Extensibility Is Best For Your Security – Chuck Leaver

Written By Chuck Leaver Ziften CEO

 

Whether you call them extensions, or call them modifications – no matter what they are called, the very best innovation platforms can be customized to fit an organization’s specific service needs. Generic operations tools are fine at performing generic operations tasks. Generic security tools are great at resolving generic security obstacles. Generic can just take you so far, unfortunately, and that’s where extensibility takes over.

Extensibility comes up typically when I’m speaking to clients and possible clients, and I’m proud that a Global 10 business selected Ziften over everyone else in the market mostly on that basis. For that client, and many others, the capability to deeply tailor platforms is a need.

This isn’t about merely producing customized reports or custom signals. Let’s be honest – the capability to develop reports are baseline ability of numerous IT operations and security management tools. True extensibility goes deep into the service to provide it abilities that fix real problems for the company.

One client used great deals of mobile IoT devices, and had to have our Zenith real-time visibility and control system be able to gain access to (and monitor) the memory of those devices. That’s not a standard feature used by Zenith, because our low-footprint agent does not hook into the os kernel or operate through standard device drivers. Nevertheless, we dealt with the customer to tailor Zenith with that ability – and it turned out to be much easier than anyone imagined.

Another client looked at the standard set of endpoint data that the agent collects, and wanted to include extra data fields. They likewise wished to setup the administrative console with customized actions using those data fields, and push those actions back out to those end points. No other endpoint tracking and security service was able to supply the facilities for including that performance other than Ziften.

What’s more, the client established those extensions themselves … and owns the code and intellectual property. It’s part of their own secret sauce, their own organization differentiator, and distinct to their business. They could not be happier. And neither are we.

With lots of other IT operations and security systems, if customers desire additional functions or abilities, the only option is to send that as a future feature request, and hope that it appears in an approaching release of the product. Up until then, regrettable.

That’s not how we designed our flagship solutions, Zenith and ZFlow. Because our endpoint agent isn’t really based on device drivers or kernel hooks, we can permit incredible extensibility, and open up that extensibility for clients to access directly.

Likewise, with our administrative consoles and back-end monitoring systems; everything is adjustable. And that was built in right from the start.

Another aspect of modification is that our real-time and historic visibility database can incorporate into your other IT operations and security platforms, such as SIEM tools, risk intelligence, IT ticketing system, job orchestration systems, and data analytics. With Zenith and ZFlow, there are no silos. Ever.

When it comes to endpoint monitoring and management, extensions are significantly where it’s at. IT operations and enterprise security teams need the ability to tailor their tools platforms to fit their exact requirements for monitoring and handling IoT, conventional endpoints, the data center, and the cloud. In numerous client discussions, our integrated extensibility has actually caused eyes to illuminate, and won us trials and deployments. Tell us about your custom-made needs, and let’s see exactly what we can do.

We Show You Our Endpoint Security Architecture Now Show Us Yours – Chuck Leaver

Written By Mike Hamilton And Presented By Ziften CEO Chuck Leaver

 

Endpoint security is really in vogue nowadays. And there are lots of different vendors out there promoting their wares in this market. However it’s sometimes difficult to comprehend exactly what each supplier offers. What’s much more difficult is to comprehend how each supplier service is architected to offer their services.

I believe that the back-end architecture of whatever you select can have an extensive effect on the future scalability of your execution. And it can produce great deals of unexpected work and costs if you’re not mindful.

So, in the spirit of openness, and because we think our architecture is different, unique and effective, we invite all endpoint security vendors to “show us your architecture”.

I’ll kick this off in the video below where I reveal to you the Ziften architecture, and a couple of exactly what I consider legacy architectures for contrast. Particularly, I’ll talk about:

– Ziften’s architecture designed utilizing next-gen cloud concepts.
– One company’s peer-to-peer “mish-mash” architecture.
– Tradition hub-spoke-hub architectures.

