Important Observations At RSA 2018 – Charles leaver

Written By Logan Gilbert And Presented By Charles Leaver


After investing a couple of days with the Ziften group at the 2018 RSA Conference, my technology viewpoint was: more of the same, the normal suspects and the normal buzzwords. Buzz words like – “AI”, “machine learning”, “predictive” were wonderfully overused. Lots of attention paid to avoidance, everybody’s favorite attack vector – e-mail, and everyone’s favorite vulnerability – ransomware.

The only surprise I encountered was seeing a smattering of NetFlow analysis companies – great deals of smaller businesses aiming to make their mark using a very rich, however tough to work with, data set. Extremely cool stuff! Find the small cubicles and you’ll find tons of development. Now, to be fair to the bigger suppliers I understand there are some truly cool technologies therein, but RSA barely lends itself to seeing through the buzzwords to actual worth.

The Buzz at RSA

I might have a prejudiced view since Ziften has actually been partnering with Microsoft for the last six plus months, but Microsoft seemed to play a far more prominent leadership role at RSA this year. First, on Monday, Microsoft revealed it’s all brand-new Intelligent Security Association uniting their security collaborations “to focus on defending clients in a world of increased risks”, and more notably – reinforcing that security through shared security intelligence across this ecosystem of partners. Ziften is naturally proud to be an establishing member in the Intelligent Security Association.

Additionally, on Tuesday, Microsoft announced a ground-breaking partnership with many in the cybersecurity industry named the “Cybersecurity Tech Accord.” This accord requires a “digital Geneva Convention” that sets standards of habits for the online world just as the Geneva Conventions set guidelines for the conduct of war in the real world.

RSA Attendees

A real interesting point to me though was the different types included of the expo audience itself. As I was also an exhibitor at RSA, I noted that of my visitors, I saw more “suits” and less tee shirts.

Ok, maybe not suits per se, but more security Managers, Directors, VPs, CISOs, and security leaders than I remember seeing in the past. I was encouraged to see what I think are business decision makers checking out security companies in the flesh, instead of doling that job to their security team. From this audience I typically heard the exact same themes:

– This is frustrating.
– I can’t tell the difference between one technology and another.

Those who were Absent from RSA

There were certainly less “technology trolls”. What, you might ask, are technology trolls? Well, as a vendor and security engineer, these are the guys (always guys) that show up 5 minutes prior to the close of the day and drag you into a technical due diligence workout for an hour, or a minimum of until the happy hour parties begin. Their goal – absolutely nothing beneficial to anyone – and here I’m presuming that the troll really works for a company, so nothing beneficial for the company that actually paid thousands of dollars for their participation. The only thing gained is the troll’s self affirmation that they are able to “beat down the vendor” with their technical prowess. I’m being severe, but I’ve experienced the trolls from both sides, both as a vendor, and as a buyer – and back at the office no one is basing purchasing choices based upon troll recommendations. I can just assume that companies send out tech trolls to RSA and comparable expos because they do not want them in their workplace.

Discussions about Holistic Security

Which makes me return to the type of people I did see a lot of at RSA: security savvy (not just tech savvy) security leaders, who comprehend the corporate argument and choices behind security innovations. Not just are they influencers however in most cases business owners of security for their particular organizations. Now, apart from the above mentioned concerns, these security leaders appeared less concentrated on an innovation or specific usage case, however rather an emphasis on a desire for “holistic” security. As we know, excellent security requires a collection of innovations, policy and practice. Security savvy consumers wished to know how our innovation fitted into their holistic solution, which is a rejuvenating change of dialog. As such, the kinds of concerns I would hear:

– How does your technology partner with other solutions I already utilize?
– More importantly: Does your company actually buy into that partnership?

That last concern is vital, basically asking if our collaborations are just fodder for a site, or, if we genuinely have an acknowledgment with our partner that the whole is greater than the parts.

The latter is what security specialists are looking for and require.


In general, RSA 2018 was terrific from my point of view. After you get past the lingo, much of the buzz centered on things that matter to clients, our market, and us as individuals – things like security partner environments that add value, more holistic security through genuine collaboration and significant integrations, and face to face discussions with business security leaders, not innovation trolls.

Unmanaged Assets In The Cloud Can Lead To Disaster – Charles Leaver

Written By Logan Gilbert And Presented By Charles Leaver


All of us identify with the vision of the hooded villain hovering over his laptop late during the night – accessing a business network, stealing important data, vanishing without a trace. We personify the assailant as smart, persistent, and sly. However the reality is the vast bulk of attacks are enabled by easy human carelessness or recklessness – making the job of the cyber criminal a simple one. He’s examining all the doors and windows continuously. All it takes is one error on your part and hegets in.

