Patch Validation 101 – Chuck Leaver

Written By Logan Gilbert And Presented By Chuck Leaver



A current report indicates nearly twenty thousand brand-new software application vulnerabilities were found in 2017 – an all time high. Consider that for a second. That’s approximately fifty five brand-new vulnerabilities each day. That’s a big amount for any IT shop to manage.

Now there’s good news and bad news. The good news is that patches were available for 86% of those vulnerabilities on the day they are disclosed. The problem is that a lot of companies continue to have a problem with patch prioritization, application, and validation. And as IT tasks significantly migrate to the cloud, vulnerability visibility tends to decrease – intensifying an already hard challenge.

Let’s take a more detailed look at ways to manage cloud patch validation effectively.

First, a Patch Management Primer

Patch management is the practice of upgrading software with code modifications that address vulnerabilities exploitable by cyber assailants. Even though it’s been around for years, patch management stays a challenging process for most IT companies.

Modern businesses have complex IT environments with numerous integration points between organization systems. That means it is hard for software application developers to account for all unintended effects, e.g., a condition that could close a port, disable crucial infrastructure interaction, and even crash its host server.

And concentrating on the effective patching of recognized vulnerabilities is the unquestionable ‘big bang for the buck’ play. In 2017, Gartner reported ninety nine percent of exploits are based upon vulnerabilities that have already been known to IT and security professionals for a minimum of one year.

Cloud Patching Principles

The very first key to closing down the correct vulnerabilities in your cloud IT infrastructure is being able to see everything. Without visibility into your cloud systems and applications, you cannot really know if both those systems and applications are patched where it is essential. The second key is patch validation. Simply shooting off a patch is no assurance that it triggered correctly. It may, or might not, have actually deployed effectively.

How would you be sure of this?

The Ziften Technique

Ziften supplies the visibility and recognition you need to guarantee your cloud IT environment is safe and protected from the vulnerabilities that are the most crucial:

– In-depth capture of discovered OS and application vulnerabilities

– Findings mapped to vulnerability insight points, e.g., OWASP, CIS, CVE, CWE, and OSVDB

– Detailed descriptions of the ramifications of findings, company impacts, and threats for each of the recognized exposures

– Vulnerability prioritization based upon asset criticality and risk of attack

– Removal suggestions to close recognized shortages

– Detailed steps to follow while reducing reported shortages

– Detection and mitigation of attacks that exploit unpatched systems with quarantine procedures

Far too often we find that the data from client’s patching systems incorrectly report that vulnerabilities are undoubtedly patched. This produces complacency that is inappropriate for IT operations and security operations groups.

What You Need To Know About Monitoring Cybersecurity And GDPR – Chuck Leaver

Written By Dr Al Hartmann And Presented By Chuck Leaver


Robust enterprise cybersecurity naturally includes monitoring of network, end point, application, database, and user activity to prevent, detect, and respond to cyber dangers that could breach privacy of business staff, partners, providers, or customers. In cyberspace, any blind spots end up being complimentary fire zones for the legions of assailants looking to do harm. However monitoring also captures event records that may include user “personal data” under the broad European Union GDPR analysis of that term. Business staff are “natural persons” and for this reason “data subjects” under the policy. Wisely stabilizing security and personal privacy issues throughout the business can be tough – let’s talk about this.

The Requirement for Cyber Security Tracking

GDPR Chapter 4 governs controller and processor functions under the policy. While not clearly mandating cyber security tracking, this can be inferred from its text:

-” … When it comes to an individual data breach, the controller shall without excessive delay and, where feasible, not more than 72 hours after having become aware of it, alert the individual data breach to the supervisory authority …” [Art. 33( 1)]

-” … the controller and the processor shall execute suitable technical and organizational measures to guarantee a level of security appropriate to the risk …” [Art. 32( 1)]

-” Each supervisory authority will have [the power] to perform examinations through data defense audits.” [Art. 58( 1)]

One can well reason that to find a breach one has to monitor, or that to validate and to scope a breach and provide timely breach alerting to the supervisory authority that a person should also monitor, or that to carry out suitable technical steps that one has to monitor, or that to respond to a data security audit that one should have an audit path which audit paths are produced by tracking. In short, for a business to secure its cyber space and the individual data therein and verify its compliance, it reasonably must monitor that area.

