Cyber Attacks Can Be Prevented If You Take These Actions – Charles Leaver

Written By Charles Leaver CEO Ziften


No company, however small or big, is resistant from a cyberattack. Whether the attack is started from an external source or from an insider – no organization is fully protected. I have lost count of the number of times that executives from organizations have said to me, “why would anybody want to attack us?”

Cyberattacks Can Take Lots of Forms

The expansion of devices that can connect to organization networks (laptop computers, smart phones and tablets) suggest an increased threat of security vulnerabilities. The objective of a cyberattack is to make use of those vulnerabilities.


Among the most typical cyberattack methods is making use of malware. Malware is code that has a harmful intent and can consist of viruses, Trojans and worms. The objective with malware is typically to steal sensitive data or even ruin computer networks. Malware is often in the type of an executable file that will spread throughout your network.

Malware is ending up being a lot more sophisticated, and now there is rogue malware that will masquerade itself as genuine security software that has actually been designed to protect your network.

Phishing Attacks

Phishing attacks are likewise common. Frequently it’s an email that is sent out from a supposedly “trusted authority” asking that the user supply personal data by clicking a link. Some of these phishing emails look extremely genuine and they have fooled a great deal of users. If the link is clicked and data input the information will be stolen. Today an increasing number of phishing e-mails can include ransomware.

Password Attacks

A password attack is among the simplest types of cyber attacks. This is where an unauthorized third party will try to get to your systems by “cracking” the login password. Software applications can be utilized here to carry out brute force attacks to predict passwords, and mix of words utilized for passwords can be compared using a dictionary file.

If an attacker gains access to your network through a password attack then they can quickly introduce malicious malware and trigger a breach of your sensitive data. Password attacks are one of the simplest to avoid, and rigorous password policies can provide an extremely reliable barrier. Altering passwords frequently is likewise advised.

Denial of Service

A Denial of Service (DoS) attack is all about causing maximum disturbance of the network. Attackers will send out really high amounts of traffic through the network and normally make lots of connection requests. The result is an overload of the network and it will shut down.

Multiple computer systems can be used by cyber attackers in DoS attacks that will create very significant levels of traffic to overload the network. Just recently the largest DoS attack in history utilized botnets versus Krebs On Security. On a regular basis, endpoint devices connected to the network such as PC’s and laptop computers can be hijacked and will then contribute to the attack. If a DoS attack is experienced, it can have major effects for network security.

Man in the Middle

Man in the middle attacks are accomplished by impersonating endpoints of a network during an information exchange. Details can be stolen from the end user or even the server that they are interacting with.

How Can You Completely Avoid Cyber Attacks?

Complete avoidance of a cyber attack is impossible with present innovation, but there is a lot that you can do to protect your network and your sensitive data. It is essential not to believe that you can just purchase and install a security software application suite then sit back. The more sophisticated cyber lawbreakers understand all of the security software systems in the marketplace, and have actually designed approaches to get around the safeguards that they provide.

Strong and frequently changed passwords is a policy that you need to adopt, and is among the easiest safeguards to put in place. The encryption of your delicate data is another no-brainer. Beyond setting up antivirus and malware defense suites in addition to a good firewall software program, you ought to make sure that routine backups remain in place and also you have a data breach event response/remediation strategy in case the worst takes place. Ziften helps businesses continuously monitor for threats that might get through their defenses, and take action right away to get rid of the threat completely.

To Avoid Security And Compliance Nightmares Do This Before Cloud Migration – Charles Leaver

Written By Logan Gilbert And Posted By Charles Leaver Ziften CEO


Fears Over Compliance And Security Keep Companies From Cloud Migration

Migrating parts of your IT operations to the cloud can appear like a big chore, and an unsafe one at that. Security holes, compliance record keeping, the danger of introducing errors into your architecture … cloud migration provides a great deal of hairy issues to deal with.

If you’ve been wary about moving, you’re not alone – however aid is on the way.

When Evolve IP surveyed 1,000+ IT pros previously this year for their Adoption of Cloud Services North America report, 55 percent of those polled said that security is their biggest issue about cloud adoption. For organizations that do not currently have some cloud existence, the number was even greater – 70%. The next biggest barrier to cloud adoption was compliance, mentioned by 40 percent of respondents. (That’s up eleven percent this year.).