What do we do? Well, you already know the action you need to take. We spend a hefty portion of our IT budget on security defense-in-depth systems – developed to identify, trick, trip, or outright obstruct the villains. Let’s park the discussion on whether we are winning that war. Because there is a far easier war taking place – the one where the enemy enters your network, business vital application, or IP/PPI data through a vector you didn’t even know you had – the unmanaged asset – often referred to as Shadow IT.

Believe this is not your business? A recent study recommends the average enterprise has 841 cloud apps in use. Remarkably, most IT executives think the variety of cloud apps in use by their company is around 30-40 – implying they are wrong by an element of 20 times. The exact same report highlights that more than 98 percent of cloud apps are not GDPR ready, and 95 percent of enterprise-class cloud apps are not SOC 2 ready.

Defining Unmanaged Assets/Shadow IT

Shadow IT is specified as any SaaS application utilized – by employees, departments, or whole business groups – without the knowledge or consent of the company’s IT department. And, the introduction of ‘everything as a service’ has actually made it even easier for workers to gain access to whatever software application they feel is required to make them more efficient.

The Impact

Well intentioned staff members normally don’t understand they’re breaking corporate rules by triggering a new server instance, or downloading unauthorized apps or software application offerings. But, it takes place. When it does, 3 problems can develop:

1. Corporate standards within a company are compromised considering that unapproved software indicates each computer has various capabilities.

2. Rogue software typically includes security flaws, putting the whole network at risk and making it much more tough for IT to handle security dangers.

3. Asset blind spots not just drive up security and compliance threats, they can increase legal threats. Information retention policies created to restrict legal liability are being skirted with details stored on unapproved cloud assets.

Three Key Factors To Consider for Resolving Unmanaged Asset Threats

1. Initially, deploy tools that can supply detailed visibility into all cloud assets- managed and unmanaged. Know what new virtual machines have been activated this week, along with what other machines and applications with which each VM instance is communicating.

2. Second, make certain your tooling can provide constant stock of licensed and unapproved virtual devices running in the cloud. Make certain you can see all IP connections made to each asset.

3. Third, for compliance and/or forensic analysis functions search for a service that offers a capture of any and all assets (physical and virtual) that have actually ever been on the network – not simply a service that is restricted to active assets – and within a brief look back window.

Unmanaged Asset Discovery with Ziften

Ziften makes it easy to rapidly discover cloud assets that have actually been commissioned outside of IT’s province. And we do it continually and with deep historic recall within your reach – consisting of when each device first linked to the network, when it last appeared, and how frequently it reconnects. And if a virtual device is decommissioned, no problem, we still have all its historic habits data.

Identify and secure covert attack vectors originating from shadow IT – prior to a disaster. Know exactly what’s happening in your cloud environment.

Great News About Microsoft’s Intelligent Security Association – Charles Leaver

Written By David Shefter And Presented By Charles Leaver


It’s a fantastic plan: Microsoft has actually developed a mechanism for third-party security companies, like Ziften, to cooperate to better secure our customers. Everybody wins with the new Microsoft Intelligent Security Association, revealed very recently – and we delighted to be an establishing member and included in the launch. Congratulations to Microsoft!

Sharing of Security Intelligence

One of the most amazing tasks coming out of Microsoft has actually been the new Microsoft Intelligent Security Graph, a risk intelligence engine developed with machine learning. The Intelligent Security Graph forms the foundation of the brand-new association – and the foundation of a great deal of brand-new chances for development.

As Microsoft states, “At the present time, with the tremendous computing advantages afforded by the cloud, the Machine learning and Artificial Intelligence is discovering new ways to utilize its rich analytics engines and by using a mix of automated and manual processes, machine learning and human professionals, we have the ability to produce an intelligent security graph that develops from itself and develops in real time, reducing our collective time to find and react to brand-new occurrences.”

The requirement for much better, more intelligent, security is huge, which is why we’re thrilled to be a founding member of the brand-new association.

Brad Anderson, Corporate Vice President at Microsoft, Enterprise Mobility + Security, recently composed, “Roughly 96% of all malware is polymorphic – which means that it is only experienced by a single user and device prior to being changed with yet another malware version. This is because in many cases malware is caught almost as quick as it’s developed, so malware developers continuously develop to try and remain ahead. Data like this reinforces how important it is to have security options in place that are as agile and ingenious as the attacks.”

Endpoint Detection and Response that is Advanced

And that brings us to the type of advanced endpoint detection and response (EDR) that Ziften provides to desktops, servers, and cloud assets – providing the organization distinct all-the-time visibility and control for any asset, anywhere. No one provides the functionality you’ll find in Ziften’s Zenith security platform.