I have actually shown you the power of our genuinely cloud based platform. Now it’s my rival’s turn. What are you waiting for folks – reveal to us your architectures!

Best Offense And Defense Strategy For Risk And Security – Chuck Leaver

Written By Roark Pollock And Presented By Chuck Leaver Ziften CEO

 

Danger management and security management have long been dealt with as different functions typically performed by separate practical groups within an organization. The acknowledgment of the requirement for constant visibility and control across all assets has increased interest in looking for commonalities between these disciplines and the schedule of a brand-new generation of tools is enabling this effort. This discussion is extremely current given the ongoing problem many business organizations experience in bringing in and retaining certified security personnel to manage and secure IT infrastructure. A marriage of activity can help to better take advantage of these important personnel, decrease costs, and assist automate response.

Historically, danger management has been deemed an attack mandate, and is generally the field of play for IT operations teams. Often referred to as “systems management”, IT operations groups actively carry out device state posture monitoring and policy enforcement, and vulnerability management. The goal is to proactively mitigate possible risks. Activities that enhance risk decreasing which are performed by IT operations consist of:

Offending Risk Mitigation – Systems Management

Asset discovery, stock, and refresh

Software application discovery, usage tracking, and license rationalization

Mergers and acquisition (M&A) risk assessments

Cloud workload migration, tracking, and enforcement

Vulnerability evaluations and patch installs

Proactive help desk or systems analysis and problem response/ repair

On the other side of the field, security management is viewed as a protective game, and is generally the field of play for security operations teams. These security operations groups are normally responsible for danger detection, incident response, and resolution. The objective is to respond to a risk or a breach as quickly as possible in order to decrease impacts to the organization. Activities that fall squarely under security management which are performed by security operations consist of:

Defensive Security Management – Detection and Response

Threat detection and/or risk searching

User behavior tracking / insider danger detection and/or hunting

Malware analysis and sandboxing

Occurrence response and threat containment/ removal

Lookback forensic examinations and origin determination

Tracing lateral threat motions, and further threat removal

Data exfiltration determination

Effective businesses, naturally, need to play both offense AND defense similarly well. This requirement is driving organizations to acknowledge that IT operations and security operations need to be as lined up as possible. Therefore, as much as possible, it helps if these two teams are playing utilizing the very same playbook, or a minimum of working with the exact same data or single source of fact. This suggests both teams must strive to utilize a few of the same analytic and data collection tools and methods when it comes to managing and securing their endpoint systems. And if companies rely on the exact same workers for both tasks, it definitely assists if those people can pivot between both tasks within the very same tools, leveraging a single data set.

Each of these offensive and defensive tasks is critical to protecting an organization’s intellectual property, track record, and brand name. In fact, managing and prioritizing these jobs is what often keeps CIOs and CISOs up at night. Organizations should acknowledge chances to line up and consolidate teams, technologies, and policies as much as possible to guarantee they are concentrated on the most urgent need along the present danger and security management spectrum.

When it concerns handling endpoint systems, it is clear that organizations are approaching an “all the time” visibility and control model that allows continuous danger assessments, continuous danger monitoring, as well as constant efficiency management.

Thus, companies need to search for these 3 crucial abilities when assessing brand-new endpoint security systems:

Solutions that offer “all the time” visibility and control for both IT operations groups and security operations groups.

Solutions that supply a single source of fact that can be used both offensively for risk management, and defensively for security detection and response.

Architectures that easily integrate into existing systems management and security tool ecosystems to deliver even higher value for both IT and security teams.

This Year’s Experiences Defcon And Black Hat – Chuck Leaver

Written by Michael Vaughn And Presented By Ziften CEO Chuck Leaver

 

These are my experiences from Black Hat 2017. There is a minor addition in approaching this year’s summary. It is really in part due to the style of the opening presentation offered by Facebook’s Chief Security Officer, Alex Stamos. Stamos forecasted the significance of re focusing the security community’s efforts in working better together and diversifying security services.

