Invest In Endpoint Threat Detection To Defend Against Breaches – Chuck Leaver

Written By Chuck Leaver Ziften CEO



Defending against data breaches is a difficult thing to do, however crucial to prosper in the present business environment. Because of the sheer quantity of cyber bad guys waiting in the wings to take individual information, charge card details, and other essential data from clients, businesses have to know the high amount of dangers to info online, and take action to prevent it. Utilizing endpoint threat detection and response systems is one of the very best methods to look after this problem, as it can allow for a simple way to fight against a range of various exploits hackers can use to obtain access to a company network.

In order to produce a better, more attack proof system, developing a strong sense of back-end security is essential. The New York Times’ post on securing data discusses a couple of, crucial steps that can make a big difference in keeping client details from falling into the wrong hands. A few of the steps the short article touches on include using point-of-sale systems for client transactions only, committing one computer to all monetary company, and keeping software updated. These are smart suggestions because they secure against a number of manners in which hackers like to use to breach systems. A PoS system that doesn’t link to the Internet except to transfer data to bank servers is much safer than one that isn’t really so limited due to the fact that it decreases the threat of a virus getting onto the network through the Web. Making one computer the single access point for financial transactions and nothing else can keep viruses or other malicious surveillance software from getting in. In this way, a business can significantly protect its customers while not in fact taking on that many extra expenses.

Make Certain That Security And Safeguarding Come First


Property Casualty 360 has a similar list of suggestions, consisting of automating patches to organization systems, using encryption on all devices, enforcing strong passwords, and keeping an eagle-eyed approach to e-mail. Encrypting information, particularly monetary info, is highly crucial. It is possible for a hacker to get financial information stored as plain text really easily without the use of encryption steps. Of course, strong endpoint threat response systems need to be utilized to handle this threat, however security, like clothing in Fall, is best when layered. Using numerous different strategies at once greatly reduces the opportunity of a given organization’s data from being breached, which can, in time, make it a lot easier to protect against any sort of damage that could be done.

Numerous breaches happen not when a piece of malware has actually successfully planted itself on a server, however when an employee’s email account includes an insecure password. Dictionary words, like “dog” or “password,” should never be utilized. They are easy to hack and to break in to, and they can lead to whole stores of data being taken. Similarly, a worker accidentally sending a list of customers to somebody without inspecting their designated receivers list can wind up sending an entire fleet of info out to the wrong person, easily triggering enormous data loss. This sort of leak needs to be avoided by strong training.

In response to the myriad of threats out there currently, the best way to deal with them is to make use of strong endpoint threat response systems in order to avoid losing essential data. Utilizing a large variety of various security methods in order to secure against all inbound attacks in a clever way to be certain that your organization is able to weather a variety of blows. This kind of mindset can keep a company from being sunk by the big amount of attacks presently striking enterprises.

Christmas Time Is Not A Holiday For Hackers – Chuck Leaver

Written by Ziften CEO Chuck Leaver



During the Christmas period it is a prime time for the cyber bad guys, syndicates and state-sponsored cyber teams to hack your company. A decreased number of IT personnel at work might improve the odds for undiscovered endpoint compromise, stealthy lateral pivoting, and undetected data exfiltration. Experienced attack groups are more than likely designating their leading skills for a well-coordinated holiday hackathon. Penetration of your enterprise would likely start with an endpoint compromise via the usual targeted methods of spear phishing, social engineering, watering hole attacks, and so on

With thousands of enterprise client endpoints available, preliminary infiltration hardly postures a difficulty to seasoned attackers. Standard endpoint security suites are there to secure against previously-encountered known malware, and are basically useless against the one-off crafted exploits used in targeted attacks. The attack group will have examined your business and assembled your basic cyber defense systems in their labs for pre-deployment avoidance screening of planned exploits. This pre-testing may consist of suitable sandbox evasion approaches if your defenses include sandbox detonation safeguards at the business perimeter, although this is not always needed, for example with off-VPN laptops checking out jeopardized industry watering holes.

The methods which business endpoints may become jeopardized are too numerous to list. In most cases the compromise might just involve compromised credentials, with no malware needed or present, as confirmed by market research studies of malicious command and control traffic seen from pristine endpoints. Or the user, and it just takes one amongst thousands, might be an insider attacker or an unhappy staff member. In any large business, some incidence of compromise is unavoidable and consistent, and the Christmas season is ripe for it.

