Monthly Archives: August 2017

Charles Leaver – Why Choose Generic When You Can Have Extensible?

Written By Charles Leaver Ziften CEO

Whether you call them extensions, or call them modifications – no matter what you call it, the best technology platforms can be customized to fit a company’s specific service requirements. Generic operations tools are fine at carrying out generic operations jobs. Generic security tools are great at resolving generic security obstacles. Generic can only take you up to a point, unfortunately, and that’s where extensibility steps in.

Extensibility shows up often when I’m talking to customers and prospective clients, and I’m proud that a Global 10 company picked Ziften over everyone else in the marketplace mainly on that basis. For that customer, and numerous others, the ability to deeply customize platforms is a necessity.

This isn’t about just creating custom-made reports or custom-made alerts. Let’s be truthful – the ability to develop reports are baseline capability of numerous IT operations and security management tools. Real extensibility goes deep into the service to offer it capabilities that fix real problems for the organization.

One customer used lots of mobile IoT devices, and needed to have our Zenith real-time visibility and control system be able to gain access to (and monitor) the memory of those devices. That’s not a basic feature provided by Zenith, due to the fact that our low footprint agent doesn’t hook into the operating system kernel or operate through basic device drivers. However, we worked with the client to customize Zenith with that ability – and it ended up being much easier than anybody imagined.

Another customer looked at the basic set of end point data that the agent gathers, and wanted to include extra data fields. They likewise wished to program the administrative console with customized actions using those data fields, and press those actions back out to those end points. No other endpoint tracking and security service was able to provide the function for adding that performance other than Ziften.

What’s more, the customer developed those extensions themselves … and owns the code and intellectual property. It’s part of their own secret sauce, their own business differentiator, and special to their organization. They couldn’t be happier. And neither are we.

With lots of other IT operations and security systems, if clients want extra functions or abilities, the only choice is to send that as a future feature demand, and hope that it appears in an upcoming version of the product. Till then, regrettable.

That’s not how we developed our flagship solutions, Zenith and ZFlow. Due to the fact that our endpoint agent isn’t really based on device drivers or kernel hooks, we can permit remarkable extensibility, and open that extensibility for customers to access directly.

Likewise, with our administrative consoles and back end monitoring systems; everything is adjustable. And that was integrated in right from the start.

Another aspect of personalization is that our real-time and historic visibility database can incorporate into your other IT operations and security platforms, including SIEM tools, danger intelligence, IT ticketing system, job orchestration systems, and data analytics. With Zenith and ZFlow, there are no silos. Ever.

When it comes to endpoint monitoring and management, extensions are increasingly where it’s at. IT operations and enterprise security teams need the ability to personalize their tools platforms to fit their exact requirements for tracking and handling IoT, standard endpoints, the data center, and the cloud. In many client discussions, our integrated extensibility has caused eyes to light up, and won us trials and deployments. Inform us about your custom requirements, and let’s see what we can do.

Charles Leaver – Watch This Video Showing Our Endpoint Security Architecture

Written By Mike Hamilton And Presented By Ziften CEO Charles Leaver


End Point security is a hot topic nowadays. And there are great deals of different suppliers out there touting their wares in this market. However it’s in some cases challenging to understand just what each supplier supplies. What’s much more hard is to understand how each supplier solution is architected to supply their services.

I believe that the back-end architecture of whatever you choose can have a profound impact on the future scalability of your application. And it can develop lots of unanticipated work and expenses if you’re not mindful.

So, in the spirit of transparency, and because we believe our architecture is not the same, unique and effective, we welcome all end point security vendors to “show us your architecture”.

I’ll kick this off in the following video where I show you the Ziften architecture, and a number of exactly what I think about tradition architectures for contrast. Specifically, I’ll talk about:

– Ziften’s architecture designed using next gen cloud principles.
– One company’s peer-to-peer “mish-mash” architecture.
– Legacy hub-spoke-hub architectures.

I have actually revealed you the power of our genuinely cloud-based platform. Now it’s my competitor’s turn. Come on folks – show us your architectures!

Charles Leaver – Risk And Security Management Tips And Advice

Written By Roark Pollock And Presented By Charles Leaver Ziften CEO


Danger management and security management have long been dealt with as different functions frequently performed by separate practical groups within a company. The recognition of the need for continuous visibility and control throughout all assets has increased interest in looking for common ground in between these disciplines and the availability of a brand-new generation of tools is allowing this effort. This conversation is very current offered the continued problem the majority of business organizations experience in attracting and retaining competent security personnel to manage and secure IT infrastructure. A marriage of activity can help to much better leverage these important personnel, decrease costs, and assist automate response.

