Here Is What Ziften Can Do To Help You With WannaCry Ransomware – Charles Leaver

Written By Michael Vaughn And Presented By Charles Leaver Ziften CEO

 

Answers To Your Concerns About WannaCry Ransomware

The WannaCry ransomware attack has actually infected more than 300,000 computers in 150 countries so far by making use of vulnerabilities in Microsoft’s Windows os.
In this quick video Chief Data Scientist Dr. Al Hartmann and I discuss the nature of the attack, along with how Ziften can assist companies protect themselves from the vulnerability called “EternalBlue.”.

As discussed in the video, the issue with this Server Message Block (SMB) file-sharing service is that it’s on many Windows operating systems and found in a lot of environments. Nevertheless, we make it simple to determine which systems in your environment have actually or haven’t been patched yet. Significantly, Ziften Zenith can likewise from another location disable the SMB file-sharing service entirely, giving companies valuable time to make sure that those machines are properly patched.

If you’re curious about Ziften Zenith, our 20 minute demo consists of a consultation with our professionals around how we can assist your company prevent the worst digital catastrophe to strike the internet in years.

Next Generation Endpoint Security Products 10 Tips For Evaluation – Charles Leaver

Written By Roark Pollock And Presented By Chuck Leaver CEO Ziften

 

The End Point Security Buyer’s Guide

The most typical point for an advanced consistent attack or a breach is the endpoint. And they are certainly the entry point for most ransomware and social engineering attacks. Using endpoint security products has actually long been thought about a best practice for securing endpoints. Unfortunately, those tools aren’t staying up to date with today’s hazard environment. Advanced risks, and truth be told, even less innovative dangers, are often more than appropriate for fooling the typical worker into clicking something they shouldn’t. So organizations are looking at and examining a plethora of next-gen endpoint security (NGES) options.

With this in mind, here are ten pointers to think about if you’re taking a look at NGES solutions.

Suggestion 1: Begin with the end in mind

Don’t let the tail wag the dog. A danger reduction technique should always begin by examining issues and then trying to find possible fixes for those problems. But all too often we get captivated with a “shiny” new innovation (e.g., the latest silver bullet) and we end up trying to squeeze that technology into our environments without totally examining if it resolves an understood and recognized issue. So exactly what problems are you trying to solve?

– Is your existing endpoint protection tool failing to stop threats?
– Do you need much better visibility into activities at the endpoint?
– Are compliance requirements mandating continuous end point monitoring?
– Are you trying to decrease the time and expense of incident response?

Define the problems to address, and after that you’ll have a measuring stick for success.

Idea 2: Understand your audience. Who will be using the tool?

Understanding the problem that needs to be fixed is an essential first step in understanding who owns the problem and who would (operationally) own the service. Every functional team has its strengths, weaknesses, preferences and prejudices. Define who will need to use the solution, and others that could benefit from its usage. It could be:

– Security operations,
– IT group,
– The governance, risk & compliance (GRC) team,
– Help desk or end user support group,
– And even the server group, or a cloud operations team?

Pointer 3: Know exactly what you imply by end point

Another often neglected early step in defining the problem is specifying the endpoint. Yes, we all used to know exactly what we meant when we stated endpoint but today end points come in a lot more ranges than in the past.

Sure we want to safeguard desktops and laptop computers however how about mobile devices (e.g. smartphones and tablets), virtual end points, cloud based end points, or Internet of Things (IoT) devices? And how about your servers? All these devices, naturally, are available in multiple tastes so platform support needs to be dealt with also (e.g. Windows only, Mac OSX, Linux, etc?). Also, consider assistance for endpoints even when they are working remote, or are working offline. What are your requirements and exactly what are “great to haves?”

Suggestion 4: Start with a structure of continuous visibility

Constant visibility is a fundamental capability for attending to a host of security and operational management concerns on the endpoint. The old adage holds true – that you cannot manage exactly what you can’t see or determine. Further, you can’t secure exactly what you cannot effectively manage. So it should begin with continuous or all-the-time visibility.

Visibility is foundational to Security and Management

And consider what visibility indicates. Enterprises require a single source of reality that at a minimum monitors, saves, and examines the following:

– System data – events, logs, hardware state, and file system details
– User data – activity logs and habit patterns
– Application data – attributes of installed apps and usage patterns
– Binary data – attributes of installed binaries
– Procedures data – tracking info and stats
– Network connectivity data – statistics and internal behavior of network activity on the host

Pointer 5: Track your visibility data

End point visibility data can be saved and analyzed on the premises, in the cloud, or some combination of both. There are advantages to each. The appropriate approach varies, but is typically driven by regulatory requirements, internal privacy policies, the endpoints being monitored, and the general cost factors to consider.

Know if your company requires on-premise data retention

Know whether your company enables cloud based data retention and analysis or if you are constrained to on premise services only. Within Ziften, 20-30% of our customers save data on premise just for regulative factors. However, if lawfully an alternative, the cloud can provide expense advantages (among others).

