Category Archives: Security Breaches

The Best Ways To Deliver Security Awareness Training – Chuck Leaver

Written By Chuck Leaver Ziften CEO

 

Efficient business cybersecurity presumes that individuals – your workers – do the ideal thing. That they don’t turn over their passwords to a caller who declares to be from the IT department doing a “credentials audit.” That they don’t wire $10 million to an Indonesian checking account after getting a midnight demand from “the CEO”.

That they don’t install an “urgent upgrade” to Flash Player based on a pop-up on a pornography website. That they do not overshare on social networks. That they don’t keep business information on file sharing services outside the firewall. That they do not link to unsecure WiFi networks. And they do not click links in phishing emails.

Our research shows that 75+% of security events are caused or aided by staff member mistakes.

Sure, you’ve set up endpoint security, email filters, and anti-malware services. Those preventative measures will most likely be for nothing, though, if your employees do the incorrect thing time and again when in a harmful scenario. Our cybersecurity efforts are like having an elegant vehicle alarm: If you don’t teach your teen to lock the car when it’s at the mall, the alarm is worthless.

Security awareness isn’t enough, naturally. Staff members will make mistakes, and there are some attacks that don’t need an employee error. That’s why you need endpoint security, email filters, anti-malware, etc. But let’s speak about reliable security awareness training.

Why Training Typically Fails to Have an Impact

Initially – in my experience, a great deal of staff member training, well, is poor. That’s particularly true of online training, which is usually horrible. But in many cases, whether live or canned, the training does not have credibility, in part since lots of IT experts are poor and unconvincing communicators. The training frequently concentrates on interacting and implementing rules – not altering risky habits and routines. And it resembles getting mandatory copy machine training: There’s absolutely nothing in it for the employees, so they don’t accept it.

It’s not about implementing guidelines. While security awareness training msy be “owned” by various departments, such as IT, CISO, or HR, there’s typically a lack of understanding about exactly what a safe and secure awareness program is. To start with, it’s not a checkbox; it has to be continuous. The training must be delivered in various methods and times, with a combination of live training, newsletters, small-group conversations, lunch-and-learns, and yes, even resources online.

Securing yourself is not complicated!

But a huge issue is the absence of objectives. If you do not know what you’re trying to do, you cannot see if you’ve done a good task in the training – and if dangerous behaviors in fact alter.

Here are some sample objectives that can cause reliable security awareness training:

Supply staff members with the tools to recognize and deal with ongoing daily security dangers they may receive online and through e-mail.

Let workers understand they are part of the team, and they can’t just count on the IT/CISO groups to handle security.

Halt the cycle of “unexpected ignorance” about safe computing practices.

Modify state of minds toward more safe practices: “If you see something, say something”.

Review of company rules and procedures, which are described in actionable terms which relate to them.

Make it Pertinent

No matter who “owns” the program, it’s vital that there is visible executive support and management buy-in. If the execs don’t care, the employees will not either. Reliable training will not speak about tech buzzwords; instead, it will focus on changing habits. Relate cybersecurity awareness to your employees’ personal life. (And while you’re at it, teach them ways to keep themselves, their household, and their house safe. Odds are they do not know and are reluctant to ask).

To make security awareness training really relevant, get employee concepts and motivate feedback. Measure success – such as, did the number of external links clicked by workers decrease? How about calls to tech support originating from security infractions? Make the training timely and real-world by including current scams in the news; sadly, there are numerous to select from.

In short: Security awareness training isn’t enjoyable, and it’s not a silver bullet. However, it is necessary for guaranteeing that risky employee behaviors don’t weaken your IT/CISO efforts to secure your network, devices, applications, and data. Ensure that you continuously train your staff members, and that the training works.

Ziften Creates Energy At Splunk .conf – Chuck Leaver

Written By Josh Applebaum And Presented By Chuck Leaver

 

Like many of you, we’re still recovering from Splunk.conf recently. As usual,. conf had great energy and the individuals who were in attendance were enthusiastic about Splunk and the many use cases that it offers through the large app ecosystem.

