This is default featured slide 1 title

You can completely customize the featured slides from the theme theme options page. You can also easily hide the slider from certain part of your site like: categories, tags, archives etc. More »

This is default featured slide 2 title

You can completely customize the featured slides from the theme theme options page. You can also easily hide the slider from certain part of your site like: categories, tags, archives etc. More »

This is default featured slide 3 title

You can completely customize the featured slides from the theme theme options page. You can also easily hide the slider from certain part of your site like: categories, tags, archives etc. More »

This is default featured slide 4 title

You can completely customize the featured slides from the theme theme options page. You can also easily hide the slider from certain part of your site like: categories, tags, archives etc. More »

This is default featured slide 5 title

You can completely customize the featured slides from the theme theme options page. You can also easily hide the slider from certain part of your site like: categories, tags, archives etc. More »


Charles Leaver – Equifax Breach Underlines The Need For Vulnerability Lifecycle Management

Written By Dr Al Hartmann And Presented By Charles Leaver


The following heading hit the news last week on September 7, 2017:

Equifax Inc. today announced a cyber security event possibly impacting roughly 143 million U.S. customers. Lawbreakers made use of a U.S. website application vulnerability to get to particular files. Based upon the business’s investigation, the unauthorized access happened from the middle of May through July 2017.

Lessons from Past Data Breaches

If you like your job, appreciate your role, and dream to maintain it, then do not leave the door open to attackers. A major data breach frequently starts with an un-patched vulnerability that is readily exploitable. And then the inevitable occurs, the cyber criminals are inside your defenses, the crown jewels have actually left the building, the press releases fly, high-priced specialists and external legal counsel rack up billable hours, regulators come down, claims are flung, and you have “some major ‘splainin’ to do”!

We have yet to see if the head splainer in the existing Equifax debacle will endure, as he is still in ‘splainin’ mode, asserting the infiltration began with the exploitation of an application vulnerability.

In such cases the normal rhumba line of resignations is – CISO initially, followed by CIO, followed by CEO, followed by the board of directors shakeup (specifically the audit and business obligation committees). Don’t let this take place to your professional life!

Steps to Take Right Away

There are some commonsense actions to take to prevent the unavoidable breach catastrophe resulting from unpatched vulnerabilities:

Take inventory – Inventory all system and data assets and map your network topology and connected devices and open ports. Know your network, it’s segmentation, what devices are attached, exactly what those devices are running, what vulnerabilities those systems and apps expose, what data assets they gain access to, the level of sensitivity of those assets, what defenses are layered around those assets, and exactly what checks remain in place along all prospective access points.

Improve and get tougher – Carry out best practices recommendations for identity and access management, network division, firewall software and IDS configurations, os and application configurations, database access controls, and data encryption and tokenization, while simplifying and cutting the number and complexity of subsystems throughout your enterprise. Anything too intricate to manage is too complex to secure. Choose configuration solidifying heaven over breach response hell.

Continually monitor and inspect – Periodic audits are needed but inadequate. Continuously monitor, track, and assess all appropriate security events and exposed vulnerabilities – create visibility, event capture, analysis, and archiving of every system and session login, every application launch, every active binary and vulnerability exposure, every script execution, every command provided, every networking contact, every database transaction, and every delicate data access. Any gaps in your security event visibility develop an opponent free-fire zone. Establish essential performance metrics, track them ruthlessly, and drive for ruthless improvement.

Don’t accept functional excuses for insufficient security – There are always secure and effective operational policies, however they might not be pain-free. Not suffering a devastating data breach is long down the organizational discomfort scale from the alternative. Functional expedience or running traditional or misaligned top priorities are not valid excuses for extenuation of bad cyber practices in an escalating danger environment. Lay down the law.

Charles Leaver – Lessons Learned From Equifax And What To Do

Written By Michael Levin And Presented By Charles Leaver


Equifax, one of the 3 major U.S. based credit reporting services just announced a significant data breach where hackers have taken sensitive information from 143 million United States consumers.

Ways that the Equifax security infiltration WILL impact you:

– Personal – Your individual and family’s identity info is now known to hackers and will be targeted!

– Company – Your organizations could be impacted and targeted.

– Nationally – Terrorist, Country States and organized crime groups could be involved or use this data to commit cyber crimes to obtain funds.