Tip 6: Know what is on your network

Understanding the problem you are aiming to fix requires understanding the assets on the network. We find that as much as 30% of the end points we initially discover on clients’ networks are unmanaged or unidentified devices. This undoubtedly produces a big blind spot. Decreasing this blind spot is a critical best practice. In fact, SANS Critical Security Controls 1 and 2 are to carry out an inventory of licensed and unauthorized devices and software applications attached to your network. So look for NGES services that can finger print all connected devices, track software applications inventory and utilization, and perform ongoing continuous discovery.

Idea 7: Know where you are exposed

After figuring out what devices you have to view, you need to make certain they are running in up to date setups. SANS Critical Security Controls 3 suggests making sure secure setups monitoring for laptops, workstations, and servers. SANS Critical Security Controls 4 recommends making it possible for continuous vulnerability evaluation and remediation of these devices. So, look for NGES solutions that supply constant monitoring of the state or posture of each device, and it’s even better if it can assist enforce that posture.

Also look for services that deliver continuous vulnerability evaluation and removal.

Keeping your total endpoint environment solidified and free of vital vulnerabilities prevents a huge quantity of security concerns and eliminates a lot of back end work on the IT and security operations teams.

Pointer 8: Cultivate continuous detection and response

A crucial end goal for numerous NGES solutions is supporting continuous device state monitoring, to enable efficient risk or incident response. SANS Critical Security Control 19 recommends robust event response and management as a best practice.

Try to find NGES solutions that offer all-the-time or continuous risk detection, which leverages a network of worldwide hazard intelligence, and multiple detection strategies (e.g., signature, behavioral, artificial intelligence, etc). And look for event response services that help prioritize identified threats and/or problems and provide workflow with contextual system, application, user, and network data. This can help automate the proper response or next steps. Lastly, understand all the response actions that each solution supports – and look for a service that supplies remote access that is as close as possible to “sitting at the end point keyboard”.

Suggestion 9: Consider forensics data gathering

In addition to event response, companies need to be prepared to address the requirement for forensic or historic data analysis. The SANS Critical Security Control 6 suggests the maintenance, tracking and analysis of all audit logs. Forensic analysis can take numerous forms, but a structure of historical end point tracking data will be crucial to any examination. So look for solutions that maintain historic data that allows:

– Forensic tasks include tracing lateral risk movement through the network gradually,
– Identifying data exfiltration efforts,
– Identifying source of breaches, and
– Identifying appropriate removal actions.

Pointer 10: Tear down the walls

IBM’s security team, which supports an outstanding community of security partners, approximates that the typical enterprise has 135 security tools in place and is dealing with 40 security suppliers. IBM customers definitely tend to be large enterprise however it’s a common refrain (problem) from organizations of all sizes that security services don’t integrate well enough.

And the complaint is not simply that security services don’t play well with other security products, but likewise that they do not always integrate well with system management, patch management, CMDB, NetFlow analytics, ticketing systems, and orchestration tools. Organizations have to think about these (as well as other) integration points as well as the vendor’s willingness to share raw data, not just metadata, through an API.

Additional Tip 11: Plan for modifications

Here’s a bonus pointer. Presume that you’ll want to tailor that shiny brand-new NGES service shortly after you get it. No service will fulfill all your requirements right out of the box, in default setups. Discover how the solution supports:

– Custom-made data collection,
– Informing and reporting with custom data,
– Customized scripting, or
– IFTTT (if this then that) performance.

You understand you’ll want new paint or new wheels on that NGES solution quickly – so ensure it will support your future customization tasks easy enough.

Look for support for simple personalizations in your NGES solution

Follow the bulk of these suggestions and you’ll undoubtedly avoid a number of the typical pitfalls that plague others in their examinations of NGES services.

If You Want The Best End To End Protection For Your Organization Choose Ziften – Charles Leaver

Written By Ziften CEO Charles Leaver

 

Do you wish to handle and protect your end points, your data center, the cloud and your network? In that case Ziften can provide the ideal service for you. We gather data, and let you correlate and utilize that data to make decisions – and remain in control over your enterprise.

The info that we obtain from everybody on the network can make a real world distinction. Think about the inference that the 2016 U.S. elections were influenced by hackers in another country. If that’s the case, hackers can do practically anything – and the concept that we’ll go for that as the status quo is simply ridiculous.

At Ziften, our company believe the way to combat those threats is with higher visibility than you’ve ever had. That visibility goes across the entire enterprise, and connects all the major players together. On the back end, that’s real and virtual servers in the data center and the cloud. That’s infrastructure and applications and containers. On the other side, it’s notebooks and desktops, no matter where and how they are connected.

End-to-end – that’s the believing behind all that we do at Ziften. From endpoint to cloud, all the way from an internet browser to a DNS server. We connect all that together, with all the other parts to offer your business a complete service.

