All posts by chuckleav

Check Out This Advanced Hunting With Windows Defender ATP – Chuck Leaver

Written By Josh Harrimen And Presented By Chuck Leaver


Following on from our current partnership statement with Microsoft, our Ziften Security Research group has actually started leveraging a very great part of the Windows Defender Advanced Threat Protection (Windows Defender ATP) Security Center platform. The Advanced Searching feature lets users run queries against the information that has actually been sent by products and tools, for example Ziften, to discover intriguing habits quickly. These inquiries can be kept and shared among the user base of Windows Defender ATP users.

We have actually included a handful of shared inquiries up until now, however the outcomes are rather interesting, and we like the ease of use of the searching interface. Given that Ziften sends out endpoint data collected from macOS and Linux systems to Windows Defender ATP, we are focusing on those OS in our inquiry advancement efforts to showcase the complete coverage of the platform.

You can access the Advanced Hunting interface by selecting the database icon on the left hand side as shown below.

You can observe the high-level schema on the top left of that page with occasions such as ProcessCreation, Machineinfo, NetworkCommunication and some others. We ran some current malware within our Redlab and created some queries to find that data and create the results for examination. An example of this was OceanLotus. We developed a few queries to find both the dropper and files associated with this threat.

After running the inquiries, you get results with which you can interact with.

Upon inspection of the outcomes, we see some systems that have exhibited the searched for behavior. When you choose these systems, you can view the information of the particular system in question. From there you can view alerts activated and an event timeline. Details from the malicious process are revealed in the image below.

Extra behavior-based queries can also be run. For instance, we carried out another harmful sample which leveraged a few strategies that we queried. The screenshot directly below reveals an inquiry we ran when searching for the Gatekeeper program on a macOS being disabled from the command line. While this action could be an administrative action, it is certainly something you would wish to know is occurring within your environment.

From these query outcomes, you can again select the system under examination and further investigate the suspicious behaviors.

This blog post definitely doesn’t act as an in-depth tutorial on using the Advanced Searching function within the Windows Defender Advanced Threat Protection platform. However we wanted to put something together quickly to share our excitement about how simple it is to utilize this feature to conduct your very own custom-made danger hunting in a multi-system environment, and across Linux, Windows and macOS systems.

We eagerly anticipate sharing more of our experiments and research studies utilizing queries constructed using the Advanced Searching feature. We share our successes with everybody here, so stay tuned.

RSA 2018 Was Refreshing For A Number Of Reasons – Chuck Leaver

Written By Logan Gilbert And Presented By Chuck Leaver


After spending a few days with the Ziften team at the 2018 RSA Conference, my technology observation was: more of the very same, the normal suspects and the usual buzzwords. Buzz words like – “AI”, “machine learning”, “predictive” were wonderfully worn out. Lots of attention paid to prevention, everyone’s preferred attack vector – email, and everybody’s favorite vulnerability – ransomware.

The only surprise I encountered was seeing a smattering of NetFlow analysis businesses – great deals of smaller sized companies trying to make their mark using a really abundant, however hard to work with, data set. Really cool stuff! Find the small booths and you’ll discover lots of innovation. Now, in fairness to the bigger suppliers I know there are some really cool innovations therein, but RSA barely positions itself to seeing through the buzzwords to real worth.

The Buzz at RSA

I may have a prejudiced view given that Ziften has actually been partnering with Microsoft for the last six plus months, however Microsoft appeared to play a lot more popular leading role at RSA this year. First, on Monday, Microsoft revealed it’s all new Intelligent Security Association bringing together their security collaborations “to concentrate on defending customers in a world of increased threats”, and more significantly – reinforcing that defense through shared security intelligence throughout this environment of partners. Ziften is of course proud to be an establishing member in the Intelligent Security Association.

Furthermore, on Tuesday, Microsoft revealed a ground breaking partnership with many in the cybersecurity market named the “Cybersecurity Tech Accord.” This accord calls for a “digital Geneva Convention” that sets standards of habits for cyberspace just as the Geneva Conventions set rules for the conduct of war in the physical world.

RSA Attendees

A true interesting point to me though was the makeup of the expo audience itself. As I was likewise an exhibitor at RSA, I noted that of my visitors, I saw more “suits” and less t-shirts.

Ok, maybe not suits per se, but more security Supervisors, Directors, VPs, CISOs, and security leaders than I recall seeing in the past. I was motivated to see what I think are business decision makers having a look at security businesses first hand, as opposed to delegating that task to their security team. From this audience I often heard the same themes:

– This is overwhelming.
– I can’t discriminate in between one innovation and another.