Protecting yourself is not complicated!

Five recommendations to secure yourself right away:

– Subscribe to a credit tracking service and/or lock your credit. The quickest way to be informed that your credit is compromised is through a credit tracking service. Equifax has already started the procedure of setting up complimentary credit tracking for those impacted. Other credit tracking services are readily available and ought to be thought about.

– Monitor all your financial accounts including credit cards and all savings accounts. Ensure that notifications are switched on. Make sure you are receiving instant text and email notices for any changes in your account or enhanced balances or transactions.

– Secure your bank and financial accounts, guarantee that two-factor authentication is switched on for all accounts. Learn about two level authentication and turn it on for all monetary accounts.

– Phishing e-mail messages can be your most significant day-to-day danger! Slow down when managing e-mail messages. Stop immediately clicking on every e-mail link and attachment you recieve. Instead of clicking on links and attachments in e-mail messages, go separately to the sites beyond the email message. When you get an e-mail, you were not anticipating from a name you recognize think about calling the sender independently before you click links or attachments.

– Strong passwords – think about changing all your passwords. Develop strong passwords and protect them. Utilize various passwords for your accounts.

Other Security Considerations:

– Backup all computers and upgrade operating systems and software applications routinely.

– Social network security – Sharing too much information on social media increases the threat that you will be taken advantage of. For example, informing the world, you are on holiday with photos opens the danger your house will be burglarized.

– Secure your devices – Do not leave your laptop, tablet or phone unattended even for a moment. Do not leave anything in your automobile you don’t desire taken because it’s simply a matter of time.

– Internet of things and device management – Understand how all your devices link to the Internet and exactly what info you are sharing. Check security settings for all devices including smart watches and fitness bands.

The value of training on security awareness:

– This is another crime, where security awareness training can help to minimize danger. Understanding new crimes and frauds in the news is a basic part of security awareness training. Ensuring that staff members, family and friends know this fraud will significantly decrease the likelihood that you will be taken advantage of.

– Sharing new scams and criminal activities you hear about in the news with others, is important to guarantee that individuals you appreciate do not succumb to these types of criminal activities.

Charles Leaver – Why Choose Generic When You Can Have Extensible?

Written By Charles Leaver Ziften CEO

Whether you call them extensions, or call them modifications – no matter what you call it, the best technology platforms can be customized to fit a company’s specific service requirements. Generic operations tools are fine at carrying out generic operations jobs. Generic security tools are great at resolving generic security obstacles. Generic can only take you up to a point, unfortunately, and that’s where extensibility steps in.

Extensibility shows up often when I’m talking to customers and prospective clients, and I’m proud that a Global 10 company picked Ziften over everyone else in the marketplace mainly on that basis. For that customer, and numerous others, the ability to deeply customize platforms is a necessity.

This isn’t about just creating custom-made reports or custom-made alerts. Let’s be truthful – the ability to develop reports are baseline capability of numerous IT operations and security management tools. Real extensibility goes deep into the service to offer it capabilities that fix real problems for the organization.

One customer used lots of mobile IoT devices, and needed to have our Zenith real-time visibility and control system be able to gain access to (and monitor) the memory of those devices. That’s not a basic feature provided by Zenith, due to the fact that our low footprint agent doesn’t hook into the operating system kernel or operate through basic device drivers. However, we worked with the client to customize Zenith with that ability – and it ended up being much easier than anybody imagined.

Another customer looked at the basic set of end point data that the agent gathers, and wanted to include extra data fields. They likewise wished to program the administrative console with customized actions using those data fields, and press those actions back out to those end points. No other endpoint tracking and security service was able to provide the function for adding that performance other than Ziften.

What’s more, the customer developed those extensions themselves … and owns the code and intellectual property. It’s part of their own secret sauce, their own business differentiator, and special to their organization. They couldn’t be happier. And neither are we.

With lots of other IT operations and security systems, if clients want extra functions or abilities, the only choice is to send that as a future feature demand, and hope that it appears in an upcoming version of the product. Till then, regrettable.

That’s not how we developed our flagship solutions, Zenith and ZFlow. Due to the fact that our endpoint agent isn’t really based on device drivers or kernel hooks, we can permit remarkable extensibility, and open that extensibility for customers to access directly.