However here’s the larger problem: If these concerns are keeping your company from the cloud, you can’t make the most of the efficiency and expense advantages of cloud services, which ends up being a tactical impediment for your whole organization. You require a method to move that likewise answers issues about security, compliance, and operations.

Improved Security in Any Environment With Endpoint Visibility.

This is where endpoint visibility comes in. Being able to see what’s going on with every endpoint gives you the visibility you need to enhance security, compliance, and functional efficiency when you migrate your data center to the cloud.

And I mean any endpoint: desktop computer, laptop computer, mobile phone, server, VM, or container.

As a long period of time IT professional, I comprehend the temptation to think you have more control over your servers when they’re secured in a closet and you’re the one who holds the keys. Even when you understand that segments of your environment rely on kludges, they’re your kludges, and they’re stable. Plus, when you’re running your very own data center – unlike when you remain in the cloud – you can utilize network taps and a whole host of tracking tools to look at traffic on the wire, figure out a good deal about who’s talking to whom, and repair your problems.

But that level of info fades in comparison to endpoint visibility, in the data center or in the cloud. The granularity and control of Ziften’s solution offers you a lot more control than you could ever get with a network tap. You can discover malware and other problems anywhere (even off your network), isolate them instantly, then track them back to whichever user, application, device, or procedure was the weak link in the chain. Ziften provides the capability to carry out look back forensics and to rapidly repair problems in much less time.

Removing Your Cloud Migration Nightmares.

Endpoint visibility makes a huge difference anytime you’re ready to move a segment of your environment to the cloud. By evaluating endpoint activity, you can develop a baseline stock of your systems, clean out unmanaged assets such as orphaned VMs, and hunt down vulnerabilities. That gets all assets protected and steady within your own data center prior to your move to a cloud service provider like AWS or Azure.

After you have actually moved to the cloud, ongoing visibility into each application, device and user suggests that you can administer all parts of your infrastructure more effectively. You prevent wasting resources by preventing VM expansion, plus you have an in-depth body of data to satisfy the audit requirements for NIST 800-53, HIPAA, and other compliance guidelines.

When you’re ready to move to the cloud, you’re not destined to weak security, insufficient compliance, or functional SNAFUs. Ziften’s technique to endpoint security gives you the visibility you need for cloud migration without the headaches.

See All Of Your Endpoint Activity And Act Rapidly If Events Occur – Charles Leaver

Written By Logan Gilbert And Presented By Charles Leaver


Ziften helps with event response, removal, and investigation, even for endpoints that are not connected to your network.

When events occur, security analysts have to act quickly and comprehensively.

With telecommuting workforces and corporate “cloud” infrastructures, remediation and analysis on an endpoint pose a really daunting task. Below, watch how you can utilize Ziften to act on the endpoint and determine the origin and proliferation of a compromise in minutes – no matter where the endpoints reside.

Initially, Ziften informs you to harmful activities on endpoints and steers you to the cause of the alarm. In seconds, Ziften lets you take removal actions on the endpoint, whether it’s on the organization network, a worker’s home, or the local cafe. Any remediation action you ‘d usually perform through a direct access to the endpoint, Ziften provides through its web console.

Just that rapidly, removal is looked after. Now you can utilize your security proficiency to go danger searching and conduct a bit of forensics work. You can right away dive into much more information about the procedure that led to the alert; then ask those essential questions to find how extensive the issue is and where it propagated from. Ziften delivers thorough incident removal for security experts.

See directly how Ziften can help your security team zero in on dangers in your environment with our Thirty Days free trial.

Reviewing OPM Breach Provides Clear Messages For CISO’s – Charles Leaver

Written by Dr Al Hartmann And Presented By Ziften CEO Charles Leaver


Cyber attacks, credited to the Chinese federal government, had actually breached sensitive personnel databases and stolen data of over 22 million present, previous, and prospective U.S. civil servants and family members. Stern warnings were overlooked from the Office of the Inspector General (OIG) to close down systems without existing security authorization.

Presciently, the OIG particularly cautioned that failure to close down the unapproved systems brought national security ramifications. Like the captain of the Titanic who kept flank speed through an iceberg field, the OPM responded,

” We agree that it is very important to preserve up-to-date and valid ATO’s for all systems but do not think that this condition rises to the level of a Material Weakness.”

