Monthly Archives: October 2017

Charles Leaver – Ways To Prevent The KRACK Vulnerability Causing You problems

Written By Dr Al Hartmann And Presented By Charles Leaver


Enough media attention has been produced over the Wi-Fi WPA2 defeating Key Reinsertion Attack (KRACK), that we don’t need to re-cover that ground. The initial discoverer’s website is an excellent place to review the issues and link to the in-depth research findings. This might be the most attention paid to a fundamental communications security failure since the Heartbleed attack. During that earlier attack, a patched version of the susceptible OpenSSL code was launched on the exact same day as the public disclosure. In this brand-new KRACK attack, similar accountable disclosure standards were followed, and patches were either already launched or soon to follow. Both wireless end points and wireless network devices should be appropriately patched. Oh, and all the best getting that Chinese knockoff wireless security cam bought off eBay patched quickly.

Here we will simply make a couple of points:

Take inventory of your wireless devices and take action to ensure appropriate patching. (Ziften can perform passive network stock, consisting of wireless networks. For Ziften monitored end points, the readily available network interfaces in addition to used patches are reported.) For business IT staff, it is patch, patch, patch every day anyhow, so absolutely nothing brand-new here. However any unmanaged wireless devices ought to be identified and verified.

iOS and Windows endpoints are less prone, while unpatched Linux and Android endpoints are highly prone. A lot of Linux end points will be servers without wireless networking, so not as much exposure there. But Android is another story, especially given the balkanized state of Android upgrading throughout device producers. Probably your business’s greatest exposure will be Android and IoT devices, so do your threat analysis.

Avoid wireless access by means of unencrypted protocols such as HTTP. Adhere to HTTPS or other encrypted protocols or utilize a protected VPN, however be aware some default HTTPS sites enable jeopardized devices to force downgrade to HTTP. (Note that Ziften network monitoring reports IP addresses and ports utilized, so check out any wireless port 80 traffic on unpatched endpoints.).

Continue whatever wireless network health practices you have actually been employing to recognize and silence rogue access points, wireless devices that are unapproved, etc. Grooming access point placement and transmission zones to lessen signal spillage outside your physical boundaries is likewise a wise practice, given that KRACK opponents should be present in your area within the wireless network. Do not give them advantaged positioning opportunities inside or near your environment.

For a more wider conversation around the KRACK vulnerability, take a look at our recent video on the subject:

Charles Leaver – Pointers On Effective Security Awareness Training

Written By Charles Leaver Ziften CEO


Reliable business cybersecurity assumes that people – your staff members – do the right thing. That they do not turn over their passwords to a caller who declares to be from the IT department doing a “qualifications audit.” That they don’t wire $10 million to an Indonesian bank account after getting a midnight request from “the CEO”.

That they do not install an “immediate upgrade” to Flash Player based on a pop-up on a porn site. That they don’t overshare on social media. That they do not keep company details on file sharing services outside the firewall. That they don’t connect to unsecure WiFi networks. And they don’t click links in phishing emails.

Our research reveals that over 75% of security incidents are triggered or helped by employee mistakes.

Sure, you have actually set up endpoint security, email filters, and anti-malware services. Those preventative measures will probably be for nothing, though, if your staff members do the wrong thing time and again when in a harmful situation. Our cybersecurity efforts resemble having an expensive vehicle alarm: If you don’t teach your teen to lock the car when it’s at the shopping center, the alarm is worthless.

Security awareness isn’t enough, obviously. Workers will make mistakes, and there are some attacks that do not need an employee mistake. That’s why you require endpoint security, e-mail filters, anti-malware, etc. However let’s discuss reliable security awareness training.

Why Training Typically Doesn’t Have an Impact

Initially – in my experience, a lot of worker training, well, is poor. That’s especially true of training online, which is normally dreadful. However in most cases, whether live or canned, the training lacks trustworthiness, in part since numerous IT professionals are poor and unconvincing communicators. The training typically concentrates on communicating and implementing rules – not changing risky behavior and routines. And it resembles getting mandatory copy machine training: There’s nothing in it for the employees, so they don’t take it on board it.

It’s not about implementing guidelines. While security awareness training might be “owned” by different departments, such as IT, CISO, or HR, there’s often an absence of knowledge about exactly what a safe awareness program is. First of all, it’s not a checkbox; it has to be continuous. The training needs to be delivered in different methods and times, with a combination of live training, newsletters, small group conversations, lunch-and-learns, and yes, even online resources.

Safeguarding yourself is not complicated!

However a huge problem is the lack of objectives. If you do not know exactly what you’re aiming to do, you can’t see if you’ve done a great task in the training – and if dangerous habits really change.

Here are some sample objectives that can lead to effective security awareness training:

Supply staff members with the tools to recognize and deal with continuous daily security hazards they may receive online and via email.

Let workers understand they become part of the team, and they cannot simply count on the IT/CISO teams to manage security.

Stop the cycle of “unexpected ignorance” about safe computing practices.

Modify frame of minds toward more protected practices: “If you see something, state something”.

Review of business guidelines and procedures, which are described in actionable ways that are relevant to them.

Make it Pertinent

No matter who “owns” the program, it’s necessary that there is visible executive support and management buy-in. If the officers don’t care, the staff members won’t either. Effective training will not talk about tech buzzwords; rather, it will focus on changing habits. Relate cybersecurity awareness to your staff members’ individual life. (And while you’re at it, teach them how to keep themselves, their family, and their home safe. Odds are they do not know and are reluctant to ask).

