With Ziften Endpoint Products Integration With Your Existing Architecture Is Easy – Charles Leaver

Written By Roark Pollock And Presented By Ziften CEO Charles Leaver


Security professionals are by nature a mindful bunch. Being cautious is a characteristic most folks likely have entering into this market given its objective, however it’s also undoubtedly a quality that is acquired over time. Ironically this is true even when it concerns adding extra security controls into an already established security architecture. While one may presume that more security is better security, experience teaches us that’s not always the case. There are actually various issues associated with releasing a brand-new security product. One that usually shows up near the top of the list is how well a brand-new product integrates with existing services.

Integrating concerns can be found in a number of flavors. Firstly, a brand-new security control shouldn’t break anything. But additionally, brand-new security products need to gracefully share threat intelligence and act on threat intelligence collected throughout a company’s entire security infrastructure. To put it simply, the new security tools need to work together with the existing ecosystem of tools in place such that “1 + 1 = 3”. The last thing that the majority of security and IT operations teams require is more siloed products/ tools.

At Ziften, this is why we have actually always focused on building and delivering an entirely open visibility architecture. Our company believe that any brand-new systems and security operations tools need to be developed with improved visibility and information sharing as essential design requirements. However this isn’t really a one way street. Creating easy integrations requires technology partnerships between industry vendors. We consider it our obligation to deal with other technology businesses to equally integrate our products, therefore making it easy on consumers. Regrettably, lots of vendors still believe that integration of security services, especially brand-new endpoint security services is incredibly challenging. I hear the issue constantly in consumer conversations. But data is now appearing revealing this isn’t necessarily the case.

Recent study work by NSS Labs on “sophisticated endpoint” products, they report that Worldwide 2000 clients based in North America have been pleasantly shocked with how well these kinds of services integrate into their existing security architectures. According to the NSS research titled “Advanced Endpoint Protection – Market Analysis and Survey Results CY2016”, which NSS consequently presented in the BrightTalk webinar listed below, respondents that had actually already deployed innovative endpoint products were much more positive regarding their ability to integrate into already established security architectures than were participants that were still in the planning stages of purchasing these services.

Specifically, for respondents that have actually already released innovative endpoint services: they rank integration with already established security architectures as follows:

● Excellent 5.3 %
● Good 50.0 %
● Average 31.6 %
● Poor 13.2 %
● (Horrible) 0.0 %

Compare that to the more conservative responses from people still in the preparation phase:

● Excellent 0.0 %
● Good 39.3 %
● Average 42.9 %
● Poor 14.3 %
● (Horrible) 3.6 %

These reactions are encouraging. Yes, as noted, security folks tend to be pessimists, however in spite of low expectations respondents are reporting favorable outcomes with respect to integration experiences. In fact, Ziften consumers usually exhibit the exact same preliminary low expectations when we initially go over integrating Ziften services into their existing ecosystem of products. However in the end, clients are wowed by how simple it is to share info with Ziften services and their existing infrastructure.

These study outcomes will ideally assist ease concerns as more recent product adopters may read and rely on peer suggestions before making purchase choices. Early traditional adopters are clearly having success releasing these products which will ideally assist to decrease the natural cautiousness of the real mainstream.

Certainly, there is substantial differentiation between products in the space, and companies need to continue to carry out appropriate due diligence in comprehending how and where products integrate into their broader security architectures. But, fortunately is that there are solutions not just fulfilling the requirements of consumers, but in fact out performing their preliminary expectations.

Petya Variant Flaw Is Real Trouble Unless You Are A Ziften Customer – Charles Leaver

Written By Josh Harriman And Presented By Charles Leaver Ziften CEO


Another outbreak, another nightmare for those who were not prepared. While this newest attack is similar to the earlier WannaCry threat, there are some distinctions in this latest malware which is an alternative or new strain much like Petya. Called, NotPetya by some, this strain has a great deal of problems for anybody who encounters it. It may encrypt your data, or make the system completely inoperable. And now the e-mail address that you would be required to get in touch with to ‘possibly’ unencrypt your files, has actually been removed so you’re out of luck getting your files back.

A lot of information to the actions of this threat are openly readily available, but I wished to touch on that Ziften consumers are protected from both the EternalBlue threat, which is one system used for its proliferation, and even better still, a shot based upon a possible flaw or its own type of debug check that removes the hazard from ever performing on your system. It could still spread out nevertheless in the environment, however our defense would currently be presented to all existing systems to stop the damage.

Our Ziften extension platform allows our clients to have defense in place against certain vulnerabilities and destructive actions for this risk and others like Petya. Besides the particular actions taken against this particular variation, we have taken a holistic approach to stop particular strains of malware that conduct different ‘checks’ versus the system prior to executing.