Furthermore the OPM stressed that closing down those systems would suggest a lapse in retirement and worker benefits and incomes. Given a choice in between a security lapse and an operational lapse, the OPM chose to operate insecurely and were pwned.

Then director, Katherine Archuleta, resigned her office in July 2015, a day after exposing that the scope of the breach significantly exceeded initial assessments.

Despite this high worth information kept by OPM, the agency cannot focus on cyber security and properly safe and secure high value data.

Exactly what Can CISO’s learn from this?

Logical CISO’s will wish to prevent career immolation in an enormous flaming data breach disaster, so let’s rapidly examine the essential lessons from the Congressional report executive summary.

Focus on Cybersecurity Commensurate with Asset Value

Have an efficient organizational management structure to implement risk-appropriate IT security policies. Chronic absence of compliance with security best practices and lagging suggestion application timelines are signs of organizational failure and bureaucratic atherosclerosis. Shock the company or make preparations for your post-breach panel grilling before the inquisitors.

Do Not Endure a Lax State of Info Security

Have the needed tracking in place to maintain crucial situational awareness, leave no visibility gaps. Don’t fail to comprehend the scope or extent or gravity of cyber attack signs. Presume if you recognize attack indications, there are other indications you are missing out on. While OPM was forensically observing one attack channel, another parallel attack went unseen. When OPM did take action the hackers understood which attack had actually been identified and which attack was still successful, rather important intelligence to the opponent.

Mandate Basic Required Security Tools and Quickly Implement State Of The Art Security Tools

OPM was incredibly negligent in deploying mandated multi-factor authentication for privileged accounts and didn’t release available security technology that might have prevented or alleviated exfiltration of their most important security background investigation files.

For restricted data or control access authentication, the phrase “password safeguarded” has actually been an oxymoron for years – passwords are not security, they are an invitation to compromise. In addition to adequate authentication strength, total network monitoring and visibility is requisite for avoidance of sensitive data exfiltration. The Congressional investigation blamed sloppy cyber hygiene and inadequate system traffic visibility for the opponents’ persistent presence in OPM networks.

Do Not Fail to Intensify the Alarm When Your Most Delicate Data Is Under Attack

In the OPM breach, observed attack activity “need to have sounded a high level multi agency nationwide security alarm that a sophisticated, relentless actor was seeking to gain access to OPM’s highest-value data.” Instead, nothing of consequence was done “until after the agency was severely compromised, and until after the agency’s most sensitive information was lost to dubious actors.” As a CISO, activate that alarm in good time (or rehearse your panel look face).

Finally, don’t let this be stated of your business security posture:

The Committee acquired documents and statements showing OPM’s info security posture was undermined by an incredibly unsecured IT environment, internal politics and bureaucracy, and inappropriate priorities related to the implementation of security tools that slowed essential security choices.

Why Cloud Visibility Is Essential For The Security Of Your Data – Charles Leaver

Written By Charles Leaver CEO Ziften


What Worries Enterprise CISOs When Migrating To The Cloud

Migrating to the cloud offers a variety of advantages to enterprise companies, but there are real security problems that make switching over to a cloud environment uneasy. What CISOs desire when moving to the cloud is continuous insight into that cloud environment. They need a method to monitor and measure risk and the confidence that they have the appropriate security controls in place.

Increased Security Threat

Migration to the cloud indicates using managed IT services and lots of people believe this indicates relinquishing a high level of visibility and control. Although the leading cloud providers utilize the latest security technology and file encryption, even the most up to date systems can fail and expose your delicate data to the hackers.

In reality, cloud environments go through comparable cyber dangers as private enterprise data centers. However, the cloud is ending up being a more appealing target due to the substantial amount of data that has actually been stored on servers in the cloud.

Attackers understand that enterprises are gradually migrating to the cloud, and they are currently targeting cloud environments. Alert Logic, a security as a service provider, released a report that concluded that those who make IT choices need to not assume that their data that is saved off site is harder for cyber lawbreakers to obtain.

The report went on to mention that there had actually been a 45% increase in application attacks against implementations in the cloud. There had actually also been an increase in attack frequency on organizations that store their infrastructure in the cloud.

