The Record Pace Of Cyber Security Investment Continues To Rise – Chuck Leaver

Written By Patrick Kilgore And Presented By Chuck Leaver Ziften CEO


A report was published called “Financiers pour billions into cyber security firms” by CEO of Cybersecurity Ventures, Steve Morgan. This is not guesswork. The previous year alone, venture backed cyber security companies raised practically $2 billion dollars. With this increase of capital, you would be forgiven for believing that things have achieved their peak. However you would be incorrect …

At the midpoint of 2015, start ups in cyber security had already raised $1.2 billion in funding. There appears to be no end in sight when it comes to cyber security as Morgan indicates. Top companies like Allegis Capital have actually even raised funds (to the tune of $100M) to back cyber security innovation, exclusively.

The typical suspects are not there on the list of names. Morgan’s post mentions that most of the financing statements are for fast growing companies like ours. Ziften remains in excellent company among innovators who are keeping up with the demands of modern-day cyber security. While we lead the pack in constant endpoint visibility – others companies have actually taken special approaches, such as applying artificial intelligence to the fight against cyber attacks or streamlining key lookups to bring public key encryption to the masses. They are all dealing with a different piece of the puzzle.

And it definitely is a puzzle. Since lots of solutions are extremely specialized, working together is going to be very important. The requirement for integrating the different components in the market for a sophisticated view of the issue set is clear. That’s why we developed Ziften Open Visibility ™ – to provide APIs, connectors, and indicators to integrate endpoint context and attribution data with existing investments.

Market Vision That Is 20/20

It might look like market saturation to the layperson however it is simply the tip of the cyber security iceberg. Every day, cyber attacks end up being more sophisticated, discovering new ways to devastate consumers and companies. This list of backed organizations is a testament to the concept that legacy endpoint and network security is failing. The notion of avoidance is a good one, but security specialists now understand that a 2 pronged strategy is needed that includes detection and response.

You can have a 20/20 view of your security landscape, or you can keep your current blind spots. Which one do you think will help you to sleep during the night?


Reading The Cisco 2015 Midyear Security Report Shows That There Is Hope – Chuck Leaver

Written By Michael Bunyard And Presented By Ziften CEO Chuck Leaver


Having a look through the Cisco 2015 Midyear Security Report, the consensus was that “the bad guys are innovating faster than the security community.” This is not an unique declaration and can be discovered in a lot of cyber security reports, due to the fact that they are reactive studies to past cyber attacks.

If all you do is concentrate on negative outcomes and losses then any report is going to look bad. The truth is that the suppliers that are releasing these reports have a lot to gain from organizations that wish to purchase more cyber security solutions.

If you look carefully within these reports you will discover great pieces of advice that might considerably improve the security plans of your company. So why do these reports not start with this information? Well it’s everything about offering services isn’t it?

One anecdote stood out after checking out the report from Cisco that would be easy for organization security teams to resolve. The increasing vulnerabilities and exploits of Adobe Flash were detailed, and they are being integrated frequently into exploit kits such as Angler and Nuclear. The Flash Player is often updated by Adobe, but a variety of users are sluggish to apply these updates that would supply them with the security that they require. This implies that hackers are making the most of the space between the vulnerability being discovered and the update patch being used.

Vulnerability Management Is Not Solving The Problem

You would be forgiven for thinking that since there are an entire range of solutions in the market which scan endpoints for vulnerabilities that are known, it would be very simple to ensure that endpoints were updated with the current patches. All that is required is for a scan to be run, the endpoints that require updating recognized, run the updates and job done right? The concern here is that scans are only run periodically, patches fail, users will present susceptible apps inadvertently, and the company is now wide open up until the next scan. In addition, scans will report on applications that are installed but not utilized, which leads to considerable varieties of vulnerabilities that make it difficult for an analyst to focus on and manage.

What Is So Easy To Address Then?

The scans have to be run continually and all endpoints monitored so that as quickly as a system is not compliant you will learn about it and can respond right away. Constant visibility that offers real time notification and substantial reporting is the new mandate as endpoint security is redefined and individuals recognize the period of prevention – first is over. Leveraging the National Vulnerabilities Database (NVD), each application that is actually running a recognized vulnerability can instantly be acknowledged, security workers notified, and the patch used. Further, services can try to find suspicious activity from vulnerable applications, like abrupt application crashes, which is a possible sign of an exploit attempt. Finally, they can also discover when a user’s system has not been restarted since the last security patch was available.

There Definitely Is Hope

The bright side about real-time endpoint visibility is that it deals with any vulnerable application (not only Adobe Flash) because, hackers will move from app to app to develop their strategies. There are basic solutions to huge issues. Security teams just have to be warned that there is a much better way of managing and protecting their endpoints. It simply takes the correct endpoint detection and response service.


Human Hacking Starts With Humans – Chuck Leaver

Written By Patrick Kilgore And Presented By Chuck Leaver CEO Ziften


When you are at the Black Hat yearly conference there are conversations going on all over about hacking and cyber security and it can make you paranoid. For a great deal of people this is simply an appetizer for the DEF CON hacking program.