RSA Absences

There were certainly less “technology trolls”. What, you might ask, are technology trolls? Well, as a supplier and security engineer, these are the guys (always males) that show up five minutes before the close of the day and drag you into a technical due-diligence workout for an hour, or at least up until the happy hour parties start. Their objective – definitely nothing beneficial to anyone – and here I’m presuming that the troll actually works for a company, so absolutely nothing useful for the business that actually paid thousands of dollars for their attendance. The only thing acquired is the troll’s self-affirmation that they are able to “beat down the vendor” with their technical expertise. I’m being extreme, however I’ve experienced the trolls from both sides, both as a vendor, and as a buyer – and back at the home office no one is basing buying choices based upon troll recommendations. I can just presume that businesses send out tech trolls to RSA and similar expos because they do not want them in their workplace.

Discussions about Holistic Security

Which brings me back to the kind of people I did see a lot of at RSA: security savvy (not just tech savvy) security leaders, who comprehend the business argument and decisions behind security technologies. Not just are they influencers but oftentimes the business owners of security for their respective companies. Now, apart from the above mentioned concerns, these security leaders seemed less concentrated on an innovation or specific usage case, but rather a focus on a desire for “holistic” security. As we understand, great security needs a collection of innovations, policy and practice. Security savvy customers wanted to know how our innovation fitted into their holistic service, which is a refreshing modification of dialog. As such, the types of concerns I would hear:

– How does your technology partner with other solutions I currently use?
– More notably: Does your business really buy into that collaboration?

That last concern is important, basically asking if our collaborations are just fodder for a site, or, if we really have an acknowledgment with our partner that the sum is greater than the parts.

The latter is what security experts are searching for and need.

To Conclude

In general, RSA 2018 was terrific from my viewpoint. After you go beyond the jargon, much of the buzz centered on things that matter to clients, our industry, and us as people – things like security partner communities that add worth, more holistic security through genuine partnership and significant integrations, and face to face conversations with business security leaders, not technology trolls.

Discovering Unmanaged Assets In Your Cloud Environment – Chuck Leaver

Written By Logan Gilbert And Presented By Chuck Leaver


We all identify with the vision of the masked bad guy bending over his computer late in the evening – accessing a corporate network, stealing valuable data, vanishing without a trace. We personify the opponent as smart, determined, and crafty. But the truth is the vast majority of attacks are made possible by easy human carelessness or recklessness – making the job of the cyber criminal an easy one. He’s inspecting all the doors and windows continuously. All it takes is one error on your part and hegets in.

Exactly what do we do? Well, you know the answer. We invest a large portion of our IT budget plan on security defense-in-depth systems – designed to identify, trick, fool, or outright obstruct the bad guys. Let’s park the discourse on whether or not we are winning that war. Since there is a far easier war taking place – the one where the opponent enters your network, business crucial application, or IP/PPI data through a vector you didn’t even comprehend you had – the asset that is unmanaged – often described as Shadow IT.

Believe this is not your company? A current research study recommends the average business has 841 cloud apps in use. Surprisingly, most IT executives believe the variety of cloud apps in use by their organization is around 30-40 – suggesting they are incorrect by an element of 20 times. The very same report highlights that over 98% of cloud apps are not GDPR prepared, and 95% of enterprise class cloud apps are not SOC 2 ready.

Defining Unmanaged Assets/Shadow IT

Shadow IT is defined as any SaaS application utilized – by workers, departments, or whole company units – without the comprehension or authorization of the business’s IT department. And, the introduction of ‘everything as a service’ has made it even easier for workers to access whatever software they feel is needed to make them more productive.

The Effect

Well-intentioned employees normally do not understand they’re breaking business guidelines by activating a new server instance, or downloading unauthorized apps or software offerings. However, it happens. When it does, three problems can emerge:

1. Corporate standards within a company are compromised since unauthorized software applications means each computer system has different capabilities.

2. Rogue software often comes with security defects, putting the whole network at risk and making it much more tough for IT to handle security risk.

3. Asset blind spots not only drive up security and compliance threats, they can increase legal dangers. Information retention policies developed to restrict legal liability are being compromised with details stored on unapproved cloud assets.

Three Key Considerations for Dealing With Unmanaged Asset Risk

1. Initially, release tools that can offer extensive visibility into all cloud assets- managed and unmanaged. Know what brand-new virtual machines have actually been triggered this week, along with exactly what other devices and applications with which each VM instance is communicating.

