Category Archives: Security Breaches

Extensibility Is Best For Your Security – Chuck Leaver

Written By Chuck Leaver Ziften CEO


Whether you call them extensions, or call them modifications – no matter what they are called, the very best innovation platforms can be customized to fit an organization’s specific service needs. Generic operations tools are fine at performing generic operations tasks. Generic security tools are great at resolving generic security obstacles. Generic can just take you so far, unfortunately, and that’s where extensibility takes over.

Extensibility comes up typically when I’m speaking to clients and possible clients, and I’m proud that a Global 10 business selected Ziften over everyone else in the market mostly on that basis. For that client, and many others, the capability to deeply tailor platforms is a need.

This isn’t about merely producing customized reports or custom signals. Let’s be honest – the capability to develop reports are baseline ability of numerous IT operations and security management tools. True extensibility goes deep into the service to provide it abilities that fix real problems for the company.

One client used great deals of mobile IoT devices, and had to have our Zenith real-time visibility and control system be able to gain access to (and monitor) the memory of those devices. That’s not a standard feature used by Zenith, because our low-footprint agent does not hook into the os kernel or operate through standard device drivers. Nevertheless, we dealt with the customer to tailor Zenith with that ability – and it turned out to be much easier than anyone imagined.

Another client looked at the standard set of endpoint data that the agent collects, and wanted to include extra data fields. They likewise wished to setup the administrative console with customized actions using those data fields, and push those actions back out to those end points. No other endpoint tracking and security service was able to supply the facilities for including that performance other than Ziften.

What’s more, the client established those extensions themselves … and owns the code and intellectual property. It’s part of their own secret sauce, their own organization differentiator, and distinct to their business. They could not be happier. And neither are we.

With lots of other IT operations and security systems, if customers desire additional functions or abilities, the only option is to send that as a future feature request, and hope that it appears in an approaching release of the product. Up until then, regrettable.

That’s not how we designed our flagship solutions, Zenith and ZFlow. Because our endpoint agent isn’t really based on device drivers or kernel hooks, we can permit incredible extensibility, and open up that extensibility for clients to access directly.

Likewise, with our administrative consoles and back-end monitoring systems; everything is adjustable. And that was built in right from the start.

Another aspect of modification is that our real-time and historic visibility database can incorporate into your other IT operations and security platforms, such as SIEM tools, risk intelligence, IT ticketing system, job orchestration systems, and data analytics. With Zenith and ZFlow, there are no silos. Ever.

When it comes to endpoint monitoring and management, extensions are significantly where it’s at. IT operations and enterprise security teams need the ability to tailor their tools platforms to fit their exact requirements for monitoring and handling IoT, conventional endpoints, the data center, and the cloud. In numerous client discussions, our integrated extensibility has actually caused eyes to illuminate, and won us trials and deployments. Tell us about your custom-made needs, and let’s see exactly what we can do.

Best Offense And Defense Strategy For Risk And Security – Chuck Leaver

Written By Roark Pollock And Presented By Chuck Leaver Ziften CEO


Danger management and security management have long been dealt with as different functions typically performed by separate practical groups within an organization. The acknowledgment of the requirement for constant visibility and control across all assets has increased interest in looking for commonalities between these disciplines and the schedule of a brand-new generation of tools is enabling this effort. This discussion is extremely current given the ongoing problem many business organizations experience in bringing in and retaining certified security personnel to manage and secure IT infrastructure. A marriage of activity can help to better take advantage of these important personnel, decrease costs, and assist automate response.

Historically, danger management has been deemed an attack mandate, and is generally the field of play for IT operations teams. Often referred to as “systems management”, IT operations groups actively carry out device state posture monitoring and policy enforcement, and vulnerability management. The goal is to proactively mitigate possible risks. Activities that enhance risk decreasing which are performed by IT operations consist of:

Offending Risk Mitigation – Systems Management

Asset discovery, stock, and refresh

Software application discovery, usage tracking, and license rationalization

Mergers and acquisition (M&A) risk assessments

Cloud workload migration, tracking, and enforcement

Vulnerability evaluations and patch installs

Proactive help desk or systems analysis and problem response/ repair

On the other side of the field, security management is viewed as a protective game, and is generally the field of play for security operations teams. These security operations groups are normally responsible for danger detection, incident response, and resolution. The objective is to respond to a risk or a breach as quickly as possible in order to decrease impacts to the organization. Activities that fall squarely under security management which are performed by security operations consist of:

Defensive Security Management – Detection and Response

Threat detection and/or risk searching

User behavior tracking / insider danger detection and/or hunting

Malware analysis and sandboxing

Occurrence response and threat containment/ removal

Lookback forensic examinations and origin determination

Tracing lateral threat motions, and further threat removal

Data exfiltration determination

Effective businesses, naturally, need to play both offense AND defense similarly well. This requirement is driving organizations to acknowledge that IT operations and security operations need to be as lined up as possible. Therefore, as much as possible, it helps if these two teams are playing utilizing the very same playbook, or a minimum of working with the exact same data or single source of fact. This suggests both teams must strive to utilize a few of the same analytic and data collection tools and methods when it comes to managing and securing their endpoint systems. And if companies rely on the exact same workers for both tasks, it definitely assists if those people can pivot between both tasks within the very same tools, leveraging a single data set.

Each of these offensive and defensive tasks is critical to protecting an organization’s intellectual property, track record, and brand name. In fact, managing and prioritizing these jobs is what often keeps CIOs and CISOs up at night. Organizations should acknowledge chances to line up and consolidate teams, technologies, and policies as much as possible to guarantee they are concentrated on the most urgent need along the present danger and security management spectrum.

When it concerns handling endpoint systems, it is clear that organizations are approaching an “all the time” visibility and control model that allows continuous danger assessments, continuous danger monitoring, as well as constant efficiency management.

Thus, companies need to search for these 3 crucial abilities when assessing brand-new endpoint security systems:

Solutions that offer “all the time” visibility and control for both IT operations groups and security operations groups.

Solutions that supply a single source of fact that can be used both offensively for risk management, and defensively for security detection and response.

Architectures that easily integrate into existing systems management and security tool ecosystems to deliver even higher value for both IT and security teams.

This Year’s Experiences Defcon And Black Hat – Chuck Leaver

Written by Michael Vaughn And Presented By Ziften CEO Chuck Leaver


These are my experiences from Black Hat 2017. There is a minor addition in approaching this year’s summary. It is really in part due to the style of the opening presentation offered by Facebook’s Chief Security Officer, Alex Stamos. Stamos forecasted the significance of re focusing the security community’s efforts in working better together and diversifying security services.

“Working much better together” is relatively an oxymoron when examining the mass competition among hundreds of security companies fighting for clients throughout Black Hat. Based off Stamos’s messaging during the opening presentation this year, I felt it essential to include some of my experiences from Defcon also. Defcon has actually historically been an occasion for finding out and includes independent hackers and security experts. Last week’s Black Hat style concentrated on the social aspect of how companies ought to get along and genuinely assist others and each other, which has actually constantly been the overlying message of Defcon.

People checked in from all over the world this time:

Jeff Moss, aka ‘Dark Tangent’, the founder of Black Hat and Defcon, likewise wishes that to be the theme: Where you aim to help people gain knowledge and gain from others. Moss desires participants to stay ‘excellent’ and ‘practical’ throughout the conference. That is on par with what Alex Stamos from Facebook conveyed in his keynote about security businesses. Stamos asked that all of us share in the responsibility of assisting those that can not help themselves. He likewise raised another valid point: Are we doing enough in the security industry to truly assist people rather than simply doing it to make cash? Can we attain the objective of truly assisting individuals? As such is the juxtaposition of the 2 occasions. The primary distinctions between Black Hat and Defcon is the more business consistency of Black Hat (from vendor hall to the talks) to the true hacker neighborhood at Defcon, which showcases the innovative side of what is possible.

The organization I work for, Ziften, offers Systems and Security Operations software – offering IT and security teams visibility and control across all end points, on or off a corporate network. We also have a pretty sweet sock game!

Many guests flaunted their Ziften assistance by embellishing previous year Ziften sock styles. Looking great, feeling excellent!

The idea of joining forces to fight against the dark side is something most guests from all over the world embrace, and we are not any different. Here at Ziften, we aim to genuinely help our customers and the community with our solutions. Why provide or depend on an option which is limited to just exactly what’s inside the box? One that provides a single or handful of specific functions? Our software is a platform for combination and offers modular, individualistic security and functional solutions. The whole Ziften group takes the imagination from Defcon, and we push ourselves to attempt and build new, customized functions and forensic tools where standard security companies would shy away from or simply remain taken in by day-to-day tasks.