A long time ago a story was released by the Daily Dot which was named “The art of hacking humans” which talked about the Social Engineering “Capture the Flag” contest that has actually been running from 2010. In it, individuals utilize the very best tool a hacker has at their disposal – their intelligence – and take advantage of exaggerations and social subterfuge to encourage unsuspecting victims to supply delicate information in exchange for points. A couple of mistakes here, a remark about applications there, and a boom! You’re hacked and on the front page of the New York Times.

For the businesses being “Targeted” (such as huge box merchants who will remain nameless …), the contest was originally considered as an annoyance. In the years since its creation however, the Capture the Flag contest has actually gotten the thumbs up from many a business security professionals. Its contestants engage each year to evaluate their mettle and assist potential hacking victims comprehend their vulnerabilities. It’s a white hat education in exactly what not to do and has made strides for corporate awareness.

Human Hacking Begins With … Humans (duh).

As we understand, most harmful attacks begin at the endpoint, since that is where the human beings in your company live. All it takes is access from a nebulous place to do severe damage. But rather than consider hacks as something to respond to or a mere process to be killed, we need to advise ourselves that behind every attack there is a person. And eventually, that’s who we need to equip ourselves against. But how?

Considering that companies operate in the real world, we should all accept that there are those who would do us harm. Instead of attempting to prevent hacks from occurring, we have to re-wire our brains on the matter. The secret is recognizing malicious user behavior as it is occurring so that you can respond appropriately. The brand-new period of endpoint security is concentrated on this capability to visualize user behavior, check and evaluate it rapidly, then respond quickly. At Black Hat we are revealing folks how they can continuously monitor the fringes of their network so that when (not if) breaches happen, they can be swiftly tackled.

As a wise man once said, “You can’t secure what you cannot manage and you cannot manage what you cannot see.” The outcome dramatically decreases time to identify and time to respond (TTR). Which’s no lie.


Chuck Leaver – Here Is Why Cyber Security Is A Battle Between People

Written By Michael Bunyard And Presented By Chuck Leaver CEO Ziften


Cyber security is all about people vs. people. Each day that we sort through the most recent attack news (like the current Planned Parenthood breach) it ends up being more and more apparent that not only are individuals the issue, in numerous ways, however people are likewise the answer. The attackers can be found in different classifications from insiders to hackers to organized crime and State sponsored terrorists, but at the end of the day, it’s people that are directing the attacks on companies and are therefore the issue. And it’s people that are the primary targets exploited in the attack, normally at the endpoint, where individuals access their connected business and personal worlds.

The endpoint (laptop, desktop, phone, tablet) is the device that individuals utilize throughout their day to get their stuff done. Think of how typically you are connected to your endpoint( s). It’s a lot, right? Not only are these endpoints susceptible (see the Stagefright Android vuln for a good example), individuals at the endpoint are often the weak spot in the chain that offers the opening for the enemies to make use of. All it takes is a single person to open the wrong email, click to the incorrect website or open the incorrect file and it’s game on. Regardless of all the security awareness in the world, individuals will make errors. When discussing the Planned Parenthood breach my coworker Mike Hamilton, who directs the product vision here at Ziften, offered an actually interesting insight:

” Every company will have people against it, and now those individuals have the ways and objective to interrupt them or steal their data. Leveraging existing blind spots, cyber criminals or perhaps hackers have easy access through susceptible endpoints and utilize them as a point of entry to conceal their activities, evade detection, exploit the network and victimize the targeted organization. It is now more vital than ever for companies to be able to see suspicious behavior beyond the network, and definitely beyond simply their web server.”

People Powered Security

It makes sense that cyber security solutions should be purpose built for the people that are protecting our networks, and keeping track of the behaviors of individuals as they use their endpoints. But typically this hasn’t been the case. In fact, the endpoint has actually been a virtual black box when it comes to having constant visibility of user behaviors. This has actually led to a dearth of details about what is really happening on the endpoint – the most vulnerable component in the security stacks. And cyber security services definitely don’t seem to have individuals protecting the network in mind when silos of disparate pieces of information flood the SIEM with so many false positive notifications that they can’t see the genuine dangers from the benign.

People powered security enables seeing, examining, and reacting by evaluating endpoint user habits. This needs to be done in a manner that is painless and fast due to the fact that there is a huge lack of skills in companies today. The very best technology will make it possible for a level one responder to handle the majority of suspected hazards by delivering simple and concise info to their fingertips.

My security expert associate (yeah, I’m fortunate that on one hallway I can talk to all these folks) Dr. Al Hartmann says “Human-Directed Attacks require Human Directed Response”. In a current blog post, he nailed this:

” Human intelligence is more versatile and innovative than machine intelligence and will always eventually adjust and beat an automated defense. This is the cyber-security versio of the Turing test, where a machine defense is trying to rise to the intellectual level of a proficient human hacker. At least here in the 21st Century, machine learning and artificial intelligence are not up to the job of fully automating cyber defense, the cyber aggressor inevitably is victorious, while the victims lament and count their losses. Only in sci-fi do thinking machines overpower humans and take over the planet. Don’t accept the cyber fiction that some self-governing security software will outsmart a human hacker enemy and save your organization.”

People powered security empowers well informed vibrant response by the people aiming to thwart the opponents. With any other method we are just kidding ourselves that we can keep up with attackers.