2. Second, ensure your tooling can offer constant stock of authorized and unauthorized virtual machines running in the cloud. Make certain you can see all IP connections made to each asset.

3. Third, for compliance and/or forensic analysis purposes try to find a service that supplies a capture of any and all assets (virtual and physical) that have actually ever been on the network – not just a service that is limited to active assets – and within a short look back window.

Ziften approach to Unmanaged Asset Discovery

Ziften makes it easy to rapidly discover cloud assets that have been commissioned beyond IT’s purview. And we do it continuously and with deep historic recall within your reach – consisting of when each device first connected to the network, when it last appeared, and how often it reconnects. And if a virtual device is decommissioned, no problem, we still have all its historic habits data.

Recognize and protect concealed attack vectors coming from shadow IT – prior to a disaster. Know what’s going on in your cloud environment.

Fantastic New Intelligent Security Association From Microsoft – Chuck Leaver

Written By David Shefter And Presented By Chuck Leaver


It’s a great strategy: Microsoft has produced a system for third party security providers, like Ziften, to cooperate to much better secure our clients. Everyone wins with the new Microsoft Intelligent Security Association, announced very recently – and we delighted to be an establishing member and part of the launch. Congratulations to Microsoft!

Security Intelligence Sharing

One of the most interesting tasks coming out of Microsoft has been the new Microsoft Intelligent Security Graph, a danger intelligence engine built on machine learning. The Intelligent Security Graph forms the foundation of the new association – and the foundation of a lot of brand-new opportunities for innovation.

As Microsoft states, “Today, with the immense computing benefits presented by the cloud, the Machine learning and Artificial Intelligence is discovering new ways to use its abundant analytics engines and by applying a mix of automated and manual processes, machine learning and human professionals, we have the ability to produce a smart security graph that develops from itself and evolves in real-time, decreasing our collective time to detect and respond to new incidents.”

The need for much better, more intelligent, security is substantial, which is why we’re delighted to be a founding member of the new association.

As Microsoft’s Brad Anderson, Microsoft Corporate Vice President, Enterprise Mobility + Security, just recently composed, “Approximately 96% of all malware is polymorphic – which means that it is just experienced by a single user and device prior to being replaced with yet another malware variant. This is due to the fact that for the most part malware is caught nearly as quick as it’s created, so malware developers continuously evolve to try and stay ahead. Data like this reinforces how crucial it is to have security solutions in place that are as nimble and ingenious as the attacks.”

Endpoint Detection and Response that is Advanced

Which brings us to the kind of advanced endpoint detection and response (EDR) that Ziften provides to desktops, servers, and cloud assets – offering the enterprise unique all-the-time visibility and control for any asset, anywhere. No one provides the functionality you’ll discover in Ziften’s Zenith security platform.

That’s where the Microsoft Intelligent Security Association comes in. At the end of the day, even the best defenses can be breached, and security teams must respond quicker and more strongly to make sure the security of their data and systems.

Ziften and Microsoft are providing fully integrated danger defense that covers customers’ endpoints – meaning customer devices, servers, and the cloud – with a foundation of shared intelligence and the power of the cloud to change monitoring of business systems.

What Microsoft is Stating

“The Intelligent Security Association improves cooperation from leading sources to protect clients,” said Microsoft. “Having actually currently achieved strong customer momentum with our incorporated Ziften and Microsoft Windows Defender ATP option, clients stand to additionally gain from continued collaboration.”

In addition, “Continued integration and intelligence sharing within the context of the Microsoft Intelligent Security Graph makes it possible for joint clients to more quickly and properly find, investigate and respond to attacks throughout their whole endpoint and cloud base.”

What Ziften is Stating

Ziften’s CEO, Chuck Leaver, is informing everyone that our founding subscription in the Microsoft Intelligent Security Association is a huge win for our joint customers and potential customers – and it combines everybody in the Microsoft universe and beyond (note that Ziften’s Mac and Linux products are also part of the Microsoft partnership). “As security suppliers, we all recognize the need to work together and collaborate to protect our customers and their employees. Kudos to Microsoft for leading this market effort,” Chuck stated.

The outcome: Better security for our customers, and tighter integration and more innovation in the market. It’s a genuine win for everybody. Except for the hackers, obviously. They lose. Sorry, not sorry, guys.