The Cloud Is a Jackpot

With the moving of important data, production workloads, and software applications to cloud environments these revelations should not come as a surprise. A declaration from the report said, “… hackers, like everyone else, have a minimal amount of time to complete their task. They wish to invest their time and resources into attacks that will bear the most fruit: organizations utilizing cloud environments are mostly considered that fruit bearing jackpot.”

The report also recommends that there is a misunderstanding within organizations about security. A number of organization decision makers were under the impression that as soon as a cloud migration had taken place then the cloud provider would be totally responsible for the security of their data.

Security in The Cloud Has to Be A Shared Responsibility

All organizations must take responsibility for the security of their data whether it is hosted on site or in the cloud. This obligation can not be totally relinquished to a cloud company. If your company struggles with a data breach while utilizing cloud management services, it is not likely that you would be able to avert responsibility.

It is vital that every business completely understands the environment and the risks that are connected with cloud management. There can be a myriad of legal, monetary, commercial, and compliance risks. Before moving to the cloud make sure to scrutinize contracts so that the provider’s liability is totally understood if a data breach were to take place.

Vice president of Alert Logic Will Semple stated, “the secret to safeguarding your crucial data is being knowledgeable about how and where along the ‘cyber kill chain’ cyber attackers penetrate systems and to use the right security tools, practices and resource investment to combat them.”

Cloud Visibility Is The Key

Whether you are utilizing cloud management services or are hosting your very own infrastructure, you require complete visibility within your environment. If you are thinking about the migration of part – or all – of your environment to the cloud then this is important.

After a cloud migration has occurred you can count on this visibility to monitor each user, device, application, and network activity for prospective threats and possible hazards. Therefore, the administration of your infrastructure ends up being a lot more efficient.

Do not let your cloud migration lead to weakened security and incomplete compliance. Ziften can help preserve cloud visibility and security for your existing cloud implementations, or future cloud migrations.

Your Endpoint Management System Is Essential To Prevent Cyber Attacks – Charles Leaver

Written By Charles Leaver, CEO Ziften


Identify and control any device that needs access to your organization’s network.

When an organization becomes larger so does its asset footprint, and this makes the task of handling the entire set of IT assets a lot more challenging. IT management has actually changed from the days where IT asset management included keeping records of devices such as printers, making an inventory of all installed applications and ensuring that antivirus suites were updated.

Today, organizations are under constant threat of cyber attacks and using destructive code to penetrate the corporate network. Many devices now have network access abilities. Gone are the days when only desktop PC’s connected to an enterprise network. Now there is a culture of bring your own device (BYOD) where mobile phones, tablets and laptops are all likely to connect to the network.
While this offers versatility for the companies with the ability for users to link from another location, it opens up a whole new series of vulnerabilities as these various endpoints make the issue of corporate IT security a great deal more complex.

What Is Endpoint Management?

It is essential that you have actually a policy based method to the endpoint devices that are linked to your network to decrease the threat of cyber attacks and data breaches. The use of laptop computers, tablets, cell phones and other devices may be convenient, however they can expose organizations to a huge range of security dangers. The main objective of a sound endpoint management technique must be that network activities are carefully kept track of and unauthorized devices can not access the network.

A lot of endpoint management software is likely to check that the device has an operating system that has been authorized, in addition to antivirus software applications, and take a look at the device for updated private virtual network systems.

Endpoint management services will determine and manage any device that needs access to the organization’s network. If anybody is attempting to access the enterprise environment from a non certified device they will be rejected. This is essential to combat attacks from cyber bad guys and infiltrations from malicious groups.

Any device which does not abide by endpoint management policies are either quarantined or approved limited access. Local administrative rights may be removed and searching the Web restricted.

Organizations Can Do More

There are a variety of strategies that a company can use as part of their policy on endpoint management. This can consist of firewalls (both network and individual), the encryption of delicate data, more powerful authentication approaches which will definitely consist of using hard to crack passwords that are frequently altered and device and network level antivirus and anti malware protection.

Endpoint management systems can work as a client and server basis where software is released and centrally handled on a server. The client program will need to be installed on all endpoint devices that are licensed to access the network. It is likewise possible to use a software as a service (SaaS) design of endpoint management where the supplier of the service will host and maintain the server and the security applications remotely.