Delivering all-the-time visibility and control for any asset, anywhere is among Ziften’s main focuses. Our unified systems and security operations (SysSecOps) platform empowers IT and security operations teams to rapidly fix endpoint issues, lower general danger posture, speed hazard response, and boost operations efficiency. Ziften’s secure architecture provides continuous, streaming end point monitoring and historical data collection for enterprises, governments, and managed security providers. And remaining with this year’s Black Hat style of collaborating, Ziften’s partner integrations extend the value of incumbent tools and fill the gaps in between siloed systems.

Journalists are not permitted to take photos of the Defcon crowd, however I am not a journalist and this was prior to getting into a badge needed area:P The Defcon hoards and hooligans (Defcon mega-bosses using red t-shirts) were at a standstill for a strong 20 minutes waiting for initial access to the 4 massive Track meeting rooms on opening day.

The Voting Machine Hacking Village got a lot of attention at the event. It was interesting however absolutely nothing new for veteran attendees. I suppose it takes something noteworthy to amass attention around certain vulnerabilities.? All vulnerabilities for the majority of the talks and especially this town have actually already been revealed to the proper authorities prior to the event. Let us understand if you need assistance locking down one of these (looking at you government folks).

A growing number of personal data is becoming available to the public. For instance, Google & Twitter APIs are easily and publicly available to query user data metrics. This data is making it simpler for hackers to social engineer focused attacks on people and particularly individuals of power and rank, like judges and executives. This presentation titled, Dark Data, demonstrated how a simple yet fantastic de-anonymization algorithm and some data made it possible for these two white hats to recognize individuals with extreme precision and discover really personal details about them. This should make you hesitate about exactly what you have actually set up on your systems and people in your work environment. The majority of the above raw metadata was collected through a popular internet browser add-on. The fine tuning accompanied the algothrim and public APIs. Do you know what internet browser add-ons are operating in your environment? If the response is no, then Ziften can help.

This discussion was plainly about making use of Point-of-Sale systems. Although rather funny, it was a little scary at the speed at which one of the most frequently utilized POS systems could be hacked. This specific POS hardware is most commonly utilized when paying in a taxi. The base operating system is Linux and although on an ARM architecture and safeguarded by tough firmware, why would a company risk leaving the security of consumer credit card details entirely up to the hardware supplier? If you look for additional security on your POS systems, then look no further than Ziften. We secure the most frequently used business operating systems. If you wish to do the enjoyable thing and install the video game Doom on one, I can send you the slide deck.

This guy’s slides were off the charts exceptional. Exactly what wasn’t excellent was how exploitable the MacOS is throughout the setup process of very common applications. Generally each time you install an application on a Mac, it needs the entry of your intensified opportunities. However what if something were to somewhat modify code a moment before you entering your Administrator qualifications? Well, the majority of the time, probably something bad. Anxious about your Mac’s running malware wise sufficient to detect and change code on typical vulnerable applications prior to you or your user base entering qualifications? If so, we at Ziften Technologies can assist.

We help you by not replacing all of your toolset, although we frequently discover ourselves doing just that. Our aim is to utilize the advice and current tools that work from different suppliers, guarantee they are running and installed, guarantee the perscribed hardening is certainly intact, and guarantee your operations and security teams work more efficiently together to attain a tighter security matrix throughout your environment.

Key Takeaways from Black Hat & Defcon 2017:

1) More powerful together

– Alex Stamos’s keynote
– Jeff Moss’s message
– Visitors from around the globe interacting
– Black Hat need to maintain a friendly neighborhood spirit

2) Stronger together with Ziften

– Ziften plays good with other software application vendors

3) Popular existing vulnerabilities Ziften can assist avoid and solve

– Point-of-Sale accessing
– Voting machine tampering
– Escalating MacOS advantages
– Targeted specific attacks

Got Movie Apps On Your Device? Be Careful Of Subtitle Packages – Chuck Leaver

Written By Josh Harriman And Presented By Chuck Leaver Ziften CEO


Do you like watching films with trendy apps like Kodi, SmartTV or VLC on your devices? How about requiring or wanting subtitles with those motion pictures and just getting the current pack from OpenSubtitles. No problem, seems like a great evening in your home. Issue is, according to a research study by Check Point, there could be a nasty surprise waiting for you.