Historically, threat management has been viewed as an attack mandate, and is generally the field of play for IT operations groups. In some cases described as “systems management”, IT operations teams actively carry out device state posture monitoring and policy enforcement, and vulnerability management. The goal is to proactively reduce potential threats. Activities that enhance risk reduction and that are performed by IT operations consist of:

Offensive Threat Mitigation – Systems Management

Asset discovery, inventory, and refresh

Software application discovery, usage tracking, and license rationalization

Mergers and acquisition (M&A) threat evaluations

Cloud workload migration, monitoring, and enforcement

Vulnerability evaluations and patch installs

Proactive helpdesk or systems analysis and problem response/ repair

On the other side of the field, security management is considered as a protective strategy, and is generally the field of play for security operations groups. These security operations groups are normally responsible for hazard detection, event response, and remediation. The objective is to respond to a risk or a breach as rapidly as possible in order to lessen impacts to the organization. Activities that fall directly under security management and that are carried out by security operations include:

Defensive Security Management – Detection and Response

Danger detection and/or threat searching

User behavior tracking / insider risk detection and/or searching

Malware analysis and sandboxing

Incident response and hazard containment/ elimination

Lookback forensic examinations and source decision

Tracing lateral threat motions, and further hazard removal

Data exfiltration determination

Effective businesses, naturally, need to play both offense AND defense similarly well. This need is driving companies to acknowledge that IT operations and security operations have to be as lined up as possible. Thus, as much as possible, it helps if these 2 groups are playing using the same playbook, or at least working with the same data or single source of fact. This indicates both teams ought to aim to use some of the exact same analytic and data collection tools and methodologies when it pertains to handling and securing their endpoint systems. And if companies depend on the exact same personnel for both jobs, it definitely helps if those individuals can pivot in between both jobs within the exact same tools, leveraging a single data set.

Each of these offending and defensive jobs is crucial to safeguarding a company’s copyright, track record, and brand name. In fact, managing and focusing on these jobs is exactly what often keeps CIOs and CISOs up at night. Organizations should acknowledge opportunities to align and combine groups, innovations, and policies as much as possible to ensure they are concentrated on the most immediate need along the current risk and security management spectrum.

When it comes to handling endpoint systems, it is clear that companies are approaching an “all the time” visibility and control design that enables continuous danger assessments, constant threat tracking, and even continuous efficiency management.

Thus, organizations have to search for these 3 crucial abilities when assessing brand-new endpoint security systems:

Solutions that provide “all the time” visibility and control for both IT operations teams and security operations groups.

Solutions that supply a single source of reality that can be utilized both offensively for risk management, and defensively for security detection and response.

Architectures that quickly integrate into existing systems management and security tool environments to provide even greater value for both IT and security groups.

Charles Leaver – Black Hat And Defocn 2017 Our Experiences

Written by Michael Vaughn And Presented By Ziften CEO Charles Leaver


Here are my experiences from Black Hat 2017. There is a slight addition in approaching this year’s synopsis. It is large in part because of the theme of the opening talk provided by Facebook’s Chief Security Officer, Alex Stamos. Stamos forecasted the significance of re focusing the security community’s efforts in working better together and diversifying security solutions.

“Working better together” is seemingly an oxymoron when analyzing the mass competitiveness among hundreds of security companies striving for clients throughout Black Hat. Based off Stamos’s messaging during the opening keynote this year, I felt it essential to add some of my experiences from Defcon too. Defcon has historically been an occasion for learning and includes independent hackers and security specialists. Last week’s Black Hat style concentrated on the social aspect of how companies should get along and truly help others and one another, which has constantly been the overlying message of Defcon.

Individuals checked in from around the globe last week:

Jeff Moss, aka ‘Dark Tangent’, the founder of Black Hat and Defcon, likewise wishes that to be the style: Where you aim to help people gain knowledge and learn from others. Moss desires guests to remain ‘excellent’ and ‘practical’ throughout the conference. That is in line with what Alex Stamos from Facebook communicated in his keynote about security companies. Stamos asked that all of us share in the obligation of assisting those that can not assist themselves. He likewise raised another relevant point: Are we doing enough in the security industry to truly help individuals instead of simply doing it to make money? Can we achieve the objective of truly helping individuals? As such is the juxtaposition of the 2 events. The primary differences in between Black Hat and Defcon is the more business consistency of Black Hat (from vendor hall to the presentations) to the true hacker community at Defcon, which showcases the creative side of what is possible.

The business I work for, Ziften, offers Systems and Security Operations software – offering IT and security teams visibility and control across all end points, on or off a business network. We likewise have a pretty sweet sock game!

Many attendees flaunted their Ziften support by decorating previous year Ziften sock styles. Looking excellent, feeling great!

The concept of signing up with forces to combat against the corrupt is something most participants from all over the world embrace, and we are not any different. Here at Ziften, we aim to really help our consumers and the community with our solutions. Why provide or depend on an option which is limited to only what’s inside the box? One that offers a single or handful of particular functions? Our software is a platform for integration and supplies modular, individualistic security and operational solutions. The whole Ziften team takes the imagination from Defcon, and we motivate ourselves to try and build new, custom-made features and forensic tools in which conventional security businesses would avoid or just remain taken in by daily tasks.

Delivering all the time visibility and control for any asset, anywhere is among Ziften’s main focuses. Our merged systems and security operations (SysSecOps) platform empowers IT and security operations groups to rapidly repair endpoint problems, decrease overall danger posture, speed risk response, and increase operations efficiency. Ziften’s protected architecture provides constant, streaming endpoint tracking and historic data collection for businesses, governments, and managed security service providers. And remaining with 2017’s Black Hat style of collaborating, Ziften’s partner integrations extend the value of incumbent tools and fill the spaces in between siloed systems.