When a client device tries a log in then the server based application will scan the device to see if it complies with the company’s endpoint management policy, and after that it will verify the credentials of the user prior to access to the network can be granted.

The Problem With Endpoint Management Systems

Most businesses see security software applications as a “complete treatment” but it is not that clear cut. Endpoint security software that is bought as a set and forget system will never suffice. The knowledgeable cyber attackers out there understand about these software systems and are establishing malicious code that will evade the defenses that a set and forget application can offer.

There needs to be human intervention and Jon Oltsik, contributor at Network World said “CISOs need to take ownership of endpoint security and designate a group of professionals who own endpoint security controls as part of a total obligation for event prevention, detection, and response.”

Ziften’s endpoint security systems provide the continuous monitoring and look-back visibility that a cyber security group needs to find and act on to prevent any malicious infiltrations spreading out and stealing the delicate data of the company.

Adaptive Response Is The Future Of Cyber Security Splunk.conf 2016 – Charles Leaver

Written By Michael Vaughn And Presented By Charles Leaver Ziften CEO

All the most recent achievements from Splunk

Last week I went to the yearly Splunk conference in the excellent sunshine state – Florida. The Orlando-based occasion allowed for Splunkers from around the globe to familiarize themselves with the latest and most successful offerings from Splunk. Although there were a variety of enjoyable activities throughout the week, it was clear that participants were there to learn. The statement of Splunk’s security-centric Adaptive Response initiative was popular and just so happens to integrate rather well with Ziften’s endpoint service.

Of particular interest, the “Transforming Security” Keynote Address presented by Monzy Merza, Director of Cyber Research and Chief Security Evangelist for Splunk, Haiyan Song, SVP Security Markets for Splunk, and Mike Stone, CDIO for the UK Ministry of Defense, demonstrated the power of Splunk’s brand-new Adaptive Response interface to countless attendees.

In the clip just below taken from that Keynote, Monzy Merza exhibits how crucial data supplied by a Ziften agent can likewise be utilized to enact bi-directional functionality from Splunk by sending out instructional logic to the Ziften agent to take immediate actions on a compromised endpoint. Monzy was able to effectively determine a jeopardized Linux server and remove it from the operational network for additional forensic examination. By not just supplying vital security data to the Splunk instance, but also allowing the user to remain on the very same interface to take operational and security actions, the Ziften endpoint agent enables users to bi-directionally utilize Splunk’s powerful structure to take immediate action throughout all running systems in an exacting manner. After the talks our booth was swamped with demonstrations and very fascinating conversations concerning operations and security.

Take a look at a 3 minute Monzy highlight from the Keynote:

Over the weekend I had the ability to process the broad array of technical discussions I had with hundreds of dazzling individuals in our booth at.conf. Among the amusing things I discovered – which no one would honestly confess unless I pulled it out of them – is that most of us are beginner-to-intermediate SPL( Splunk Processing Language) users. I also observed the apparent: event response was the primary focus of this year’s occasion.

However, many people utilize Ziften for Splunk for a range of things, such as application and operations management, network monitoring, and user behavior modeling. In an effort to illuminate the broad functionality of our Splunk App, here’s a taste of exactly what folks at.conf2016 liked most about Ziften for Splunk:

1) It’s great for Business Security.

a. Generalized platform for absorbing real-time data and taking instant action
b. Autotomizing remediation from a wide scope of signs of compromise

2) IT Operations adore us.

a. Tracking of Systems, Hardware Lifecycle, Resource Management
b. Management of Applications – Compliance, License Rationalization, Susceptibilities

3) Network Tracking with ZFlow is a game changer.

a. ZFlow ties netflow with binary, user and system data – in a solitary Splunk SPL entry. Do I have to state more here? This is the ideal Holy Grail from Indiana Jones, people!

4) Our User Habits Modeling exceeds simply notifications.

a. This could be tied back under IT Operations but it’s becoming its own beast
b. Ziften’s tracking of software application use, logins, elevated binaries, timestamps, etc is easily viewable in Splunk
c. Ziften offers a totally free Security Centric Splunk bundle, however we transform all the data we gather from each endpoint to Splunk CIM language – Not just our ‘Alerts’.

