WannCry Ransomware – How Ziften Can Help You – Chuck Leaver

Written By Michael Vaughn And Presented By Chuck Leaver Ziften CEO


Answers To Your Concerns About WannaCry Ransomware

The WannaCry ransomware attack has actually infected more than 300,000 computer systems in 150 countries so far by making use of vulnerabilities in Microsoft’s Windows os.
In this brief video Chief Data Scientist Dr. Al Hartmann and I go over the nature of the attack, in addition to how Ziften can assist companies secure themselves from the exploit called “EternalBlue.”.

As mentioned in the video, the problem with this Server Message Block (SMB) file-sharing service is that it’s on many Windows os and discovered in many environments. However, we make it easy to identify which systems in your environment have actually or haven’t been patched yet. Significantly, Ziften Zenith can likewise remotely disable the SMB file-sharing service totally, giving organizations valuable time to guarantee that those machines are correctly patched.

If you’re curious about Ziften Zenith, our 20 minute demonstration includes an assessment with our experts around how we can assist your company prevent the worst digital catastrophe to strike the web in years.

Assess Next Generation Endpoint Security Solutions With These Steps – Chuck Leaver

Written By Roark Pollock And Presented By Chuck Leaver CEO Ziften


The Endpoint Security Purchaser’s Guide

The most typical point for a sophisticated persistent attack or a breach is the end point. And they are definitely the entry point for the majority of ransomware and social engineering attacks. Making use of endpoint protection products has long been thought about a best practice for securing endpoints. Unfortunately, those tools aren’t staying up to date with today’s risk environment. Advanced hazards, and truth be told, even less advanced threats, are often more than adequate for deceiving the typical staff member into clicking something they should not. So companies are taking a look at and evaluating a variety of next generation end point security (NGES) solutions.

With that in mind, here are ten tips to think about if you’re taking a look at NGES services.

Tip 1: Begin with the end in mind

Do not let the tail wag the dog. A threat reduction method ought to constantly begin by evaluating issues and after that trying to find possible fixes for those issues. But all too often we get enamored with a “shiny” brand-new innovation (e.g., the most recent silver bullet) and we end up trying to shoehorn that technology into our environments without fully assessing if it solves an understood and determined problem. So exactly what problems are you aiming to fix?

– Is your existing end point protection tool failing to stop dangers?
– Do you require better visibility into activity on the end point?
– Are compliance requirements dictating constant end point tracking?
– Are you trying to reduce the time and expense of incident response?

Define the issues to address, then you’ll have a measuring stick for success.

Pointer 2: Know your audience. Exactly who will be using the tool?

Understanding the problem that needs to be resolved is a key initial step in understanding who owns the problem and who would (operationally) own the service. Every functional team has its strengths, weak points, choices and prejudices. Specify who will need to utilize the solution, and others that might take advantage of its use. Maybe it’s:

– Security operations,
– IT operations,
– The governance, risk & compliance (GRC) group,
– Helpdesk or end user support group,
– And even the server group, or a cloud operations group?

Pointer 3: Know exactly what you mean by endpoint

Another often neglected early step in defining the issue is defining the end point. Yes, all of us used to know exactly what we implied when we said end point however today end points come in a lot more varieties than before.

Sure we want to protect desktops and laptops but how about mobile devices (e.g. phones and tablets), virtual end points, cloud based end points, or Internet of Things (IoT) devices? And how about your servers? All these devices, of course, are available in numerous flavors so platform assistance has to be attended to too (e.g. Windows only, Mac OSX, Linux, etc?). Likewise, consider support for endpoints even when they are working remote, or are working offline. What are your requirements and exactly what are “good to haves?”

Tip 4: Start with a foundation of constant visibility

Continuous visibility is a foundational capability for attending to a host of security and functional management problems on the end point. The old adage holds true – that you can’t manage exactly what you cannot see or determine. Even more, you can’t protect what you can’t properly manage. So it must begin with continuous or all the time visibility.

Visibility is foundational to Management and Security

And think about exactly what visibility suggests. Enterprises need a single source of truth that at a minimum monitors, stores, and evaluates the following:

– System data – events, logs, hardware state, and file system details
– User data – activity logs and habit patterns
– Application data – attributes of installed apps and use patterns
– Binary data – attributes of set up binaries
– Processes data – tracking details and stats
– Network connectivity data – stats and internal habits of network activity on the host

Pointer 5: Track your visibility data

Endpoint visibility data can be saved and analyzed on the premises, in the cloud, or some mix of both. There are benefits to each. The proper technique varies, but is generally enforced by regulative requirements, internal privacy policies, the endpoints being monitored, and the total cost considerations.

Know if your company requires on premise data retention

Know whether your organization allows for cloud based data retention and analysis or if you are constrained to on premise solutions only. Within Ziften, 20-30% of our clients keep data on premise just for regulatory factors. Nevertheless, if lawfully an alternative, the cloud can provide expense advantages (to name a few).