“Working much better together” is relatively an oxymoron when examining the mass competition among hundreds of security companies fighting for clients throughout Black Hat. Based off Stamos’s messaging during the opening presentation this year, I felt it essential to include some of my experiences from Defcon also. Defcon has actually historically been an occasion for finding out and includes independent hackers and security experts. Last week’s Black Hat style concentrated on the social aspect of how companies ought to get along and genuinely assist others and each other, which has actually constantly been the overlying message of Defcon.

People checked in from all over the world this time:

Jeff Moss, aka ‘Dark Tangent’, the founder of Black Hat and Defcon, likewise wishes that to be the theme: Where you aim to help people gain knowledge and gain from others. Moss desires participants to stay ‘excellent’ and ‘practical’ throughout the conference. That is on par with what Alex Stamos from Facebook conveyed in his keynote about security businesses. Stamos asked that all of us share in the responsibility of assisting those that can not help themselves. He likewise raised another valid point: Are we doing enough in the security industry to truly assist people rather than simply doing it to make cash? Can we attain the objective of truly assisting individuals? As such is the juxtaposition of the 2 occasions. The primary distinctions between Black Hat and Defcon is the more business consistency of Black Hat (from vendor hall to the talks) to the true hacker neighborhood at Defcon, which showcases the innovative side of what is possible.

The organization I work for, Ziften, offers Systems and Security Operations software – offering IT and security teams visibility and control across all end points, on or off a corporate network. We also have a pretty sweet sock game!

Many guests flaunted their Ziften assistance by embellishing previous year Ziften sock styles. Looking great, feeling excellent!

The idea of joining forces to fight against the dark side is something most guests from all over the world embrace, and we are not any different. Here at Ziften, we aim to genuinely help our customers and the community with our solutions. Why provide or depend on an option which is limited to just exactly what’s inside the box? One that provides a single or handful of specific functions? Our software is a platform for combination and offers modular, individualistic security and functional solutions. The whole Ziften group takes the imagination from Defcon, and we push ourselves to attempt and build new, customized functions and forensic tools where standard security companies would shy away from or simply remain taken in by day-to-day tasks.

Delivering all-the-time visibility and control for any asset, anywhere is among Ziften’s main focuses. Our unified systems and security operations (SysSecOps) platform empowers IT and security operations teams to rapidly fix endpoint issues, lower general danger posture, speed hazard response, and boost operations efficiency. Ziften’s secure architecture provides continuous, streaming end point monitoring and historical data collection for enterprises, governments, and managed security providers. And remaining with this year’s Black Hat style of collaborating, Ziften’s partner integrations extend the value of incumbent tools and fill the gaps in between siloed systems.

Journalists are not permitted to take photos of the Defcon crowd, however I am not a journalist and this was prior to getting into a badge needed area:P The Defcon hoards and hooligans (Defcon mega-bosses using red t-shirts) were at a standstill for a strong 20 minutes waiting for initial access to the 4 massive Track meeting rooms on opening day.

The Voting Machine Hacking Village got a lot of attention at the event. It was interesting however absolutely nothing new for veteran attendees. I suppose it takes something noteworthy to amass attention around certain vulnerabilities.? All vulnerabilities for the majority of the talks and especially this town have actually already been revealed to the proper authorities prior to the event. Let us understand if you need assistance locking down one of these (looking at you government folks).

A growing number of personal data is becoming available to the public. For instance, Google & Twitter APIs are easily and publicly available to query user data metrics. This data is making it simpler for hackers to social engineer focused attacks on people and particularly individuals of power and rank, like judges and executives. This presentation titled, Dark Data, demonstrated how a simple yet fantastic de-anonymization algorithm and some data made it possible for these two white hats to recognize individuals with extreme precision and discover really personal details about them. This should make you hesitate about exactly what you have actually set up on your systems and people in your work environment. The majority of the above raw metadata was collected through a popular internet browser add-on. The fine tuning accompanied the algothrim and public APIs. Do you know what internet browser add-ons are operating in your environment? If the response is no, then Ziften can help.

