You Are Not Immune From A Cyber Attack But You Can Do This – Chuck Leaver

Written By Chuck Leaver CEO Ziften


No business, however small or big, is resistant from a cyberattack. Whether the attack is initiated from an outside source or from the inside – no business is fully safeguarded. I have lost count of the variety of times that senior managers from companies have said to me, “why would anyone want to hack us?”

Cyberattacks Can Take Lots of Types

The expansion of devices that can link to organization networks (laptop computers, cell phones and tablets) indicate an increased threat of security vulnerabilities. The goal of a cyberattack is to exploit those vulnerabilities.


Among the most common cyber attack methods is using malware. Malware is code that has a malicious intent and can include viruses, Trojans and worms. The goal with malware is frequently to take delicate data or even destroy computer networks. Malware is often in the type of an executable file that will distribute across your network.

Malware is becoming a lot more sophisticated, and now there is rogue malware that will masquerade itself as genuine security software that has been developed to protect your network.

Phishing Attacks

Phishing attacks are likewise common. Most often it’s an e-mail that is sent from a supposedly “trusted authority” requesting that the user supply personal data by clicking on a link. A few of these phishing e-mails look very genuine and they have actually deceived a lot of users. If the link is clicked and data input the info will be taken. Today an increasing number of phishing emails can contain ransomware.

Password Attacks

A password attack is one of the simplest kinds of cyber attacks. This is where an unapproved 3rd party will attempt to access to your systems by “breaking” the login password. Software applications can be utilized here to carry out brute force attacks to predict passwords, and combination of words utilized for passwords can be compared using a dictionary file.

If a hacker gains access to your network through a password attack then they can quickly release malicious malware and trigger a breach of your delicate data. Password attacks are one of the simplest to avoid, and strict password policies can provide an extremely effective barrier. Changing passwords frequently is likewise suggested.

Denial of Service

A Denial of Service (DoS) attack is everything about causing maximum interruption of the network. Attackers will send really high volumes of traffic through the network and generally make lots of connection demands. The outcome is an overload of the network and it will close down.

Several computers can be used by hackers in DoS attacks that will create extremely significant levels of traffic to overload the network. Just recently the biggest DoS attack in history utilized botnets versus Krebs On Security. On a regular basis, endpoint devices linked to the network such as PC’s and laptop computers can be pirated and will then add to the attack. If a DoS attack is experienced, it can have serious repercussions for network security.

Man in the Middle

Man in the middle attacks are accomplished by impersonating endpoints of a network throughout an information exchange. Details can be taken from the end user or perhaps the server that they are interacting with.

How Can You Entirely Prevent Cyber Attacks?

Total prevention of a cyber attack is not possible with present innovation, but there is a lot that you can do to secure your network and your sensitive data. It is essential not to think that you can just purchase and execute a security software suite then relax. The more advanced cyber crooks are aware of all the security software application services on the market, and have designed approaches to overcome the safeguards that they offer.

Strong and regularly changed passwords is a policy that you should embrace, and is one of the simplest safeguards to put in place. The encryption of your delicate data is another easy thing to do. Beyond installing antivirus and malware security suites in addition to an excellent firewall program, you ought to guarantee that routine backups are in place and that you have a data breach occurrence response/remediation strategy in case the worst takes place. Ziften helps businesses continuously monitor for threats that may get through their defenses, and do something about it instantly to eliminate the risk entirely.

Prior To Cloud Migration Get Endpoint Visibility – Chuck Leaver

Written By Logan Gilbert And Posted By Chuck Leaver Ziften CEO


Fears Over Compliance And Security Prevent Organizations From Cloud Migration

Moving segments of your IT operations to the cloud can seem like a substantial chore, and a hazardous one at that. Security holes, compliance record keeping, the risk of introducing errors into your architecture … cloud migration provides a lot of scary concerns to deal with.

If you have actually been wary about migrating, you’re not alone – however assistance is on the way.

When Evolve IP surveyed 1,000+ IT pros earlier this year for their Adoption of Cloud Services North America report, 55% of those polled stated that security is their biggest issue about cloud adoption. For companies that do not already have some cloud existence, the number was even higher – 70%. The next largest barrier to cloud adoption was compliance, cited by 40% of participants. (That’s up 11% this year.).

