Monthly Archives: July 2017

Charles Leaver – Your Can Integrate Ziften’s Advanced Endpoint Products With Your Security Architecture Seamlessly

Written By Roark Pollock And Presented By Ziften CEO Charles Leaver


Security practitioners are by nature a mindful bunch. Cautiousness is a characteristic most folks likely have coming into this market given its objective, however it’s also certainly a characteristic that is learned in time. Ironically this is true even when it comes to including extra security controls into an already established security architecture. While one might assume that more security is better security, experience teaches us that’s not necessarily the case. There are in fact various issues associated with deploying a new security product. One that often shows up near the top of the list is how well a brand-new product integrates with existing products.

Integrating issues are available in numerous tastes. Primarily, a new security control shouldn’t break anything. However furthermore, new security services have to gracefully share danger intelligence and act upon threat intelligence collected throughout a company’s entire security infrastructure. In other words, the new security tools ought to collaborate with the existing community of tools in place such that “1 + 1 = 3”. The last thing that the majority of IT and security operations groups need is more siloed products/ tools.

At Ziften, this is why we’ve constantly focused on building and providing an entirely open visibility architecture. Our company believe that any new systems and security operations tools have to be created with enhanced visibility and information sharing as key design requirements. However this isn’t a one way street. Producing basic integrations requires technology partnerships between market vendors. We consider it our duty to work with other innovation companies to equally integrate our products, therefore making it easy on consumers. Unfortunately, numerous suppliers still believe that integration of security products, specifically new endpoint security products is extremely tough. I hear the concern continuously in client discussions. But info is now appearing showing this isn’t necessarily the case.

Recent study work by NSS Labs on “advanced endpoint” services, they report that Worldwide 2000 clients based in North America have actually been pleasantly surprised with how well these types of products integrate into their existing security architectures. In accordance with the NSS research study entitled “Advanced Endpoint Protection – Market Analysis and Survey Results CY2016”, which NSS subsequently provided in the BrightTalk webinar below, respondents that had actually already released sophisticated endpoint items were far more favorable concerning their capability to integrate into existing security architectures than were respondents that were still in the planning stages of purchasing these services.

Specifically, for participants that have actually currently released sophisticated endpoint products: they rank integration with already established security architectures as follows:

● Excellent 5.3 %
● Good 50.0 %
● Average 31.6 %
● Poor 13.2 %
● (Terrible) 0.0 %

Compare that to the more conservative responses from people still in the preparation phase:

● Excellent 0.0 %
● Good 39.3 %
● Average 42.9 %
● Poor 14.3 %
● (Horrible) 3.6 %

These statements are encouraging. Yes, as kept in mind, security people tend to be pessimists, however in spite of low expectations respondents are reporting positive results when it comes to integration experiences. In fact, Ziften consumers generally show the very same initial low expectations when we initially go over the integration of Ziften services into their already established community of products. However in the end, clients are wowed by how easy it is to share details with Ziften services and their already established infrastructure.

These study results will hopefully help reduce concerns as newer service adopters may check out and rely on peer recommendations before making purchase choices. Early mainstream adopters are clearly having success releasing these services and that will ideally help to minimize the natural cautiousness of the true mainstream.

Certainly, there is significant distinction between products in the space, and companies should continue to carry out proper due diligence in understanding how and where products integrate into their broader security architectures. However, fortunately is that there are services not just fulfilling the needs of customers, however really out performing their preliminary expectations.

Charles Leaver – Ziften Customers Secure From Troublesome Petya Variant Flaw

Written By Josh Harriman And Presented By Charles Leaver Ziften CEO


Another infestation, another problem for those who were not prepared. While this latest attack is similar to the earlier WannaCry threat, there are some distinctions in this most current malware which is an alternative or new strain much like Petya. Called, NotPetya by some, this strain has a lot of issues for anyone who experiences it. It might encrypt your data, or make the system entirely unusable. And now the email address that you would be needed to contact to ‘perhaps’ unencrypt your files, has been removed so you’re out of luck getting your files back.

A lot of information to the actions of this threat are publicly readily available, however I wanted to discuss the fact that Ziften customers are secured from both the EternalBlue threat, which is one mechanism used for its propagation, and even much better still, a shot based upon a possible defect or its own kind of debug check that gets rid of the hazard from ever operating on your system. It could still spread nevertheless in the environment, but our protection would currently be rolled out to all existing systems to stop the damage.

Our Ziften extension platform allows our customers to have defense in place versus particular vulnerabilities and destructive actions for this danger and others like Petya. Besides the particular actions taken versus this specific variant, we have taken a holistic approach to stop particular strains of malware that conduct different ‘checks’ against the system prior to operating.

We can likewise utilize our Search ability to search for residues of the other propagation techniques used by this threat. Reports reveal WMIC and PsExec being used. We can search for those programs and their command lines and usage. Although they are legitimate processes, their use is usually uncommon and can be alerted.

With WannaCry, and now NotPetya, we anticipate to see an ongoing rise of these types of attacks. With the release of the current NSA exploits, it has actually provided enthusiastic cyber criminals the tools required to push out their malware. And though ransomware dangers can be a high product vehicle, more damaging threats could be launched. It has always been ‘how’ to obtain the risks to spread out (worm-like, or social engineering) which is most challenging to them.

Charles Leaver – Design Insecurities Need Fixing After UK Parliament Email Breach

Written By Dr Al Hartmann And Presented By Ziften CEO Charles Leaver


In the online world the sheep get shorn, chumps get chomped, dupes get deceived, and pawns get pwned. We have actually seen another great example of this in the current attack on the United Kingdom Parliament e-mail system.

Instead of admitting to an e-mail system that was not secure by design, the main statement read:

Parliament has robust procedures in place to protect all of our accounts and systems.

