Our Advanced Endpoint Services Will Integrate With Your Security Architecture – Chuck Leaver

Written By Roark Pollock And Presented By Ziften CEO Chuck Leaver


Security practitioners are by nature a mindful lot. Being cautious is a quality most folks likely have entering into this market given its mission, however it’s likewise certainly a characteristic that is learned over time. Ironically this holds true even when it pertains to adding extra security precautions into an already established security architecture. While one might assume that more security is better security, experience teaches us that’s not necessarily the case. There are in fact many issues related to deploying a brand-new security service. One that almost always appears near the top of the list is how well a new service integrates with existing products.

Integrating concerns come in several tastes. Firstly, a brand-new security control should not break anything. But furthermore, new security services need to willingly share hazard intelligence and act upon threat intelligence collected across a company’s entire security infrastructure. In other words, the new security tools must work together with the existing community of tools in place such that “1 + 1 = 3”. The last thing that many security and IT operations teams require is more siloed services/ tools.

At Ziften, this is why we’ve always concentrated on developing and delivering a completely open visibility architecture. We believe that any brand-new systems and security operations tools need to be produced with enhanced visibility and information sharing as crucial product requirements. However this isn’t really a one way street. Producing simple integrations needs technology partnerships with industry vendors. We consider it our responsibility to work with other innovation businesses to mutually integrate our services, hence making it easy on clients. Sadly, numerous suppliers still believe that integration of security services, particularly new endpoint security products is very difficult. I hear the concern continuously in customer conversations. But information is now appearing revealing this isn’t really always the case.

Current study work by NSS Labs on “advanced endpoint” products, they report that International 2000 clients based in North America have been happily shocked with how well these types of products integrate into their existing security architectures. In accordance with the NSS research study titled “Advanced Endpoint Protection – Market Analysis and Survey Results CY2016”, which NSS subsequently presented in the BrightTalk webinar below, respondents that had actually already deployed sophisticated endpoint items were much more favorable regarding their capability to integrate into already established security architectures than were respondents that were still in the planning stages of acquiring these products.

Specifically, for respondents that have currently deployed sophisticated endpoint products: they rank integration with already established security architectures as follows:

● Excellent 5.3 %
● Good 50.0 %
● Average 31.6 %
● Poor 13.2 %
● (Horrible) 0.0 %

Compare that to the more conservative responses from folks still in the preparation phase:

● Excellent 0.0 %
● Good 39.3 %
● Average 42.9 %
● Poor 14.3 %
● (Horrible) 3.6 %

These statements are encouraging. Yes, as noted, security people have the tendency to be pessimists, however in spite of low expectations respondents are reporting positive outcomes when it comes to integration experiences. In fact, Ziften clients usually display the exact same preliminary low expectations when we initially go over the integration of Ziften products into their existing environment of services. However in the end, consumers are wowed by how simple it is to share info with Ziften products and their already established infrastructure.

These survey outcomes will ideally assist ease issues as more recent product adopters may check out and count on peer recommendations prior to making purchase choices. Early traditional adopters are clearly having success deploying these services which will ideally assist to lessen the natural cautiousness of the real mainstream.

Certainly, there is substantial differentiation with products in the space, and organizations need to continue to perform appropriate due diligence in comprehending how and where products integrate into their broader security architectures. But, the good news is that there are products not just meeting the requirements of clients, but actually out performing their initial expectations.

Petya Variant Causes Havoc But Ziften Customers Protected – Chuck Leaver

Written By Josh Harriman And Presented By Chuck Leaver Ziften CEO


Another outbreak, another headache for those who were not prepared. While this latest attack is similar to the earlier WannaCry threat, there are some differences in this most current malware which is a variant or brand-new strain much like Petya. Called, NotPetya by some, this strain has a great deal of problems for anyone who encounters it. It might encrypt your data, or make the system entirely unusable. And now the email address that you would be needed to contact to ‘perhaps’ unencrypt your files, has actually been taken down so you’re out of luck retrieving your files.

Plenty of information to the actions of this threat are publicly offered, but I wished to discuss that Ziften consumers are secured from both the EternalBlue threat, which is one mechanism utilized for its propagation, and even much better still, a shot based upon a possible flaw or its own type of debug check that removes the danger from ever operating on your system. It might still spread out however in the environment, however our security would already be rolled out to all existing systems to halt the damage.

Our Ziften extension platform enables our customers to have protection in place against specific vulnerabilities and destructive actions for this hazard and others like Petya. Besides the specific actions taken versus this specific variant, we have actually taken a holistic approach to stop certain strains of malware that carry out different ‘checks’ against the system prior to operating.

We can likewise use our Browse capability to try to find remnants of the other propagation techniques used by this risk. Reports reveal WMIC and PsExec being used. We can search for those programs and their command lines and use. Despite the fact that they are legitimate processes, their use is usually rare and can be notified.

With WannaCry, and now NotPetya, we anticipate to see an ongoing increase of these types of attacks. With the release of the current NSA exploits, it has offered ambitious hackers the tools required to push out their items. And though ransomware threats can be a high product vehicle, more destructive hazards could be released. It has actually always been ‘how’ to get the risks to spread out (worm-like, or social engineering) which is most tough to them.

UK Parliament Make Your System Secure Instead Of Blaming Others – Chuck Leaver

Written By Dr Al Hartmann And Presented By Ziften CEO Chuck Leaver


In cyberspace the sheep get shorn, chumps get chewed, dupes get duped, and pawns get pwned. We have actually seen another excellent example of this in the current attack on the UK Parliament email system.

Rather than admit to an email system that was insecure by design, the main declaration read:

Parliament has strong procedures in place to secure all our accounts and systems.