Idea 6: Know exactly what is on your network

Comprehending the problem you are trying to resolve needs understanding the assets on the network. We find that as many as 30% of the end points we initially discover on customers’ networks are unmanaged or unidentified devices. This certainly develops a big blind spot. Minimizing this blind spot is a vital best practice. In fact, SANS Critical Security Controls 1 and 2 are to perform a stock of authorized and unapproved devices and software applications attached to your network. So search for NGES services that can fingerprint all connected devices, track software inventory and utilization, and carry out on-going continuous discovery.

Idea 7: Know where you are vulnerable

After finding out exactly what devices you have to track, you have to make certain they are running in up to date setups. SANS Critical Security Controls 3 recommends making sure secure setups tracking for laptops, workstations, and servers. SANS Critical Security Controls 4 advises making it possible for continuous vulnerability evaluation and removal of these devices. So, try to find NGES solutions that provide all the time monitoring of the state or posture of each device, and it’s even better if it can help enforce that posture.

Likewise search for services that provide continuous vulnerability assessment and remediation.

Keeping your total endpoint environment solidified and free of vital vulnerabilities prevents a huge quantity of security issues and removes a lot of back end pressure on the IT and security operations teams.

Suggestion 8: Cultivate continuous detection and response

An important objective for lots of NGES solutions is supporting continuous device state monitoring, to enable effective hazard or event response. SANS Critical Security Control 19 recommends robust incident response and management as a best practice.

Try to find NGES solutions that provide all the time or continuous threat detection, which leverages a network of global threat intelligence, and several detection techniques (e.g., signature, behavioral, artificial intelligence, etc). And try to find event response solutions that assist prioritize determined threats and/or concerns and offer workflow with contextual system, application, user, and network data. This can assist automate the suitable response or next actions. Lastly, comprehend all the response actions that each service supports – and look for a solution that offers remote access that is as close as possible to “sitting at the endpoint keyboard”.

Pointer 9: Consider forensics data collection

In addition to incident response, organizations need to be prepared to deal with the need for forensic or historical data analysis. The SANS Critical Security Control 6 advises the maintenance, monitoring and analysis of all audit logs. Forensic analysis can take numerous forms, but a foundation of historic endpoint monitoring data will be crucial to any examination. So try to find solutions that preserve historic data that permits:

– Forensic tasks consist of tracing lateral danger movement through the network over time,
– Pinpointing data exfiltration efforts,
– Identifying source of breaches, and
– Figuring out suitable removal actions.

Pointer 10: Take down the walls

IBM’s security group, which supports an impressive community of security partners, approximates that the average business has 135 security tools in place and is working with 40 security vendors. IBM customers definitely tend to be large enterprise but it’s a common refrain (grievance) from organizations of all sizes that security solutions do not integrate properly.

And the problem is not just that security solutions don’t play well with other security solutions, but likewise that they don’t always integrate well with system management, patch management, CMDB, NetFlow analytics, ticketing systems, and orchestration tools. Organizations need to think about these (and other) integration points in addition to the supplier’s determination to share raw data, not just metadata, through an API.

Additional Pointer 11: Plan for modifications

Here’s a bonus pointer. Assume that you’ll want to customize that shiny new NGES service quickly after you get it. No solution will satisfy all your needs right out of the box, in default setups. Find out how the solution supports:

– Customized data collection,
– Notifying and reporting with custom data,
– Custom-made scripting, or
– IFTTT (if this then that) functionality.

You know you’ll desire brand-new paint or brand-new wheels on that NGES solution soon – so make certain it will support your future modification projects easy enough.

Try to find support for simple customizations in your NGES solution

Follow the bulk of these suggestions and you’ll certainly avoid many of the typical errors that pester others in their assessments of NGES services.

Ziften Leads The Way In End To End Protection – Chuck Leaver

Written By Ziften CEO Chuck Leaver


Do you wish to manage and safeguard your end points, your data center, the cloud and your network? In that case Ziften has the right solution for you. We gather data, and allow you to correlate and use that data to make decisions – and be in control over your enterprise.

The details that we obtain from everyone on the network can make a real world distinction. Think about the proposition that the 2016 U.S. elections were influenced by hackers from another nation. If that holds true, cyber criminals can do almost anything – and the concept that we’ll go for that as the status quo is simply ludicrous.

At Ziften, our company believe the way to combat those threats is with greater visibility than you’ve ever had. That visibility goes across the entire business, and links all the major players together. On the back end, that’s real and virtual servers in the data center and the cloud. That’s applications and containers and infrastructure. On the other side, it’s laptops and desktop computers, irrespective of where and how they are connected.

End-to-end – that’s the believing behind everything at Ziften. From endpoint to the cloud, all the way from an internet browser to a DNS server. We tie all that together, with all the other parts to give your service a total service.