One important announcement during the week worth mentioning was a brand-new security offering referred to as “Content Updates,” which basically is pre-built Splunk searches for helping to find security occurrences.

Basically, it takes a look at the most recent attacks, and the Splunk security group develops new searches for how they would look through Splunk ES data to discover these types of attacks, then ships those new searches to consumer’s Splunk ES environments for automated signals when seen.

The best part? Because these updates are using mainly CIM (Common Info Model) data, and Ziften populates a great deal of the CIM models, Ziften’s data is currently being matched versus the new Content Updates Splunk has created.

A fast demonstration revealed which vendors are adding to each kind of “detection” and Ziften was pointed out in a great deal of them.

For instance, we have a recent blog post that shares how Ziften’s data in Splunk is utilized to find and respond to WannaCry.

Overall, with the approximately 500 individuals who visited the booth over the course of.conf I have to say it was one of the very best occasions we have actually performed in regards to quality discussions and interest. We had nothing but favorable reviews from our extensive discussions with all walks of business life – from highly technical experts in the public sector to CISOs in the monetary sector.

The most common conversation normally started with, “We are simply beginning to implement Splunk and are new to the platform.” I like those, given that individuals can get our Apps free of charge and we can get them an agent to experiment with and it gets them something to make use of right out of the box to demonstrate worth immediately. Other folks were extremely skilled and actually liked our approach and architecture.

Bottom line: People are really thrilled about Splunk and genuine options are available to assist individuals with real problems!

Want to know more? The Ziften ZFlow App and Technology Add-on helps users of Splunk and Splunk ES usage Ziften-generated extended NetFlow from end points, servers, and cloud VMs to see exactly what they are missing out on at the edge of their network, their data centers, and in their cloud deployments.

Why Vulnerability Lifecycle Management Is Vital For Your Career Prospects – Chuck Leaver

Written By Dr Al Hartmann And Presented By Chuck Leaver

 

The following headline struck the news last week on September 7, 2017:

Equifax Inc. today announced a cyber security occurrence possibly impacting around 143 million U.S. consumers. Criminals exploited a U.S. site application vulnerability to access to certain files. Based on the business’s examination, the unapproved gain access to occurred from mid-May through July 2017.

Lessons from Past Data Breaches

If you like your job, appreciate your function, and wish to retain it, then do not leave the door ajar for opponents. A significant data breach often begins with an unpatched vulnerability that is easily exploitable. Then the inevitable takes place, the cyber criminals are inside your defenses, the crown jewels have actually left the building, the press releases fly, costly specialists and outside legal counsel rack up billable hours, regulators come down, lawsuits are flung, and you have “some serious ‘splainin’ to do”!

We don’t know yet if the head splainer in the existing Equifax breach will make it through, as he is still in ‘splainin’ mode, asserting the infiltration began with the exploitation of an application vulnerability.

In such cases the usual rhumba line of resignations is – CISO initially, followed by CIO, followed by CEO, followed by the board of directors shakeup (especially the audit and corporate responsibility committees). Do not let this take place to your professional life!

Actions to Take Immediately

There are some commonsense steps to take to avoid the unavoidable breach catastrophe resulting from unpatched vulnerabilities:

Take stock – Inventory all data and system assets and map your network topology and attached devices and open ports. Know your network, it’s division, what devices are attached, what those devices are running, what vulnerabilities those systems and apps expose, what data assets they gain access to, the sensitivity of those assets, what defenses are layered around those assets, and what checks remain in place along all potential access points.

Streamline and toughen up – Carry out best practices suggestions for identity and access management, network segmentation, firewall and IDS setups, os and application setups, database access controls, and data file encryption and tokenization, while simplifying and cutting the number and intricacy of subsystems throughout your business. Anything too complex to manage is too intricate to secure. Select setup hardening heaven over breach response hell.

