Chuck Leaver – We Are Delighted Here At Ziften To Win A Red Herring Award

Written By Rachel Munsch And Presented By Chuck Leaver CEO Ziften


There is some amazing news to share: For 2015 Ziften has been chosen as a Top 100 North America award winner. There were around 1200 companies from the U.S. and Canada examined in the yearly competition and our Endpoint Detection and Response system managed to raise us into the top 100.

It is well known that the Red Herring 100 Awards are widely known to be one of the industry’s more prestigious recognitions. Those that reach the finals have to go through an extensive selection procedure which is based on over 20 criteria that includes technological development, addressable market, business model, customer footprint and level of specialty. Alex Vieux, CEO and Red Herring Publisher, felt that the competition was really strong this year and the procedure of choice was hard:

“However after much thought, strenuous reflection and conversation, we narrowed our list down from hundreds of candidates from across The United States and Canada to the North America winners. Our company believe Ziften embodies the vision, drive and innovation that define a successful entrepreneurial venture. Ziften ought to be proud of its achievement, as the competition was extremely strong.”

Here at Ziften we are extremely proud to be selected as a Red Herring award winner. It’s constantly gratifying to have our work confirmed and be acknowledged, specifically when you consider the esteemed list of finalists. Our dedication to assisting organizations protect themselves from the advanced risks that exist today remains strong, and this award will serve as an inspiration moving on as we continue to make every effort to be the leader in endpoint security and defense.

Our World Is More Dangerous Now With Vishing Scams – Chuck Leaver

Written By David Shefter And Presented By Ziften CEO Chuck Leaver


I was enjoying TV in August, 2015 and I had a call from a 347 location code contact number. I believed that it was a company colleague of mine who lives in the outer boroughs, so I answer the call.

The call was a total surprise, “Roy Callahan from the New York City Police Department” threatens me with a warrant for my arrest within minutes, and mentions that I need to turn myself into the regional cops department. So, I spoke with my buddy Josh Linder. He says that it’s widespread in the region where he lives and similarly happened to him, however they threatened him if he didn’t comply by acquiring a $9000 Green Dot pre-paid card.

If You Think This Sounds Embellished …

This occurs thousands of times every day. Law enforcement agencies (LEA’s) ranging from local municipalities to the FBI, and everything in between are under immense pressure. They can’t contend – poor actors are speedy, smart, and ahead of the curve.

These lawbreakers also know how budget, skill and resource constrained the LEA’s are. The regional ones are best at catching shoplifters and pulling over speeding automobiles, not tracking terrorists to their origin across federal or state borders. With little coordination or interest and an absence of tools, over 99% of these frauds go unsolved.

How Did They Find Me?

First, social networking has actually developed a bonanza of info. Individuals trust their name, address, contact number, work history, educational background, and social circles to the public domain. This is where the risk lies, not the much promoted hacks at federal government agencies, banks, healthcare organizations and retailers.

However, the large exposures at retailers like Home Depot, Target and Michael’s along with the more current hacks at the United States Office of Personal Management (OPM), United Airlines and Anthem ought to be of tremendous issue. This information enables wrongdoers the ability to triangulate data, and construct an abundant persona of people like you and me.

Putting this into context, tens of millions of records were exposed, which could be utilized to go far beyond extortion payments, and move towards the exploit physical susceptibilities in military personnel, executives or perhaps normal individuals.

How Quickly Will I Be Exposed?

In accordance with a 2014 FBI rip-off alert, victims reported having cash unlawfully withdrawn from their accounts within 10 minutes of receiving a vishing call, and another of having hundreds or thousands of deceptive withdrawals in the days following.

What Can I Do About It?

As a citizen, it is best to be alert and use sound judgment. Regardless of what a “vishing” caller ID states, the U.S. Internal Revenue Service will not require money or account numbers. Don’t succumb to Vishing’s wicked cousin Phishing and click on links in e-mails which might take you to a malware site – invest an additional two seconds verifying that the email is actually who it is from, not just a familiar name.

Second, it’s best to safeguard your social profiles on the Internet. Facebook, LinkedIn, Twitter, and the trove of other tools have more than likely already exposed you. Carry out a basic Google search, then move towards tidy up the public elements of your Internet persona.

Third, imitate an enterprise to protect your employees as if they were your relatives. Big companies have invested greatly in antivirus, drive encryption, email security, and next generation firewalls. None of this matters – phishing and vishing rip-offs go right around these. You require training, continuous education, vigilance, and technology which is smarter. A key method to this is implementing constant endpoint visibility on your devices. At Ziften, our software application plugs security exposures to form a more durable wall.

The fight for cyber security protection is consuming your resources, from your people to your budget. Dangers are faster, more intelligent, and more focused than ever before, and working their way around standard avoidance solutions and getting straight to the point; your endpoints. As soon you have been breached you have less than an hour before the attack discovers extra victims within your company. Time is of the essence, and given that we can’t develop more of that, we focus on taking full advantage of constant intelligence so your group can make the right decision, right now.