Take Advantage Of The Improvements To Our Channel Program – Chuck Leaver

Written By Greg McCreight And Presented By Chuck Leaver


If you are a reseller, integrator, distributor, managed service provider – the brand-new Ziften Activate Partner Program is here, it’s ready to go, and will be great for your profitability (and for decreasing your customers’ anxiety about cybersecurity).

Ziften is 100 percent focused on the channel, and as we grow and progress in the market, we understand that your success is our success – and also our success is your success. And it is already happening: 96% of our sales in 2017 were through the channel! That’s why we developed the new Activate Partner Program to give you the resources you need to grow your organization with Ziften security solutions.

We kicked it all off with a very effective, cross platform Endpoint Detection and Response (EDR) solution, Ziften Zenith. Clients love it. Technology Partners love it. Resellers really love it. The industry loves it. And analysts really love it.

I need to share this from the conclusion of our broadband testing report, which discusses SysSecOps, or Systems Security Operations – an emerging classification where Ziften is a market leader:

Key to Ziften’s endpoint technique in this category is complete visibility – let’s face it, how can you protect if you cannot see or do not know what is there in the first place? With its Zenith platform, Ziften has a product that ticks all the SysSecOps boxes and more …

In general, Ziften has a very competitive offering in what is a very legitimate, emerging IT category in the form of SysSecOps and one that must be on the assessment short-list.

By the way: Microsoft just recently partnered with Ziften to develop an integration between Zenith and Microsoft Windows Defender ATP, to allow Microsoft customers to protect Linux and Mac systems with the same single pane of glass as they use to protect Windows systems.

Enough about Ziften. Let’s concentrate on you. You and the Activate Partner Program.

We have actually created a multi-tier partner program that has improved discounts, additional resources, and powerful market advancement assistance. We know a one-size-fits-all program doesn’t work, not in the market today.

With Activate, we take a hands-on stance to onboarding new partners; making it easy for those for whom security is a relatively insignificant element of your business; and rewarding top tier partners who have actually dedicated themselves to Ziften.

Here’s exactly what you will receive with the Activate Partner Program – and we’ll work alongside with you to guarantee that Activate fulfills your needs perfectly:

Security for more of your client’s environment – endpoints, servers, and cloud

Visibility and security for your client’s complex, multi-cloud deployments

Easy security tool integrations to provide really tailored, distinguished solutions

Hands-on, tailored assistance and life-cycle knowledge

Rich financial incentives that encourage your long-term financial investment and benefit on-going success

Market advancement support to drive incremental demand and lead generation

World-class, hands-on assistance from our field sales, sales engineers, technical support, and specialists

The Activate program integrates our successful security services, monetary investments, and hands-on support to assist you develop more opportunity and close more deals.

What You Need To Do Prior To Cloud Asset Migration – Chuck Leaver

Written By Logan Gilbert And Presented By Chuck Leaver


It bears reiterating – the Web has actually forever altered the world for individuals and organizations alike. When it comes to the latter, every element of modern-day IT is undergoing digital improvement. IT departments all over are under pressure to make information extremely accessible and at lower expense – all while securing important data from damage, loss, or cyber theft.

Central to this technique is the migration of data centers to the cloud. In fact, 19% of company workloads are expected to be in the general public cloud by the end of 2019, and fifty percent over the next decade.

What is Cloud Asset Migration?

Cloud migration is the process of moving data, applications or other organization components from an organization’s on premise infrastructure to the cloud or moving them from one cloud service to another.

The diagram below illustrates this migration of file-server(s), data, and application(s) from an on premise server infrastructure to a cloud environment.

Cloud service providers enable businesses to migrate some or all IT infrastructure to the cloud for scale, speed, service flexibility, ease of management, and minimized expenses. The advantages are nothing except engaging.

Utilizing Cloud Computing is transforming the corporate landscape. With the technological advancements, individuals are leaning more towards a virtual workplace meaning that you can work from anywhere and anytime making use of cloud computing.

What To Consider With Cloud Asset Migration

However, as with any significant IT infrastructure change, a move to the cloud requires thoughtful planning and execution for the process to happen within budget and on time. Moving a server, database, application, or all of the above to the cloud is not without threat. System interruptions, performance deterioration, data loss and more are likely to happen as a result of misconfigurations, system failures, and security exploits.

Case in point: 43% of those who have actually gone through a cloud asset migration have experienced a failure or delayed execution. Why? Because each asset migration is a ‘snowflake’ with its own level of complexity.

Let’s look at 3 aspects to consider for successful cloud asset migration.