Continually monitor and scrutinize – Periodic audits are essential but not enough. Continually monitor, track, and examine all pertinent security events and exposed vulnerabilities – create visibility, occasion capture, analysis, and archiving of every system and session login, every application launch, every active binary and vulnerability direct exposure, every script execution, every command issued, every networking contact, every database transaction, and every delicate data access. Any holes in your security occasion visibility produce an attacker free-fire zone. Develop essential performance metrics, track them ruthlessly, and drive for relentless improvement.

Don’t accept operational excuses for insufficient security – There are constantly safe and secure and reliable functional policies, but they may not be painless. Not suffering a catastrophic data breach is long down the organizational pain scale from the alternative. Functional expedience or running legacy or misaligned concerns are not legitimate excuses for extenuation of poor cyber practices in an escalating risk environment. Make your voice heard.

What You Need To Learn From The Equifax Incident – Chuck Leaver

Written By Michael Levin And Presented By Chuck Leaver

 

Equifax, among the 3 major U.S. based credit reporting services just revealed a major data breach where hackers have stolen sensitive details from 143 million American customers.

Ways that the Equifax security breach WILL impact you:

– Personally – Your individual and household’s identity information is now known to hackers and will be targeted!

– Business – Your organizations might be impacted and targeted.

– Nationally – Terrorist, Nation States and organized crime groups may be involved or use this data to commit cybercrime to obtain financial gain.

Securing yourself is not complicated!

5 suggestions to safeguard yourself right away:

– Register for a credit tracking service and/or lock your credit. The quickest way to be informed that your credit is jeopardized is through a credit tracking service. Equifax has currently started the procedure of setting up totally free credit monitoring for those impacted. Other credit monitoring services are available and need to be thought about.

– Monitor all your financial accounts consisting of charge cards and all checking accounts. Ensure that all notifications are switched on. Make certain you are getting immediate text and email alerts for any modifications in your account or increased balances or transactions.

– Secure your bank and financial accounts, guarantee that two-factor authentication is switched on for all accounts. Learn about 2 factor authentication and turn it on for all monetary accounts.

– Phishing e-mail messages can be your most significant daily danger! Slow down when dealing with e-mail messages. Stop automatically clicking on every email link and attachment you get. Instead of clicking on links and attachments in email messages, go separately to the sites outside of the e-mail message. When you get an email, you were not anticipating from a name you recognize think about getting in touch with the sender independently before you click on links or attachments.

– Strong passwords – consider changing all your passwords. Develop strong passwords and secure them. Utilize different passwords for your accounts.

Other Security Considerations:

– Backup all computers and update operating systems and software applications routinely.

– Social network security – Sharing too much info on social networks increases the danger that you will be taken advantage of. For example, telling the world, you are on holiday with photos opens the danger your house will be robbed.

– Protect your devices – Don’t leave your laptop, phone or tablet unattended even for a moment. Do not leave anything in your car you don’t desire taken due to the fact that it’s simply a matter of time.

– Internet of things and device management – Understand how all your devices link to the Internet and exactly what details you are sharing. Check security settings for all devices including smart watches and physical fitness bands.

The worth of training on security awareness:

– This is another cyber crime, where security awareness training can help to minimize danger. Being aware of new crimes and frauds in the news is a basic part of security awareness training. Ensuring that employees, family and friends are aware of this scam will significantly minimize the possibility that you will be preyed on.

– Sharing new scams and cyber crimes you hear about in the news with others, is necessary to guarantee that the people you appreciate do not succumb to these kinds of cyber crimes.

Extensibility Is Best For Your Security – Chuck Leaver

Written By Chuck Leaver Ziften CEO

 

Whether you call them extensions, or call them modifications – no matter what they are called, the very best innovation platforms can be customized to fit an organization’s specific service needs. Generic operations tools are fine at performing generic operations tasks. Generic security tools are great at resolving generic security obstacles. Generic can just take you so far, unfortunately, and that’s where extensibility takes over.