However here’s the bigger problem: If these issues are keeping your company out of the cloud, you cannot take advantage of the effectiveness and expense advantages of cloud services, which ends up being a strategic impediment for your whole organization. You need a method to move that likewise answers issues about security, compliance, and operations.

Better Security in Any Environment With Endpoint Visibility.

This is where endpoint visibility wins the day. Having the ability to see what’s happening with every endpoint offers you the visibility you have to enhance security, compliance, and functional effectiveness when you move your data center to the cloud.

And I suggest any endpoint: desktop, laptop, mobile device, server, VM, or container.

As a long period of time IT pro, I comprehend the temptation to think you have more control over your servers when they’re secured in a closet and you’re the one who holds the keys. Even when you know that parts of your environment count on kludges, they’re your kludges, and they’re stable. Plus, when you’re running your own data center – unlike when you’re in the cloud – you can use network taps and a whole host of monitoring tools to look at traffic on the wire, find out a great deal about who’s talking to whom, and fix your issues.

However that level of information fades in comparison to endpoint visibility, in the data center or in the cloud. The granularity and control of Ziften’s system gives you far more control than you might ever get with a network tap. You can spot malware and other problems anywhere (even off your network), separate them right away, then track them back to whichever user, application, device, or process was the weak spot in the chain. Ziften supplies the ability to carry out look back forensics and to quickly fix issues in much less time.

Eliminating Your Cloud Migration Headaches.

Endpoint visibility makes a big distinction anytime you’re ready to move part of your environment to the cloud. By evaluating endpoint activity, you can develop a standard inventory of your systems, clear out wildcard assets such as orphaned VMs, and search out vulnerabilities. That gets all assets safe and secure and steady within your very own data center prior to your relocate to a cloud supplier like AWS or Azure.

After you have actually moved to the cloud, ongoing visibility into each application, device and user indicates that you can administer all parts of your infrastructure more effectively. You prevent squandering resources by avoiding VM expansion, plus you have an in-depth body of data to satisfy the audit requirements for NIST 800-53, HIPAA, and other compliance regulations.

When you’re ready to transfer to the cloud, you’re not doomed to weak security, incomplete compliance, or functional SNAFUs. Ziften’s technique to endpoint security offers you the visibility you need for cloud migration without the headaches.

Tool For Endpoint Security Visibility And Event Remediation – Chuck Leaver

Written By Logan Gilbert And Presented By Chuck Leaver


Ziften assists with event response, remediation, and examination, even for endpoints that are not connected to your network.

When events occur, security analysts need to act quickly and thoroughly.

With telecommuting labor forces and business “cloud” infrastructures, remediation and analysis on an endpoint present a genuinely difficult job. Below, watch how you can use Ziften to do something on the endpoint and determine the origin and propagation of a compromise in minutes – no matter where the endpoints are located.

First, Ziften alerts you to harmful activities on endpoints and steers you to the reason for the alarm. In seconds, Ziften lets you take remediation actions on the endpoint, whether it’s on the business network, an employee’s home, or the local cafe. Any removal action you ‘d generally carry out via a direct access to the endpoint, Ziften provides through its web console.

Just that rapidly, remediation is looked after. Now you can use your security expertise to go threat hunting and do a bit of forensics work. You can instantly dive into much more information about the process that resulted in the alert; and after that ask those vital questions to find how prevalent the problem is and where it spread from. Ziften provides extensive incident removal for security experts.

See directly how Ziften can help your security team zero in on risks in your environment with our Thirty Days complimentary trial.

OPM Breach Review Sends Out Strong Message To CISO’s – Chuck Leaver

Written by Dr Al Hartmann And Presented By Ziften CEO Chuck Leaver


Cyber attacks, attributed to the Chinese federal government, had breached delicate workers databases and stolen data of over 22 million present, former, and potential U.S. civil servants and family members. Stern cautions were overlooked from the Office of the Inspector General (OIG) to close down systems without present security authorization.

Presciently, the OIG particularly warned that failure to shut down the unauthorized systems brought national security ramifications. Like the captain of the Titanic who preserved flank speed through an iceberg field, the OPM reacted,

” We concur that it is very important to preserve updated and valid ATO’s for all systems however do not believe that this condition rises to the level of a Material Weakness.”

