This Is What You Do For Protection Against The KRACK Vulnerability – Chuck Leaver

Written By Dr Al Hartmann And Presented By Chuck Leaver


Enough media attention has actually been generated over the Wi-Fi WPA2 defeating Key Reinsertion Attack (KRACK), that we don’t have to re-cover that again. The initial finder’s site is a good location to evaluate the issues and connect to the detailed research findings. This might be the most attention paid to a fundamental communications security failure since the Heartbleed attack. During that earlier attack, a patched variation of the susceptible OpenSSL code was launched on the exact same day as the general disclosure. In this brand-new KRACK attack, similar responsible disclosure guidelines were followed, and patches were either currently released or quickly to follow. Both wireless endpoints and wireless network devices must be properly patched. Oh, and good luck getting that Chinese knockoff wireless security camera bought off eBay patched quickly.

Here we will just make a couple of points:

Take inventory of your wireless devices and take action to make sure appropriate patching. (Ziften can carry out passive network stock, including wireless networks. For Ziften-monitored end points, the readily available network interfaces along with used patches are reported.) For business IT personnel, it is patch, patch, patch every day anyhow, so absolutely nothing new here. But any unmanaged wireless devices need to be identified and verified.

Windows and iOS endpoints are less susceptible, while unpatched Linux and Android endpoints are extremely vulnerable. Many Linux end points will be servers without wireless networking, so not as much exposure there. But Android is another story, particularly given the balkanized state of Android updating across device makers. Most likely your business’s biggest direct exposure will be Android and IoT devices, so do your danger analysis.

Avoid wireless access through unencrypted protocols such as HTTP. Stick to HTTPS or other encrypted protocols or utilize a safe VPN, but know some default HTTPS sites permit compromised devices to coerce downgrade to HTTP. (Note that Ziften network monitoring reports IP addresses and ports used, so take a look at any wireless port 80 traffic on unpatched endpoints.).

Continue whatever wireless network health practices you have been utilizing to recognize and silence rogue access points, unapproved wireless devices, etc. Grooming access point placement and transmission zones to reduce signal spillage outside your physical boundaries is also a smart practice, given that KRACK hackers should be present locally within the wireless network. Do not provide advantaged placement chances inside or close by to your environment.

For a more broad discussion around the KRACK vulnerability, take a look at our current video on the subject:

The Best Ways To Deliver Security Awareness Training – Chuck Leaver

Written By Chuck Leaver Ziften CEO


Efficient business cybersecurity presumes that individuals – your workers – do the ideal thing. That they don’t turn over their passwords to a caller who declares to be from the IT department doing a “credentials audit.” That they don’t wire $10 million to an Indonesian checking account after getting a midnight demand from “the CEO”.

That they don’t install an “urgent upgrade” to Flash Player based on a pop-up on a pornography website. That they do not overshare on social networks. That they don’t keep business information on file sharing services outside the firewall. That they do not link to unsecure WiFi networks. And they do not click links in phishing emails.

Our research shows that 75+% of security events are caused or aided by staff member mistakes.

Sure, you’ve set up endpoint security, email filters, and anti-malware services. Those preventative measures will most likely be for nothing, though, if your employees do the incorrect thing time and again when in a harmful scenario. Our cybersecurity efforts are like having an elegant vehicle alarm: If you don’t teach your teen to lock the car when it’s at the mall, the alarm is worthless.

Security awareness isn’t enough, naturally. Staff members will make mistakes, and there are some attacks that don’t need an employee error. That’s why you need endpoint security, email filters, anti-malware, etc. But let’s speak about reliable security awareness training.

Why Training Typically Fails to Have an Impact

Initially – in my experience, a great deal of staff member training, well, is poor. That’s particularly true of online training, which is usually horrible. But in many cases, whether live or canned, the training does not have credibility, in part since lots of IT experts are poor and unconvincing communicators. The training frequently concentrates on interacting and implementing rules – not altering risky habits and routines. And it resembles getting mandatory copy machine training: There’s absolutely nothing in it for the employees, so they don’t accept it.

It’s not about implementing guidelines. While security awareness training msy be “owned” by various departments, such as IT, CISO, or HR, there’s typically a lack of understanding about exactly what a safe and secure awareness program is. To start with, it’s not a checkbox; it has to be continuous. The training must be delivered in various methods and times, with a combination of live training, newsletters, small-group conversations, lunch-and-learns, and yes, even resources online.

Securing yourself is not complicated!

But a huge issue is the absence of objectives. If you do not know what you’re trying to do, you cannot see if you’ve done a good task in the training – and if dangerous behaviors in fact alter.

Here are some sample objectives that can cause reliable security awareness training:

Supply staff members with the tools to recognize and deal with ongoing daily security dangers they may receive online and through e-mail.

Let workers understand they are part of the team, and they can’t just count on the IT/CISO groups to handle security.

Halt the cycle of “unexpected ignorance” about safe computing practices.

Modify state of minds toward more safe practices: “If you see something, say something”.

Review of company rules and procedures, which are described in actionable terms which relate to them.

Make it Pertinent

No matter who “owns” the program, it’s vital that there is visible executive support and management buy-in. If the execs don’t care, the employees will not either. Reliable training will not speak about tech buzzwords; instead, it will focus on changing habits. Relate cybersecurity awareness to your employees’ personal life. (And while you’re at it, teach them ways to keep themselves, their household, and their house safe. Odds are they do not know and are reluctant to ask).

To make security awareness training really relevant, get employee concepts and motivate feedback. Measure success – such as, did the number of external links clicked by workers decrease? How about calls to tech support originating from security infractions? Make the training timely and real-world by including current scams in the news; sadly, there are numerous to select from.