Journalists are not enabled to take photos of the Defcon crowd, however I am not the press and this was prior to entering a badge required area:P The Defcon masses and jerks (Defcon mega-bosses using red shirts) were at a standstill for a strong twenty minutes waiting for preliminary access to the four enormous Track conference rooms on opening day.

The Voting Machine Hacking Village got a great deal of attention at the event. It was interesting but nothing brand-new for veteran guests. I expect it takes something notable to garner attention around specific vulnerabilities.? All vulnerabilities for most of the talks and particularly this village have actually currently been revealed to the proper authorities before the event. Let us understand if you require assistance locking down any of these (looking at you government folks).

More and more personal data is becoming available to the general public. For example, Google & Twitter APIs are easily and publicly available to query user data metrics. This data is making it much easier for hackers to social engineer focused attacks on people and specifically persons of power and rank, like judges and executives. This discussion entitled, Dark Data, demonstrated how a simple yet brilliant de-anonymization algorithm and some data made it possible for these 2 white hats to identify people with severe accuracy and reveal extremely personal info about them. This should make you hesitate about exactly what you have installed on your systems and individuals in your office. Most of the above raw metadata was gathered through a popular browser add-on. The fine tuning accompanied the algothrim and public APIs. Do you know exactly what web browser add-ons are running in your environment? If the response is no, then Ziften can help.

This discussion was clearly about exploiting Point-of-Sale systems. Although quite humorous, it was a tad scary at the speed at which one of the most frequently utilized POS systems can be hacked. This particular POS hardware is most typically used when leaving payment in a taxi. The base operating system is Linux and although on an ARM architecture and safeguarded by strong firmware, why would a business risk leaving the security of client charge card details exclusively in the hands of the hardware vendor? If you look for additional protection on your POS systems, then look no further than Ziften. We protect the most typically used business operating systems. If you want to do the fun thing and install the computer game Doom on one, I can send you the slide deck.

This person’s slides were off the charts exceptional. What wasn’t excellent was how exploitable the MacOS is during the setup process of very common applications. Basically every time you install an application on a Mac, it needs the entry of your intensified advantages. But what if something were to a little change code a few seconds prior to you entering your Administrator qualifications? Well, most of the time, most likely something bad. Concerned about your Mac’s running malware smart adequate to detect and alter code on typical susceptible applications prior to you or your user base entering credentials? If so, we at Ziften Technologies can help.

We assist you by not changing all your toolset, although we typically find ourselves doing just that. Our aim is to use the recommendations and present tools that work from various vendors, ensure they are running and set up, ensure the perscribed hardening is undoubtedly undamaged, and guarantee your operations and security groups work more effectively together to attain a tighter security matrix throughout your environment.

Key Takeaways from Black Hat & Defcon 2017:

1) More powerful together

– Alex Stamos’s keynote
– Jeff Moss’s message
– Visitors from all over the world interacting
– Black Hat should maintain a friendly neighborhood spirit

2) Stronger together with Ziften

– Ziften plays good with other software suppliers

3) Popular current vulnerabilities Ziften can assist avoid and fix

– Point-of-Sale accessing
– Voting machine tampering
– Escalating MacOS privileges
– Targeted specific attacks

Charles Leaver – Beware Of Adding Subtitle Packages To Popular Movie Apps

Written By Josh Harriman And Presented By Charles Leaver Ziften CEO


Do you like watching motion pictures with all the rage apps like Kodi, SmartTV or VLC on your devices? How about needing or desiring subtitles with those films and simply getting the most recent pack from OpenSubtitles. No problem, sounds like a great evening in your home. Problem is, according to research by Check Point, there could be a nasty surprise waiting for you.

For the bad guys to take control of your ‘world’, they require a vector or some way to acquire entry to your system. There are some typical ways that takes place nowadays, such as smart (and not so clever) social engineering tricks. Getting e-mails that appear to come from buddies or co-workers which were spoofed and you opened an attachment, or went to some website and if the stars lined up, you were pwned. Usually the star positioning part is not that tough, just that you have some susceptible software running that can be accessed.

Since the technique is getting users to work together, the target market can often be difficult to discover. But with this newest research study posted, many of the significant media players have an unique vulnerability when it concerns accessing and decoding subtitle plans. The 4 primary media players noted in the article are fixed to date, however as we have seen in the past (just take a look at the current SMB v1 vulnerability concern) even if a repair is available, does not imply that users are upgrading. The research has also declined to reveal the technical information around the vulnerability to enable other suppliers time to patch. That is a good indication and the appropriate method I believe researchers must take. Notify the vendor so they can repair the issue as well as announce it openly so ‘we individuals’ are notified and understand exactly what to watch out for.

It’s tough to keep up with the numerous ways you can get infected, but at least we have scientists who tirelessly attempt to ‘break’ things to find those vulnerabilities. By carrying out the appropriate disclosure techniques, they help everyone take pleasure in a more secure experience with their devices, and in this case, a terrific night in viewing motion pictures.