That’s where the Microsoft Intelligent Security Association shines. At the end of the day, even the very best defenses may be breached, and security groups should respond faster and more aggressively to make sure the security of their data and systems.

Ziften and Microsoft are providing completely integrated hazard protection that covers customers’ endpoints – meaning customer devices, servers, and the cloud – with a structure of shared intelligence and the power of the cloud to transform monitoring of enterprise systems.

What Microsoft is Saying

“The Intelligent Security Association enhances cooperation from leading sources to protect clients,” said Microsoft. “Having actually currently accomplished strong customer momentum with our integrated Ziften and Microsoft Windows Defender ATP service, customers stand to additionally gain from continued collaboration.”

In addition, “Continued integration and intelligence sharing within the context of the Microsoft Intelligent Security Graph allows joint clients to more quickly and accurately identify, examine and respond to attacks throughout their whole endpoint and cloud base.”

What Ziften is Saying

Chuck Leaver, Ziften CEO, is informing everybody that our founding membership in the Microsoft Intelligent Security Association is a substantial win for our joint clients and prospects – and it brings together everybody in the Microsoft universe and beyond (note that Ziften’s Mac and Linux solutions are likewise part of the Microsoft collaboration). “As security vendors, all of us recognize the requirement to work together and collaborate to protect our customers and their staff members. Kudos to Microsoft for leading this market effort,” Chuck stated.

The result: Better security for our clients, and tighter integration and more development in the industry. It’s a genuine win for everybody. Apart from the hackers, of course. They will lose. No apologies guys.

A Better Channel Program For You – Charles Leaver

Written By Greg McCreight And Presented By Charles Leaver


If you are a reseller, integrator, distributor, managed service provider – the new Ziften Activate Partner Program is here, it’s ready, and it’s going to be excellent for your bottom line (and for lowering your clients’ anxiety about cyber security).

Ziften is 100 percent focused on the channel, and as we grow and progress in the market, we understand that your success is our success – and also our success is your success. And it is already happening: 96% of our sales last year came through the channel! This is the reason that we built the brand-new Activate Partner Program to provide you the resources you require to grow your organization with Ziften security solutions.

We came out of the blocks with a very effective, cross platform Endpoint Detection and Response (EDR) solution, Ziften Zenith. Clients really love it. Innovation Partners love it. Resellers really love it. The market loves it. And analysts love it.

I have to share this from the conclusion of our broadband testing report, which speaks about SysSecOps, or Systems Security Operations – an emerging category where Ziften is leading the market:

Critical to Ziften’s endpoint method in this classification is total visibility – after all, how can you secure if you can’t see or do not know what is there in the first place? With its Zenith platform, Ziften has a product that delivers on all the essential SysSecOps requirements and more …

Overall, Ziften has an extremely competitive offering in what is a very legitimate, emerging IT category through SysSecOps and one that needs to be on the assessment short list.

In addition to this: Microsoft just recently partnered with Ziften to develop an integration of Zenith and Microsoft Windows Defender ATP, to allow Microsoft customers to protect Linux and Mac systems with the very same single pane of glass as they utilize to secure Windows systems.

Enough about us. Let’s talk about you. You and the Activate Partner Program.

We have actually put together a multi tier partner program that has better discount rates, more resources, and strong market advancement assistance. We understand a one-size-fits-all program doesn’t work, not in the market today.

With Activate, we take a hands on stance to bringing on board new partners; making it easy for those for whom security is a relatively small element of your services; and rewarding top-tier partners who have actually devoted themselves to us.

Here’s exactly what you will receive with the Activate Partner Program – and we’ll work alongside with you to ensure that Activate fulfills your needs completely:

Security for more of your customer’s environment – end points, servers, and cloud

Visibility and security for your consumer’s complex, multi-cloud implementations

Easy security tool integrations to deliver really tailored, differentiated services

Hands-on, tailored support and life-cycle knowledge

Rich monetary incentives that motivate your long term investment and benefit on-going success

Market advancement support to drive incremental demand and list building

World-class, hands-on assistance from our field sales, sales engineers, technical support, and marketing experts

The Activate program combines our successful security services, monetary investments, and hands on support to assist you create more opportunity and close more deals.

Take These Steps For Successful Cloud Asset Migration – Charles Leaver

Written By Logan Gilbert And Presented By Charles Leaver


It bears reiterating – the Web has permanently altered the world for individuals and companies alike. In the case of the latter, every element of contemporary IT is going through digital change. IT departments everywhere are under pressure to make info extremely accessible and at lower expense – all while securing crucial data from corruption, loss, or cyber theft.

Central to this technique is the migration of data centers to the cloud. In fact, nineteen percent of company workloads are anticipated to be in the public cloud by the end of 2019, and fifty percent over the next ten years.

What is Cloud Asset Migration?