For the hackers to take control of your ‘world’, they need a vector or some way to acquire entry to your system. There are some typical ways that takes place these days, such as smart (and not so smart) social engineering techniques. Getting e-mails that appear to come from buddies or co-workers which were spoofed and you opened an attachment, or went to some website and if the stars lined up, you were pwned. Normally the star alignment part is not that tough, only that you have some vulnerable software application running that can be accessed.

Given that the technique is getting users to work together, the target audience can in some cases be tough to find. But with this most current research study posted, many of the major media giants have a distinct vulnerability when it comes to accessing and translating subtitle plans. The 4 primary media giants noted in the short article are fixed to date, however as we have seen in the past (just look at the recent SMB v1 vulnerability issue) even if a fix is available, does not mean that users are upgrading. The research has actually also declined to show the technical information around the vulnerability to permit other vendors time to patch. That is a good sign and the appropriate approach I think scientists must take. Inform the supplier so they can repair the concern as well as announce it openly so ‘we the people’ are notified and know what to watch out for.

It’s difficult to stay up to date with the numerous ways you can get infected, however at least we have researchers who tirelessly attempt to ‘break’ things to discover those vulnerabilities. By performing the proper disclosure approaches, they assist everybody take pleasure in a more secure experience with their devices, and in this case, a fantastic night in at the movies.

Our Advanced Endpoint Services Will Integrate With Your Security Architecture – Chuck Leaver

Written By Roark Pollock And Presented By Ziften CEO Chuck Leaver


Security practitioners are by nature a mindful lot. Being cautious is a quality most folks likely have entering into this market given its mission, however it’s likewise certainly a characteristic that is learned over time. Ironically this holds true even when it pertains to adding extra security precautions into an already established security architecture. While one might assume that more security is better security, experience teaches us that’s not necessarily the case. There are in fact many issues related to deploying a brand-new security service. One that almost always appears near the top of the list is how well a new service integrates with existing products.

Integrating concerns come in several tastes. Firstly, a brand-new security control should not break anything. But furthermore, new security services need to willingly share hazard intelligence and act upon threat intelligence collected across a company’s entire security infrastructure. In other words, the new security tools must work together with the existing community of tools in place such that “1 + 1 = 3”. The last thing that many security and IT operations teams require is more siloed services/ tools.

At Ziften, this is why we’ve always concentrated on developing and delivering a completely open visibility architecture. We believe that any brand-new systems and security operations tools need to be produced with enhanced visibility and information sharing as crucial product requirements. However this isn’t really a one way street. Producing simple integrations needs technology partnerships with industry vendors. We consider it our responsibility to work with other innovation businesses to mutually integrate our services, hence making it easy on clients. Sadly, numerous suppliers still believe that integration of security services, particularly new endpoint security products is very difficult. I hear the concern continuously in customer conversations. But information is now appearing revealing this isn’t really always the case.

Current study work by NSS Labs on “advanced endpoint” products, they report that International 2000 clients based in North America have been happily shocked with how well these types of products integrate into their existing security architectures. In accordance with the NSS research study titled “Advanced Endpoint Protection – Market Analysis and Survey Results CY2016”, which NSS subsequently presented in the BrightTalk webinar below, respondents that had actually already deployed sophisticated endpoint items were much more favorable regarding their capability to integrate into already established security architectures than were respondents that were still in the planning stages of acquiring these products.

Specifically, for respondents that have currently deployed sophisticated endpoint products: they rank integration with already established security architectures as follows:

● Excellent 5.3 %
● Good 50.0 %
● Average 31.6 %
● Poor 13.2 %
● (Horrible) 0.0 %

Compare that to the more conservative responses from folks still in the preparation phase:

● Excellent 0.0 %
● Good 39.3 %
● Average 42.9 %
● Poor 14.3 %
● (Horrible) 3.6 %

These statements are encouraging. Yes, as noted, security people have the tendency to be pessimists, however in spite of low expectations respondents are reporting positive outcomes when it comes to integration experiences. In fact, Ziften clients usually display the exact same preliminary low expectations when we initially go over the integration of Ziften products into their existing environment of services. However in the end, consumers are wowed by how simple it is to share info with Ziften products and their already established infrastructure.

These survey outcomes will ideally assist ease issues as more recent product adopters may check out and count on peer recommendations prior to making purchase choices. Early traditional adopters are clearly having success deploying these services which will ideally assist to lessen the natural cautiousness of the real mainstream.