Eventually, using a single Splunk Adaptive Response user interface to handle a plethora of tools within your environment is exactly what helps construct a strong business fabric for your company – one in which operations, security and network teams more fluidly overlap. Make better choices, faster. Find out on your own with our free 1 Month trial of Ziften for Splunk!

Disable Adobe Flash Now Otherwise Your Cyber Attack Risk Will Be Much Greater – Charles Leaver

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO

Be Strong or Get Attacked.

Extremely knowledgeable and skilled cyber attack groups have actually targeted and are targeting your business. Your huge endpoint population is the most typical point of entry for skilled attack groups. These business endpoints number in the thousands, are loosely handled, laxly set up, and rife with vulnerability exposures, and are operated by partially trained, credulous users – the perfect target-rich chance. Mikko Hypponen, chief research officer at F-Secure, often remarks at industry seminars: “How many of the Fortune 500 are hacked right now? The answer: 500.”

And how long did it take to penetrate your organization? White hat hackers carrying out penetration testing or red group workouts usually compromise target enterprises within the first few hours, even though ethically and legally limited in their approaches. Black hat or state sponsored hackers might attain penetration even more rapidly and protect their presence indefinitely. Given average cyber attacker dwell duration’s determined in numerous days, the time-to-penetration is negligible, not an impediment.

Exploitation Packages

The industrialization of cyber attacks has actually developed a black market for attack tools, consisting of a variety of software for recognizing and exploiting client endpoint vulnerabilities. These exploit packages are marketed to cyber hackers on the dark web, with lots of exploit package families and suppliers. An exploit set runs by evaluating the software application setup on the endpoint, recognizing exposed vulnerabilities, and using an exploitation to a vulnerability direct exposure.

A relative handful of commonly released endpoint software applications accounts for the bulk of exploitation package targeted vulnerabilities. This arises from the sad reality that complex software applications tend to display a continuous flow of susceptibilities that leave them continuously vulnerable. Each patch release cycle the exploit kit developers will download the current security patches, reverse engineer them to discover the underlying vulnerabilities, and upgrade their exploit packages. This will frequently be done quicker than organizations apply patches, with some vulnerabilities staying unpatched and ripe for exploitation even years after a patch is issued.

Adobe Flash

Prior to prevalent adoption of HTML 5, Adobe Flash was the most typically used software application for rich Web content. Even with increasing adoption of HTML 5, legacy Adobe Flash keeps a considerable following, preserving its long-held position as the darling of exploitation package authors. A current research study by Digital Shadows, In the Business of Exploitation, is explanatory:

This report analyzes 22 exploit packages to understand the most regularly exploited software applications. We looked for trends within the exploitation of vulnerabilities by these 22 sets to show what vulnerabilities had been exploited most commonly, paired with how active each exploit set was, in order to inform our evaluation.

The vulnerabilities exploited by all twenty two exploitation sets showed that Adobe Flash Player was most likely to be the most targeted software, with twenty seven of the 76 recognized vulnerabilities exploited pertaining to this software application.

With relative consistency, lots of fresh vulnerabilities are revealed in Adobe Flash each month. To exploitation set developers, it is the present that continues giving.

The industry is discovering its lesson and moving beyond Flash for rich web material. For instance, a Yahoo senior developer blogging recently in Streaming Media kept in mind:

” Adobe Flash, in the past the de-facto requirement for media playback on the web, has actually lost favor in the market due to increasing concerns over security and performance. At the same time, needing a plugin for video playback in internet browsers is losing favor among users as well. As a result, the market is moving toward HTML5 for video playback.”

Amit Jain, Sep 21, 2016

Eradicating Adobe Flash

One action organizations may take now to harden their endpoint configurations is to eliminate Adobe Flash as a matter of organization security policy. This will not be an easy task, it might hurt, however it will be valuable in minimizing your organization attack surface area. It involves blacklisting Adobe Flash Player and imposing web browser security settings disabling Flash material. If done correctly, this is what users will see where Flash material appears on a legacy website:


This message verifies two facts:

1. Your system is correctly set up to decline Flash content.

Congratulate yourself!

2. This website would compromise your security for their benefit.

Ditch this site!