Cloud migration is the procedure of moving data, applications or other company elements from an organization’s on-premise infrastructure to the cloud or moving them from one cloud service to another.

The diagram shown below illustrates this migration of file-server(s), data, and application(s) from an on premise server infrastructure to a cloud environment.

Cloud companies enable companies to move some or all IT infrastructure to the cloud for scale, speed, service versatility, ease of management, and decreased expenses. The advantages are nothing except engaging.

Utilizing Cloud Computing is changing the business landscape. With the technological improvements, individuals are leaning more to a virtual workplace meaning that you can work from anywhere and anytime making use of cloud computing.

Cloud Asset Migration Considerations

But, just like any significant IT infrastructure modification, a transfer to the cloud requires thoughtful preparation and execution for the process to take place within the budget plan and on-time. Moving a server, database, application, or all the above to the cloud is not without danger. System interruptions, efficiency destruction, data loss and more are likely to occur as a result of misconfigurations, system failures, and security exploits.

Case in point: 43% of those who have actually gone through a cloud asset migration have actually experienced a failed or delayed application. Why is this? Due to the fact that each asset migration is a ‘snowflake’ with its own level of complexity.

Let’s look at 3 areas to think about for effective cloud asset migration.

1. Have a Strategy

First, there has to be a strategic migration strategy. That plan must help address concerns like the following:

Which IT assets should be moved in the first place?
If you are moving some, or all, of your infrastructure to the cloud, how will you develop and maintain asset control?
How will you identify what you have – prior to and after the relocation?
Do you even have to move all of it?
What is the first thing to move?

2. Clean Up What remains in Place Now

To address these strategic questions successfully, you’ll need conclusive visibility into each asset under roof now, as well as pertinent attributes of each asset. Whether your assets today are operating on physical or virtual server infrastructure, you need to understand:

What assets exist today? Discover all the linked assets and understand whether they are currently handled and unmanaged.
Identify low usage and/or unused systems. Should these systems be gotten rid of or repurposed prior to migration?
Recognize low use and/or unused applications. Are these applications needed at all? Should they be eliminated prior to migration?
Identify and tidy up areas of duplication, be it systems and/or applications.
Now identify those business-critical systems and applications that will now be moved as part of your strategy. With this detailed asset data in hand, you can hone your migration method by segmenting what must – and must not be migrated – or at least crisply focus on based on service value.

3. Plan for Cloud Visibility Post Migration

Now that you’re equipped with extensive, accurate existing and historic asset data, how will you preserve this level of visibility after your effective cloud asset migration?

While the expense benefits of moving to the cloud are often exceptionally compelling, unchecked asset/ virtual machine proliferation can rapidly deteriorate those cost benefits. So, prior to executing your cloud asset migration, make certain you have a cloud visibility service in place that:

Finds/ monitors all connected assets across your single or multi-cloud environment
Records, fingerprints, and categorizes discovered assets
Informs on brand-new or unexpected asset discovery and/or behavior within the cloud environment
Integrates with existing ticketing, workflow, and/or CMDB systems

Cloud Visibility and Security with Ziften

Continuous cloud visibility into each device, user, and application implies you can administer all elements of your infrastructure more effectively. You’ll avoid wasting resources by avoiding VM expansion, plus you’ll have a detailed body of data to comply with audit requirements for NIST 800-53, HIPAA, and other compliance policies.

Follow the above when you move to the cloud, and you’ll avoid weak security, incomplete compliance, or operational problems. Ziften’s technique to cloud visibility and security offers you the intelligence you require for cloud asset migration without the headaches.

Top Security Opportunity Only For Microsoft Channel Partners – Charles Leaver

Written By Greg McCreight And Presented By Charles Leaver


Windows Defender Advanced Threat Protection (WDATP) is very good, popular with Microsoft channel partners around the globe. It is probable that you’re currently working with Microsoft clients to set up and look after WDATP on their Windows endpoints.

I’m delighted to inform you about a new chance: Get a quick start with an industry-leading solution that integrates right into WDATP: Ziften Zenith. For a restricted time, Microsoft channel partners can utilize our brand-new “Fast Start” program to onboard with Ziften.

With “Fast Start,” you take pleasure in all the advantages of Ziften’s top tier partner status for a complete year, and we’ll assist you to get up to speed rapidly with joint market and business advancement resources – and with a waiver of the usual sales volume dedication associated with Gold Status.

If you don’t know Ziften, we provide infrastructure visibility and collaborated danger detection, prevention, and response throughout all endpoint devices and cloud environments. Zenith, our flagship security platform, easily deploys to client devices, virtual machines and servers.

