Data Loss Prevention Is A Must For Organizations As Cyber Attacks Are On the Increase – Chuck Leaver

By Ziften CEO Chuck Leaver


For United States businesses the incident of a significant cyber attack and substantial data leak is looking more like “when” rather than “if”, because of the new threats that are presenting themselves with fragmented endpoint strategies, cloud computing and data intensive applications. All too frequently organizations are overlooking or inadequately dealing with vulnerabilities that are known to them, and with aging IT assets that are not appropriately secured the cyber wrongdoers begin to take notice.

The variety of data breaches that are occurring is very troubling. In a report from the Verizon Risk Team there were 855 substantial breaches which resulted in 174 million records being lost back in 2011. The stakes are very high for companies that deal with personally identifiable info (PII), due to the fact that if staff members are not educated on compliance and inadequate endpoint data security procedures remain in place then expensive legal action is most likely to take place.

” The possibility of a data breach or privacy problem occurring in any company has actually ended up being a virtual certainty,” Jeffrey Vagle, legal expert writing for Mondaq stated. He suggested that record keepers have to reassess their approach to network and device security, worker data access controls and the administration of PII information. The increase in the use of cloud services can make the prevention of data breaches more difficult, as these services make it possible for the massive exchange of details every time. It would only take one occurrence and countless files could be lost.

Understood Vulnerabilities Need Focus

A great deal of IT departments fret constantly about zero day attacks that will cause a data breach and catch them off guard. As an example of this, Dirk Smith of Network World wrote about an Adobe Acrobat exploit that provided access for hackers to perform advanced monitoring. A lot of IT vulnerabilities can come when software is not patched up to date, and a great deal of zero day dangers can occur from weak points in legacy code that includes a bug in Windows which targeted features that were first introduced Twenty Years earlier.

Security professional, Jim Kennedy wrote in a Continuity Central post “something that I have actually discovered is that much of the breaches and intrusions which prospered did so by attacking recognized vulnerabilities that had actually been identified and had been around for many years: not from some advanced ‘zero-day’ attack which was unidentified and unknown up until only the other day by the security community at large.” “And, much more troubling, social engineering continues to be a most successful way to begin and/precipitate an attack.”

Now the cyber criminal fraternity has access to an extensive series of pre packaged malware. These tools have the capability to perform network and computer system analytics that are complex in nature and then recommend the optimal attack strategy. Another danger is a human one, where staff members are not trained properly to evaluate out calls or messages from individuals who lie about being a member of the technical support group of an external security provider.

It is certainly very important to proactively defend against zero day attacks with robust endpoint protection software applications, however likewise companies have to combine efficient training and processes with the software and hardware solutions. While a lot of companies will have a number of security policies in place there is typically a problem with enforcing them. This can result in dangerous fluctuations in the motion of data and network traffic that should be evaluated by security personnel being overlooked and not being dealt with.


Endpoints Are Now Being Used As The Channel For Malicious Cyber Attacks – Chuck Leaver

From The Desk Of Chuck Leaver CEO Ziften Technologies


With the introduction of bring your own device (BYOD) methods and cloud computing the securing of particular endpoints has become more difficult, as administrators could be making ease of data access of higher importance over security. The risks exist nevertheless, because most of the existing generation of endpoint security software have not been modified to safeguard from aggressive hacking and destructive cyber attack strategies that target individual endpoints as the launch pad for attacks that are extensively distributed.

There was a very popular endpoint attack that occurred in recent times where a malware strain called Comfoo was utilized to compromise the networks of many multinational organizations back in 2010. The Comfoo malware included a variety of custom developed backdoor Trojans and exploits that could constantly distribute malware. A more severe repercussion was that this malware could cause destructive data leakage by scraping account and network info and monitor all user input, according to CRN contributor Robert Westervelt. It is believed that the Comfoo malware could have been a part of an innovative cyber espionage project, because of the methodology that was used and the evasion of conventional endpoint tracking.