The Enterprise as Controller of Data

Under the GDPR it is the controller that “identifies the purposes and means of the processing of personal data.” The business chooses the purposes and scope of monitoring, picks the tools for such tracking, figures out the probe, sensor, and agent deployments for the tracking, chooses the services or personnel which will access and evaluate the monitored data, and decides the actions to take as a result. In short, the enterprise serves in the controller role. The processor provides support to the controller by providing processing services on their behalf.

The enterprise also utilizes the personnel whose individual data may be included in the event records caught by tracking. Individual data is defined rather broadly under GDPR and might consist of login names, system names, network addresses, filepaths that include the user profile directory site, or any other incidental information that might reasonably be connected to “a natural person”. Event data will frequently include these aspects. An event data stream from a specific probe, sensing unit, or agent might then be linked to a person, and expose aspects of that person’s work performance, policy compliance, and even aspects of their individual lives (if business devices or networks are not used correctly for personal business). Although not the goal of cybersecurity tracking, prospective personal privacy or profiling concerns could be raised.

Achieving Transparency by means of Fair Processing Notices

As the enterprise employs the staff whose individual data may be captured in the cyber security monitoring dragnet, they have the opportunity in employment agreements or in different disclosures to inform personnel of the need and function of cyber security tracking and obtain educated approval directly from the data subjects. While it might be argued that the legal basis for cybersecurity monitoring does not always require informed consent (per GDPR Art, 6( 1 )), but is a consequence of the data security level the business has to maintain to otherwise comply with law, it is far more preffered to be open and transparent with personnel. Employment agreements have actually long consisted of such provisions specifying that staff members consent to have their work environment communications and devices kept track of, as a condition of work. But the GDPR raises the bar considerably for the specificity and clearness of such authorizations, called Fair Processing Notices, which have to be “freely offered, explicit, informed and unambiguous”.

Fair Processing Notices have to plainly lay out the identity of the data controller, the types of data gathered, the purpose and lawful basis for this collection, the data subject rights, in addition to contact info for the data controller and for the supervisory authority having jurisdiction. The notification has to be clear and easily understood, and not buried in some prolonged legalistic employment contract. While numerous sample notifications can be found with an easy web search, they will need adaptation to fit a cyber security monitoring context, where data subject rights may contravene forensic data retention requirements. For instance, an insider enemy might require the deletion of all their activity data (to ruin evidence), which would subvert personal privacy policies into a tool for the obstruction of justice. For other assistance, the widely employed NIST Cybersecurity Framework addresses this balance in Sec. 3.6 (” Methodology to Safeguard Privacy and Civil Liberties”).

Think Globally, Act In Your Area

Given the viral jurisdictional nature of the GDPR, the draconian charges imposed upon lawbreakers, the challenging dynamics of filtering out EEA from non-EEA data subjects, and the likely spread of similar guidelines internationally – the safe path is to use stringent personal privacy guidelines across the board, as Microsoft has actually done.

In contrast to global application stands local application, where the safe path is to position cybersecurity tracking infrastructure in geographical locales, instead of to come to grips with trans-border data transfers. Even remote querying and having sight of personal data may count as such a transfer and argue for pseudonymization (tokenizing individual data fields) or anonymization (redacting personal data fields) throughout non-cooperating jurisdictional borders. Just in the last stages of cyber security analytics would natural individual recognition of data subjects become relevant, and after that most likely just be of actionable worth locally.

Are You Whitelisting Your Network? – Chuck Leaver

Written By Roark Pollock And Presented By Chuck Leaver



Similar to any form of security, the world of IT security is concerned with developing and implementing a set of allow/disallow rules – or more formally entitled, security policies. And, simply specified, allow/disallow guidelines can be expressed as a ‘whitelist’ or a ‘blacklist’.

In the past, the majority of rules were blacklist in nature. The good ‘ole days were when we trusted almost everyone to behave well, and when they did this, it would be quite easy to determine bad behavior or anomalies. So, we would only have to write a few blacklist rules. For instance, “don’t permit anyone into the network coming from an IP address in say, Russia”. That was sort of the same thing as your grandparents never ever locking the doors to your house on the farm, given that they knew everyone within a twenty mile radius.

Then our world altered. Good behavior ended up being an exception, and bad actors/habits ended up being legion. Of course, it took place slowly – and in phases – dating to the beginning of the true ‘Internet’ back in the early 90’s. Keep in mind script kiddies illegally accessing public and secure sites, just to show to their high school pals that they could?