Certainly, there is substantial differentiation with products in the space, and organizations need to continue to perform appropriate due diligence in comprehending how and where products integrate into their broader security architectures. But, the good news is that there are products not just meeting the requirements of clients, but actually out performing their initial expectations.

Petya Variant Causes Havoc But Ziften Customers Protected – Chuck Leaver

Written By Josh Harriman And Presented By Chuck Leaver Ziften CEO


Another outbreak, another headache for those who were not prepared. While this latest attack is similar to the earlier WannaCry threat, there are some differences in this most current malware which is a variant or brand-new strain much like Petya. Called, NotPetya by some, this strain has a great deal of problems for anyone who encounters it. It might encrypt your data, or make the system entirely unusable. And now the email address that you would be needed to contact to ‘perhaps’ unencrypt your files, has actually been taken down so you’re out of luck retrieving your files.

Plenty of information to the actions of this threat are publicly offered, but I wished to discuss that Ziften consumers are secured from both the EternalBlue threat, which is one mechanism utilized for its propagation, and even much better still, a shot based upon a possible flaw or its own type of debug check that removes the danger from ever operating on your system. It might still spread out however in the environment, however our security would already be rolled out to all existing systems to halt the damage.

Our Ziften extension platform enables our customers to have protection in place against specific vulnerabilities and destructive actions for this hazard and others like Petya. Besides the specific actions taken versus this specific variant, we have actually taken a holistic approach to stop certain strains of malware that carry out different ‘checks’ against the system prior to operating.

We can likewise use our Browse capability to try to find remnants of the other propagation techniques used by this risk. Reports reveal WMIC and PsExec being used. We can search for those programs and their command lines and use. Despite the fact that they are legitimate processes, their use is usually rare and can be notified.

With WannaCry, and now NotPetya, we anticipate to see an ongoing increase of these types of attacks. With the release of the current NSA exploits, it has offered ambitious hackers the tools required to push out their items. And though ransomware threats can be a high product vehicle, more destructive hazards could be released. It has actually always been ‘how’ to get the risks to spread out (worm-like, or social engineering) which is most tough to them.

UK Parliament Make Your System Secure Instead Of Blaming Others – Chuck Leaver

Written By Dr Al Hartmann And Presented By Ziften CEO Chuck Leaver


In cyberspace the sheep get shorn, chumps get chewed, dupes get duped, and pawns get pwned. We have actually seen another excellent example of this in the current attack on the UK Parliament email system.

Rather than admit to an email system that was insecure by design, the main declaration read:

Parliament has strong procedures in place to secure all our accounts and systems.

Of course you do. The one protective procedure we did see in action was deflecting the blame – pin it on the Russians, that constantly works, while accusing the victims for their policy offenses. While details of the attack are scarce, combing various sources does assist to put together at least the gross outlines. If these descriptions are reasonably close, the United Kingdom Parliament email system failings are shocking.

What failed in this scenario?

Count on single factor authentication

“Password security” is an oxymoron – anything password secured alone is insecure, that’s it, no matter the strength of the password. Please, no 2FA here, may restrain attacks.

Do not enforce any limit on unsuccessful login efforts

Assisted by single aspect authentication, this enables simple brute force attacks, no ability needed. However when violated, blame elite foreign hackers – no one can verify.

Do not implement brute force violation detection

Permit opponents to carry out (otherwise trivially detectable) brute force violations for extended durations (12 hours against the United Kingdom Parliament system), to maximize account compromise scope.

Do not implement policy, treat it as merely suggestions

Combined with single element authentication, no limitation on failed logins, and no brute force attack detection, do not impose any password strength recognition. Offer attackers with extremely low hanging fruit.

Count on anonymous, unencrypted email for sensitive communications

If attackers do prosper in jeopardizing email accounts or sniffing your network traffic, offer a lot of opportunity for them to score high worth message material entirely withput obstruction. This likewise conditions constituents to trust easily spoofable e-mail from Parliament, producing an ideal constituent phishing environment.

Lessons learned

In addition to adding “Common Sense for Dummies” to their summertime reading lists, the United Kingdom Parliament e-mail system admin might wish to take more actions. Enhancing weak authentication practices, imposing policies, improving network and end point visibility with constant tracking and anomaly detection, and completely reassessing protected messaging are suggested actions. Penetration testing would have uncovered these fundamental weak points while staying outside the news headlines.