To make security awareness training really relevant, obtain staff member concepts and motivate feedback. Measure success – such as, did the variety of external links clicked by workers go down? How about calls to tech assistance stemming from security violations? Make the training timely and real-world by consisting of current rip-offs in the news; regretfully, there are a lot of to choose from.

In short: Security awareness training isn’t enjoyable, and it’s not a silver bullet. Nevertheless, it is important for ensuring that dangerous staff member behaviors do not undermine your IT/CISO efforts to secure your network, devices, applications, and data. Make certain that you continuously train your employees, and that the training works.

Charles Leaver – Amazing Enthusiasm For Ziften At Splunk .conf

Written By Josh Applebaum And Presented By Charles Leaver


Like many of you, we’re still recovering from Splunk.conf recently. As usual,. conf had excellent energy and the people who were in participation were passionate about Splunk and the numerous use cases that it provides through the big app ecosystem.

One important statement throughout the week worth mentioning was a new security offering referred to as “Content Updates,” which essentially is pre-built Splunk searches for helping to find security events.

Generally, it takes a look at the newest attacks, and the Splunk security team produces new searches for how they would hunt through Splunk ES data to discover these types of attacks, and after that ships those new searches down to customer’s Splunk ES environments for automatic alerts when seen.

The best part? Because these updates are utilizing mostly CIM (Common Info Model) data, and Ziften occupies a lot of the CIM models, Ziften’s data is already being matched against the new Content Updates Splunk has produced.

A fast demonstration showed which vendors are adding to each type of “detection” and Ziften was mentioned in a great deal of them.

For instance, we have a current blog post that shares how Ziften’s data in Splunk is used to identify and react to WannaCry.

In general, with the approximately 500 individuals who came by the booth over the course of.conf I have to say it was among the best occasions we’ve done in terms of quality discussions and interest. We had nothing but favorable evaluations from our thorough discussions with all walks of business life – from highly technical analysts in the public sector to CISOs in the financial sector.

The most common discussion usually started with, “We are just starting to implement Splunk and are new to the platform.” I like those, since people can get our Apps for free and we can get them an agent to experiment with and it gets them something to utilize right out of the box to show worth instantly. Other folks were really seasoned and truly liked our approach and architecture.

Bottom line: People are truly thrilled about Splunk and genuine services are offered to help people with genuine issues!

Curious? The Ziften ZFlow App and Technology Add-on assists users of Splunk and Splunk ES use Ziften-generated extended NetFlow from end points, servers, and cloud VMs to see what they are missing out on at the edge of their network, their data centers, and in their cloud implementations.

Use Ziften Services For Your IT Security – Charles Leaver

Written By Josh Harriman And Presented By Charles Leaver

Having the right tools to hand is a given in our industry. But having the correct tools and services is one thing. Getting the best worth out of them can be an obstacle. Even with all the right objectives and properly skilled workers, there can be gaps. Ziften Services can help fill those gaps and keep you on track for success.

Ziften Services can enhance, or perhaps outright lead your IT Operations and Security teams to much better arm your company with 3 great offerings. Each one is customized for a particular requirement and given the statistics from a current report by ESG (Enterprise Strategy Group) entitled “Patterns in Endpoint Security Research Study”, which mentioned 51% of responders in the research study stated they will be releasing and utilizing an EDR (endpoint detection and response) service now and 35% of them plan to use managed services for the execution, proves the requirement is out there for correct services around these products and services. For that reason, Ziften is providing our services knowing that lots of companies lack the scale or knowledge to execute and completely make use of required tools such as EDR.

Ziften services are as follows:

Ziften Assess Service
Ziften Hunt Service
Ziften Respond Service

While each of the three services cover a distinct purpose, the latter 2 are more complementary to each other. Let’s look at each in a little more information to better comprehend the benefits.

Assess Service

This service covers both IT functional and security teams. To determine your success in correct documentation and adherence of processes and policies, you need to begin with a great strong baseline. The Assess services begin by conducting thorough interviews with crucial decision makers to truly comprehend what is in place. From there, a Ziften Zenith deployment provides monitoring and data collection of essential metrics within client device networks, data centers and cloud deployments. The reporting covers asset management and efficiency, licensing, vulnerabilities, compliance and even anomalous habits. The result can cover a range of issues such as M&An evaluations, pre cloud migration planning and regular compliance checks.

Hunt Service

This service is a real 24 × 7 managed endpoint detection and response (MDR) offering. Organizations battle to completely cover this essential aspect to security operations. That could be because of restricted personnel or vital know-how in danger hunting methods. Again, making use of the Ziften Zenith platform, this service utilizes continuous tracking throughout client devices, servers, cloud VMs supporting Windows, Mac OSX and Linux operating systems. Among the primary results of this service is considerably minimizing threat dwell times within the environment. This has been discussed on a regular basis in the past couple of years and the numbers are incredible, normally in the order of 100s of days that hazards remain covert within organizations. You require somebody that can actively hunt for these foes as well as can historically look back to previous events to discover behaviors you were not aware of. This service does provide some hours of dedicated Incident Response also, so you have all your bases covered.

Respond Service

When you are against the ropes and have a true emergency, this service is what you require. This is a tried and real IR team prepared for war 24 × 7 with a broad range of response tool sets at hand. You will receive immediate event assessment and triage. Advised actions align with the seriousness of the hazard and what response actions need to occur. The teams are really versatile and will work from another location or if needed, can be on site where conditions require. This could be your entire IR team, or will enhance and blend right in with your current group.

At the end of the day, you need services to help maximize your possibilities of success in today’s world. Ziften has three excellent offerings and desires all our clients to feel protected and aligned with the very best operational and security posture offered. Please reach out to us so we can help you. It’s what we love to do!