1. Have a Strategy

First, there has to be a tactical migration plan. That strategy ought to assist answer questions like the following:

Which IT assets should be migrated in the first place?
If you are moving some, or all, of your infrastructure to the cloud, how will you develop and preserve asset control?
How will you inventory what you have – before and after the relocation?
Do you even have to migrate everything?
What is the first thing to move?

2. Clean Up Exactly What’s in Place Now

To address these tactical questions effectively, you’ll need definitive visibility into each asset under roof now, in addition to pertinent attributes of each asset. Whether your assets today are operating on physical or virtual server infrastructure, you have to comprehend:

What assets exist now? Discover all the linked assets and comprehend whether they are currently handled and unmanaged.
Recognize low usage and/or unused systems. Should these systems be gotten rid of or repurposed prior to migration?
Determine low use and/or unused applications. Are these applications required at all? Should they be eliminated prior to migration?
Identify and clean up aspects of duplication, be it systems and/or applications.
Now recognize those business-critical systems and applications that will now be migrated as part of your strategy. With this detailed asset data in hand, you can sharpen your migration method by segmenting what ought to – and should not be moved – or at least crisply focus on based upon organization importance.

3. Plan for Cloud Visibility Post Migration

Now that you’re equipped with detailed, accurate current and historical asset data, how will you keep this level of visibility after your effective cloud asset migration?

While the cost advantages of moving to the cloud are often extremely engaging, uncontrolled asset/ virtual device proliferation can quickly wear down those cost benefits. So, before performing your cloud asset migration, make certain you have a cloud visibility service in place that:

Finds/ monitors all connected assets across your single or multi-cloud environment
Inventories, finger prints, and classifies found assets
Alerts on brand-new or unanticipated asset discovery and/or behavior within the cloud environment
Incorporates with existing ticketing, workflow, and/or CMDB systems

Ziften Cloud Visibility and Security

Ongoing cloud visibility into each device, user, and application indicates you can administer all parts of your infrastructure more effectively. You’ll prevent squandering resources by avoiding VM expansion, plus you’ll have an in-depth body of data to comply with audit requirements for NIST 800-53, HIPAA, and other compliance policies.

Follow the above when you migrate to the cloud, and you’ll avoid weak security, insufficient compliance, or operational problems. Ziften’s approach to cloud visibility and security offers you the intelligence you require for cloud asset migration without the difficulties.

Calling Microsoft Channel Partners Don’t Miss This Security Opportunity – Chuck Leaver

Written By Greg McCreight And Presented By Chuck Leaver


Windows Defender Advanced Threat Protection (WDATP) is very good, popular with Microsoft channel partners around the globe. It is probable that you’re already working with Microsoft customers to set up and look after WDATP on their Windows endpoints.

I’m delighted to tell you about a brand-new opportunity: Get a fast start with an industry leading solution that integrates right into WDATP: Ziften Zenith. For a minimal time, Microsoft channel partners can leverage our new “Fast Start” program to collaborate with Ziften.

With “Fast Start,” you enjoy all the benefits of Ziften’s top tier partner status for a full year, and we’ll assist you to get up to speed rapidly with joint market and business advancement resources – and with a waiver of the usual sales volume dedication connected with Gold Status.

If you don’t know Ziften, we supply infrastructure visibility and collaborated risk detection, avoidance, and response across all endpoint devices and cloud environments. Zenith, our flagship security platform, easily deploys to client devices, servers, and virtual machines.

When installed, Zenith continuously collects all the info required to accurately evaluate the present and historical state of all handled devices consisting of system, user habits, network connectivity, application, binary, and procedure data. Zenith provides your customers’ IT and security teams with continuous visibility and control of all managed assets consisting of constant tracking, signaling, and automated or manual actions.

Zenith is cross platform – it works with and protects Windows, Mac, Linux, and other endpoints.

What’s specifically notable – and here’s the chance – is that Ziften has teamed up with Microsoft to incorporate Zenith with Windows Defender ATP. That means your customers can use WDATP on Windows systems and Zenith on their macOS and Linux systems to detect, see, and react to cyberattacks all utilizing only the WDATP Management Console for all the systems. Zenith is concealed in the background.

A single pane of glass, to handle Windows, Mac, Linux endpoints, which can include desktops, notebooks, and servers. That makes Zenith the best service to offer your existing WDATP customers… and to make your bids for brand-new WDATP business more complete for multi-platform enterprise potential customers.