This discussion was plainly about making use of Point-of-Sale systems. Although rather funny, it was a little scary at the speed at which one of the most frequently utilized POS systems could be hacked. This specific POS hardware is most commonly utilized when paying in a taxi. The base operating system is Linux and although on an ARM architecture and safeguarded by tough firmware, why would a company risk leaving the security of consumer credit card details entirely up to the hardware supplier? If you look for additional security on your POS systems, then look no further than Ziften. We secure the most frequently used business operating systems. If you wish to do the enjoyable thing and install the video game Doom on one, I can send you the slide deck.

This guy’s slides were off the charts exceptional. Exactly what wasn’t excellent was how exploitable the MacOS is throughout the setup process of very common applications. Generally each time you install an application on a Mac, it needs the entry of your intensified opportunities. However what if something were to somewhat modify code a moment before you entering your Administrator qualifications? Well, the majority of the time, probably something bad. Anxious about your Mac’s running malware wise sufficient to detect and change code on typical vulnerable applications prior to you or your user base entering qualifications? If so, we at Ziften Technologies can assist.

We help you by not replacing all of your toolset, although we frequently discover ourselves doing just that. Our aim is to utilize the advice and current tools that work from different suppliers, guarantee they are running and installed, guarantee the perscribed hardening is certainly intact, and guarantee your operations and security teams work more efficiently together to attain a tighter security matrix throughout your environment.

Key Takeaways from Black Hat & Defcon 2017:

1) More powerful together

– Alex Stamos’s keynote
– Jeff Moss’s message
– Visitors from around the globe interacting
– Black Hat need to maintain a friendly neighborhood spirit

2) Stronger together with Ziften

– Ziften plays good with other software application vendors

3) Popular existing vulnerabilities Ziften can assist avoid and solve

– Point-of-Sale accessing
– Voting machine tampering
– Escalating MacOS advantages
– Targeted specific attacks

Got Movie Apps On Your Device? Be Careful Of Subtitle Packages – Chuck Leaver

Written By Josh Harriman And Presented By Chuck Leaver Ziften CEO

 

Do you like watching films with trendy apps like Kodi, SmartTV or VLC on your devices? How about requiring or wanting subtitles with those motion pictures and just getting the current pack from OpenSubtitles. No problem, seems like a great evening in your home. Issue is, according to a research study by Check Point, there could be a nasty surprise waiting for you.

For the hackers to take control of your ‘world’, they need a vector or some way to acquire entry to your system. There are some typical ways that takes place these days, such as smart (and not so smart) social engineering techniques. Getting e-mails that appear to come from buddies or co-workers which were spoofed and you opened an attachment, or went to some website and if the stars lined up, you were pwned. Normally the star alignment part is not that tough, only that you have some vulnerable software application running that can be accessed.

Given that the technique is getting users to work together, the target audience can in some cases be tough to find. But with this most current research study posted, many of the major media giants have a distinct vulnerability when it comes to accessing and translating subtitle plans. The 4 primary media giants noted in the short article are fixed to date, however as we have seen in the past (just look at the recent SMB v1 vulnerability issue) even if a fix is available, does not mean that users are upgrading. The research has actually also declined to show the technical information around the vulnerability to permit other vendors time to patch. That is a good sign and the appropriate approach I think scientists must take. Inform the supplier so they can repair the concern as well as announce it openly so ‘we the people’ are notified and know what to watch out for.

It’s difficult to stay up to date with the numerous ways you can get infected, however at least we have researchers who tirelessly attempt to ‘break’ things to discover those vulnerabilities. By performing the proper disclosure approaches, they assist everybody take pleasure in a more secure experience with their devices, and in this case, a fantastic night in at the movies.