Likewise, with our administrative consoles and back end monitoring systems; everything is adjustable. And that was integrated in right from the start.

Another aspect of personalization is that our real-time and historic visibility database can incorporate into your other IT operations and security platforms, including SIEM tools, danger intelligence, IT ticketing system, job orchestration systems, and data analytics. With Zenith and ZFlow, there are no silos. Ever.

When it comes to endpoint monitoring and management, extensions are increasingly where it’s at. IT operations and enterprise security teams need the ability to personalize their tools platforms to fit their exact requirements for tracking and handling IoT, standard endpoints, the data center, and the cloud. In many client discussions, our integrated extensibility has caused eyes to light up, and won us trials and deployments. Inform us about your custom requirements, and let’s see what we can do.

Charles Leaver – Watch This Video Showing Our Endpoint Security Architecture

Written By Mike Hamilton And Presented By Ziften CEO Charles Leaver


End Point security is a hot topic nowadays. And there are great deals of different suppliers out there touting their wares in this market. However it’s in some cases challenging to understand just what each supplier supplies. What’s much more hard is to understand how each supplier solution is architected to supply their services.

I believe that the back-end architecture of whatever you choose can have a profound impact on the future scalability of your application. And it can develop lots of unanticipated work and expenses if you’re not mindful.

So, in the spirit of transparency, and because we believe our architecture is not the same, unique and effective, we welcome all end point security vendors to “show us your architecture”.

I’ll kick this off in the following video where I show you the Ziften architecture, and a number of exactly what I think about tradition architectures for contrast. Specifically, I’ll talk about:

– Ziften’s architecture designed using next gen cloud principles.
– One company’s peer-to-peer “mish-mash” architecture.
– Legacy hub-spoke-hub architectures.

I have actually revealed you the power of our genuinely cloud-based platform. Now it’s my competitor’s turn. Come on folks – show us your architectures!

Charles Leaver – Risk And Security Management Tips And Advice

Written By Roark Pollock And Presented By Charles Leaver Ziften CEO


Danger management and security management have long been dealt with as different functions frequently performed by separate practical groups within a company. The recognition of the need for continuous visibility and control throughout all assets has increased interest in looking for common ground in between these disciplines and the availability of a brand-new generation of tools is allowing this effort. This conversation is very current offered the continued problem the majority of business organizations experience in attracting and retaining competent security personnel to manage and secure IT infrastructure. A marriage of activity can help to much better leverage these important personnel, decrease costs, and assist automate response.

Historically, threat management has been viewed as an attack mandate, and is generally the field of play for IT operations groups. In some cases described as “systems management”, IT operations teams actively carry out device state posture monitoring and policy enforcement, and vulnerability management. The goal is to proactively reduce potential threats. Activities that enhance risk reduction and that are performed by IT operations consist of:

Offensive Threat Mitigation – Systems Management

Asset discovery, inventory, and refresh

Software application discovery, usage tracking, and license rationalization

Mergers and acquisition (M&A) threat evaluations

Cloud workload migration, monitoring, and enforcement

Vulnerability evaluations and patch installs

Proactive helpdesk or systems analysis and problem response/ repair

On the other side of the field, security management is considered as a protective strategy, and is generally the field of play for security operations groups. These security operations groups are normally responsible for hazard detection, event response, and remediation. The objective is to respond to a risk or a breach as rapidly as possible in order to lessen impacts to the organization. Activities that fall directly under security management and that are carried out by security operations include:

Defensive Security Management – Detection and Response

Danger detection and/or threat searching

User behavior tracking / insider risk detection and/or searching

Malware analysis and sandboxing

Incident response and hazard containment/ elimination

Lookback forensic examinations and source decision

Tracing lateral threat motions, and further hazard removal

Data exfiltration determination

Effective businesses, naturally, need to play both offense AND defense similarly well. This need is driving companies to acknowledge that IT operations and security operations have to be as lined up as possible. Thus, as much as possible, it helps if these 2 groups are playing using the same playbook, or at least working with the same data or single source of fact. This indicates both teams ought to aim to use some of the exact same analytic and data collection tools and methodologies when it pertains to handling and securing their endpoint systems. And if companies depend on the exact same personnel for both jobs, it definitely helps if those individuals can pivot in between both jobs within the exact same tools, leveraging a single data set.