In Conclusion

Today, people are so concentrated on deceitful credit card charges, and companies are locking down endpoints at a record pace.

More needs to be done. The wrongdoers are much faster, smarter, more enabled – and outside the bounds of the authorities. While news will continue to come concerning the success of capturing large-scale scammers and untouchable foreign nationals in China and Russia, there will be countless small exploits every day.

At Ziften, we have one mission, to make endpoint security fast and easy for the end user to not only implement, however manage and drive everyday worth. By combining real-time user, device, and habits monitoring with powerful analytics and reporting, Ziften automatically empowers any organization to see, check, and respond to the very latest attacks.

Mt thanks to Josh Linder for his discussions on this topic.

For Your Gartner SOC Nuclear Triad Trust In Ziften – Chuck Leaver

Written By Dr Al Hartmann And Presented By Chuck Leaver Ziften CEO


Anton Chuvakin, VP and security expert at Gartner Research posted about the three necessary Security Operations Center (SOC) tools needed to offer reliable cyber attack visibility. Chuvakin compared them to the cold war’s “nuclear triad” principle of siloed, airborne, and nuclear submarine capabilities required to guarantee survival in a total nuclear exchange. Similarly, the SOC visibility triad is crucial to ensuring the survival of a cyber attack, “your SOC triad seeks to significantly reduce the chance that the attacker will operate on your network long enough to achieve their goals” as Chuvakin wrote in his blog.

Now we will look at the Gartner designated fundamentals of the SOC triad and how Ziften supports each capability.

SIEM (Security Information and Event Management) – Ziften Open Visibility ™ extends existing security, event tracking tools and system management by delivering vital open intelligence of any enterprise endpoint. Ziften’s Open Visibility platform now consists of integration with Splunk, ArcSight, and QRadar, in addition to any SIEM supporting Common Event Format (CEF) alerts. Unlike competing product integrations that just supply summary data, Ziften Open Visibility exposes all Ziften collected endpoint data for full highlighted integration exploitation.

NFT (Network Forensics Tools)– Ziften ZFlow ™ extends network flow based security tools with crucial endpoint context and attribution, significantly boosting visibility to network events. This new standards based innovation extends network visibility down within the endpoint, collecting essential context invisible over the wire. Ziften has an existing product integration with Lancope, and also has the capability to rapidly integrate with other network flow collectors utilizing Ziften Open Visibility architecture.

EDR (Endpoint Detection and Response)– The Ziften Endpoint Detection and Response system continually assesses user and device behaviors and highlights anomalies in real time, permitting security experts to hone in on advanced threats quicker and minimize Time To Resolution (TTR). Ziften EDR enables organizations to more rapidly figure out the source of a breach and pick the required corrective actions.

While other security tools play supporting roles, these are the three essentials that Gartner asserts do constitute the core protector visibility into hacker actions within the targeted company. Arm up your SOC triad with Ziften. For a no commitment totally free trial, visit: to read more.

Chuck Leaver – You Need Visibility Because Time Is Money With Incident Response

Written By Kyle Flaherty And Presented By Ziften CEO Chuck Leaver


It was quite a day on July 9 2015 in the world of cyber security. The first thing to take place was the grounding of flights by United Airlines due to a technical problem, this was followed just later on by the New York Stock Exchange (NYSE) announcing they had to halt trading. This report originated from the Wall Street Journal as you would expect, and they went offline soon after this.

This caused total panic on the Internet! There was a massive buzz on Twitter and there were a great deal of rumors that a well collaborated cyber attack was occurring. Individuals were jumping off the virtual bridge and declaring a virtual Armageddon.

There was overall mayhem till the three companies stated in public that the problems were not associated with cyber attacks however the feared unknown “technical glitch”.

Visibility Is The Problem For Cyber Attacks Or Glitches

In today’s world it is assumed that “glitch” indicates “attack” and it is true to state that a great group of hackers can make them look the same. There are still no details about the incidents on that day and there most likely never will (although there are rumors about network resiliency concerns with one of the most significant ISPs). At the end of the day, when an incident like this happens all organizations need to know why.

Stats recommend that each hour of incident response may cost thousands of dollars an hour, and in the case of organizations such as United and NYSE, downtime has not been taken into consideration. The board of directors at these businesses do not want to hear that something like this will take hours, and they might not even care how it happened, they simply want it resolved quickly.

This is why visibility is constantly in the spotlight. It is crucial when emergencies strike that a company understands all of the endpoints in their environment and the contextual habits behind those endpoints. It might be a desktop, a server, a laptop computer and it might be offline or online. In this modern-day era of security, where the principle of “prevent & block” is not an appropriate strategy, our ability to “quickly discover & respond” has ended up being increasingly more important.

So how are you making the shift to this new period of cyber security? How do you reduce the time in determining whether it was an attack or a glitch, and exactly what to do about it?