What’s more, providing Zenith can help you speed customer migrations to Windows 10, and offer more Business E5 commercial editions.

” Fast Start” for a Year with Gold Status

Ziften is completely concentrated on the channel: 96% of our sales in 2017 were through the channel. We are delighted to bring the “Fast Start” program to existing Microsoft channel partners, throughout the world.

With “Fast Start,” you can sign up for the Ziften Channel Program with these benefits:

Expedited Approval and On-Boarding – Ziften channel managers and field sales work directly with you to get working providing the Zenith endpoint security solution incorporated with Windows Defender ATP.

Superior Security Worth – You’ll be uniquely positioned to offer clients and potential customers greater security worth across more of their overall environment than ever, increasing the number of supported and secured Windows, Mac, and Linux systems.

Hands-On Collaboration – Ziften dedicates field sales, sales engineers, and marketing to support your day-to-day pre-sales engagements, drive new sales opportunities, and help to close more deals with Microsoft and Ziften endpoint security.

Here’s what one significant Microsoft channel partner, says about this – this is Ronnie Altit, founder and CEO of Insentra, a “partner-obsessed” Australian IT services business that works specifically through the IT channel:

” As a big Microsoft reseller, teaming with Ziften to use their Zenith security platform integrated with Microsoft Windows Defender ATP was a no-brainer. We’re thrilled at the seamless integration between Zenith and Windows Defender ATP offering our customers holistic security and visibility across their Windows and non-Windows systems. Ziften has been a pleasure to deal with, and helpful at every step of the procedure. We expect to be exceptionally successful offering this effective security solution to our customers.”

More Focus On Women In Cybersecurity Highlighted By Girl Scout Badges – Chuck Leaver

Written By Kim Foster And Presented By Chuck Leaver


It’s clear that cybersecurity is getting more global attention than before, and enterprises are truly worried if they are training adequate security professionals to fulfill growing security risks. While this issue is felt across the commercial world, lots of people did not anticipate Girl Scouts to hear the call.

Starting this fall, countless Girl Scouts across the country have the chance to receive cybersecurity badges. Girl Scouts of the USA teamed up with Security Company (and Ziften tech partner) Palo Alto Networks to develop a curriculum that informs girls about the essentials of computer system security. According to Sylvia Acevedo, CEO of GSUSA, they produced the program based upon need from the ladies themselves to safeguard themselves, their computers, and their household networks.

The timing is good, since in accordance with a study launched in 2017 by (ISC), 1.8 million cybersecurity positions will be unfilled by 2022. Factor in increased demand for security pros with stagnant growth for ladies – just 11 percent for the past few years – our cybersecurity staffing troubles are poised to intensify without significant effort on behalf of the market for much better inclusion.

Naturally, we cannot count on the Girl Scouts to do all of the heavy lifting. More comprehensive instructional efforts are a given: according to the Computing Technology Industry Association, 69 percent of U.S. ladies who do not have a profession in infotech pointed out not knowing what chances were available to them as the reason they did not pursue one. Among the terrific untapped chances of our market is the recruitment of more diverse specialists. Targeted educational programs and increased awareness must be high priority. Raytheon’s Ladies Cyber Security Scholarship is a good example.

To reap the rewards of having females supported forming the future of innovation, it is necessary to dispel the exclusionary understanding of “the boys’ club” and remember the groundbreaking contributions made by females of the past. Lots of people know that the first computer programmer was a lady – Ada Lovelace. Then there is the work of other famous leaders such as Grace Hopper, Hedy Lamarr, or Ida Rhodes, all who might stimulate some vague recollection amongst those in our industry. Female mathematicians developed programs for one of the world’s first totally electronic general-purpose computers: Kay McNulty, Jean Jennings Bartik, Betty Snyder, Marlyn Meltzer, Fran Bilas, and Ruth Lichterman were simply a few of the first programmers of the Electronic Numerical Integrator and Computer (much better referred to as ENIAC), though their important work was not commonly recognized for over half a century. In fact, when historians initially found photos of the ladies in the mid-1980s, they misinterpreted them for “Refrigerator Ladies” – models posing in front of the machines.

It deserves noting that numerous folk believe the very same “boys’ club” mentality that overlooked the accomplishments of women in history has resulted in restricted leadership positions and lower incomes for contemporary females in cybersecurity, along with straight-out exemption of female luminaries from speaking chances at industry conferences. As patterns go, omitting bright individuals with appropriate understanding from influencing the cybersecurity market is an unsustainable one if we intend to keep up with the cybercriminals.