Each of these offending and defensive jobs is crucial to safeguarding a company’s copyright, track record, and brand name. In fact, managing and focusing on these jobs is exactly what often keeps CIOs and CISOs up at night. Organizations should acknowledge opportunities to align and combine groups, innovations, and policies as much as possible to ensure they are concentrated on the most immediate need along the current risk and security management spectrum.

When it comes to handling endpoint systems, it is clear that companies are approaching an “all the time” visibility and control design that enables continuous danger assessments, constant threat tracking, and even continuous efficiency management.

Thus, organizations have to search for these 3 crucial abilities when assessing brand-new endpoint security systems:

Solutions that provide “all the time” visibility and control for both IT operations teams and security operations groups.

Solutions that supply a single source of reality that can be utilized both offensively for risk management, and defensively for security detection and response.

Architectures that quickly integrate into existing systems management and security tool environments to provide even greater value for both IT and security groups.

Charles Leaver – Black Hat And Defocn 2017 Our Experiences

Written by Michael Vaughn And Presented By Ziften CEO Charles Leaver


Here are my experiences from Black Hat 2017. There is a slight addition in approaching this year’s synopsis. It is large in part because of the theme of the opening talk provided by Facebook’s Chief Security Officer, Alex Stamos. Stamos forecasted the significance of re focusing the security community’s efforts in working better together and diversifying security solutions.

“Working better together” is seemingly an oxymoron when analyzing the mass competitiveness among hundreds of security companies striving for clients throughout Black Hat. Based off Stamos’s messaging during the opening keynote this year, I felt it essential to add some of my experiences from Defcon too. Defcon has historically been an occasion for learning and includes independent hackers and security specialists. Last week’s Black Hat style concentrated on the social aspect of how companies should get along and truly help others and one another, which has constantly been the overlying message of Defcon.

Individuals checked in from around the globe last week:

Jeff Moss, aka ‘Dark Tangent’, the founder of Black Hat and Defcon, likewise wishes that to be the style: Where you aim to help people gain knowledge and learn from others. Moss desires guests to remain ‘excellent’ and ‘practical’ throughout the conference. That is in line with what Alex Stamos from Facebook communicated in his keynote about security companies. Stamos asked that all of us share in the obligation of assisting those that can not assist themselves. He likewise raised another relevant point: Are we doing enough in the security industry to truly help individuals instead of simply doing it to make money? Can we achieve the objective of truly helping individuals? As such is the juxtaposition of the 2 events. The primary differences in between Black Hat and Defcon is the more business consistency of Black Hat (from vendor hall to the presentations) to the true hacker community at Defcon, which showcases the creative side of what is possible.

The business I work for, Ziften, offers Systems and Security Operations software – offering IT and security teams visibility and control across all end points, on or off a business network. We likewise have a pretty sweet sock game!

Many attendees flaunted their Ziften support by decorating previous year Ziften sock styles. Looking excellent, feeling great!

The concept of signing up with forces to combat against the corrupt is something most participants from all over the world embrace, and we are not any different. Here at Ziften, we aim to really help our consumers and the community with our solutions. Why provide or depend on an option which is limited to only what’s inside the box? One that offers a single or handful of particular functions? Our software is a platform for integration and supplies modular, individualistic security and operational solutions. The whole Ziften team takes the imagination from Defcon, and we motivate ourselves to try and build new, custom-made features and forensic tools in which conventional security businesses would avoid or just remain taken in by daily tasks.

Delivering all the time visibility and control for any asset, anywhere is among Ziften’s main focuses. Our merged systems and security operations (SysSecOps) platform empowers IT and security operations groups to rapidly repair endpoint problems, decrease overall danger posture, speed risk response, and increase operations efficiency. Ziften’s protected architecture provides constant, streaming endpoint tracking and historic data collection for businesses, governments, and managed security service providers. And remaining with 2017’s Black Hat style of collaborating, Ziften’s partner integrations extend the value of incumbent tools and fill the spaces in between siloed systems.

Journalists are not enabled to take photos of the Defcon crowd, however I am not the press and this was prior to entering a badge required area:P The Defcon masses and jerks (Defcon mega-bosses using red shirts) were at a standstill for a strong twenty minutes waiting for preliminary access to the four enormous Track conference rooms on opening day.