When installed, Zenith constantly collects all the info essential to accurately assess the present and historic state of all managed devices consisting of system, user habits, network connectivity, application, binary, and process data. Zenith provides your customers’ IT and security teams with constant visibility and control of all handled assets including continuous monitoring, notifying, and automated or manual actions.

Zenith is cross-platform – it operates with and protects Windows, Mac, Linux, and other end points.

What’s especially noteworthy – and here’s the opportunity – is that Ziften has actually teamed up with Microsoft to incorporate Zenith with Windows Defender ATP. That indicates your customers can utilize WDATP on Windows systems and Zenith on their macOS and Linux systems to discover, view, and respond to cyberattacks all using just the WDATP Management Console for all the systems. Zenith is hidden in the background.

A single pane of glass, to handle Windows, Mac, Linux end points, which can include desktops, laptops, and servers. That makes Zenith the best option to provide to your existing WDATP customers… and to make your bids for new WDATP business more comprehensive for multi platform business potential customers.

Furthermore, offering Zenith can assist you speed customer migrations to Windows 10, and sell more Enterprise E5 commercial editions.

” Fast Start” with Gold Status for a Year

Ziften is totally concentrated on the channel: 96% of our sales in 2017 were through the channel. We are very excited to bring the “Fast Start” program to current Microsoft channel partners, throughout the world.

With “Fast Start,” you can sign up for the Ziften Channel Program with these advantages:

Expedited Acceptance and On-Boarding – Ziften channel managers and field sales work straight with you to get up and running providing the Zenith endpoint security service integrated with Windows Defender ATP.

Superior Security Worth – You’ll be distinctively positioned to provide clients and potential customers higher security worth across more of their overall environment than ever, increasing the variety of supported and secured Windows, Mac, and Linux systems.

Hands-On Partnership – Ziften dedicates field sales, sales engineers, and marketing to support your day-to-day pre-sales engagements, drive new sales opportunities, and assist to close more deals with Microsoft and Ziften endpoint security.

Here’s exactly what one significant Microsoft channel partner, states about this – this is Ronnie Altit, founder and CEO of Insentra, a “partner-obsessed” Australian IT services business that works specifically through the IT channel:

” As a large Microsoft reseller, teaming with Ziften to offer their Zenith security platform incorporated with Microsoft Windows Defender ATP was a no-brainer. We’re thrilled at the smooth integration between Zenith and Windows Defender ATP providing our customers holistic protection and visibility throughout their Windows and non-Windows systems. Ziften has actually been a pleasure to work with, and supportive at every step of the procedure. We anticipate to be incredibly successful offering this powerful security solution to our customers.”

Girl Scouts And Cybersecurity What It Means For Women – Charles Leaver

Written By Kim Foster And Presented By Charles Leaver


It’s obvious that cybersecurity is getting more international attention than ever before, and businesses are truly concerned if they are training sufficient security professionals to satisfy growing security risks. While this concern is felt across the commercial world, numerous people did not anticipate Girl Scouts to hear the call.

Beginning this fall, countless Girl Scouts across the country have the opportunity to receive cybersecurity badges. Girl Scouts of the United States partnered with Security Business (and Ziften tech partner) Palo Alto Networks to develop a curriculum that informs girls about the fundamentals of computer security. In accordance with Sylvia Acevedo, CEO of GSUSA, they developed the program based upon demand from the ladies themselves to protect themselves, their computers, and their family networks.

The timing is good, given that in accordance with a study released in 2017 by (ISC), 1.8 million cybersecurity positions will be unfilled by 2022. Factor in increased need for security pros with stagnant growth for women – only 11 percent for the past several years – our cybersecurity staffing problems are poised to get worse without significant effort on behalf of the market for better addition.

Obviously, we can’t depend on the Girl Scouts to do all of the heavy lifting. Wider instructional efforts are a given: according to the Computing Technology Industry Association, 69 percent of U.S. ladies who do not have a profession in information technology pointed out not knowing what chances were readily available to them as the factor they did not pursue one. One of the excellent untapped opportunities of our market is the recruitment of more diverse experts. Targeted curricula and increased awareness should be high concern. Raytheon’s Women Cyber Security Scholarship is a fine example.

To gain the benefits of having females invested in shaping the future of technology, it’s important to dispel the exclusionary understanding of “the boys’ club” and remember the groundbreaking contributions made by ladies of the past. Lots of people understand that the first computer programmer was a woman – Ada Lovelace. Then there is the work of other famous leaders such as Grace Hopper, Hedy Lamarr, or Ida Rhodes, all who may evoke some vague recollection among those in our industry. Female mathematicians created programs for one of the world’s very first completely electronic general-purpose computers: Kay McNulty, Jean Jennings Bartik, Betty Snyder, Marlyn Meltzer, Fran Bilas, and Ruth Lichterman were just a few of the very first programmers of the Electronic Numerical Integrator and Computer (better called ENIAC), though their crucial work was not extensively recognized for over half a century. In fact, when historians first found photos of the females in the mid-1980s, they mistook them for “Fridge Ladies” – models posing in front of the machines.