Extensibility comes up typically when I’m speaking to clients and possible clients, and I’m proud that a Global 10 business selected Ziften over everyone else in the market mostly on that basis. For that client, and many others, the capability to deeply tailor platforms is a need.

This isn’t about merely producing customized reports or custom signals. Let’s be honest – the capability to develop reports are baseline ability of numerous IT operations and security management tools. True extensibility goes deep into the service to provide it abilities that fix real problems for the company.

One client used great deals of mobile IoT devices, and had to have our Zenith real-time visibility and control system be able to gain access to (and monitor) the memory of those devices. That’s not a standard feature used by Zenith, because our low-footprint agent does not hook into the os kernel or operate through standard device drivers. Nevertheless, we dealt with the customer to tailor Zenith with that ability – and it turned out to be much easier than anyone imagined.

Another client looked at the standard set of endpoint data that the agent collects, and wanted to include extra data fields. They likewise wished to setup the administrative console with customized actions using those data fields, and push those actions back out to those end points. No other endpoint tracking and security service was able to supply the facilities for including that performance other than Ziften.

What’s more, the client established those extensions themselves … and owns the code and intellectual property. It’s part of their own secret sauce, their own organization differentiator, and distinct to their business. They could not be happier. And neither are we.

With lots of other IT operations and security systems, if customers desire additional functions or abilities, the only option is to send that as a future feature request, and hope that it appears in an approaching release of the product. Up until then, regrettable.

That’s not how we designed our flagship solutions, Zenith and ZFlow. Because our endpoint agent isn’t really based on device drivers or kernel hooks, we can permit incredible extensibility, and open up that extensibility for clients to access directly.

Likewise, with our administrative consoles and back-end monitoring systems; everything is adjustable. And that was built in right from the start.

Another aspect of modification is that our real-time and historic visibility database can incorporate into your other IT operations and security platforms, such as SIEM tools, risk intelligence, IT ticketing system, job orchestration systems, and data analytics. With Zenith and ZFlow, there are no silos. Ever.

When it comes to endpoint monitoring and management, extensions are significantly where it’s at. IT operations and enterprise security teams need the ability to tailor their tools platforms to fit their exact requirements for monitoring and handling IoT, conventional endpoints, the data center, and the cloud. In numerous client discussions, our integrated extensibility has actually caused eyes to illuminate, and won us trials and deployments. Tell us about your custom-made needs, and let’s see exactly what we can do.

Best Offense And Defense Strategy For Risk And Security – Chuck Leaver

Written By Roark Pollock And Presented By Chuck Leaver Ziften CEO

 

Danger management and security management have long been dealt with as different functions typically performed by separate practical groups within an organization. The acknowledgment of the requirement for constant visibility and control across all assets has increased interest in looking for commonalities between these disciplines and the schedule of a brand-new generation of tools is enabling this effort. This discussion is extremely current given the ongoing problem many business organizations experience in bringing in and retaining certified security personnel to manage and secure IT infrastructure. A marriage of activity can help to better take advantage of these important personnel, decrease costs, and assist automate response.

Historically, danger management has been deemed an attack mandate, and is generally the field of play for IT operations teams. Often referred to as “systems management”, IT operations groups actively carry out device state posture monitoring and policy enforcement, and vulnerability management. The goal is to proactively mitigate possible risks. Activities that enhance risk decreasing which are performed by IT operations consist of:

Offending Risk Mitigation – Systems Management

Asset discovery, stock, and refresh

Software application discovery, usage tracking, and license rationalization

Mergers and acquisition (M&A) risk assessments

Cloud workload migration, tracking, and enforcement

Vulnerability evaluations and patch installs

Proactive help desk or systems analysis and problem response/ repair

On the other side of the field, security management is viewed as a protective game, and is generally the field of play for security operations teams. These security operations groups are normally responsible for danger detection, incident response, and resolution. The objective is to respond to a risk or a breach as quickly as possible in order to decrease impacts to the organization. Activities that fall squarely under security management which are performed by security operations consist of:

Defensive Security Management – Detection and Response

Threat detection and/or risk searching

User behavior tracking / insider danger detection and/or hunting

Malware analysis and sandboxing

Occurrence response and threat containment/ removal

Lookback forensic examinations and origin determination

Tracing lateral threat motions, and further threat removal

Data exfiltration determination

Effective businesses, naturally, need to play both offense AND defense similarly well. This requirement is driving organizations to acknowledge that IT operations and security operations need to be as lined up as possible. Therefore, as much as possible, it helps if these two teams are playing utilizing the very same playbook, or a minimum of working with the exact same data or single source of fact. This suggests both teams must strive to utilize a few of the same analytic and data collection tools and methods when it comes to managing and securing their endpoint systems. And if companies rely on the exact same workers for both tasks, it definitely assists if those people can pivot between both tasks within the very same tools, leveraging a single data set.

Each of these offensive and defensive tasks is critical to protecting an organization’s intellectual property, track record, and brand name. In fact, managing and prioritizing these jobs is what often keeps CIOs and CISOs up at night. Organizations should acknowledge chances to line up and consolidate teams, technologies, and policies as much as possible to guarantee they are concentrated on the most urgent need along the present danger and security management spectrum.

When it concerns handling endpoint systems, it is clear that organizations are approaching an “all the time” visibility and control model that allows continuous danger assessments, continuous danger monitoring, as well as constant efficiency management.

Thus, companies need to search for these 3 crucial abilities when assessing brand-new endpoint security systems:

Solutions that offer “all the time” visibility and control for both IT operations groups and security operations groups.

Solutions that supply a single source of fact that can be used both offensively for risk management, and defensively for security detection and response.

Architectures that easily integrate into existing systems management and security tool ecosystems to deliver even higher value for both IT and security teams.

This Year’s Experiences Defcon And Black Hat – Chuck Leaver

Written by Michael Vaughn And Presented By Ziften CEO Chuck Leaver

 

These are my experiences from Black Hat 2017. There is a minor addition in approaching this year’s summary. It is really in part due to the style of the opening presentation offered by Facebook’s Chief Security Officer, Alex Stamos. Stamos forecasted the significance of re focusing the security community’s efforts in working better together and diversifying security services.

“Working much better together” is relatively an oxymoron when examining the mass competition among hundreds of security companies fighting for clients throughout Black Hat. Based off Stamos’s messaging during the opening presentation this year, I felt it essential to include some of my experiences from Defcon also. Defcon has actually historically been an occasion for finding out and includes independent hackers and security experts. Last week’s Black Hat style concentrated on the social aspect of how companies ought to get along and genuinely assist others and each other, which has actually constantly been the overlying message of Defcon.

People checked in from all over the world this time:

Jeff Moss, aka ‘Dark Tangent’, the founder of Black Hat and Defcon, likewise wishes that to be the theme: Where you aim to help people gain knowledge and gain from others. Moss desires participants to stay ‘excellent’ and ‘practical’ throughout the conference. That is on par with what Alex Stamos from Facebook conveyed in his keynote about security businesses. Stamos asked that all of us share in the responsibility of assisting those that can not help themselves. He likewise raised another valid point: Are we doing enough in the security industry to truly assist people rather than simply doing it to make cash? Can we attain the objective of truly assisting individuals? As such is the juxtaposition of the 2 occasions. The primary distinctions between Black Hat and Defcon is the more business consistency of Black Hat (from vendor hall to the talks) to the true hacker neighborhood at Defcon, which showcases the innovative side of what is possible.