Fast forward to the modern age. Everything is online. And if it has value, somebody in the world is trying to steal or harm it – continuously. And they have plenty of tools that they can use. In 2017, 250,000 brand-new malware versions were presented – daily. We used to trust desktop and network anti-virus programs to include brand-new blacklist signatures – every week – to counter the bad guys utilizing destructive strings of code for their bidding. But at over 90 million new malware variations each year, blacklist techniques alone won’t cut it.

Network whitelisting technologies have been a crucial form of protection for on premises network security – and with many organizations quickly moving workloads to the cloud, the same systems will be needed there too.

Let’s take a closer look at both approaches.


A blacklist lines out understood destructive or suspicious “entities” that should not be enabled access, or execution rights, in a network or system. Entities consist of bad software applications (malware) including infections, Trojans, worms, spyware, and keystroke loggers. Entities also consist of any user, application, process, IP address, or organization understood to posture a danger to a business.

The critical word above is “known”. With 250,000 new versions appearing per day, the number that are out there we have no idea about – at least till much later on in time, which could be days, weeks, and even years?

What is Whitelisting?

So, what is whitelisting? Well, as you may have thought, it is the opposite of blacklisting. Whitelisting begins from a viewpoint that almost all things are bad. And, if that holds true, it ought to be more effective simply to specify and allow “good entities” into the network. A basic example would be “all employees in the finance department that are director level or greater are allowed to access our financial reporting application on server X.” By extension, everybody else is locked out.

Whitelisting is frequently described as a “absolutely no trust” approach – deny all, and permit just select entities access based on a set of ‘good’ properties connected with user and device identity, habits, place, time, and so on

Whitelisting is extensively accepted for high-risk security environments, where stringent guidelines are more important than user liberty. It is likewise highly valued in environments where companies are bound by strict regulatory compliance.

Black, White, or Both?

First, there are not many that would suggest blacklisting is totally a thing of the past. Certainly at the endpoint device level, it remains relatively simple to set up and preserve and rather effective – specifically if it is kept up to date by third party danger intelligence companies. But, in and of itself, is it enough?

Second, depending upon your security background or experience, you’re likely thinking, “Whitelisting would never work for us. Our business applications are just too different and complicated. The time, effort, and resources needed to assemble, monitor, and update whitelists at an enterprise level would be untenable.”

Thankfully, this isn’t really an either-or choice. It’s possible to take a “finest of both worlds” approach – blacklisting for malware and invasion detection, running along with whitelisting for system and network access at large.

Ziften and Cloud Whitelisting

The secret to whitelisting comes down to ease of implementation – specifically for cloud-based work. And ease of execution becomes a function of scope. Think of whitelisting in 2 ways – application and network. The former can be a quagmire. The latter is far simpler to implement and preserve – if you have the right visibility within your cloud deployments.

This is where Ziften comes in.

With Ziften, it becomes simple to:

– Identify and develop visibility within all cloud servers and virtual machines

– Gain continuous visibility into devices and their port use activity

– See east west traffic flows, including detailed tracking into protocols being used over particular port sets

– Convert ‘seeing’ exactly what’s happening into a discernable variety of whitelists, finished off with exact procedure and port mappings

– Establish near real-time notifications on any anomalous or suspicious resource or service activations

Check Out This Advanced Hunting With Windows Defender ATP – Chuck Leaver

Written By Josh Harrimen And Presented By Chuck Leaver


Following on from our current partnership statement with Microsoft, our Ziften Security Research group has actually started leveraging a very great part of the Windows Defender Advanced Threat Protection (Windows Defender ATP) Security Center platform. The Advanced Searching feature lets users run queries against the information that has actually been sent by products and tools, for example Ziften, to discover intriguing habits quickly. These inquiries can be kept and shared among the user base of Windows Defender ATP users.

We have actually included a handful of shared inquiries up until now, however the outcomes are rather interesting, and we like the ease of use of the searching interface. Given that Ziften sends out endpoint data collected from macOS and Linux systems to Windows Defender ATP, we are focusing on those OS in our inquiry advancement efforts to showcase the complete coverage of the platform.

You can access the Advanced Hunting interface by selecting the database icon on the left hand side as shown below.

You can observe the high-level schema on the top left of that page with occasions such as ProcessCreation, Machineinfo, NetworkCommunication and some others. We ran some current malware within our Redlab and created some queries to find that data and create the results for examination. An example of this was OceanLotus. We developed a few queries to find both the dropper and files associated with this threat.

After running the inquiries, you get results with which you can interact with.

Upon inspection of the outcomes, we see some systems that have exhibited the searched for behavior. When you choose these systems, you can view the information of the particular system in question. From there you can view alerts activated and an event timeline. Details from the malicious process are revealed in the image below.