It’s worth keeping in mind that many believe the very same “boys’ club” mindset that neglected the accomplishments of ladies in history has actually resulted in restricted leadership positions and lower incomes for modern-day ladies in cybersecurity, in addition to outright exclusion of female luminaries from speaking chances at market conferences. As patterns go, omitting bright people with relevant understanding from influencing the cybersecurity market is an unsustainable one if we want to keep up with the cybercriminals.

Whether or not we jointly act to promote more inclusive work environments – like informing, recruiting, and promoting ladies in larger numbers – it is heartening to see a company associated with fundraising event cookies successfully notify an entire market to the fact that women are really interested in the field. As the Girls Scouts of today are given the tools to pursue a career in information security, we should anticipate that they will become the very females who eventually reprogram our expectations of exactly what a cybersecurity professional looks like.

Prevent A Security Risk To Your Enterprise By Checking Macs – Charles Leaver

Written By Roark Pollock And Presented By Charles Leaver


Got Macs? Great. I also own one. Have you locked your Macs down? If not, your business has a possibly serious security weakness.

It’s a fallacy to believe that Macintosh computer systems are naturally protected and don’t have to be safeguarded against hacking or malware. People think Macs are certainly arguably more safe and secure than Windows desktops and notebooks, due to the style of the Unix-oriented kernel. Certainly, we see fewer security patches issued for macOS from Apple, compared to security patches for Windows from Microsoft.

Less security problems is not zero defects. And safer doesn’t imply complete safety.

Examples of Mac Vulnerabilities

Take, for example, the macOS 10.13.3 update, issued on January 23, 2018, for the present versions of the Mac’s os. Like a lot of current computer systems running Intel processors, the Mac was vulnerable to the Meltdown flaw, which implied that harmful applications may be able to read kernel memory.

Apple had to patch this defect – as well as numerous others.

For example, another defect might permit destructive audio files to execute arbitrary code, which could violate the system’s security integrity. Apple needed to patch it.

A kernel defect indicated that a harmful application may be able to execute arbitrary code with kernel privileges, offering hackers access to anything on the device. Apple had to patch the kernel.

A defect in the WebKit library implied that processing maliciously crafted web material might cause random code execution. Apple had to patch WebKit.

Another defect implied that processing a harmful text message may lead to application denial of service, locking up the system. Whoops. Apple had to patch that flaw as well.

Don’t Make The Exact Same Mistakes as Consumers

Many customers, believing all the discussions about how terrific macOS is, decide to run without protection, relying on the macOS and its integrated application firewall software to obstruct all manner of bad code. Problem: There’s no built-in anti virus or anti malware, and the firewall software can just do so much. And many enterprises wish to ignore macOS when it concerns visibility for posture tracking and hardening, and risk detection/ danger hunting.

Customers often make these assumptions due to the fact that they have no idea any better. IT and Security specialists ought to never ever make the very same errors – we should know much better.

If a Mac user installs bad software applications, or includes a malicious browser extension, or opens a bad email attachment, or clicks on a phishing link or a nasty advertisement, their device is corrupted – just like a Windows computer. However within the enterprise, we need to be prepared to handle these concerns, even with Mac computers.

So What Do You Do?

What do you need to do?

– Install anti-virus and anti malware on corporate Mac computers – or any Mac that has access to your company’s material, servers, or networks.
– Track the state of Mac computers, much like you do with Windows computers.
– Be proactive in applying fixes and patches to Macs, once again, similar to with Windows.

You ought to also get rid of Mac computers from your corporate environment which are too old to run the current variation of macOS. That’s a great deal of them, since Apple is respectable at keeping hardware that is older. Here is Apple’s list of Mac designs that can run macOS 10.13:

– MacBook (Late 2009 or more recent).
– MacBook Pro (Mid 2010 or newer).
– MacBook Air (Late 2010 or more recent).
– Mac mini (Mid 2010 or more recent).
– iMac (Late 2009 or newer).
– Mac Pro (Mid 2010 or newer).

When the next variation of macOS comes out, a few of your older computers may drop off the list. They need to fall off your inventory as well.

Ziften’s Perspective.

At Ziften, with our Zenith security platform, we work hard to preserve visibility and security function parity in between Windows systems, macOS systems, and Linux-based systems.

In fact, we’ve partnered with Microsoft to integrate our Zenith security platform with Microsoft Windows Defender Advanced Threat Protection (ATP) for macOS and Linux monitoring and threat detection and response coverage. The integration allows consumers to identify, see, examine, and react to innovative cyber attacks on macOS computers (as well as Windows and Linux-based endpoints) straight within the Microsoft WDATP Management Console.