Even a few intelligent high schoolers with a totally free weekend might have replicated this violation. And lastly, stop blaming Russia for your own security failings. Presume that any weaknesses in your security architecture and policy framework will be probed and made use of by some hackers somewhere throughout the global internet. Even more incentive to find and repair those weaknesses prior to the enemies do, so take action now. Then if your defenders don’t cannot see the attacks in progress, update your tracking and analytics.

Want To Bring Security And IT Together? Use SysSecOps – Chuck Leaver

Written By Chuck Leaver Ziften CEO


It was nailed by Scott Raynovich. Having actually dealt with numerous organizations he realized that one of the greatest difficulties is that security and operations are 2 distinct departments – with drastically different objectives, varying tools, and varying management structures.

Scott and his analyst firm, Futuriom, recently finished a research study, “Endpoint Security and SysSecOps: The Growing Pattern to Develop a More Secure Enterprise”, where one of the crucial findings was that contrasting IT and security goals hamper specialists – on both teams – from attaining their objectives.

That’s precisely what our company believe at Ziften, and the term that Scott produced to discuss the merging of IT and security in this domain – SysSecOps – explains completely exactly what we’ve been talking about. Security groups and the IT teams must get on the same page. That implies sharing the same objectives, and in many cases, sharing the very same tools.

Think about the tools that IT individuals use. The tools are designed to ensure the infrastructure and end devices are working correctly, when something goes wrong, helps them fix it. On the endpoint side, those tools help make sure that devices that are permitted onto the network, are configured properly, have software applications that are authorized and effectively updated/patched, and have not registered any faults.

Think about the tools that security folks utilize. They work to enforce security policies on devices, infrastructure, and security apparatus (like firewalls). This might include active tracking incidents, scanning for irregular habits, taking a look at files to ensure they don’t contain malware, embracing the current risk intelligence, matching against newly found zero-days, and performing analysis on log files.

Finding fires, fighting fires

Those are 2 different worlds. The security teams are fire spotters: They can see that something bad is occurring, can work rapidly to isolate the issue, and determine if damage happened (like data exfiltration). The IT groups are on the ground firefighters: They jump into action when an event strikes to ensure that the systems are made safe and restored into operation.

Sounds excellent, doesn’t it? Regrettably, all frequently, they don’t speak to each other – it’s like having the fire spotters and fire fighters utilizing dissimilar radios, different lingo, and dissimilar city maps. Worse, the teams can’t share the very same data directly.

Our method to SysSecOps is to supply both the IT and security groups with the exact same resources – which suggests the exact same reports, provided in the suitable ways to experts. It’s not a dumbing down, it’s working smarter.

It’s ridiculous to work in any other way. Take the WannaCry infection, for example. On one hand, Microsoft released a patch back in March 2017 that dealt with the underlying SMB defect. IT operations groups didn’t install the patch, because they didn’t think this was a big deal and didn’t speak with security. Security groups didn’t understand if the patch was set up, because they don’t talk with operations. SysSecOps would have had everyone on the same page – and could have potentially avoided this issue.

Missing out on data means waste and risk

The inefficient space in between IT operations and security exposes organizations to threats. Preventable threats. Unneeded threats. It’s simply undesirable!

If your organization’s IT and security groups aren’t on the same page, you are incurring risks and expenses that you shouldn’t need to. It’s waste. Organizational waste. It’s wasteful because you have a lot of tools that are supplying partial data that have spaces, and each of your groups only sees part of the picture.

As Scott concluded in his report, “Collaborated SysSecOps visibility has actually currently proven its worth in assisting organizations assess, analyze, and prevent substantial dangers to the IT systems and endpoints. If these goals are pursued, the security and management threats to an IT system can be significantly lessened.”

If your groups are interacting in a SysSecOps type of method, if they can see the exact same data at the same time, you not just have better security and more effective operations – but also lower danger and lower expenses. Our Zenith software application can help you achieve that effectiveness, not only dealing with your existing IT and security tools, but also filling in the gaps to make sure everyone has the best data at the correct time.