Whether or not we jointly do something to promote more inclusive offices – like educating, hiring, and promoting women in greater numbers – it is heartening to see an organization synonymous with charity event cookies successfully notify a whole market to that girls are genuinely interested in the field. As the Girls Scouts these days are provided the tools to pursue a career in information security, we need to prepare for that they will end up being the very ladies who ultimately reprogram our expectations of what a cybersecurity professional appears like.

Check Your Macs As They Could Be A Security Risk – Chuck Leaver

Written By Roark Pollock And Presented By Chuck Leaver


Do you have Mac computers? That’s fine. I have one too. Have you locked your Macs down? If not, your business has a possibly severe security weak point.

It’s a fallacy to think that Macintosh computers are naturally protected and do not need to be secured against malware or hacking. Lots of folk believe Macs are undoubtedly arguably more safe than Windows desktops and laptops, due to the design of the Unix-oriented kernel. Definitely, we see fewer security patches released for macOS from Apple, compared with security patches for Windows from Microsoft.

Less security flaws is not absolutely no defects. And more secure doesn’t imply complete safety.

Examples of Mac Vulnerabilities

Take, for example, the macOS 10.13.3 update, issued on January 23, 2018, for the current variations of the Mac’s operating system. Like a lot of present computers running Intel processors, the Mac was vulnerable to the Meltdown flaw, which meant that malicious applications may be able to read kernel memory.

Apple needed to patch this defect – in addition to numerous others.

For instance, another problem could enable malicious audio files to execute random code, which could break the system’s security integrity. Apple needed to patch it.

A kernel flaw implied that a malicious application might have the ability to execute random code with kernel advantages, giving cyber criminals access to anything on the device. Apple needed to patch the kernel.

A flaw in the WebKit library meant that processing maliciously crafted web material may lead to random code execution. Apple needed to patch WebKit.

Another defect suggested that processing a harmful text message may cause application denial of service, locking up the system. Whoops. Apple had to patch that flaw also.

Do not Make The Exact Same Mistakes as Consumers

Lots of consumers, thinking all the discussions about how terrific macOS is, opt to run without security, relying on the macOS and its integrated application firewall to block all manner of bad code. Problem: There’s no built-in anti virus or anti malware, and the firewall can just do so much. And numerous businesses wish to overlook macOS when it concerns visibility for posture monitoring and hardening, and risk detection/ hazard searching.

Consumers often make these presumptions since they don’t know any better. IT and Security professionals ought to never ever make the same mistakes – we must know much better.

If a Mac user sets up bad software, or includes a destructive web browser extension, or opens a bad e-mail attachment, or clicks on a phishing link or a nasty advertisement, their machine is corrupted – similar to a Windows machine. However within the enterprise, we need to be prepared to handle these concerns, even on Macs.

So What Do You Do?

Exactly what do you have to do?

– Set up anti-virus and anti malware on business Mac computers – or any Mac that has access to your company’s material, servers, or networks.
– Monitor the state of Macs, just like you would with Windows computers.
– Be proactive in applying fixes and patches to Mac computers, once again, just like with Windows.

You need to also eliminate Mac computers from your corporate environment which are too old to run the current variation of macOS. That’s a lot of them, due to the fact that Apple is respectable at keeping hardware that is older. Here is Apple’s list of Mac models that can run macOS 10.13:

– MacBook (Late 2009 or newer).
– MacBook Pro (Mid 2010 or newer).
– MacBook Air (Late 2010 or newer).
– Mac mini (Mid 2010 or newer).
– iMac (Late 2009 or more recent).
– Mac Pro (Mid 2010 or more recent).

When the next version of macOS comes out, a few of your older machines may fall off the list. They should drop off your inventory too.

Ziften’s Viewpoint.

At Ziften, with our Zenith security platform, we strive to preserve visibility and security feature parity in between Windows systems, macOS systems, and Linux-based systems.

In fact, we’ve partnered with Microsoft to incorporate our Zenith security platform with Microsoft Windows Defender Advanced Threat Protection (ATP) for macOS and Linux monitoring and threat detection and response coverage. The integration makes it possible for customers to detect, view, investigate, and respond to sophisticated cyber attacks on macOS machines (and also Windows and Linux-based endpoints) straight within the Microsoft WDATP Management Console.

From our viewpoint, it has constantly been important to give your security groups self-confidence that every desktop/ laptop endpoint is safeguarded – and hence, the enterprise is secured.