From our viewpoint, it has actually constantly been important to offer your security groups confidence that every desktop/ notebook endpoint is secured – and therefore, the enterprise is protected.

It can be hard to believe, 91% of businesses say they have a number of Macs. If those Macs aren’t protected, and also properly integrated into your endpoint security systems, the enterprise is not protected. It’s just that basic.

Security Problems Need Resolving Through Strategic Alliances – Charles Leaver

Written By Charles Leaver


Nobody can fix cybersecurity alone. No single solution business, no single company, nobody can take on the entire thing. To deal with security requires cooperation between different players.

Often, those companies are at different levels of the solution stack – some set up on endpoints, some within applications, others within network routers, others at the telco or the cloud.

Often, those players each have a particular best of breed piece of the puzzle: one player concentrates on e-mail, others in crypto, others in disrupting the kill chain.

From the business customer’s perspective, efficient security needs assembling a set of tools and services into a working whole. Speaking from the vendors’ viewpoint, effective security requires tactical alliances. Sure, each vendor, whether making hardware, composing software applications, or providing services, has its own solutions and intellectual property. Nevertheless, we all work much better when we work together, to enable integrations and make life simple for our resellers, our integrators- and that end consumer.

Paradoxically, not just can vendors make more cash through tactical alliances, but end customers will conserve cash at the same time. Why? A number of factors.

Clients do not waste their cash (and time) with products which have overlapping capabilities. Customers don’t have to waste profits (and time) creating customized integrations. And clients won’t waste cash (and time) attempting to debug systems that fight each other, such as by causing extra notifications or hard to find incompatibilities.

It’s the Trifecta – Products, Solutions, and Channels

All three work together to satisfy the requirements of the business customer, and also benefit the suppliers, who can focus on doing what they do best, relying on tactical alliances to produce complete services out of jigsaw puzzle pieces.

Generally speaking, those services require more than easy APIs – which is where strategic alliances are so important.

Think about the integration in between solutions (like a network risk scanner or Ziften’s endpoint visibility solutions) and analytics options. End customers don’t want to operate a whole load of various dashboards, and they don’t wish to by hand correlate anomaly findings from a dozen various security tools. Strategic alliances between solution vendors and analytics solutions – whether on-site or in the cloud – make good sense for everyone. That includes for the channel, who can provide and support complete options that are currently dialed in, already debugged, currently recorded, and will deal with the least difficulty possible.

Or think about the integration of solutions and managed security services providers (MSSPs). They wish to offer prospective clients pre-packaged options, preferably which can run in their multi-tenant clouds. That implies that the items need to be scalable, with synergistic license terms. They should be well-integrated with the MSSP’s existing dashboards and administrative control systems. And obviously, they have to feed into predictive analytics and occurrence response programs. The very best way to do that? Through strategic alliances, both horizontally with other solution vendors, and with significant MSSPs as well.

What about significant value-added resellers (VAR)? VARs require products that are easy to understand, easy to support, and easy to include into existing security implementations. This makes brand-new products more attractive, more economical, easier to set up, much easier to support – and strengthen the VAR’s consumer relationships.

What do they search for when adding to their solution portfolio? New solutions that have tactical alliances with their existing solution offerings. If you do not fit in to the VAR’s portfolio partners, well, you probably don’t fit in.

Two Examples: Fortinet and Microsoft

Nobody can fix cybersecurity alone, and that includes giants like Fortinet and Microsoft.

Consider the Fortinet Fabric-Ready Partner Program, where innovation alliance partners integrate with the Fortinet Security Fabric via Fabric APIs and have the ability to actively collect and share info to improve danger intelligence, boost overall risk awareness, and widen threat response from end to end. As Fortinet discusses in their Fortinet Fabric-Ready Partner Program Overview, “partner addition in the program signals to clients and the market as a whole that the partner has collaborated with Fortinet and leveraged the Fortinet Fabric APIs to develop confirmed, end-to-end security services.”

Similarly, Microsoft is pursuing a similar method with the Windows Defender Advanced Threat Protection program. Microsoft just recently picked only a few key partners into this security program, saying, “We have actually heard from our customers that they desire defense and visibility into prospective risks on all of their device platforms and we have actually relied on partners to help resolve this need. Windows Defender ATP provides security groups a single pane of glass for their endpoint security and now by working together with these partners, our consumers can extend their ATP service to their entire set up base.”

We’re the first to admit: Ziften can’t fix security alone. Nobody can. The very best way forward for the security market is to move on together, through strategic alliances uniting item vendors, service providers, and the channel. That way, we all win, suppliers, service providers, channel partners, and enterprise clients alike.