Furthermore the OPM worried that closing down those systems would suggest a lapse in retirement and worker benefits and incomes. Provided a choice in between a security lapse and an operational lapse, the OPM decided to operate insecurely and were pwned.

Then director, Katherine Archuleta, resigned her position in July 2015, a day after revealing that the scope of the breach greatly exceeded original damage assessments.

In spite of this high value information kept by OPM, the agency cannot prioritize cyber security and adequately safe high value data.

Exactly what Can CISO’s learn from this?

Logical CISO’s will wish to prevent career immolation in a massive flaming data breach catastrophe, so let’s rapidly examine the key lessons from the Congressional report executive summary.

Focus on Cybersecurity Corresponding with Asset Value

Have an effective organizational management structure to carry out risk appropriate IT security policies. Chronic lack of compliance with security best practices and lagging recommendation execution timelines are signs of organizational failure and bureaucratic atherosclerosis. Shock the organization or prepare your post-breach panel appearance before the inquisitors.

Do Not Endure a Complacent State of Info Security

Have the required tracking in place to keep crucial situational awareness, leave no visibility gaps. Don’t fail to comprehend the scope or degree or gravity of cyber attack indicators. Assume if you determine attack indicators, there are other indications you are missing. While OPM was forensically monitoring one attack avenue, another parallel attack went unnoticed. When OPM did act the cyber attackers understood which attack had been found and which attack was still successful, quite important intelligence to the assailant.

Enforce Fundamental Required Security Tools and Expeditiously Deploy Cutting-Edge Security Tools

OPM was woefully irresponsible in executing mandated multi-factor authentication for privileged accounts and didn’t release available security technology that could have prevented or reduced exfiltration of their most valuable security background investigation files.

For privileged data or control access authentication, the phrase “password protected” has actually been an oxymoron for several years – passwords are not security, they are an invitation to jeopardize. In addition to sufficient authentication strength, total network tracking and visibility is needed for avoidance of sensitive data exfiltration. The Congressional investigation blamed sloppy cyber hygiene and insufficient system traffic visibility for the hackers’ consistent existence in OPM networks.

Don’t Fail to Escalate the Alarm When Your Critically Delicate Data Is Under Attack

In the OPM breach, observed attack activity “should have sounded a high level multi agency nationwide security alarm that a sophisticated, persistent actor was seeking to gain access to OPM’s highest-value data.” Rather, nothing of consequence was done “up until after the agency was badly jeopardized, and till after the agency’s most delicate info was lost to wicked actors.” As a CISO, sound that alarm in good time (or practice your panel look face).

Finally, do not let this be said of your business security posture:

The Committee obtained documentation and statements showing OPM’s info security posture was weakened by an incredibly unsecure IT environment, internal politics and administration, and misplaced priorities related to the release of security tools that slowed essential security decisions.

If You Are Planning A Cloud Migration Then Read This – Chuck Leaver

Written By Chuck Leaver CEO Ziften


What Concerns Organization CISOs When Migrating To The Cloud

Moving to the cloud offers a number of advantages to business organizations, however there are real security issues that make changing over to a cloud environment worrisome. What CISOs want when moving to the cloud is continuous insight into that cloud environment. They need a way to monitor and measure threat and the self-confidence that they have the proper security controls in place.

Increased Security Threat

Migration to the cloud implies utilizing managed IT services and many think this implies giving up a high level of visibility and control. Although the leading cloud suppliers use the most recent security technology and file encryption, even the most up to date systems can stop working and expose your delicate data to the world.

In reality, cloud environments undergo similar cyber dangers as private enterprise data centers. However, the cloud is becoming a more appealing target due to the considerable quantity of data that has been saved on servers in the cloud.

Cyber attackers know that business are slowly moving to the cloud, and they are currently targeting cloud environments. Alert Logic, a security as a service provider, released a report that concluded that those who make IT decisions ought to not assume that their data that is stored off site is harder for cyber lawbreakers to get.

The report went on to say that there had been a 45% increase in application attacks against implementations in the cloud. There had likewise been a boost in attack frequency on businesses that store their infrastructure in the cloud.