Extra behavior-based queries can also be run. For instance, we carried out another harmful sample which leveraged a few strategies that we queried. The screenshot directly below reveals an inquiry we ran when searching for the Gatekeeper program on a macOS being disabled from the command line. While this action could be an administrative action, it is certainly something you would wish to know is occurring within your environment.

From these query outcomes, you can again select the system under examination and further investigate the suspicious behaviors.

This blog post definitely doesn’t act as an in-depth tutorial on using the Advanced Searching function within the Windows Defender Advanced Threat Protection platform. However we wanted to put something together quickly to share our excitement about how simple it is to utilize this feature to conduct your very own custom-made danger hunting in a multi-system environment, and across Linux, Windows and macOS systems.

We eagerly anticipate sharing more of our experiments and research studies utilizing queries constructed using the Advanced Searching feature. We share our successes with everybody here, so stay tuned.

RSA 2018 Was Refreshing For A Number Of Reasons – Chuck Leaver

Written By Logan Gilbert And Presented By Chuck Leaver


After spending a few days with the Ziften team at the 2018 RSA Conference, my technology observation was: more of the very same, the normal suspects and the usual buzzwords. Buzz words like – “AI”, “machine learning”, “predictive” were wonderfully worn out. Lots of attention paid to prevention, everyone’s preferred attack vector – email, and everybody’s favorite vulnerability – ransomware.

The only surprise I encountered was seeing a smattering of NetFlow analysis businesses – great deals of smaller sized companies trying to make their mark using a really abundant, however hard to work with, data set. Really cool stuff! Find the small booths and you’ll discover lots of innovation. Now, in fairness to the bigger suppliers I know there are some really cool innovations therein, but RSA barely positions itself to seeing through the buzzwords to real worth.

The Buzz at RSA

I may have a prejudiced view given that Ziften has actually been partnering with Microsoft for the last six plus months, however Microsoft appeared to play a lot more popular leading role at RSA this year. First, on Monday, Microsoft revealed it’s all new Intelligent Security Association bringing together their security collaborations “to concentrate on defending customers in a world of increased threats”, and more significantly – reinforcing that defense through shared security intelligence throughout this environment of partners. Ziften is of course proud to be an establishing member in the Intelligent Security Association.

Furthermore, on Tuesday, Microsoft revealed a ground breaking partnership with many in the cybersecurity market named the “Cybersecurity Tech Accord.” This accord calls for a “digital Geneva Convention” that sets standards of habits for cyberspace just as the Geneva Conventions set rules for the conduct of war in the physical world.

RSA Attendees

A true interesting point to me though was the makeup of the expo audience itself. As I was likewise an exhibitor at RSA, I noted that of my visitors, I saw more “suits” and less t-shirts.

Ok, maybe not suits per se, but more security Supervisors, Directors, VPs, CISOs, and security leaders than I recall seeing in the past. I was motivated to see what I think are business decision makers having a look at security businesses first hand, as opposed to delegating that task to their security team. From this audience I often heard the same themes:

– This is overwhelming.
– I can’t discriminate in between one innovation and another.

RSA Absences

There were certainly less “technology trolls”. What, you might ask, are technology trolls? Well, as a supplier and security engineer, these are the guys (always males) that show up five minutes before the close of the day and drag you into a technical due-diligence workout for an hour, or at least up until the happy hour parties start. Their objective – definitely nothing beneficial to anyone – and here I’m presuming that the troll actually works for a company, so absolutely nothing useful for the business that actually paid thousands of dollars for their attendance. The only thing acquired is the troll’s self-affirmation that they are able to “beat down the vendor” with their technical expertise. I’m being extreme, however I’ve experienced the trolls from both sides, both as a vendor, and as a buyer – and back at the home office no one is basing buying choices based upon troll recommendations. I can just presume that businesses send out tech trolls to RSA and similar expos because they do not want them in their workplace.

Discussions about Holistic Security

Which brings me back to the kind of people I did see a lot of at RSA: security savvy (not just tech savvy) security leaders, who comprehend the business argument and decisions behind security technologies. Not just are they influencers but oftentimes the business owners of security for their respective companies. Now, apart from the above mentioned concerns, these security leaders seemed less concentrated on an innovation or specific usage case, but rather a focus on a desire for “holistic” security. As we understand, great security needs a collection of innovations, policy and practice. Security savvy customers wanted to know how our innovation fitted into their holistic service, which is a refreshing modification of dialog. As such, the types of concerns I would hear:

– How does your technology partner with other solutions I currently use?
– More notably: Does your business really buy into that collaboration?