Given constant attack activity with inescapable endpoint compromise, how can businesses best respond? Endpoint detection and response (EDR) with continuous monitoring and security analytics is a powerful method to determine and respond to anomalous endpoint activity, and to perform it at-scale throughout lots of enterprise endpoints. It also enhances and synergizes with enterprise network security, by providing endpoint context around suspicious network activity. EDR provides visibility at the endpoint level, similar to the visibility that network security supplies at the network level. Together this offers the full image needed to recognize and respond to uncommon and potentially substantial security incidents throughout the enterprise.

Some examples of endpoint visibility of potential forensic value are:

  • Tracking of user login activity, specifically remote logins that might be attacker-directed
  • Tracking of user existence and user foreground activity, including common work patterns, activity periods, and so on
  • Monitoring of active processes, their resource consumption patterns, network connections, procedure hierarchy, etc
  • Collection of executable image metadata, including cryptographic hashes, version information, file paths, date/times of first appearance, etc
  • Collection of endpoint log/audit incidents, ideally with optimal logging and auditing configuration settings (to maximize forensic worth, lessen noise and overhead).
  • Security analytics to score and rank endpoint activity and bubble substantial operating pattern abnormalities to the enterprise SIEM for SOC attention.
  • Support for nimble traversal and drill down of endpoint forensic data for quick analyst vetting of endpoint security anomalies.

Do not get a lump of coal in your stocking by being caught unawares this holiday season. Arm your business to contend with the risks arrayed against you.

Happy holidays!

Do You Care About Who Is Watching The Watchers? – Chuck Leaver

Written By Chuck Leaver CEO Ziften


High profile cyber attacks underline how a lack of auditing on existing compliance products can make the worst kind of headlines.

In the previous Java attacks into Facebook, Microsoft and Apple as well as other big hitters in the industry, didn’t have to dig too much into their playbooks to find an approach to attack. As a matter of fact they used one of, if not the oldest axiom in the book – they utilized a remote vulnerability in enormously distributed software and exploited it to install remote access to software application ability. And in this case on an application that (A) wasn’t up to date and (B) most likely didn’t need to be running.

While the hacks themselves have actually been headline news, the methods organizations can use to prevent or eradicate them is quite dull stuff. We all hear “keep boxes up to date with patch management software applications” and “guarantee uniformity with compliance tools”. That is industry standard and old news. But to posture a concern: who is “watching the watchers”? Which in this case the watchers being compliance, patch and systems management technologies. I believe Facebook and Apple found out that even if a management system tells you that software current does not imply you must believe it! Here at Ziften our results in the field state as much where we consistently discover dozens of variations of the SAME significant application running on Fortune 1000 sites – which by the way all are utilizing compliance and systems management products.

In the case of the exploited Java plug-in, this was a SIGNIFICANT application with large distribution. This is the type of application that gets monitored by systems management, compliance and patch products. The lesson from this could not be clearer – having some kind of check against these applications is necessary (simply ask any of the organizations that were attacked…). However this just constitutes a part of the problem – this is a significant (debatably important) application we are speaking about here. If organizations find it difficult to get their arms around maintaining updates on known licensed applications being used, then exactly what about all the unknown and unneeded running applications and plug-ins and their vulnerabilities? Simply speaking – if you can’t even understand what you are expected to understand then how in the world can you know (and in this case secure) about the things you do not know or are concerned about?

Extraneous Software Can Cause A Real Security Threat And Ziften Can Help – Chuck Leaver

Written By Dr Al Hartmann And Presented By Chuck Leaver CEO Ziften



The truth about the PC ecosystem is such that extraneous processes are all over and go into enterprise computers by every ploy imaginable. Leading software ISVs and hardware OEMs and IHVs have no ethical qualms with burdening business PCs with unneeded and undesirable software applications if they can get a couple of royalty dollars on the side at your cost. This one flew up on my screen only today as I handled the current headline-making Java security vulnerabilities.

Here is the background – zero-day vulnerabilities were discovered recently in Java, an essential software element in numerous business applications. Department of Homeland Security professionals advised switching off Java totally, however that cuts off Java business apps.

The option for where Java is required (within numerous enterprises) is to update Java, an Oracle software, to obtain at least the current partial software application patches from Oracle. However Oracle defaults setup of unwanted extraneous software through the Ask Toolbar, which numerous security-conscious but naïve users will assume is helpful given the Oracle recommendation (and golly gee it doesn’t cost anything), although browser add-ons are a notorious security risk.

Just Ziften combines security consciousness with extraneous process identification and removal capabilities to help enterprises enhance both their security and their performance-driving operating performance Don’t settle for half-measures that overlook extraneous processes proliferating throughout your business client landscape – use Ziften to gain visibility and control over your endpoint population.