Of course you do. The one protective procedure we did see in action was deflecting the blame – pin it on the Russians, that constantly works, while accusing the victims for their policy offenses. While details of the attack are scarce, combing various sources does assist to put together at least the gross outlines. If these descriptions are reasonably close, the United Kingdom Parliament email system failings are shocking.

What failed in this scenario?

Count on single factor authentication

“Password security” is an oxymoron – anything password secured alone is insecure, that’s it, no matter the strength of the password. Please, no 2FA here, may restrain attacks.

Do not enforce any limit on unsuccessful login efforts

Assisted by single aspect authentication, this enables simple brute force attacks, no ability needed. However when violated, blame elite foreign hackers – no one can verify.

Do not implement brute force violation detection

Permit opponents to carry out (otherwise trivially detectable) brute force violations for extended durations (12 hours against the United Kingdom Parliament system), to maximize account compromise scope.

Do not implement policy, treat it as merely suggestions

Combined with single element authentication, no limitation on failed logins, and no brute force attack detection, do not impose any password strength recognition. Offer attackers with extremely low hanging fruit.

Count on anonymous, unencrypted email for sensitive communications

If attackers do prosper in jeopardizing email accounts or sniffing your network traffic, offer a lot of opportunity for them to score high worth message material entirely withput obstruction. This likewise conditions constituents to trust easily spoofable e-mail from Parliament, producing an ideal constituent phishing environment.

Lessons learned

In addition to adding “Common Sense for Dummies” to their summertime reading lists, the United Kingdom Parliament e-mail system admin might wish to take more actions. Enhancing weak authentication practices, imposing policies, improving network and end point visibility with constant tracking and anomaly detection, and completely reassessing protected messaging are suggested actions. Penetration testing would have uncovered these fundamental weak points while staying outside the news headlines.

Even a few intelligent high schoolers with a totally free weekend might have replicated this violation. And lastly, stop blaming Russia for your own security failings. Presume that any weaknesses in your security architecture and policy framework will be probed and made use of by some hackers somewhere throughout the global internet. Even more incentive to find and repair those weaknesses prior to the enemies do, so take action now. Then if your defenders don’t cannot see the attacks in progress, update your tracking and analytics.

Want To Bring Security And IT Together? Use SysSecOps – Chuck Leaver

Written By Chuck Leaver Ziften CEO


It was nailed by Scott Raynovich. Having actually dealt with numerous organizations he realized that one of the greatest difficulties is that security and operations are 2 distinct departments – with drastically different objectives, varying tools, and varying management structures.

Scott and his analyst firm, Futuriom, recently finished a research study, “Endpoint Security and SysSecOps: The Growing Pattern to Develop a More Secure Enterprise”, where one of the crucial findings was that contrasting IT and security goals hamper specialists – on both teams – from attaining their objectives.

That’s precisely what our company believe at Ziften, and the term that Scott produced to discuss the merging of IT and security in this domain – SysSecOps – explains completely exactly what we’ve been talking about. Security groups and the IT teams must get on the same page. That implies sharing the same objectives, and in many cases, sharing the very same tools.

Think about the tools that IT individuals use. The tools are designed to ensure the infrastructure and end devices are working correctly, when something goes wrong, helps them fix it. On the endpoint side, those tools help make sure that devices that are permitted onto the network, are configured properly, have software applications that are authorized and effectively updated/patched, and have not registered any faults.

Think about the tools that security folks utilize. They work to enforce security policies on devices, infrastructure, and security apparatus (like firewalls). This might include active tracking incidents, scanning for irregular habits, taking a look at files to ensure they don’t contain malware, embracing the current risk intelligence, matching against newly found zero-days, and performing analysis on log files.

Finding fires, fighting fires

Those are 2 different worlds. The security teams are fire spotters: They can see that something bad is occurring, can work rapidly to isolate the issue, and determine if damage happened (like data exfiltration). The IT groups are on the ground firefighters: They jump into action when an event strikes to ensure that the systems are made safe and restored into operation.

Sounds excellent, doesn’t it? Regrettably, all frequently, they don’t speak to each other – it’s like having the fire spotters and fire fighters utilizing dissimilar radios, different lingo, and dissimilar city maps. Worse, the teams can’t share the very same data directly.

Our method to SysSecOps is to supply both the IT and security groups with the exact same resources – which suggests the exact same reports, provided in the suitable ways to experts. It’s not a dumbing down, it’s working smarter.

It’s ridiculous to work in any other way. Take the WannaCry infection, for example. On one hand, Microsoft released a patch back in March 2017 that dealt with the underlying SMB defect. IT operations groups didn’t install the patch, because they didn’t think this was a big deal and didn’t speak with security. Security groups didn’t understand if the patch was set up, because they don’t talk with operations. SysSecOps would have had everyone on the same page – and could have potentially avoided this issue.

Missing out on data means waste and risk

The inefficient space in between IT operations and security exposes organizations to threats. Preventable threats. Unneeded threats. It’s simply undesirable!

If your organization’s IT and security groups aren’t on the same page, you are incurring risks and expenses that you shouldn’t need to. It’s waste. Organizational waste. It’s wasteful because you have a lot of tools that are supplying partial data that have spaces, and each of your groups only sees part of the picture.

As Scott concluded in his report, “Collaborated SysSecOps visibility has actually currently proven its worth in assisting organizations assess, analyze, and prevent substantial dangers to the IT systems and endpoints. If these goals are pursued, the security and management threats to an IT system can be significantly lessened.”

If your groups are interacting in a SysSecOps type of method, if they can see the exact same data at the same time, you not just have better security and more effective operations – but also lower danger and lower expenses. Our Zenith software application can help you achieve that effectiveness, not only dealing with your existing IT and security tools, but also filling in the gaps to make sure everyone has the best data at the correct time.