That last concern is important, basically asking if our collaborations are just fodder for a site, or, if we really have an acknowledgment with our partner that the sum is greater than the parts.

The latter is what security experts are searching for and need.

To Conclude

In general, RSA 2018 was terrific from my viewpoint. After you go beyond the jargon, much of the buzz centered on things that matter to clients, our industry, and us as people – things like security partner communities that add worth, more holistic security through genuine partnership and significant integrations, and face to face conversations with business security leaders, not technology trolls.

Discovering Unmanaged Assets In Your Cloud Environment – Chuck Leaver

Written By Logan Gilbert And Presented By Chuck Leaver


We all identify with the vision of the masked bad guy bending over his computer late in the evening – accessing a corporate network, stealing valuable data, vanishing without a trace. We personify the opponent as smart, determined, and crafty. But the truth is the vast majority of attacks are made possible by easy human carelessness or recklessness – making the job of the cyber criminal an easy one. He’s inspecting all the doors and windows continuously. All it takes is one error on your part and hegets in.

Exactly what do we do? Well, you know the answer. We invest a large portion of our IT budget plan on security defense-in-depth systems – designed to identify, trick, fool, or outright obstruct the bad guys. Let’s park the discourse on whether or not we are winning that war. Since there is a far easier war taking place – the one where the opponent enters your network, business crucial application, or IP/PPI data through a vector you didn’t even comprehend you had – the asset that is unmanaged – often described as Shadow IT.

Believe this is not your company? A current research study recommends the average business has 841 cloud apps in use. Surprisingly, most IT executives believe the variety of cloud apps in use by their organization is around 30-40 – suggesting they are incorrect by an element of 20 times. The very same report highlights that over 98% of cloud apps are not GDPR prepared, and 95% of enterprise class cloud apps are not SOC 2 ready.

Defining Unmanaged Assets/Shadow IT

Shadow IT is defined as any SaaS application utilized – by workers, departments, or whole company units – without the comprehension or authorization of the business’s IT department. And, the introduction of ‘everything as a service’ has made it even easier for workers to access whatever software they feel is needed to make them more productive.

The Effect

Well-intentioned employees normally do not understand they’re breaking business guidelines by activating a new server instance, or downloading unauthorized apps or software offerings. However, it happens. When it does, three problems can emerge:

1. Corporate standards within a company are compromised since unauthorized software applications means each computer system has different capabilities.

2. Rogue software often comes with security defects, putting the whole network at risk and making it much more tough for IT to handle security risk.

3. Asset blind spots not only drive up security and compliance threats, they can increase legal dangers. Information retention policies developed to restrict legal liability are being compromised with details stored on unapproved cloud assets.

Three Key Considerations for Dealing With Unmanaged Asset Risk

1. Initially, release tools that can offer extensive visibility into all cloud assets- managed and unmanaged. Know what brand-new virtual machines have actually been triggered this week, along with exactly what other devices and applications with which each VM instance is communicating.

2. Second, ensure your tooling can offer constant stock of authorized and unauthorized virtual machines running in the cloud. Make certain you can see all IP connections made to each asset.

3. Third, for compliance and/or forensic analysis purposes try to find a service that supplies a capture of any and all assets (virtual and physical) that have actually ever been on the network – not just a service that is limited to active assets – and within a short look back window.

Ziften approach to Unmanaged Asset Discovery

Ziften makes it easy to rapidly discover cloud assets that have been commissioned beyond IT’s purview. And we do it continuously and with deep historic recall within your reach – consisting of when each device first connected to the network, when it last appeared, and how often it reconnects. And if a virtual device is decommissioned, no problem, we still have all its historic habits data.

Recognize and protect concealed attack vectors coming from shadow IT – prior to a disaster. Know what’s going on in your cloud environment.

Fantastic New Intelligent Security Association From Microsoft – Chuck Leaver

Written By David Shefter And Presented By Chuck Leaver


It’s a great strategy: Microsoft has produced a system for third party security providers, like Ziften, to cooperate to much better secure our clients. Everyone wins with the new Microsoft Intelligent Security Association, announced very recently – and we delighted to be an establishing member and part of the launch. Congratulations to Microsoft!

Security Intelligence Sharing

One of the most interesting tasks coming out of Microsoft has been the new Microsoft Intelligent Security Graph, a danger intelligence engine built on machine learning. The Intelligent Security Graph forms the foundation of the new association – and the foundation of a lot of brand-new opportunities for innovation.