We also catch and save real-time data for approximately one year to let you know what’s happening on the network today, and offer historic trend analysis and cautions if something changes.

That lets you discover IT faults and security problems instantly, as well as be able to search out the origin by recalling in time to uncover where a fault or breach may have first happened. Active forensics are an outright requirement in this business: After all, where a breach or fault tripped an alarm might not be the place where the issue began – or where a hacker is operating.

Ziften supplies your security and IT groups with the visibility to comprehend your existing security posture, and identify where enhancements are needed. Endpoints non-compliant? Found. Rogue devices? These will be discovered. Penetration off-network? This will be detected. Obsolete firmware? Unpatched applications? All found. We’ll not only help you discover the issue, we’ll help you fix it, and make sure it stays fixed.

End to end security and IT management. Real time and historical active forensics. In the cloud, offline and onsite. Incident detection, containment and response. We have actually got it all covered. That’s what makes Ziften much better.

Our Enhancing Of NetFlow Will Provide You With Close Monitoring Of Cloud Activities – Charles Leaver

Written by Roark Pollock and Presented by Ziften CEO Charles Leaver

 

According to Gartner public cloud services market surpassed $208 billion in 2016. This represented about a 17% rise year over year. Not bad considering the on-going issues most cloud clients still have regarding data security. Another especially fascinating Gartner finding is the typical practice by cloud customers to contract services to several public cloud service providers.

In accordance with Gartner “most companies are already utilizing a mix of cloud services from various cloud companies”. While the business rationale for making use of multiple vendors is sound (e.g., avoiding supplier lock in), the practice does create extra intricacy intracking activity throughout an company’s increasingly fragmented IT landscape.

While some service providers support better visibility than others (for example, AWS CloudTrail can monitor API calls throughout the AWS infrastructure) companies need to comprehend and address the visibility issues related to transferring to the cloud regardless of the cloud service provider or service providers they deal with.

Unfortunately, the capability to track application and user activity, and networking interactions from each VM or endpoint in the cloud is restricted.

Irrespective of where computing resources reside, companies must answer the concerns of “Which users, devices, and applications are communicating with each other?” Organizations require visibility across the infrastructure so that they can:

  • Rapidly identify and prioritize concerns
  • Speed origin analysis and recognition
  • Lower the mean-time to repair problems for end users
  • Quickly determine and get rid of security dangers, lowering total dwell times.

Alternatively, bad visibility or bad access to visibility data can lower the effectiveness of existing security and management tools.

Businesses that are comfortable with the maturity, ease, and relative low cost of keeping track of physical data centers are apt to be disappointed with their public cloud choices.

What has been lacking is a basic, common, and stylish service like
NetFlow for public cloud infrastructure.

NetFlow, of course, has had 20 years or thereabouts to become a de facto requirement for network visibility. A common deployment includes the monitoring of traffic and aggregation of flows at network chokepoints, the collection and storage of flow info from several collection points, and the analysis of this flow information.

Flows consist of a basic set of destination and source IP addresses and port and protocol information that is generally collected from a switch or router. Netflow data is fairly inexpensive and easy to gather and provides nearly ubiquitous network visibility and enables actionable analysis for both network tracking and performance management applications.

Most IT staffs, specifically networking and some security groups are very comfy with the technology.

However NetFlow was developed for fixing exactly what has actually become a rather restricted issue in the sense that it just collects network info and does so at a minimal variety of prospective locations.

To make better use of NetFlow, two essential modifications are required.

NetFlow at the Edge: First, we have to broaden the useful deployment scenarios for NetFlow. Instead of only gathering NetFlow at network points of choke, let’s broaden flow collection to the edge of the network (cloud, servers and clients). This would considerably expand the big picture that any NetFlow analytics provide.

This would allow companies to enhance and take advantage of existing NetFlow analytics tools to get rid of the ever increasing blind spot of visibility into public cloud activity.

Rich, contextual NetFlow: Second, we have to utilize NetFlow for more than easy network visibility.

Instead, let’s utilize an extended version of NetFlow and include data on the device, application, user, and binary responsible for each tracked network connection. That would permit us to rapidly associate every network connection back to its source.

In fact, these 2 modifications to NetFlow, are precisely what Ziften has accomplished with ZFlow. ZFlow provides an expanded variation of NetFlow that can be deployed at the network edge, also as part of a container or VM image, and the resulting information collection can be consumed and examined with existing NetFlow analysis tools. Over and above conventional NetFlow Internet Protocol Flow Information eXport (IPFIX) networking visibility, ZFlow offers higher visibility with the inclusion of details on device, application, user and binary for every network connection.

Ultimately, this enables Ziften ZFlow to provide end-to-end visibility in between any two endpoints, physical or virtual, removing traditional blind spots like East West traffic in data centers and enterprise cloud deployments.