It can be hard to believe, 91% of enterprises state they have some Macs. If those computers aren’t safeguarded, as well as appropriately incorporated into your endpoint security systems, the business is not secured. It’s just that basic.

Security Industry Strategic Alliances Are The Way Forward – Chuck Leaver

Written By Chuck Leaver


Nobody can fix cybersecurity alone. No one product company, no single company, nobody can deal with the whole issue. To deal with security requires cooperation between various players.

Often, those companies are at various levels of the solution stack – some install on endpoints, some within applications, others within network routers, others at the telco or the cloud.

Sometimes, those companies each have a particular best of breed piece of the puzzle: one company specializes in email, others in crypto, others in disrupting the kill chain.

From the enterprise client’s perspective, reliable security needs putting together a set of tools and services into a working whole. Speaking from the suppliers’ point of view, effective security requires tactical alliances. Sure, each vendor, whether making hardware, composing software, or using services, has its own products and intellectual property. Nevertheless, we all work better when we interact, to enable integrations and make life easy for our resellers, our integrators- and the end customer.

Paradoxically, not just can suppliers make more money through strategic alliances, however end clients will conserve money at the same time. Why? A number of reasons.

Consumers do not lose their money (and time) with solutions which have overlapping capabilities. Consumers do not need to waste profits (and time) developing custom integrations. And customers won’t squander money (and time) trying to debug systems that battle each other, such as by causing extra alerts or hard to find incompatibilities.

The Ultimate Trifecta – Products, Services, and Channels

All 3 work together to satisfy the requirements of the business customer, and also benefit the vendors, who can focus on doing exactly what they do best, trusting strategic alliances to produce total solutions from jigsaw puzzle pieces.

Typically speaking, those solutions require more than basic APIs – which is where strategic alliances come in.

Think about the integration between products (like a network threat scanner or Ziften’s endpoint visibility options) and analytics options. End consumers do not want to operate a whole load of different control panels, and they don’t wish to manually associate anomaly findings from a lot of different security tools. Strategic alliances in between solution suppliers and analytics services – whether on-site or in the cloud – make good sense for everyone. That consists of for the channel, who can use and support complete services that are currently dialed in, currently debugged, currently documented, and will work with the least hassle possible.

Or consider the integration of solutions and managed security services providers (MSSPs). They want to use prospective customers pre-packaged services, preferably which can operate in their multi-tenant clouds. That suggests that the items must be scalable, with synergistic license terms. They should be well-integrated with the MSSP’s existing control panels and administrative control systems. And of course, they need to feed into predictive analytics and event response programs. The very best way to do that? Through strategic alliances, both horizontally with other product vendors, and with major MSSPs too.

How about major value add resellers (VAR)? VARs require products that are simple to understand, easy to support, and simple to include into existing security implementations. This makes new solutions more attractive, more cost effective, much easier to install, simpler to support – and reinforce the VAR’s client relationships.

What do they search for when contributing to their product portfolio? Brand-new solutions that have tactical alliances with their existing product offerings. If you don’t dovetail in to the VAR’s portfolio partners, well, you probably do not dovetail.

2 Examples: Fortinet and Microsoft

Nobody can solve cybersecurity alone, and that includes giants like Fortinet and Microsoft.

Consider the Fortinet Fabric-Ready Partner Program, where innovation alliance partners integrate with the Fortinet Security Fabric through Fabric APIs and are able to actively collect and share information to enhance hazard intelligence, enhance total risk awareness, and widen threat response from end to end. As Fortinet discusses in their Fortinet Fabric-Ready Partner Program Overview, “partner addition in the program signals to clients and the industry as a whole that the partner has worked together with Fortinet and leveraged the Fortinet Fabric APIs to establish confirmed, end-to-end security options.”

Likewise, Microsoft is pursuing a comparable technique with the Windows Defender Advanced Threat Protection program. Microsoft recently picked just a couple of key partners into this security program, saying, “We have actually spoken with our clients that they desire defense and visibility into potential risks on all of their device platforms and we have actually relied on partners to assist address this need. Windows Defender ATP provides security teams a single pane of glass for their endpoint security and now by collaborating with these partners, our consumers can extend their ATP service to their whole set up base.”

We’re the first to admit: Ziften cannot solve security alone. Nobody can. The best way forward for the security market is to progress together, through strategic alliances uniting product vendors, service providers, and the channel. That way, we all win, vendors, service companies, channel partners, and business customers alike.