Organizations Need To Increase Their Paranoia Over Security – Chuck Leaver

Written By Chuck Leaver Ziften CEO


Whatever you do don’t ignore cyber security criminals. Even the most paranoid “typical” person would not stress over a source of data breaches being stolen qualifications from its heating, ventilation and a/c (HEATING AND COOLING) specialist. Yet that’s exactly what took place at Target in November 2013. Hackers got into Target’s network utilizing credentials provided to the specialist, probably so they could track the heating, ventilation and air conditioning system. (For a good analysis, see Krebs on Security). And after that hackers were able to leverage the breach to inject malware into point of sale (POS) systems, and then offload payment card information.

A number of ridiculous errors were made here. Why was the HEATING AND COOLING specialist provided access to the enterprise network? Why wasn’t the HEATING AND COOLING system on a different, totally isolated network? Why wasn’t the POS system on a separate network? Et cetera, et cetera.

The point here is that in a very complex network, there are uncounted prospective vulnerabilities that could be exploited through recklessness, unpatched software, default passwords, social engineering, spear phishing, or insider actions. You get the point.

Whose task is it to discover and repair those vulnerabilities? The security team. The CISO’s team. Security specialists aren’t “normal” people. They are hired to be paranoid. Make no mistake, no matter the particular technical vulnerability that was made use of, this was a CISO failure to prepare for the worst and prepare appropriately.

I can’t talk to the Target HEATING AND COOLING breach specifically, but there is one frustrating reason that breaches like this happen: A lack of budgetary top priority for cybersecurity. I’m not sure how frequently companies fail to fund security just due to the fact that they’re inexpensive and would rather do a share buy-back. Or possibly the CISO is too shy to request for what’s required, or has actually been informed that he gets a 5% boost, irrespective of the requirement. Maybe the CEO is worried that disclosures of big allotments for security will startle investors. Maybe the CEO is merely naïve enough to think that the enterprise will not be targeted by cyber criminals. The problem: Every company is targeted by hackers.

There are big competitions over spending plans. The IT department wishes to fund upgrades and enhancements, and attack the stockpile of demand for brand-new and improved applications. On the other side, you have line-of-business leaders who see IT projects as directly assisting the bottom line. They are optimists, and have great deals of CEO attention.

By contrast, the security department frequently needs to defend crumbs. They are viewed as a cost center. Security reduces company risk in a way that matters to the CFO, the CRO (chief risk officer, if there is one), the general counsel, and other pessimists who appreciate compliance and reputation. These green-eyeshade people think of the worst case situations. That doesn’t make good friends, and budget dollars are assigned reluctantly at a lot of companies (up until the business gets burned).

Call it naivety, call it established hostility, however it’s a genuine obstacle. You cannot have IT provided fantastic tools to move the business forward, while security is starved and making do with second-best.

Worse, you do not want to wind up in scenarios where the rightfully paranoid security groups are dealing with tools that do not fit together well with their IT counterpart’s tools.

If IT and security tools don’t mesh well, IT may not be able to rapidly act to react to risky situations that the security teams are keeping an eye on or are worried about – things like reports from risk intelligence, discoveries of unpatched vulnerabilities, nasty zero-day exploits, or user habits that suggest risky or suspicious activity.

One idea: Find tools for both departments that are developed with both IT and security in mind, right from the beginning, rather than IT tools that are patched to supply some very little security ability. One budget product (take it out of IT, they have more cash), however 2 workflows, one designed for the IT expert, one for the CISO group. Everyone wins – and next time somebody wants to offer the HVAC specialist access to the network, maybe security will discover what IT is doing, and head that disaster off at the pass.

WannCry Ransomware – How Ziften Can Help You – Chuck Leaver

Written By Michael Vaughn And Presented By Chuck Leaver Ziften CEO


Answers To Your Concerns About WannaCry Ransomware

The WannaCry ransomware attack has actually infected more than 300,000 computer systems in 150 countries so far by making use of vulnerabilities in Microsoft’s Windows os.
In this brief video Chief Data Scientist Dr. Al Hartmann and I go over the nature of the attack, in addition to how Ziften can assist companies secure themselves from the exploit called “EternalBlue.”.

As mentioned in the video, the problem with this Server Message Block (SMB) file-sharing service is that it’s on many Windows os and discovered in many environments. However, we make it easy to identify which systems in your environment have actually or haven’t been patched yet. Significantly, Ziften Zenith can likewise remotely disable the SMB file-sharing service totally, giving organizations valuable time to guarantee that those machines are correctly patched.

If you’re curious about Ziften Zenith, our 20 minute demonstration includes an assessment with our experts around how we can assist your company prevent the worst digital catastrophe to strike the web in years.