Tell us another one. The one protective procedure we did see in action was deflecting the blame – the Russians did it, that constantly works, while accusing the victims for their policy violations. While information of the attack are limited, combing numerous sources does assist to assemble a minimum of the gross scenario. If these descriptions are reasonably close, the UK Parliament email system failings are egregious.

What failed in this case?

Count on single element authentication

“Password security” is an oxymoron – anything password secured alone is insecure, that’s it, irrespective of the password strength. Please, no 2FA here, might restrain attacks.

Do not impose any limitation on unsuccessful login efforts

Assisted by single factor authentication, this allows simple brute force attacks, no skill required. However when violated, blame elite foreign hackers – no one can confirm.

Do not implement brute force attack detection

Allow hackers to carry out (otherwise trivially detectable) brute force attacks for extended periods (twelve hours against the United Kingdom Parliament system), to make the most of account compromise scope.

Do not enforce policy, treat it as simply recommendations

Integrated with single aspect authentication, no limitation on failed logins, and no brute force violation detection, do not enforce any password strength validation. Supply attackers with extremely low hanging fruit.

Count on unsigned, unencrypted email for delicate interactions

If enemies do succeed in jeopardizing email accounts or sniffing your network traffic, offer a lot of opportunity for them to score high worth message content entirely in the clear. This likewise conditions constituents to rely on easily spoofable email from Parliament, creating an ideal constituent phishing environment.

Lessons learned

In addition to including “Good sense for Dummies” to their summertime reading lists, the United Kingdom Parliament email system administrators might want to take further actions. Reinforcing weak authentication practices, implementing policies, enhancing network and end point visibility with constant monitoring and anomaly detection, and completely reassessing protected messaging are suggested steps. Penetration testing would have discovered these foundational weak points while remaining outside the news headlines.

Even a few intelligent high-schoolers with a totally free weekend might have replicated this violation. And finally, stop blaming Russia for your very own security failings. Presume that any weak points in your security architecture and policy structure will be penetrated and made use of by some cyber criminals someplace across the global web. Even more incentive to discover and fix those weak points before the enemies do, so turn those pen testers loose. And after that if your defenders don’t have visibility to the attacks in progress, upgrade your monitoring and analytics.

Charles Leaver – Security And IT Teams Work Together Using SysSecOps

Written By Charles Leaver Ziften CEO


It was nailed by Scott Raynovich. Having actually dealt with hundreds of organizations he understood that one of the most significant difficulties is that security and operations are 2 different departments – with significantly different objectives, different tools, and different management structures.

Scott and his expert firm, Futuriom, recently completed a study, “Endpoint Security and SysSecOps: The Growing Pattern to Build a More Secure Business”, where one of the essential findings was that conflicting IT and security goals hamper experts – on both teams – from achieving their goals.

That’s precisely what our company believe at Ziften, and the term that Scott produced to speak about the merging of IT and security in this domain – SysSecOps – describes perfectly what we have actually been speaking about. Security teams and the IT groups should get on the exact same page. That implies sharing the same goals, and in some cases, sharing the same tools.

Think of the tools that IT individuals use. The tools are developed to make sure the infrastructure and end devices are working appropriately, when something goes wrong, helps them repair it. On the end point side, those tools help ensure that devices that are enabled onto the network, are configured appropriately, have software that’s licensed and effectively patched/updated, and haven’t registered any faults.

Think of the tools that security people use. They work to enforce security policies on devices, infrastructure, and security devices (like firewall programs). This may involve active tracking occurrences, scanning for abnormal habits, taking a look at files to guarantee they do not include malware, adopting the latest risk intelligence, matching against recently found zero-days, and carrying out analysis on log files.

Discovering fires, combating fires

Those are two varying worlds. The security teams are fire spotters: They can see that something bad is taking place, can work rapidly to separate the issue, and identify if damage took place (like data exfiltration). The IT teams are on the ground firefighters: They leap into action when an event occurs to ensure that the systems are made safe and revived into operation.

Sounds good, right? Regrettably, all frequently, they don’t talk to each other – it resembles having the fire spotters and fire fighters using dissimilar radios, dissimilar jargon, and different city maps. Worse, the teams can’t share the very same data directly.

Our approach to SysSecOps is to offer both the IT and security groups with the very same resources – and that means the very same reports, presented in the appropriate ways to experts. It’s not a dumbing down, it’s working smarter.

It’s ridiculous to operate in any other way. Take the WannaCry virus, for example. On one hand, Microsoft provided a patch back in March 2017 that attended to the underlying SMB flaw. IT operations teams didn’t install the patch, since they didn’t think this was a big deal and didn’t talk to security. Security teams didn’t know if the patch was set up, since they don’t talk with operations. SysSecOps would have had everybody on the same page – and could have potentially avoided this problem.

Missing data implies waste and threat

The dysfunctional space between IT operations and security exposes companies to risk. Avoidable danger. Unnecessary threats. It’s just undesirable!

If your organization’s IT and security groups aren’t on the exact same page, you are sustaining risks and costs that you should not need to. It’s waste. Organizational waste. It’s wasteful due to the fact that you have so many tools that are supplying partial data that have spaces, and each of your teams just sees part of the picture.

As Scott concluded in his report, “Collaborated SysSecOps visibility has already proven its worth in assisting companies evaluate, analyze, and prevent significant dangers to the IT systems and endpoints. If these objectives are pursued, the security and management risks to an IT system can be considerably diminished.”

If your teams are interacting in a SysSecOps sort of way, if they can see the very same data at the same time, you not only have much better security and more effective operations – however also lower danger and lower costs. Our Zenith software can help you attain that performance, not only dealing with your existing IT and security tools, but also completing the spaces to make sure everyone has the right data at the right time.