Category Archives: Uncategorized

Chuck Leaver – Don’t Let Security Blindspots Make You Prone To Attacks Use Ziften ZFlow

Written By Andy Wilson And Presented By Chuck Leaver CEO Ziften

Over the past number of years, many IT companies have actually embraced using NetFlow telemetry (network connection metadata) to enhance their security posture. There are numerous reasons behind this: NetFlow is relatively economical (vs. complete packet capture); it’s fairly easy to gather as most Layer 3 network devices support NetFlow or the IANA standard called IPFIX; and it’s easy to analyze using freeware or commercially available software applications. NetFlow can assist conquer blind spots in the architecture and can provide much needed visibility into what is truly going on in the network (both internal and external). Flow data can likewise help in early detection of attacks (DoS and APT/malware) and can be used in baselining and anomaly detection techniques.

NetFlow can supply insight where little or no visibility exists. Most companies are collecting flows at the core, WAN and Web layers of their networks. Depending on routing schemas, localized traffic might not be accounted for – LAN-to-LAN activity, local broadcast traffic, and even east-west traffic inside the data center. The majority of companies are not routing all the way to the access layer and are hence typically blind to some extent in this segment of the network.

zflow1

Performing full packet capture in this area is still not 100% practical due to a variety of factors. The answer is to implement endpoint-based NetFlow to restore visibility and offer very important additional context to the other flows being gathered in the network. Ziften ZFlow telemetry originates from the endpoint (desktop, laptop, or server), so it’s not dependent on the network infrastructure to generate. ZFlow offers conventional ISO layer 3/4 data such as source and destination IP addresses and ports, however likewise offers extra valuable Layer 4-7 info such as the executable responsible for the network socket, the MD5 Hash, PID and file path of the executable, the user responsible for kicking off the executable, and whether it was in the foreground or background. The latter are very important information that network-based flows simply can not provide.

zflow2

This essential additional contextual data can assist considerably lower occurrences of false positives and offer abundant data to analysts, SOC workers and incident handlers to allow them to rapidly examine the nature of the network traffic and identify if it’s harmful or benign. Used in conjunction with network-based notifications (firewall, IDS/IPS, web proxies and gateways), ZFlow can drastically reduce the quantity of time it requires to overcome a security incident. And we understand that time to spot destructive habits is a crucial factor to how effective an attack ends up being. Dwell times have reduced in recent history but are still at unacceptable levels – presently over 230 days that an assailant can stroll undiscovered through your network gathering your crucial data.

Below is a screenshot that shows a port 80 connection to a Web destination of 23.64.171.27. Fascinating realities about this connection that network-based tools might miss is that this connection was not initiated by an Internet browser, however rather by Windows Powershell. Another intriguing data point is that this connection was initiated by the ‘System’ account and not the logged-in user. These are both extremely attention-grabbing to a security expert as it’s not a false positive and most likely would require much deeper examination (at which point, the expert could pivot into the Ziften console and see deeper into that system’s habits – what actions or binaries were initiated prior to and after the connection, procedure history, network activity and more).

zflow3

Ziften’s ZFlow shines a light on security blindspots and can offer the additional endpoint context of processes, application and user attribution to help security personnel better comprehend what is actually happening in their environment. Combined with network-based events, ZFlow can assist dramatically reduce the time it requires to investigate and respond to security notififications and significantly enhance an organization’s security posture.

Businesses That Do not Deploy Endpoint Detection And Response Face Losses – Chuck Leaver

CEO Ziften Technologies Chuck Leaver.

 

Companies ought to be taking every possible step to safeguard their infrastructure with the existing threat of cyber security attacks and it is fascinating that they are not doing this. Their information is crucial to them however they are taking no action. Writing for bobsguide, guest poster Torgny Gunnarsson– who operates a company that provide data solutions – made the point that at a time when all companies are always attempting to take advantage of brand-new technology, they seem to be reluctant to put the protective procedures in place, such as endpoint detection and response. While it excellent that businesses are utilizing the latest technology, they are at the very same time becoming susceptible to a new world of risks which include information loss, breaches of passwords and ransomware.