The organization I work for, Ziften, offers Systems and Security Operations software – offering IT and security teams visibility and control across all end points, on or off a corporate network. We also have a pretty sweet sock game!

Many guests flaunted their Ziften assistance by embellishing previous year Ziften sock styles. Looking great, feeling excellent!

The idea of joining forces to fight against the dark side is something most guests from all over the world embrace, and we are not any different. Here at Ziften, we aim to genuinely help our customers and the community with our solutions. Why provide or depend on an option which is limited to just exactly what’s inside the box? One that provides a single or handful of specific functions? Our software is a platform for combination and offers modular, individualistic security and functional solutions. The whole Ziften group takes the imagination from Defcon, and we push ourselves to attempt and build new, customized functions and forensic tools where standard security companies would shy away from or simply remain taken in by day-to-day tasks.

Delivering all-the-time visibility and control for any asset, anywhere is among Ziften’s main focuses. Our unified systems and security operations (SysSecOps) platform empowers IT and security operations teams to rapidly fix endpoint issues, lower general danger posture, speed hazard response, and boost operations efficiency. Ziften’s secure architecture provides continuous, streaming end point monitoring and historical data collection for enterprises, governments, and managed security providers. And remaining with this year’s Black Hat style of collaborating, Ziften’s partner integrations extend the value of incumbent tools and fill the gaps in between siloed systems.

Journalists are not permitted to take photos of the Defcon crowd, however I am not a journalist and this was prior to getting into a badge needed area:P The Defcon hoards and hooligans (Defcon mega-bosses using red t-shirts) were at a standstill for a strong 20 minutes waiting for initial access to the 4 massive Track meeting rooms on opening day.

The Voting Machine Hacking Village got a lot of attention at the event. It was interesting however absolutely nothing new for veteran attendees. I suppose it takes something noteworthy to amass attention around certain vulnerabilities.? All vulnerabilities for the majority of the talks and especially this town have actually already been revealed to the proper authorities prior to the event. Let us understand if you need assistance locking down one of these (looking at you government folks).

A growing number of personal data is becoming available to the public. For instance, Google & Twitter APIs are easily and publicly available to query user data metrics. This data is making it simpler for hackers to social engineer focused attacks on people and particularly individuals of power and rank, like judges and executives. This presentation titled, Dark Data, demonstrated how a simple yet fantastic de-anonymization algorithm and some data made it possible for these two white hats to recognize individuals with extreme precision and discover really personal details about them. This should make you hesitate about exactly what you have actually set up on your systems and people in your work environment. The majority of the above raw metadata was collected through a popular internet browser add-on. The fine tuning accompanied the algothrim and public APIs. Do you know what internet browser add-ons are operating in your environment? If the response is no, then Ziften can help.

This discussion was plainly about making use of Point-of-Sale systems. Although rather funny, it was a little scary at the speed at which one of the most frequently utilized POS systems could be hacked. This specific POS hardware is most commonly utilized when paying in a taxi. The base operating system is Linux and although on an ARM architecture and safeguarded by tough firmware, why would a company risk leaving the security of consumer credit card details entirely up to the hardware supplier? If you look for additional security on your POS systems, then look no further than Ziften. We secure the most frequently used business operating systems. If you wish to do the enjoyable thing and install the video game Doom on one, I can send you the slide deck.

This guy’s slides were off the charts exceptional. Exactly what wasn’t excellent was how exploitable the MacOS is throughout the setup process of very common applications. Generally each time you install an application on a Mac, it needs the entry of your intensified opportunities. However what if something were to somewhat modify code a moment before you entering your Administrator qualifications? Well, the majority of the time, probably something bad. Anxious about your Mac’s running malware wise sufficient to detect and change code on typical vulnerable applications prior to you or your user base entering qualifications? If so, we at Ziften Technologies can assist.