We likewise capture and save real-time data for as much as 12 months to let you know what’s taking place on the network today, and provide historic trend analysis and warnings if something changes.

That lets you identify IT faults and security concerns immediately, and also have the ability to ferret out the source by looking back in time to see where a breach or fault might have first happened. Active forensics are an absolute need in this business: After all, where a breach or fault initiated an alarm may not be the place where the problem started – or where a hacker is running.

Ziften provides your security and IT groups with the visibility to understand your current security posture, and identify where improvements are required. Endpoints non-compliant? Found. Rogue devices? Found. Penetration off-network? This will be detected. Out-of-date firmware? Unpatched applications? All discovered. We’ll not just assist you find the issue, we’ll help you repair it, and make certain it stays fixed.

End to end IT and security management. Real-time and historical active forensics. In the cloud, offline and onsite. Incident detection, containment and response. We have actually got it all covered. That’s exactly what makes Ziften better.

Our Enhanced NetFlow Will Help You Track Cloud Activities – Chuck Leaver

Written by Roark Pollock and Presented by Ziften CEO Chuck Leaver


According to Gartner the public cloud services market surpassed $208 billion last year (2016). This represented about a 17% increase year over year. Not bad when you consider the ongoing issues most cloud clients still have concerning data security. Another particularly intriguing Gartner discovery is the common practice by cloud consumers to contract services to numerous public cloud companies.

In accordance with Gartner “most companies are currently utilizing a mix of cloud services from different cloud providers”. While the business rationale for making use of numerous vendors is sound (e.g., preventing supplier lock in), the practice does develop additional complexity inmonitoring activity throughout an company’s increasingly dispersed IT landscape.

While some service providers support more superior visibility than others (for instance, AWS CloudTrail can monitor API calls across the AWS infrastructure) companies need to comprehend and deal with the visibility issues related to moving to the cloud despite the cloud service provider or suppliers they deal with.

Sadly, the ability to monitor user and application activity, and networking communications from each VM or endpoint in the cloud is restricted.

Regardless of where computing resources live, organizations must answer the questions of “Which users, machines, and applications are interacting with each other?” Organizations need visibility throughout the infrastructure in order to:

  • Quickly determine and focus on problems
  • Speed origin analysis and identification
  • Lower the mean-time to fix issues for end users
  • Quickly determine and get rid of security hazards, decreasing overall dwell times.

Conversely, bad visibility or poor access to visibility data can decrease the efficiency of current security and management tools.

Businesses that are familiar with the maturity, ease, and reasonably cheapness of monitoring physical data centers are apt to be disappointed with their public cloud options.

What has been missing is a simple, ubiquitous, and stylish solution like NetFlow for public cloud infrastructure.

NetFlow, naturally, has actually had twenty years or so to become a de facto standard for network visibility. A typical deployment includes the monitoring of traffic and aggregation of flows at network chokepoints, the collection and saving of flow info from numerous collection points, and the analysis of this flow information.

Flows consist of a fundamental set of source and destination IP addresses and port and protocol data that is typically gathered from a router or switch. Netflow data is relatively low-cost and easy to gather and provides nearly common network visibility and enables analysis which is actionable for both network tracking and
performance management applications.

Many IT personnel, particularly networking and some security groups are very comfy with the technology.

However NetFlow was created for fixing exactly what has actually ended up being a rather minimal issue in the sense that it only collects network data and does so at a minimal number of prospective places.

To make much better use of NetFlow, two crucial changes are necessary.

NetFlow at the Edge: First, we have to broaden the helpful deployment situations for NetFlow. Instead of just gathering NetFlow at networking choke points, let’s broaden flow collection to the edge of the network (clients, cloud, and servers). This would significantly expand the overall view that any NetFlow analytics offer.

This would allow companies to augment and take advantage of existing NetFlow analytics tools to remove the ever increasing blind spot of visibility into public cloud activity.

Rich, contextual NetFlow: Second, we have to use NetFlow for more than basic visibility of the network.

Instead, let’s utilize an extended version of NetFlow and include details on the device, application, user, and binary responsible for each tracked network connection. That would allow us to quickly associate every network connection back to its source.

In fact, these two modifications to NetFlow, are exactly what Ziften has actually accomplished with ZFlow. ZFlow provides an broadened variation of NetFlow that can be deployed at the network edge, including as part of a VM or container image, and the resulting info collection can be consumed and analyzed with existing NetFlow analysis tools. Over and above traditional NetFlow Internet Protocol Flow Information eXport (IPFIX) networking visibility, ZFlow supplies extended visibility with the addition of details on device, application, user and binary for every network connection.

Ultimately, this allows Ziften ZFlow to provide end to end visibility in between any two endpoints, physical or virtual, getting rid of conventional blind spots like East West traffic in data centers and business cloud implementations.