Using e-mail phishing and social engineering the malware had the ability to compromise targeted devices, which underlines how ripe endpoints have actually ended up being for malware infestation, so states Jason O’Reilly, security executive. When he was talking to ITWeb, O’Reilly stated that standard endpoint software does not sufficiently account for access from areas beyond the IT department most of the time, and it does not restrict data exposure to authorized individuals through the use of access controls.

O’Reilly stated that “endpoint security services must provide layered security that goes beyond signature-based detection just to include heuristic-based detection and polymorphic-based detection.” “Today’s networks are exposed to risks from various sources.”

Real Time Risk Catching And Report Creation

The high stakes for control techniques and endpoint security were identified by business consulting firm Frost & Sullivan, as they felt both of these areas were under pressure from both external hackers and the pressing demand from employees for gadget choice flexibility.

Chris Rodriguez, Frost & Sullivan analyst mentioned “enterprise IT organizations now deal with incredible pressure to enable employees to access the corporate network and files from their own individual devices.” “Considering their relatively universal nature, fast data connections, and powerful hardware and os, these devices represent prime targets for hackers.”

When asked exactly what organizations can do to tighten up on the special weaknesses of mobile hardware, O’Reilly suggested that any solutions need to provide clear and extensive visibility into what is happening on each endpoint so that action can be taken rapidly when any risks are detected.


Your Organization Is Not Immune To Cyber Attacks So Why Do So Many Think That They Are? Chuck Leaver

By Chuck Leaver Ziften Technologies CEO


A a great deal of companies have the belief that there is no requirement for them to pursue assiduous data loss prevention, they concern cyber attacks as either very unlikely to occur or have minimal monetary effect if they do occur. There is an increase in the recorded cases of cyber attacks and advanced relentless threats have contributed to this complacency. These harmful attacks tend to evade standard endpoint security software, and while they lack the teeth of denial-of-service attacks, they have the potential to cause considerable damage.

Over 67% of organizations declare that they have not been the victims of a cyber attack in the last 18 months, or that they had little or no visibility into whether an attack had actually compromised their network according to Infosecurity. The coordinators of the study were skeptical about the results and highlighted the many vulnerable desktop and mobile endpoints that are now very common in companies.

Security professional and study organizer Tom Cross stated “Any system you connect to the Internet is going to be targeted by attackers extremely quickly afterwards.” “I would assert that if you’re uncertain whether or not your organization has actually had a security incident, the possibilities are really high that the response is yes.”

Around 16% stated that they had experienced a DDoS attack over the very same period, and 18% reported malware infiltrations. Despite this, most of the companies evaluated the effects as minor and not validating the implementation of brand-new endpoint security and control systems. Roughly 38% stated that they had not experienced found security breaches, and just 20% were able to confess to financial losses.

The loss of reputation was more prevalent, affecting around 25% of the respondents. Highlighting the possible impact of a cyber attack on finances and reputation, an event at The University of Delaware resulted in 74,000 people having their delicate data exposed, according to Amy Cherry, WDEL contributor. The hackers targeted the school’s website and scraped details about university identifications and Social Security Numbers, which made it supply complimentary credit monitoring of the impacted parties.


Chuck Leaver – Cyber Security Must Move Away From The Dark Ages Says RSA President In Keynote Presentation

Written By Dr Al Hartmann And Presented By Chuck Leaver CEO Ziften Technologies


A 5 Point Plan For A New Security Approach Proposed By Amit Yoran

Amit Yoran’s, RSA President provided an exceptional keynote speech at the RSA Conference which reinforced the Ziften philosophy. Ziften is intently focused on continuous endpoint monitoring, silo-busting Ziften Open Visibility ™, risk-focused security analytics, and to supply robust defenses in a brand-new era of advanced cyber attacks. Existing organization security methods were criticized as being bogged down in the Dark Ages of cyber moats and castle walls by Yoran, it was referred to as an “impressive fail”, and he outlined his vision for the way forward with five main points, and commentary from Ziften’s viewpoint has actually been added.