How Flexible Is Your SysSecOps? – Charles Leaver

Written By Charles Leaver


You will find that endpoints are all over. The device you’re reading this on is an endpoint, whether it’s a desktop, notebook, tablet, or phone. The A/C controller for your structure is an endpoint, presuming it’s linked to a network, and the WiFi access points and the security electronic cameras too. So is the linked automobile. So are the Web servers, storage servers, and Active Directory servers in the data center. So are your IaaS/PaaS services in the cloud, where you have control of bare-metal servers, VMware virtual machines, or containers running on Windows and/or Linux.

All of them are endpoints, and every one is necessary to manage.

They need to be managed from the IT side (from IT administrators, who ideally have proper IT-level visibility of each linked thing like those security electronic cameras). That management suggests ensuring they’re connected to the ideal network zones or VLANs, that their software and configurations are up to date, that they’re not creating a flood on the network with bad packets because of electrical faults etc.

Those endpoints also have to be managed from the security perspective by CISO teams. Every endpoint is a potential front door into the business network, which suggests the devices must be locked down – no default passwords, all security patches applied, no unauthorized software applications set up on the device’s ingrained web server. (Kreb’s outlines how, in 2014, hackers got into Target’s network by means of its HEATING AND COOLING system.).

Systems and Security Operations.

Systems Security Operations, or SysSecOps, brings those 2 worlds together. With the ideal type of SysSecOps frame of mind, and tools that support the correct workflows, IT and security employees get the exact same data and can team up together. Sure, they each have various tasks, and respond in a different way to difficulty alerts, but they’re all handling the same endpoints, whether in the pocket, on the desk, in the energy closet, in the data center, or in the cloud.

Ziften Zenith Test Report.

We were delighted when the just recently released Broadband-Testing report praised Zenith, Ziften’s flagship end-point security and management platform, as being ideal for this type of circumstance. To quote from the current report, “With its Zenith platform, Ziften has a product that ticks all the SysSecOps boxes and more. Considering that its meaning of ‘endpoints’ extends into the Data Centre (DC) and the world of virtualisation, it is true blanket coverage.”.

Broadband-Testing is an independent testing center and service based in Andorra. They describe themselves as, “Broadband-Testing interacts with vendors, media, investment groups and VCs, experts and consultancies alike. Evaluating covers all aspects of networking software and hardware, from ease of use and performance, through to increasingly essential aspects such as device power consumption measurement.”

Back to flexibility. With endpoints everywhere (again, on the desk, in the utility closet, in the data center, or in the cloud), a SysSecOps-based endpoint security and management system need to go all over and do anything, at scale. Broadband-Testing wrote:

“The configuration/deployment options and architecture of Ziften Zenith allow for a very flexible release, on or off-premise, or hybrid. Agent implementation is simpleness itself with absolutely no user requirements and no endpoint intrusion. Agent footprint is also very little, unlike numerous endpoint security services. Scalability likewise seems excellent – the most significant client implementation to this day remains in excess of 110,000 endpoints.”

We can’t help but be proud of our product Zenith, and exactly what Broadband-Testing concluded:

“The emergence of SysSecOps – integrating systems and security operations – is an uncommon milestone in IT; a hype-free, good sense approach to refocusing on how systems and security are managed inside a business.

Key to Ziften’s endpoint approach in this category is overall visibility – after all, how can you secure what you cannot see or have no idea is there in the first place? With its Zenith platform, Ziften has a product that ticks all the SysSecOps boxes and more.

Release is simple, specifically in a cloud-based circumstance as evaluated. Scalability also looks to be excellent – the most significant consumer deployment to this day is in excess of 110,000 endpoints.

Data analysis choices are extensive with a huge amount of info available from the Ziften console – a single view of the entire endpoint infrastructure. Any object can be analysed – e.g. Binaries, applications, systems – and, from a procedure, an action can be specified as an automated function, such as quarantining a system in case of a potentially destructive binary being discovered. Multiple reports are pre-defined covering all areas of analysis. Alerts can be set for any occurrence. In addition, Ziften supplies the concept of extensions for custom data collection, beyond the reach of the majority of suppliers.

And with its External API performance, Ziften-gathered endpoint data can be shared with most 3rd party applications, consequently adding additional value to a consumer’s existing security and analytics infrastructure financial investment.

In general, Ziften has a very competitive offering in what is an extremely worthwhile and emerging IT category through SysSecOps that is very worthy of examination.”.

We hope you’ll consider an assessment of Zenith, and will concur that when it concerns SysSecOps and endpoint security and management, we do tick all the boxes with the true blanket coverage that both your IT and CISO groups have been searching for.