Ziften Client Management Technical Approach – Charles Leaver

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO

 

There has actually generally been a lack of visibility on Windows clients of the applications that are running and the resources that are being utilized. There efficient tools out there to monitor the server infrastructure and the network, but the client has actually constantly been the weakest element. This is why vendors such as Ziften have pioneered a brand-new class of solutions that are targeted at the management of security and the performance of clients in the enterprise, and this is called enterprise client management. Speaking from a technical perspective, in order to collect the big quantity of information that is readily available within Windows that is required to supply visibility of the client, there were 2 alternative approaches that needed consideration. We could have created custom driver code or utilized the standard API’s in Windows.

The development of driver code is considered as a last resort because there are some well understood issues:

An in depth understanding of the Windows kernel data structures and coding conventions is needed for driver development

Driver incompatibilities can exist even with the tiniest of system changes, for example with the month-to-month patch updates from Microsoft

A devastating system crash can take place if there is a driver code issue

3rd party driver code triggers most of the instabilities in Windows

Any solution that utilizes low level drivers in their agents do not utilize standard Windows user interfaces and they will “take control” from Windows. This can produce mayhem with the os of the desktops that are under management. If a driver malfunctions then it can crash the system and there is likewise a heightened security threat as these drivers perform at kernel level. “Anything a user can do that triggers a driver to malfunction in such a way that it triggers the system to crash or end up being unusable is a security flaw. When most coders are working on their driver, their focus is on getting the driver to work correctly and not whether a malicious hacker will attempt to make use of holes within the system” stated Microsoft about driver security.

So Ziften took the approach of developing our service around standard Windows interfaces, which has the following benefits:

Higher resilience to Windows updates and modifications that are likely to require driver modifications

Driver conflict susceptibility that can result in system crashes eradicated (Blue Screen of Death).

The possibility of coding errors that impacts system efficiency through the kernel interface is reduced.