIs to the Fabric-Ready partners in addition to enabling the exchange of actionable danger intelligence, Fortinet is creating a path for a more collaborative method across the entire security market.

It is revitalizing to see that Fortinet has the exact same beliefs as we have at Ziften, which is that the only way that we as a market are going to catch up to (and surpass) the assailants is through combination and partnership throughout all reaches of security, regardless of which supplier provides each element of the general service. This is not a problem we are going to resolve on our own, but rather one that will be resolved through a combined technique like the one laid out by Fortinet with their Security Fabric. Ziften is proud to be a founding member of Fortinet’s Fabric Ready Alliance program, integrating our special technique to endpoint security with Fortinet’s “believe different” mentality of exactly what it implies to incorporate and team up.

Throughout the week, Fortinet’s (very passionate) channel partners had the opportunity to stroll through the program floor to see the incorporated solutions offered by the numerous technology partners. Ziften showcased our combinations with Fortinet, including the combination of our service with Fortinet’s FortiSandbox.

The Ziften service collects unknown files from endpoints (clients or servers running OS X, Linux or Windows) and submits them to the FortiSandbox for detonation and analysis. Results are automatically fed back into Ziften for alerting, reporting, and (if allowed) automated mitigation actions.

It was exciting to see that the Fortinet channel partners plainly got the value of a Security Fabric method. It was clear to them, as well as Ziften, that the Security Fabric is not a marketing trick, but rather a real strategy created by, and led by, Fortinet. While this is only the start of Fortinet’s Security Fabric story, Ziften is excited to collaborate with Fortinet and see the story continue to develop!

Charles Leaver – 3 Cyber Espionage Tiers For 2017 Revealed

Written By Jesse Sampson And Presented By Ziften CEO Charles Leaver

 

There is a lot of debate at this time about the hacking hazard from Russia and it would be simple for security specialists to be overly worried about cyber espionage. Given that the goals of any cyber espionage campaign determine its targets, ZiftenLabs can help address this concern by diving into the reasons that states perform these projects.

Very recently, the three major US intelligence agencies launched a comprehensive declaration on the activities of Russia in relation to the 2016 US elections: Evaluating the Activities of Russia and Objectives in Current US Elections (Activities and Intentions). While some skeptics remain skeptical by the brand-new report, the risks identified by the report that we cover in this post are engaging adequate to require evaluation and sensible countermeasures – in spite of the near-impossibility of incontrovertibly determining an attack’s source. Naturally, the main Russian position has been winking denial of hacks.

“Typically these type of leaks take place not because hackers gained access, however, as any specialist will tell you, because someone just forgot the password or set the easy password 123456.” German Klimenko, Putin’s top Internet advisor

While agencies get criticized for administrative language like “high confidence,” the considered rigor of rundowns like Activities and Intentions contrasts with the headline-friendly “1000% certainty” of a mathematically disinclined hustler of the media like Julian Assange.

Activities and Intentions is most perceptive when it locates using hacking and cyber espionage in “diverse” Russian teaching:

” Moscow’s use of disclosures during the United States election was extraordinary, but its impact project otherwise followed a longstanding Russia messaging technique that mixes hidden intelligence operations – like cyber activities – with obvious efforts by Russian Federal government agencies, state funded media, third party intermediaries, and paid social media users or “trolls.”

The report is at its weakest when evaluating the intentions behind the teaching, or the method. Aside from some incantations about inherent Russian opposition to the liberal democratic order, it declares that:.

” Putin most likely wanted to discredit Secretary Clinton due to the fact that he has actually openly blamed her since 2011 for prompting mass protests against his routine in late 2011 and early 2012, and since he holds a grudge for comments he likely saw as disparaging him.”.

A more nuanced evaluation of Russian motivations and their cyber symptoms will help us better determine security methods in this environment. ZiftenLabs has actually identified 3 major tactical imperatives at work.

Initially, as Kissinger would state, through history “Russia decided to see itself as a beleaguered outpost of civilization for which security could be discovered only through applying its outright will over its neighbors (52)”. United States policy in the Bill Clinton era threatened this imperative to the growth of NATO and dislocating economic interventions, possibly adding to a Russian choice for a Trump presidency.

Russia has used cyber warfare techniques to safeguard its impact in former Soviet territories (Estonia, 2007, Georgia, 2008, Ukraine, 2015).

Second, President Putin wants Russia to be a terrific force in geopolitics again. “Above all, we must acknowledge that the collapse of the Soviet Union was a significant geopolitical disaster of the century,” he said in 2005. Hacking identities of prominent people in political, scholastic, defense, technology, and other organizations that operatives might expose to awkward or outrageous effect is a simple way for Russia to reject the US. The perception that Russia can influence election outcomes in the United States with keystrokes impugns the authenticity of US democracy, and muddles discussion around similar issues in Russia. With other prestige boosting efforts like pioneering the ceasefire talks in Syria (after leveling numerous cities), this strategy could improve Russia’s worldwide profile.

Lastly, President Putin might harbor issues about his job security. In spite of extremely beneficial election results, according to Activities and Intents, demonstrations in 2011 and 2012 still loom large in his mind. With a number of regimes changing in his community in the 2000s and 2010s (he said it was an “epidemic of disintegration”), a few of which happened as a result of intervention by NATO and the United States, President Putin is wary of Western interventionists who wouldn’t mind a similar outcome in Russia. A coordinated campaign might assist discredit rivals and put the least aggressive prospects in power.

Due to these factors for Russian hacking, who are the most likely targets?

Due to the overarching goals of discrediting the legitimacy of the US and NATO and assisting non-interventionist candidates where possible, government agencies, especially those with functions in elections are at highest risk. So too are campaign organizations and other NGOs close to politics like think tanks. These have actually supplied softer targets for cyber criminals to gain access to sensitive info. This indicates that organizations with account info for, or access to, popular individuals whose info might result in humiliation or confusion for US political, business, academic, and media organizations must be additionally careful.

The next tier of danger comprises vital infrastructure. While recent Washington Post reports of a jeopardized United States electrical grid ended up being overblown, Russia really has hacked power grids and maybe other parts of physical infrastructure like gas and oil. Beyond vital physical infrastructure, technology, finance, telecoms, and media could be targeted as took place in Georgia and Estonia.

Lastly, although the intelligence agencies efforts over the past weeks has captured some heat for providing “apparent” suggestions, everyone really would gain from the tips presented in the Homeland Security/FBI report, and in this blog about hardening your setup by Ziften’s Dr Hartmann. With significant elections showing up this year in crucial NATO members Germany, France, and The Netherlands, only one thing is guaranteed: it will be a hectic year for Russian cyber operators and these recs must be a top priority.