The Cloud Is a Glittering Prize

With the moving of valuable data, production workloads, and software applications to cloud environments these discoveries ought to not come as a surprise. A statement from the report said, “… cyber attackers, like everybody else, have a limited quantity of time to finish their job. They want to invest their time and resources into attacks that will bear the most fruit: businesses using cloud environments are largely considered that fruit bearing prize.”

The report likewise suggests that there is a misconception within companies about security. A number of organization decision makers were under the impression that once a cloud migration had happened then the cloud provider would be totally accountable for the security of their data.

Security in The Cloud Has to Be A Shared Duty

All organizations should take responsibility for the security of their data whether it is hosted on site or in the cloud. This duty can not be completely abdicated to a cloud provider. If your business suffers from a data breach while utilizing cloud management services, it is unlikely that you would be able to evade responsibility.

It is essential that every organization totally comprehends the environment and the risks that are related to cloud management. There can be a myriad of legal, financial, commercial, and compliance risks. Prior to migrating to the cloud be sure to inspect agreements so that the provider’s liability is completely comprehended if a data breach were to take place.

Vice president of Alert Logic Will Semple stated, “the key to safeguarding your vital data is being well-informed about how and where along the ‘cyber kill chain’ enemies infiltrate systems and to employ the ideal security tools, practices and resource investment to combat them.”

Cloud Visibility Is The Key

Whether you are using cloud management services or are hosting your very own infrastructure, you need total visibility within your environment. If you are considering the migration of part – or all – of your environment to the cloud then this is essential.

After a cloud migration has actually occurred you can rely on this visibility to monitor every user, device, application, and network activity for prospective threats and possible hazards. Thus, the administration of your infrastructure becomes a lot more reliable.

Don’t let your cloud migration result in lesser security and insufficient compliance. Ziften can assist maintain cloud visibility and security for your existing cloud implementations, or future cloud migrations.

Endpoint Management Is Vital To Stop Cyber Attacks – Chuck Leaver

Written By Chuck Leaver, CEO Ziften


Determine and control any device that requires access to your business network.

When an organization grows so does its asset footprint, and this makes the job of handling the whole set of IT assets a lot more tough. IT management has actually changed from the days where IT asset management included recording devices such as printers, making an inventory of all set up applications and ensuring that antivirus suites were updated.

Today, organizations are under consistent threat of cyber attacks and using malicious code to infiltrate the corporate network. Lots of devices now have network access abilities. Gone are the days when only desktop PC’s connected to a business network. Now there is a culture of bring your own device (BYOD) where cell phones, tablets and laptops are all likely to connect to the network.
While this offers versatility for the companies with the capability for users to link remotely, it opens up an entire new variety of vulnerabilities as these different endpoints make the challenge of business IT security a lot more complex.

What Is Endpoint Management?

It is essential that you have a policy based approach to the endpoint devices that are linked to your network to lessen the risk of cyber attacks and data breaches. Making use of laptop computers, tablets, mobile phones and other devices may be convenient, however they can expose companies to a huge array of security threats. The main objective of a sound endpoint management strategy need to be that network activities are carefully kept an eye on and unauthorized devices can not access the network.

A lot of endpoint management software is most likely to inspect that the device has an operating system that has actually been authorized, as well as anti-virus software applications, and examine the device for upgraded private virtual network systems.

Endpoint management systems will recognize and manage any device that requires access to the organization’s network. If anyone is trying to access the organization’s environment from a non compliant device they will be denied access. This is vital to combat attacks from cyber crooks and infiltrations from malicious groups.

Any device which does not abide by endpoint management policies are either quarantined or granted restricted access. Local administrative rights might be eliminated and browsing the Internet limited.

Organizations Can Do More

There are a number of methods that a company can utilize as part of their policy on endpoint management. This can include firewall programs (both network and individual), the file encryption of delicate data, stronger authentication methods which will certainly consist of making use of difficult to break passwords that are regularly altered and device and network level antivirus and anti-malware protection.

Endpoint management systems can work as a client and server basis where software is deployed and centrally handled on a server. The client program will need to be installed on all endpoint devices that are licensed to access the network. It is also possible to use a software as a service (SaaS) model of endpoint management where the vendor of the service will host and take care of the server and the security applications from another location.