The Voting Machine Hacking Village got a great deal of attention at the event. It was interesting but nothing brand-new for veteran guests. I expect it takes something notable to garner attention around specific vulnerabilities.? All vulnerabilities for most of the talks and particularly this village have actually currently been revealed to the proper authorities before the event. Let us understand if you require assistance locking down any of these (looking at you government folks).

More and more personal data is becoming available to the general public. For example, Google & Twitter APIs are easily and publicly available to query user data metrics. This data is making it much easier for hackers to social engineer focused attacks on people and specifically persons of power and rank, like judges and executives. This discussion entitled, Dark Data, demonstrated how a simple yet brilliant de-anonymization algorithm and some data made it possible for these 2 white hats to identify people with severe accuracy and reveal extremely personal info about them. This should make you hesitate about exactly what you have installed on your systems and individuals in your office. Most of the above raw metadata was gathered through a popular browser add-on. The fine tuning accompanied the algothrim and public APIs. Do you know exactly what web browser add-ons are running in your environment? If the response is no, then Ziften can help.

This discussion was clearly about exploiting Point-of-Sale systems. Although quite humorous, it was a tad scary at the speed at which one of the most frequently utilized POS systems can be hacked. This particular POS hardware is most typically used when leaving payment in a taxi. The base operating system is Linux and although on an ARM architecture and safeguarded by strong firmware, why would a business risk leaving the security of client charge card details exclusively in the hands of the hardware vendor? If you look for additional protection on your POS systems, then look no further than Ziften. We protect the most typically used business operating systems. If you want to do the fun thing and install the computer game Doom on one, I can send you the slide deck.

This person’s slides were off the charts exceptional. What wasn’t excellent was how exploitable the MacOS is during the setup process of very common applications. Basically every time you install an application on a Mac, it needs the entry of your intensified advantages. But what if something were to a little change code a few seconds prior to you entering your Administrator qualifications? Well, most of the time, most likely something bad. Concerned about your Mac’s running malware smart adequate to detect and alter code on typical susceptible applications prior to you or your user base entering credentials? If so, we at Ziften Technologies can help.

We assist you by not changing all your toolset, although we typically find ourselves doing just that. Our aim is to use the recommendations and present tools that work from various vendors, ensure they are running and set up, ensure the perscribed hardening is undoubtedly undamaged, and guarantee your operations and security groups work more effectively together to attain a tighter security matrix throughout your environment.

Key Takeaways from Black Hat & Defcon 2017:

1) More powerful together

– Alex Stamos’s keynote
– Jeff Moss’s message
– Visitors from all over the world interacting
– Black Hat should maintain a friendly neighborhood spirit

2) Stronger together with Ziften

– Ziften plays good with other software suppliers

3) Popular current vulnerabilities Ziften can assist avoid and fix

– Point-of-Sale accessing
– Voting machine tampering
– Escalating MacOS privileges
– Targeted specific attacks

Charles Leaver – Beware Of Adding Subtitle Packages To Popular Movie Apps

Written By Josh Harriman And Presented By Charles Leaver Ziften CEO


Do you like watching motion pictures with all the rage apps like Kodi, SmartTV or VLC on your devices? How about needing or desiring subtitles with those films and simply getting the most recent pack from OpenSubtitles. No problem, sounds like a great evening in your home. Problem is, according to research by Check Point, there could be a nasty surprise waiting for you.

For the bad guys to take control of your ‘world’, they require a vector or some way to acquire entry to your system. There are some typical ways that takes place nowadays, such as smart (and not so clever) social engineering tricks. Getting e-mails that appear to come from buddies or co-workers which were spoofed and you opened an attachment, or went to some website and if the stars lined up, you were pwned. Usually the star positioning part is not that tough, just that you have some susceptible software running that can be accessed.

Since the technique is getting users to work together, the target market can often be difficult to discover. But with this newest research study posted, many of the significant media players have an unique vulnerability when it concerns accessing and decoding subtitle plans. The 4 primary media players noted in the article are fixed to date, however as we have seen in the past (just take a look at the current SMB v1 vulnerability concern) even if a repair is available, does not imply that users are upgrading. The research has also declined to reveal the technical information around the vulnerability to enable other suppliers time to patch. That is a good indication and the appropriate method I believe researchers must take. Notify the vendor so they can repair the issue as well as announce it openly so ‘we individuals’ are notified and understand exactly what to watch out for.