In short: Security awareness training isn’t enjoyable, and it’s not a silver bullet. However, it is necessary for guaranteeing that risky employee behaviors don’t weaken your IT/CISO efforts to secure your network, devices, applications, and data. Ensure that you continuously train your staff members, and that the training works.

Ziften Creates Energy At Splunk .conf – Chuck Leaver

Written By Josh Applebaum And Presented By Chuck Leaver


Like many of you, we’re still recovering from Splunk.conf recently. As usual,. conf had great energy and the individuals who were in attendance were enthusiastic about Splunk and the many use cases that it offers through the large app ecosystem.

One important announcement during the week worth mentioning was a brand-new security offering referred to as “Content Updates,” which basically is pre-built Splunk searches for helping to find security occurrences.

Basically, it takes a look at the most recent attacks, and the Splunk security group develops new searches for how they would look through Splunk ES data to discover these types of attacks, then ships those new searches to consumer’s Splunk ES environments for automated signals when seen.

The best part? Because these updates are using mainly CIM (Common Info Model) data, and Ziften populates a great deal of the CIM models, Ziften’s data is currently being matched versus the new Content Updates Splunk has created.

A fast demonstration revealed which vendors are adding to each kind of “detection” and Ziften was pointed out in a great deal of them.

For instance, we have a recent blog post that shares how Ziften’s data in Splunk is utilized to find and respond to WannaCry.

Overall, with the approximately 500 individuals who visited the booth over the course of.conf I have to say it was one of the very best occasions we have actually performed in regards to quality discussions and interest. We had nothing but favorable reviews from our extensive discussions with all walks of business life – from highly technical experts in the public sector to CISOs in the monetary sector.

The most common conversation normally started with, “We are simply beginning to implement Splunk and are new to the platform.” I like those, given that individuals can get our Apps free of charge and we can get them an agent to experiment with and it gets them something to make use of right out of the box to demonstrate worth immediately. Other folks were extremely skilled and actually liked our approach and architecture.

Bottom line: People are really thrilled about Splunk and genuine options are available to assist individuals with real problems!

Want to know more? The Ziften ZFlow App and Technology Add-on helps users of Splunk and Splunk ES usage Ziften-generated extended NetFlow from end points, servers, and cloud VMs to see exactly what they are missing out on at the edge of their network, their data centers, and in their cloud deployments.

You Will Be Secure With Ziften Services – Chuck Leaver

Written By Josh Harriman And Presented By Chuck Leaver


Having the correct tools to hand is a given in our industry. However having the correct tools and services is one thing. Getting the best value out of them can be an obstacle. Even with all the ideal objectives and sufficiently experienced workers, there can be gaps. Ziften Services can assist to fill those spaces and keep you on track for success.

Ziften Services can enhance, or perhaps outright lead your IT Operations and Security groups to much better equip your organization with three great offerings. Every one is customized for a specific need and in light of the statistics from a current report by ESG (Enterprise Strategy Group) entitled “Patterns in Endpoint Security Study”, which mentioned 51% of responders in the research study stated they will be releasing and utilizing an EDR (endpoint detection and response) solution now and 35% of them plan to utilize managed services for the application, shows the need is out there for appropriate services around these products and solutions. Therefore, Ziften is offering our services knowing that numerous companies do not have the scale or know-how to implement and completely use needed tools such as EDR.

Ziften services are as follows:

Ziften Assess Service
Ziften Hunt Service
Ziften Respond Service

While each of the 3 services cover a special function, the latter 2 are more complementary to each other. Let’s take a look at each in a bit more information to better understand the advantages.

Assess Service

This service covers both IT functional and security groups. To determine your success in appropriate documentation and adherence of processes and policies, you have to start with an excellent strong baseline. The Assess services start by performing in-depth interviews with crucial decision makers to truly understand what is in place. From there, a Ziften Zenith implementation provides monitoring and data collection of key metrics within customer device networks, data centers and cloud implementations. The reporting covers asset management and efficiency, licensing, vulnerabilities, compliance and even anomalous habits. The outcome can cover a series of concerns such as M&An assessments, pre-cloud migration preparation and regular compliance checks.

Hunt Service

This service is a true 24 × 7 managed endpoint detection and response (MDR) offering. Organizations struggle to completely cover this essential element to security operations. That could be because of restricted personnel or important proficiency in threat searching strategies. Again, making use of the Ziften Zenith platform, this service uses constant tracking across client devices, servers, cloud VMs supporting Windows, Mac OSX and Linux os. One of the primary outcomes of this service is considerably minimizing threat dwell times within the environment. This has actually been spoken about quite often in the past couple of years and the numbers are shocking, usually in the order of 100s of days that hazards stay concealed within companies. You need somebody that can actively search for these enemies as well as can historically look back to previous occasions to discover habits you were not knowledgeable about. This service does use some hours of devoted Incident Response too, so you have all your bases covered.

Respond Service

When you up against it and have a real emergency, this service is exactly what you need. This is a tried and true IR team prepared for war 24 × 7 with a broad series of response tool sets at their disposal. You will get instant event evaluation and triage. Recommended actions line up with the intensity of the danger and what response actions have to happen. The teams are really versatile and will work from another location or if needed, can be on site where conditions necessitate. This could be your whole IR team, or will enhance and mix right in with your current team.

At the end of the day, you need services to assist optimize your possibilities of success in today’s world. Ziften has three excellent offerings and wants all our clients to feel secured and lined up with the very best functional and security posture available. Please connect to us so we can assist you. It’s what we are here to do!