As Microsoft states, “Today, with the immense computing benefits presented by the cloud, the Machine learning and Artificial Intelligence is discovering new ways to use its abundant analytics engines and by applying a mix of automated and manual processes, machine learning and human professionals, we have the ability to produce a smart security graph that develops from itself and evolves in real-time, decreasing our collective time to detect and respond to new incidents.”

The need for much better, more intelligent, security is substantial, which is why we’re delighted to be a founding member of the new association.

As Microsoft’s Brad Anderson, Microsoft Corporate Vice President, Enterprise Mobility + Security, just recently composed, “Approximately 96% of all malware is polymorphic – which means that it is just experienced by a single user and device prior to being replaced with yet another malware variant. This is due to the fact that for the most part malware is caught nearly as quick as it’s created, so malware developers continuously evolve to try and stay ahead. Data like this reinforces how crucial it is to have security solutions in place that are as nimble and ingenious as the attacks.”

Endpoint Detection and Response that is Advanced

Which brings us to the kind of advanced endpoint detection and response (EDR) that Ziften provides to desktops, servers, and cloud assets – offering the enterprise unique all-the-time visibility and control for any asset, anywhere. No one provides the functionality you’ll discover in Ziften’s Zenith security platform.

That’s where the Microsoft Intelligent Security Association comes in. At the end of the day, even the best defenses can be breached, and security teams must respond quicker and more strongly to make sure the security of their data and systems.

Ziften and Microsoft are providing fully integrated danger defense that covers customers’ endpoints – meaning customer devices, servers, and the cloud – with a foundation of shared intelligence and the power of the cloud to change monitoring of business systems.

What Microsoft is Stating

“The Intelligent Security Association improves cooperation from leading sources to protect clients,” said Microsoft. “Having actually currently achieved strong customer momentum with our incorporated Ziften and Microsoft Windows Defender ATP option, clients stand to additionally gain from continued collaboration.”

In addition, “Continued integration and intelligence sharing within the context of the Microsoft Intelligent Security Graph makes it possible for joint clients to more quickly and properly find, investigate and respond to attacks throughout their whole endpoint and cloud base.”

What Ziften is Stating

Ziften’s CEO, Chuck Leaver, is informing everyone that our founding subscription in the Microsoft Intelligent Security Association is a huge win for our joint customers and potential customers – and it combines everybody in the Microsoft universe and beyond (note that Ziften’s Mac and Linux products are also part of the Microsoft partnership). “As security suppliers, we all recognize the need to work together and collaborate to protect our customers and their employees. Kudos to Microsoft for leading this market effort,” Chuck stated.

The outcome: Better security for our customers, and tighter integration and more innovation in the market. It’s a genuine win for everybody. Except for the hackers, obviously. They lose. Sorry, not sorry, guys.

Take Advantage Of The Improvements To Our Channel Program – Chuck Leaver

Written By Greg McCreight And Presented By Chuck Leaver


If you are a reseller, integrator, distributor, managed service provider – the brand-new Ziften Activate Partner Program is here, it’s ready to go, and will be great for your profitability (and for decreasing your customers’ anxiety about cybersecurity).

Ziften is 100 percent focused on the channel, and as we grow and progress in the market, we understand that your success is our success – and also our success is your success. And it is already happening: 96% of our sales in 2017 were through the channel! That’s why we developed the new Activate Partner Program to give you the resources you need to grow your organization with Ziften security solutions.

We kicked it all off with a very effective, cross platform Endpoint Detection and Response (EDR) solution, Ziften Zenith. Clients love it. Technology Partners love it. Resellers really love it. The industry loves it. And analysts really love it.

I need to share this from the conclusion of our broadband testing report, which discusses SysSecOps, or Systems Security Operations – an emerging classification where Ziften is a market leader:

Key to Ziften’s endpoint technique in this category is complete visibility – let’s face it, how can you protect if you cannot see or do not know what is there in the first place? With its Zenith platform, Ziften has a product that ticks all the SysSecOps boxes and more …

In general, Ziften has a very competitive offering in what is a very legitimate, emerging IT category in the form of SysSecOps and one that must be on the assessment short-list.

By the way: Microsoft just recently partnered with Ziften to develop an integration between Zenith and Microsoft Windows Defender ATP, to allow Microsoft customers to protect Linux and Mac systems with the same single pane of glass as they use to protect Windows systems.