It’s tough to keep up with the numerous ways you can get infected, but at least we have scientists who tirelessly attempt to ‘break’ things to find those vulnerabilities. By carrying out the appropriate disclosure techniques, they help everyone take pleasure in a more secure experience with their devices, and in this case, a terrific night in viewing motion pictures.

Charles Leaver – Your Can Integrate Ziften’s Advanced Endpoint Products With Your Security Architecture Seamlessly

Written By Roark Pollock And Presented By Ziften CEO Charles Leaver


Security practitioners are by nature a mindful bunch. Cautiousness is a characteristic most folks likely have coming into this market given its objective, however it’s also certainly a characteristic that is learned in time. Ironically this is true even when it comes to including extra security controls into an already established security architecture. While one might assume that more security is better security, experience teaches us that’s not necessarily the case. There are in fact various issues associated with deploying a new security product. One that often shows up near the top of the list is how well a brand-new product integrates with existing products.

Integrating issues are available in numerous tastes. Primarily, a new security control shouldn’t break anything. However furthermore, new security services have to gracefully share danger intelligence and act upon threat intelligence collected throughout a company’s entire security infrastructure. In other words, the new security tools ought to collaborate with the existing community of tools in place such that “1 + 1 = 3”. The last thing that the majority of IT and security operations groups need is more siloed products/ tools.

At Ziften, this is why we’ve constantly focused on building and providing an entirely open visibility architecture. Our company believe that any new systems and security operations tools have to be created with enhanced visibility and information sharing as key design requirements. However this isn’t a one way street. Producing basic integrations requires technology partnerships between market vendors. We consider it our duty to work with other innovation companies to equally integrate our products, therefore making it easy on consumers. Unfortunately, numerous suppliers still believe that integration of security products, specifically new endpoint security products is extremely tough. I hear the concern continuously in client discussions. But info is now appearing showing this isn’t necessarily the case.

Recent study work by NSS Labs on “advanced endpoint” services, they report that Worldwide 2000 clients based in North America have actually been pleasantly surprised with how well these types of products integrate into their existing security architectures. In accordance with the NSS research study entitled “Advanced Endpoint Protection – Market Analysis and Survey Results CY2016”, which NSS subsequently provided in the BrightTalk webinar below, respondents that had actually already released sophisticated endpoint items were far more favorable concerning their capability to integrate into existing security architectures than were respondents that were still in the planning stages of purchasing these services.

Specifically, for participants that have actually currently released sophisticated endpoint products: they rank integration with already established security architectures as follows:

● Excellent 5.3 %
● Good 50.0 %
● Average 31.6 %
● Poor 13.2 %
● (Terrible) 0.0 %

Compare that to the more conservative responses from people still in the preparation phase:

● Excellent 0.0 %
● Good 39.3 %
● Average 42.9 %
● Poor 14.3 %
● (Horrible) 3.6 %

These statements are encouraging. Yes, as kept in mind, security people tend to be pessimists, however in spite of low expectations respondents are reporting positive results when it comes to integration experiences. In fact, Ziften consumers generally show the very same initial low expectations when we initially go over the integration of Ziften services into their already established community of products. However in the end, clients are wowed by how easy it is to share details with Ziften services and their already established infrastructure.

These study results will hopefully help reduce concerns as newer service adopters may check out and rely on peer recommendations before making purchase choices. Early mainstream adopters are clearly having success releasing these services and that will ideally help to minimize the natural cautiousness of the true mainstream.

Certainly, there is significant distinction between products in the space, and companies should continue to carry out proper due diligence in understanding how and where products integrate into their broader security architectures. However, fortunately is that there are services not just fulfilling the needs of customers, however really out performing their preliminary expectations.

Charles Leaver – Ziften Customers Secure From Troublesome Petya Variant Flaw

Written By Josh Harriman And Presented By Charles Leaver Ziften CEO


Another infestation, another problem for those who were not prepared. While this latest attack is similar to the earlier WannaCry threat, there are some distinctions in this most current malware which is an alternative or new strain much like Petya. Called, NotPetya by some, this strain has a lot of issues for anyone who experiences it. It might encrypt your data, or make the system entirely unusable. And now the email address that you would be needed to contact to ‘perhaps’ unencrypt your files, has been removed so you’re out of luck getting your files back.