Some of these businesses may not truly be aware of the risk of cyber security and virtual criminal activity, after they are hit with this problem there will be a number of consequences to this. Gunnarson makes reference to attacks on Target and Adobe in his writing and states that these were examples of shortfalls in security which led to big financial losses. With the Adobe attack there was a loss of 38 million users. Informing 38 million users about this would definitely come at a high price states Data Breach Insurance, then there are the costs of recovering the situation on top of that. Reuters mentioned that Target needed to pay more than $60 million as a result of the information breach, and also suffered with a loss of business because of the cyber attack.

You would think that these kinds of high profile losses would have all companies rushing out to secure themselves with an endpoint detection and response system and take any other steps that they might to prevent cyber criminal activity. However the reality is different and lots of companies think that there is no chance that their infrastructure will ever be under attack. This is an extremely risky strategy and very short sighted in this existing environment of cyber attacks.

 

Secure Your Company Now With These Actions

 

It is an overwhelming possibility to believe that there are a variety of cyber lawbreakers who wish to access your information. You do not have to be the next victim of this just because there are a lot of hackers out there. By taking these steps listed below you will make a substantial effect on keeping hackers away from your infrastructure:

1. You should implement an endpoint detection and response system. Absolutely nothing else is more vital when it pertains to protecting your company from a cyber attack. When you implement enterprise endpoints you will have the comfort that there will be no attempted attacks on your network without you knowing it.

2. You have to make sure all of your staff members are aware of the danger of cyber security. Don’t simply leave it to your IT group to be up to date with the current cyber security risks. You should comprehend that a cyber attack can be launched from absolutely anywhere in the world and these hackers can target any company. When you keep your employees up to date about these cyber dangers you include another level of protection by ensuring that employees practice safe computing and do everything humanly possible to keep the hackers out.

3. You have to constantly monitor security. It must be a top priority to look after your cyber security so ensure that it is. Be sure that your endpoint detection software is up to date and put cyber security on the program at every conference. There is no place for laziness with cyber security.

 

Create A Company That Is Fearless – Chuck Leaver

Ziften Technologies are based in Austin, Texas, and Chuck Leaver is the CEO.

Charles Chuck Leaver

This video from the Commonwealth Club includes Steve Blank and he goes over how it is possible to construct a fantastic company step by step.

There is no doubt that Steve is an intelligent man and his funny bone is great. His company insights are extremely valued and there are numerous points that he made that I agree with:

He stated in the video that “there is absolutely nothing that you can find out inside your very own building so you have to get out of it!” Steve declared that this was a lesson that business in Silicon Valley had to find out the hard way. Now at Ziften we make sure that we visit our potential customers and clients on a weekly basis. Our company is young however the crucial execs and I understand that we need to understand and be reasonable about the market and show this in our company design. When we know what the market needs we can really add worth.

We constantly put our consumers first and continue to pay attention to them. In the video Steve points out how difficult it is for business owners to pay attention to their clients rather than attempting to force their viewpoint on the marketplace. What we likewise do at Ziften is to encourage our people to listen prior to speaking. When we are talking to our potential customers and consumers we have to understand that they care a lot more about how we can resolve their issues rather than pay attention to how creative we are.

Steve makes another good point in the video when he speaks about how innovation is perceived in the United States compared to the rest of the world. The thinking in the U.S.A is right when it comes to our attitudes towards failing. Anybody is motivated to learn from failure, and these will turn these individuals into knowledgeable executives who can actually influence and include a lot of worth to a new company. It is essential that there should be no fear of failure due to the fact that this will suppress development.

I constantly convince individuals that work for us to take risks with no fear of a comeback. I totally believe that this is pushing us closer to our objective of closing the space between enterprise client security and security technology and we are arriving rapidly. This is a substantial change and we are truly near our objective.