Enough about Ziften. Let’s concentrate on you. You and the Activate Partner Program.

We have actually created a multi-tier partner program that has improved discounts, additional resources, and powerful market advancement assistance. We know a one-size-fits-all program doesn’t work, not in the market today.

With Activate, we take a hands-on stance to onboarding new partners; making it easy for those for whom security is a relatively insignificant element of your business; and rewarding top tier partners who have actually dedicated themselves to Ziften.

Here’s exactly what you will receive with the Activate Partner Program – and we’ll work alongside with you to guarantee that Activate fulfills your needs perfectly:

Security for more of your client’s environment – endpoints, servers, and cloud

Visibility and security for your client’s complex, multi-cloud deployments

Easy security tool integrations to provide really tailored, distinguished solutions

Hands-on, tailored assistance and life-cycle knowledge

Rich financial incentives that encourage your long-term financial investment and benefit on-going success

Market advancement support to drive incremental demand and lead generation

World-class, hands-on assistance from our field sales, sales engineers, technical support, and specialists

The Activate program integrates our successful security services, monetary investments, and hands-on support to assist you develop more opportunity and close more deals.

What You Need To Do Prior To Cloud Asset Migration – Chuck Leaver

Written By Logan Gilbert And Presented By Chuck Leaver


It bears reiterating – the Web has actually forever altered the world for individuals and organizations alike. When it comes to the latter, every element of modern-day IT is undergoing digital improvement. IT departments all over are under pressure to make information extremely accessible and at lower expense – all while securing important data from damage, loss, or cyber theft.

Central to this technique is the migration of data centers to the cloud. In fact, 19% of company workloads are expected to be in the general public cloud by the end of 2019, and fifty percent over the next decade.

What is Cloud Asset Migration?

Cloud migration is the process of moving data, applications or other organization components from an organization’s on premise infrastructure to the cloud or moving them from one cloud service to another.

The diagram below illustrates this migration of file-server(s), data, and application(s) from an on premise server infrastructure to a cloud environment.

Cloud service providers enable businesses to migrate some or all IT infrastructure to the cloud for scale, speed, service flexibility, ease of management, and minimized expenses. The advantages are nothing except engaging.

Utilizing Cloud Computing is transforming the corporate landscape. With the technological advancements, individuals are leaning more towards a virtual workplace meaning that you can work from anywhere and anytime making use of cloud computing.

What To Consider With Cloud Asset Migration

However, as with any significant IT infrastructure change, a move to the cloud requires thoughtful planning and execution for the process to happen within budget and on time. Moving a server, database, application, or all of the above to the cloud is not without threat. System interruptions, performance deterioration, data loss and more are likely to happen as a result of misconfigurations, system failures, and security exploits.

Case in point: 43% of those who have actually gone through a cloud asset migration have experienced a failure or delayed execution. Why? Because each asset migration is a ‘snowflake’ with its own level of complexity.

Let’s look at 3 aspects to consider for successful cloud asset migration.

1. Have a Strategy

First, there has to be a tactical migration plan. That strategy ought to assist answer questions like the following:

Which IT assets should be migrated in the first place?
If you are moving some, or all, of your infrastructure to the cloud, how will you develop and preserve asset control?
How will you inventory what you have – before and after the relocation?
Do you even have to migrate everything?
What is the first thing to move?

2. Clean Up Exactly What’s in Place Now

To address these tactical questions effectively, you’ll need definitive visibility into each asset under roof now, in addition to pertinent attributes of each asset. Whether your assets today are operating on physical or virtual server infrastructure, you have to comprehend:

What assets exist now? Discover all the linked assets and comprehend whether they are currently handled and unmanaged.
Recognize low usage and/or unused systems. Should these systems be gotten rid of or repurposed prior to migration?
Determine low use and/or unused applications. Are these applications required at all? Should they be eliminated prior to migration?
Identify and clean up aspects of duplication, be it systems and/or applications.
Now recognize those business-critical systems and applications that will now be migrated as part of your strategy. With this detailed asset data in hand, you can sharpen your migration method by segmenting what ought to – and should not be moved – or at least crisply focus on based upon organization importance.

3. Plan for Cloud Visibility Post Migration

Now that you’re equipped with detailed, accurate current and historical asset data, how will you keep this level of visibility after your effective cloud asset migration?