Stop Believing That Even Advanced Protections Suffice

” No matter how high or wise the walls, focused adversaries will find methods over, under, around, and through.”

A great deal of the previous, more sophisticated attacks did not utilize malware as the primary strategy. Traditional endpoint antivirus, firewalls and traditional IPS were slammed by Yoran as examples of the Dark Ages. He stated that these traditional defenses could be quickly scaled by skilled hackers and that they were mainly inadequate. A signature based anti-virus system can just secure against previously seen dangers, but unseen risks are the most threatening to a company (since they are the most common targeted attacks). Targeted cyber crooks use malware just 50% of the time, maybe just quickly, at the start of the attack. The attack artifacts are easily altered and not used ever again in targeted attacks. The accumulation of transient indicators of compromise and malware signatures in the billions in huge anti-viruses signature databases is a meaningless defensive technique.

Embrace a Deep and Prevalent Level of True Visibility All over – from the Endpoint to the Cloud

“We need pervasive and true visibility into our business environments. You just can’t do security today without the visibility of both continuous full packet capture and endpoint compromise assessment visibility.”

This implies continuous endpoint monitoring across the enterprise endpoint population for generic indicators of compromise (not stale attack artifacts) that reflect timeless strategies, not short lived hex string happenstance. And any company executing constant complete packet capture (comparatively costly) can quickly pay for endpoint threat assessment visibility (relatively affordable). The logging and auditing of endpoint process activity supplies a wealth of security insight using only primary analytics techniques. A targeted hacker relies on the relative opacity of endpoint user and system activity to mask and hide any attacks – while real visibility provides an intense light.

Identity and Authentication Matter More than Ever

” In a world without any perimeter and with fewer security anchor points, identity and authentication matter even more … Eventually in [any successful attack] campaign, the abuse of identity is a stepping stone the attackers use to enforce their will.”

Making use of more powerful authentication is good, however it only makes for higher walls that are still not impenetrable. Exactly what the hacker does when they get over the wall is the most important thing. The tracking of user endpoint logins (both local and remote), and the engagement of applications for indicators of unusual user activity (insider attack or prospective jeopardized credentials). Any activity that is observed that is different from normal patterns is possibly suspicious. One departure from normality does not make a case, but security analytics that triangulates several normality departures concentrates security attention on the highest risk anomalies for triage.

External Threat Intelligence Is A Core Capability

” There are incredible sources for the right threat intelligence … [which] should be machine-readable and automated for increased speed and leverage. It ought to be operationalized into your security program and tailored to your organization’s assets and interests so that analysts can quickly address the threats that pose the most risk.”

A lot of targeted attacks typically do not utilize readily signatured artifacts again or recycle network addresses and C2 domains, however there is still worth in risk intelligence feeds that aggregate timely discoveries from countless endpoint and network risk sensors. Here at Ziften we integrate third party threat feeds through the Ziften Knowledge Cloud, plus the direct exposure of Ziften discoveries into SIEM and other business security and operations infrastructure by means of our Open Visibility ™ architecture. With the developing of more machine-readable threat intelligence (MRTI) feeds, this ability will effectively grow.

Understand What Matters Most To Your Organization And Exactly what Is Mission Critical

” You need to understand what matters to your organization and what is mission critical. You have to … safeguard exactly what is very important and safeguard it with everything you have.”

This holds true for risk driven analytics and instrumentation that focuses security attention and action on areas of highest enterprise risk exposure. Yoran advocates that asset worth prioritization is only one side of business risk analysis, and that this goes much deeper, both pragmatically and academically. Security analytics that focus security staff attention on the most prominent dynamic risks (for instance by filtering, correlating and scoring SIEM alert streams for security triage) must be well-grounded in all sides of business threat analysis.

At Ziften we commend Amit Yoran’s messages in his RSA 2015 keynote address as the cyber security industry evolves beyond the existing Dark Ages of facile targeted attacks and entrenched exploitations.