When a client device tries a log in then the server based application will scan the device to see if it complies with the organization’s endpoint management policy, and after that it will validate the credentials of the user prior to access to the network can be approved.

The Problem With Endpoint Management Systems

Most businesses see security software as a “cure all” however it is not that clear cut. Endpoint security software that is bought as a set and forget solution will never ever be enough. The experienced hackers out there understand about these software services and are developing destructive code that will avert the defenses that a set and forget application can provide.

There needs to be human intervention and Jon Oltsik, contributor at Network World said “CISOs must take ownership of endpoint security and designate a group of experts who own endpoint security controls as part of an overall obligation for incident prevention, detection, and response.”

Ziften’s endpoint security services supply the constant monitoring and look-back visibility that a cyber security group requires to identify and act on to prevent any destructive infiltrations spreading and stealing the delicate data of the organization.

Adaptive Response Is Essential As Demonstrated At Splunk.conf 2016 – Chuck Leaver

Written By Michael Vaughn And Presented By Chuck Leaver Ziften CEO


All the most recent greatness from Splunk

Recently I participated in the annual Splunk conference in the fantastic sunshine state – Florida. The Orlando-based occasion permitted Splunkers from all over the world to acquaint themselves with the most recent and greatest offerings from Splunk. Although there were a variety of enjoyable activities throughout the week, it was clear that participants existed to discover new things. The statement of Splunk’s security-centric Adaptive Response effort was popular and so happens to integrate rather nicely with Ziften’s endpoint system.

In particular, the “Transforming Security” Keynote Address presented by Monzy Merza, Director of Cyber Research and Chief Security Evangelist for Splunk, Haiyan Song, SVP Security Markets for Splunk, and Mike Stone, CDIO for the UK Ministry of Defense, showed the power of Splunk’s brand-new Adaptive Response interface to thousands of attendees.

In the clip below extracted from that Keynote, Monzy Merza exhibits how crucial data supplied by a Ziften agent can likewise be used to enact bi-directional performance from Splunk by sending instructional logic to the Ziften agent to take immediate actions on a jeopardized endpoint. Monzy had the ability to successfully determine a jeopardized Linux server and remove it from the operational network for more forensic examination. By not only supplying crucial security data to the Splunk instance, however also enabling the user to remain on the very same user interface to take operational and security actions, the Ziften endpoint agent enables users to bi-directionally make use of Splunk’s powerful structure to take instant action across all running systems in an exacting way. After the talks our cubicle was swamped with demos and incredibly intriguing conversations concerning operations and security.

Take a look at a three minute Monzy highlight from the Keynote:

Over the weekend I was able to process the large selection of technical conversations I had with hundreds of brilliant people in our cubicle at.conf. Among the amusing things I discovered – which no one would openly admit unless I pulled it out of them – is that the majority of us are beginner-to-intermediate SPL( Splunk Processing Language) users. I also observed the obvious: incident response was the main focus of this year’s occasion.

However, many people use Ziften for Splunk for a variety of things, such as operations and application management, network monitoring, and user habits modeling. In an effort to illuminate the broad functionality of our Splunk App, here’s a taste of exactly what folks at.conf2016 enjoyed most about Ziften for Splunk:

1) It’s wonderful for Enterprise Security.

a. Generalized platform for digesting real-time data and taking immediate action
b. Autotomizing remediation from a large scope of indications of compromise

2) IT Operations like us.

a. Systems Tracking, Hardware Life Cycle, Management Of Resources
b. Application Management – Compliance, License Rationalization, Vulnerabilities

3) Network Monitoring with ZFlow is a game changer.

a. ZFlow ties netflow with binary, user and system data – in a single Splunk SPL entry. Do I need to say more here? This is the best Holy Grail from Indiana Jones, guys!

4) Our User Habits Modeling surpasses just alerts.

a. This could be tied back under IT Operations but it’s becoming its own beast
b. Ziften’s tracking of software application usage, logins, elevated binaries, timestamps, etc is easily viewable in Splunk
c. Ziften supplies a totally free Security Centric Splunk bundle, however we convert all of the data we collect from each endpoint to Splunk CIM language – Not just our ‘Alerts’.