A lot of information to the actions of this threat are publicly readily available, however I wanted to discuss the fact that Ziften customers are secured from both the EternalBlue threat, which is one mechanism used for its propagation, and even much better still, a shot based upon a possible defect or its own kind of debug check that gets rid of the hazard from ever operating on your system. It could still spread nevertheless in the environment, but our protection would currently be rolled out to all existing systems to stop the damage.

Our Ziften extension platform allows our customers to have defense in place versus particular vulnerabilities and destructive actions for this danger and others like Petya. Besides the particular actions taken versus this specific variant, we have taken a holistic approach to stop particular strains of malware that conduct different ‘checks’ against the system prior to operating.

We can likewise utilize our Search ability to search for residues of the other propagation techniques used by this threat. Reports reveal WMIC and PsExec being used. We can search for those programs and their command lines and usage. Although they are legitimate processes, their use is usually uncommon and can be alerted.

With WannaCry, and now NotPetya, we anticipate to see an ongoing rise of these types of attacks. With the release of the current NSA exploits, it has actually provided enthusiastic cyber criminals the tools required to push out their malware. And though ransomware dangers can be a high product vehicle, more damaging threats could be launched. It has always been ‘how’ to obtain the risks to spread out (worm-like, or social engineering) which is most challenging to them.

Charles Leaver – Design Insecurities Need Fixing After UK Parliament Email Breach

Written By Dr Al Hartmann And Presented By Ziften CEO Charles Leaver


In the online world the sheep get shorn, chumps get chomped, dupes get deceived, and pawns get pwned. We have actually seen another great example of this in the current attack on the United Kingdom Parliament e-mail system.

Instead of admitting to an e-mail system that was not secure by design, the main statement read:

Parliament has robust procedures in place to protect all of our accounts and systems.

Tell us another one. The one protective procedure we did see in action was deflecting the blame – the Russians did it, that constantly works, while accusing the victims for their policy violations. While information of the attack are limited, combing numerous sources does assist to assemble a minimum of the gross scenario. If these descriptions are reasonably close, the UK Parliament email system failings are egregious.

What failed in this case?

Count on single element authentication

“Password security” is an oxymoron – anything password secured alone is insecure, that’s it, irrespective of the password strength. Please, no 2FA here, might restrain attacks.

Do not impose any limitation on unsuccessful login efforts

Assisted by single factor authentication, this allows simple brute force attacks, no skill required. However when violated, blame elite foreign hackers – no one can confirm.

Do not implement brute force attack detection

Allow hackers to carry out (otherwise trivially detectable) brute force attacks for extended periods (twelve hours against the United Kingdom Parliament system), to make the most of account compromise scope.

Do not enforce policy, treat it as simply recommendations

Integrated with single aspect authentication, no limitation on failed logins, and no brute force violation detection, do not enforce any password strength validation. Supply attackers with extremely low hanging fruit.

Count on unsigned, unencrypted email for delicate interactions

If enemies do succeed in jeopardizing email accounts or sniffing your network traffic, offer a lot of opportunity for them to score high worth message content entirely in the clear. This likewise conditions constituents to rely on easily spoofable email from Parliament, creating an ideal constituent phishing environment.

Lessons learned

In addition to including “Good sense for Dummies” to their summertime reading lists, the United Kingdom Parliament email system administrators might want to take further actions. Reinforcing weak authentication practices, implementing policies, enhancing network and end point visibility with constant monitoring and anomaly detection, and completely reassessing protected messaging are suggested steps. Penetration testing would have discovered these foundational weak points while remaining outside the news headlines.

Even a few intelligent high-schoolers with a totally free weekend might have replicated this violation. And finally, stop blaming Russia for your very own security failings. Presume that any weak points in your security architecture and policy structure will be penetrated and made use of by some cyber criminals someplace across the global web. Even more incentive to discover and fix those weak points before the enemies do, so turn those pen testers loose. And after that if your defenders don’t have visibility to the attacks in progress, upgrade your monitoring and analytics.