While the cost advantages of moving to the cloud are often extremely engaging, uncontrolled asset/ virtual device proliferation can quickly wear down those cost benefits. So, before performing your cloud asset migration, make certain you have a cloud visibility service in place that:

Finds/ monitors all connected assets across your single or multi-cloud environment
Inventories, finger prints, and classifies found assets
Alerts on brand-new or unanticipated asset discovery and/or behavior within the cloud environment
Incorporates with existing ticketing, workflow, and/or CMDB systems

Ziften Cloud Visibility and Security

Ongoing cloud visibility into each device, user, and application indicates you can administer all parts of your infrastructure more effectively. You’ll prevent squandering resources by avoiding VM expansion, plus you’ll have an in-depth body of data to comply with audit requirements for NIST 800-53, HIPAA, and other compliance policies.

Follow the above when you migrate to the cloud, and you’ll avoid weak security, insufficient compliance, or operational problems. Ziften’s approach to cloud visibility and security offers you the intelligence you require for cloud asset migration without the difficulties.

Calling Microsoft Channel Partners Don’t Miss This Security Opportunity – Chuck Leaver

Written By Greg McCreight And Presented By Chuck Leaver


Windows Defender Advanced Threat Protection (WDATP) is very good, popular with Microsoft channel partners around the globe. It is probable that you’re already working with Microsoft customers to set up and look after WDATP on their Windows endpoints.

I’m delighted to tell you about a brand-new opportunity: Get a fast start with an industry leading solution that integrates right into WDATP: Ziften Zenith. For a minimal time, Microsoft channel partners can leverage our new “Fast Start” program to collaborate with Ziften.

With “Fast Start,” you enjoy all the benefits of Ziften’s top tier partner status for a full year, and we’ll assist you to get up to speed rapidly with joint market and business advancement resources – and with a waiver of the usual sales volume dedication connected with Gold Status.

If you don’t know Ziften, we supply infrastructure visibility and collaborated risk detection, avoidance, and response across all endpoint devices and cloud environments. Zenith, our flagship security platform, easily deploys to client devices, servers, and virtual machines.

When installed, Zenith continuously collects all the info required to accurately evaluate the present and historical state of all handled devices consisting of system, user habits, network connectivity, application, binary, and procedure data. Zenith provides your customers’ IT and security teams with continuous visibility and control of all managed assets consisting of constant tracking, signaling, and automated or manual actions.

Zenith is cross platform – it works with and protects Windows, Mac, Linux, and other endpoints.

What’s specifically notable – and here’s the chance – is that Ziften has teamed up with Microsoft to incorporate Zenith with Windows Defender ATP. That means your customers can use WDATP on Windows systems and Zenith on their macOS and Linux systems to detect, see, and react to cyberattacks all utilizing only the WDATP Management Console for all the systems. Zenith is concealed in the background.

A single pane of glass, to handle Windows, Mac, Linux endpoints, which can include desktops, notebooks, and servers. That makes Zenith the best service to offer your existing WDATP customers… and to make your bids for brand-new WDATP business more complete for multi-platform enterprise potential customers.

What’s more, providing Zenith can help you speed customer migrations to Windows 10, and offer more Business E5 commercial editions.

” Fast Start” for a Year with Gold Status

Ziften is completely concentrated on the channel: 96% of our sales in 2017 were through the channel. We are delighted to bring the “Fast Start” program to existing Microsoft channel partners, throughout the world.

With “Fast Start,” you can sign up for the Ziften Channel Program with these benefits:

Expedited Approval and On-Boarding – Ziften channel managers and field sales work directly with you to get working providing the Zenith endpoint security solution incorporated with Windows Defender ATP.

Superior Security Worth – You’ll be uniquely positioned to offer clients and potential customers greater security worth across more of their overall environment than ever, increasing the number of supported and secured Windows, Mac, and Linux systems.

Hands-On Collaboration – Ziften dedicates field sales, sales engineers, and marketing to support your day-to-day pre-sales engagements, drive new sales opportunities, and help to close more deals with Microsoft and Ziften endpoint security.

Here’s what one significant Microsoft channel partner, says about this – this is Ronnie Altit, founder and CEO of Insentra, a “partner-obsessed” Australian IT services business that works specifically through the IT channel:

” As a big Microsoft reseller, teaming with Ziften to use their Zenith security platform integrated with Microsoft Windows Defender ATP was a no-brainer. We’re thrilled at the seamless integration between Zenith and Windows Defender ATP offering our customers holistic security and visibility across their Windows and non-Windows systems. Ziften has been a pleasure to deal with, and helpful at every step of the procedure. We expect to be exceptionally successful offering this effective security solution to our customers.”