Ultimately, using a single Splunk Adaptive Response interface to handle a plethora of tools within your environment is what helps build a strong business fabric for your business – one where operations, security and network teams more fluidly overlap. Make better decisions, much faster. Discover on your own with our free 30 day trial of Ziften for Splunk!

It’s Time To Eradicate Adobe Flash To Keep The Hackers Out – Chuck Leaver

Written By Dr Al Hartmann And Presented By Chuck Leaver Ziften CEO


Get Tough or Get Attacked.

Highly experienced and skilled cyber attack teams have actually targeted and are targeting your business. Your large endpoint population is the most typical point of entry for experienced attack groups. These enterprise endpoints number in the thousands, are loosely managed, laxly set up, and swarming with vulnerability direct exposures, and are run by partially trained, credulous users – the ideal target-rich opportunity. Mikko Hypponen, chief research officer at F-Secure, often remarks at industry symposia: “How many of the Fortune 500 are attacked today? The response: 500.”

And for how long did it take to penetrate your business? White hat hackers performing penetration screening or red group workouts generally compromise target enterprises within the very first couple of hours, despite the fact that ethically and lawfully limited in their approaches. Black hat or state sponsored hackers may accomplish penetration even more quickly and secure their existence indefinitely. Given average assailant dwell duration’s determined in numerous days, the time-to-penetration is negligible, not an obstacle.

Exploit Packages

The industrialization of hacking has actually developed a black market for attack tools, consisting of a variety of software for recognizing and exploiting customer endpoint vulnerabilities. These exploitation sets are marketed to cyber assailants on the dark web, with lots of exploit package families and vendors. An exploit package runs by assessing the software configuration on the endpoint, determining exposed vulnerabilities, and applying an exploitation to a vulnerability exposure.

A relative handful of typically deployed endpoint software represent the bulk of exploitation set targeted vulnerabilities. This arises from the unfortunate reality that complex software applications have the tendency to show a continual flow of vulnerabilities that leave them continuously vulnerable. Each patch release cycle the exploitation kit designers will download the most recent security patches, reverse engineer them to find the underlying vulnerabilities, and update their exploit packages. This will often be done more quickly than organizations apply patches, with some vulnerabilities staying unpatched and ripe for exploitation even years after a patch is provided.

Adobe Flash

Prior to prevalent adoption of HTML 5, Adobe Flash was the most frequently utilized software application for rich Internet material. Even with increasing adoption of HTML 5, legacy Adobe Flash preserves a significant following, keeping its long-held position as the beloved of exploitation set authors. A recent study by Digital Shadows, In the Business of Exploitation, is instructive:

This report analyzes 22 exploitation kits to understand the most frequently exploited software. We searched for trends within the exploitation of vulnerabilities by these 22 packages to show exactly what vulnerabilities had actually been exploited most commonly, coupled with how active each exploit set was, in order to inform our evaluation.

The vulnerabilities exploited by all 22 exploit kits showed that Adobe Flash Player was most likely to be the most targeted software, with 27 of the seventy six identified vulnerabilities exploited relating to this software application.

With relative consistency, dozens of fresh vulnerabilities are revealed in Adobe Flash every month. To exploitation kit designers, it is the gift that continues giving.

The industry is learning its lesson and moving beyond Flash for rich web material. For instance, a Yahoo senior developer blogging recently in Streaming Media noted:

” Adobe Flash, once the de-facto requirement for media playback on the web, has lost favor in the industry due to increasing concerns over security and performance. At the same time, needing a plugin for video playback in browsers is losing favor amongst users also. As a result, the market is moving toward HTML5 for video playback.”

Amit Jain, Sep 21, 2016

Eliminating Adobe Flash

One step businesses may take today to harden their endpoint configurations is to get rid of Adobe Flash as a matter of organization security policy. This will not be an easy task, it might be painful, but it will be valuable in reducing your enterprise attack surface area. It involves blacklisting Adobe Flash Player and imposing web browser security settings disabling Flash content. If done properly, this is exactly what users will see where Flash material appears on a legacy web page:


This message validates 2 realities:

1. Your system is correctly configured to refuse Flash material.

Praise yourself!

2. This website would jeopardize your security for their convenience.

Ditch this website!