We help you by not replacing all of your toolset, although we frequently discover ourselves doing just that. Our aim is to utilize the advice and current tools that work from different suppliers, guarantee they are running and installed, guarantee the perscribed hardening is certainly intact, and guarantee your operations and security teams work more efficiently together to attain a tighter security matrix throughout your environment.

Key Takeaways from Black Hat & Defcon 2017:

1) More powerful together

– Alex Stamos’s keynote
– Jeff Moss’s message
– Visitors from around the globe interacting
– Black Hat need to maintain a friendly neighborhood spirit

2) Stronger together with Ziften

– Ziften plays good with other software application vendors

3) Popular existing vulnerabilities Ziften can assist avoid and solve

– Point-of-Sale accessing
– Voting machine tampering
– Escalating MacOS advantages
– Targeted specific attacks

Got Movie Apps On Your Device? Be Careful Of Subtitle Packages – Chuck Leaver

Written By Josh Harriman And Presented By Chuck Leaver Ziften CEO

 

Do you like watching films with trendy apps like Kodi, SmartTV or VLC on your devices? How about requiring or wanting subtitles with those motion pictures and just getting the current pack from OpenSubtitles. No problem, seems like a great evening in your home. Issue is, according to a research study by Check Point, there could be a nasty surprise waiting for you.

For the hackers to take control of your ‘world’, they need a vector or some way to acquire entry to your system. There are some typical ways that takes place these days, such as smart (and not so smart) social engineering techniques. Getting e-mails that appear to come from buddies or co-workers which were spoofed and you opened an attachment, or went to some website and if the stars lined up, you were pwned. Normally the star alignment part is not that tough, only that you have some vulnerable software application running that can be accessed.

Given that the technique is getting users to work together, the target audience can in some cases be tough to find. But with this most current research study posted, many of the major media giants have a distinct vulnerability when it comes to accessing and translating subtitle plans. The 4 primary media giants noted in the short article are fixed to date, however as we have seen in the past (just look at the recent SMB v1 vulnerability issue) even if a fix is available, does not mean that users are upgrading. The research has actually also declined to show the technical information around the vulnerability to permit other vendors time to patch. That is a good sign and the appropriate approach I think scientists must take. Inform the supplier so they can repair the concern as well as announce it openly so ‘we the people’ are notified and know what to watch out for.

It’s difficult to stay up to date with the numerous ways you can get infected, however at least we have researchers who tirelessly attempt to ‘break’ things to discover those vulnerabilities. By performing the proper disclosure approaches, they assist everybody take pleasure in a more secure experience with their devices, and in this case, a fantastic night in at the movies.

Our Advanced Endpoint Services Will Integrate With Your Security Architecture – Chuck Leaver

Written By Roark Pollock And Presented By Ziften CEO Chuck Leaver

 

Security practitioners are by nature a mindful lot. Being cautious is a quality most folks likely have entering into this market given its mission, however it’s likewise certainly a characteristic that is learned over time. Ironically this holds true even when it pertains to adding extra security precautions into an already established security architecture. While one might assume that more security is better security, experience teaches us that’s not necessarily the case. There are in fact many issues related to deploying a brand-new security service. One that almost always appears near the top of the list is how well a new service integrates with existing products.

Integrating concerns come in several tastes. Firstly, a brand-new security control should not break anything. But furthermore, new security services need to willingly share hazard intelligence and act upon threat intelligence collected across a company’s entire security infrastructure. In other words, the new security tools must work together with the existing community of tools in place such that “1 + 1 = 3”. The last thing that many security and IT operations teams require is more siloed services/ tools.

At Ziften, this is why we’ve always concentrated on developing and delivering a completely open visibility architecture. We believe that any brand-new systems and security operations tools need to be produced with enhanced visibility and information sharing as crucial product requirements. However this isn’t really a one way street. Producing simple integrations needs technology partnerships with industry vendors. We consider it our responsibility to work with other innovation businesses to mutually integrate our services, hence making it easy on clients. Sadly, numerous suppliers still believe that integration of security services, particularly new endpoint security products is very difficult. I hear the concern continuously in customer conversations. But information is now appearing revealing this isn’t really always the case.

Current study work by NSS Labs on “advanced endpoint” products, they report that International 2000 clients based in North America have been happily shocked with how well these types of products integrate into their existing security architectures. In accordance with the NSS research study titled “Advanced Endpoint Protection – Market Analysis and Survey Results CY2016”, which NSS subsequently presented in the BrightTalk webinar below, respondents that had actually already deployed sophisticated endpoint items were much more favorable regarding their capability to integrate into already established security architectures than were respondents that were still in the planning stages of acquiring these products.

Specifically, for respondents that have currently deployed sophisticated endpoint products: they rank integration with already established security architectures as follows:

● Excellent 5.3 %
● Good 50.0 %
● Average 31.6 %
● Poor 13.2 %
● (Horrible) 0.0 %

Compare that to the more conservative responses from folks still in the preparation phase:

● Excellent 0.0 %
● Good 39.3 %
● Average 42.9 %
● Poor 14.3 %
● (Horrible) 3.6 %

These statements are encouraging. Yes, as noted, security people have the tendency to be pessimists, however in spite of low expectations respondents are reporting positive outcomes when it comes to integration experiences. In fact, Ziften clients usually display the exact same preliminary low expectations when we initially go over the integration of Ziften products into their existing environment of services. However in the end, consumers are wowed by how simple it is to share info with Ziften products and their already established infrastructure.

These survey outcomes will ideally assist ease issues as more recent product adopters may check out and count on peer recommendations prior to making purchase choices. Early traditional adopters are clearly having success deploying these services which will ideally assist to lessen the natural cautiousness of the real mainstream.

Certainly, there is substantial differentiation with products in the space, and organizations need to continue to perform appropriate due diligence in comprehending how and where products integrate into their broader security architectures. But, the good news is that there are products not just meeting the requirements of clients, but actually out performing their initial expectations.

Petya Variant Causes Havoc But Ziften Customers Protected – Chuck Leaver

Written By Josh Harriman And Presented By Chuck Leaver Ziften CEO

 

Another outbreak, another headache for those who were not prepared. While this latest attack is similar to the earlier WannaCry threat, there are some differences in this most current malware which is a variant or brand-new strain much like Petya. Called, NotPetya by some, this strain has a great deal of problems for anyone who encounters it. It might encrypt your data, or make the system entirely unusable. And now the email address that you would be needed to contact to ‘perhaps’ unencrypt your files, has actually been taken down so you’re out of luck retrieving your files.

Plenty of information to the actions of this threat are publicly offered, but I wished to discuss that Ziften consumers are secured from both the EternalBlue threat, which is one mechanism utilized for its propagation, and even much better still, a shot based upon a possible flaw or its own type of debug check that removes the danger from ever operating on your system. It might still spread out however in the environment, however our security would already be rolled out to all existing systems to halt the damage.

Our Ziften extension platform enables our customers to have protection in place against specific vulnerabilities and destructive actions for this hazard and others like Petya. Besides the specific actions taken versus this specific variant, we have actually taken a holistic approach to stop certain strains of malware that carry out different ‘checks’ against the system prior to operating.

We can likewise use our Browse capability to try to find remnants of the other propagation techniques used by this risk. Reports reveal WMIC and PsExec being used. We can search for those programs and their command lines and use. Despite the fact that they are legitimate processes, their use is usually rare and can be notified.

With WannaCry, and now NotPetya, we anticipate to see an ongoing increase of these types of attacks. With the release of the current NSA exploits, it has offered ambitious hackers the tools required to push out their items. And though ransomware threats can be a high product vehicle, more destructive hazards could be released. It has actually always been ‘how’ to get the risks to spread out (worm-like, or social engineering) which is most tough to them.