We can also utilize our Search capability to try to find residues of the other proliferation strategies used by this danger. Reports show WMIC and PsExec being used. We can look for those programs and their command lines and usage. Despite the fact that they are genuine processes, their usage is typically uncommon and can be notified.

With WannaCry, and now NotPetya, we expect to see an ongoing rise of these types of attacks. With the release of the current NSA exploits, it has offered enthusiastic cyber criminals the tools needed to push out their items. And though ransomware risks can be a high commodity vehicle, more damaging risks could be launched. It has always been ‘how’ to get the hazards to spread out (worm-like, or social engineering) which is most challenging to them.

UK Email Security Breach Highlights Design Insecurities – Charles Leaver

Written By Dr Al Hartmann And Presented By Ziften CEO Charles Leaver


In the online world the sheep get shorn, chumps get chewed, dupes get deceived, and pawns get pwned. We’ve seen another great example of this in the recent attack on the UK Parliament email system.

Rather than admit to an e-mail system that was insecure by design, the official declaration read:

Parliament has robust steps in place to safeguard all of our accounts and systems.

Tell us another one. The one protective procedure we did see at work was blame deflection – the Russians did it, that always works, while implicating the victims for their policy infractions. While information of the attack are limited, combing numerous sources does help to assemble a minimum of the gross outlines. If these descriptions are fairly close, the UK Parliament email system failings are atrocious.

What went wrong in this case?

Rely on single aspect authentication

“Password security” is an oxymoron – anything password protected alone is insecure, that’s it, irrespective of the strength of the password. Please, no 2FA here, might hinder attacks.

Do not enforce any limit on failed login attempts

Helped by single element authentication, this permits easy brute force attacks, no skill needed. But when violated, blame elite foreign hackers – nobody can confirm.

Do not carry out brute force violation detection

Allow opponents to perform (otherwise trivially noticeable) brute force attacks for prolonged periods (12 hours against the United Kingdom Parliament system), to maximize account compromise scope.

Do not implement policy, treat it as merely recommendations

Combined with single element authentication, no limitation on unsuccessful logins, and no brute force violation detection, do not impose any password strength validation. Provide attackers with really low hanging fruit.

Rely on unsigned, unencrypted e-mail for delicate communications

If opponents are successful in jeopardizing e-mail accounts or sniffing your network traffic, provide lots of opportunity for them to score high value message material entirely in the clear. This likewise conditions constituents to trust readily spoofable e-mail from Parliament, developing a perfect constituent phishing environment.

Lessons learned

In addition to adding “Good sense for Dummies” to their summer reading lists, the United Kingdom Parliament e-mail system administrators might want to take additional actions. Reinforcing weak authentication practices, implementing policies, improving network and endpoint visibility with constant tracking and anomaly detection, and totally reconsidering secure messaging are recommended actions. Penetration testing would have revealed these fundamental weak points while staying outside the news headlines.

Even a few intelligent high-schoolers with a totally free weekend might have replicated this attack. And lastly, stop blaming the Russians for your very own security failings. Assume that any weak points in your security architecture and policy structure will be penetrated and made use of by some cyber criminals somewhere throughout the global internet. Even more incentive to discover and fix those weak points before the hackers do, so get started immediately. And after that if your defenders don’t cannot see the attacks in progress, upgrade your tracking and analytics.

SysSecOps Will Enable IT And Security To Work Closer – Charles Leaver

Written By Charles Leaver Ziften CEO


It was nailed by Scott Raynovich. Having dealt with numerous companies he recognized that one of the most significant obstacles is that security and operations are two different departments – with drastically different goals, varying tools, and different management structures.

Scott and his expert firm, Futuriom, recently completed a study, “Endpoint Security and SysSecOps: The Growing Trend to Develop a More Secure Enterprise”, where one of the essential findings was that clashing IT and security goals hamper professionals – on both teams – from attaining their goals.

That’s exactly what we believe at Ziften, and the term that Scott created to speak about the convergence of IT and security in this domain – SysSecOps – explains perfectly exactly what we’ve been discussing. Security groups and the IT teams need to get on the exact same page. That indicates sharing the very same goals, and sometimes, sharing the same tools.

Think about the tools that IT individuals use. The tools are designed to make sure the infrastructure and end devices are working appropriately, when something fails, helps them repair it. On the end point side, those tools will make sure that devices that are allowed onto the network, are set up effectively, have software applications that are authorized and appropriately updated/patched, and haven’t recorded any faults.

Consider the tools that security folks use. They work to impose security policies on devices, infrastructure, and security devices (like firewall programs). This might involve active monitoring events, scanning for abnormal habits, analyzing files to ensure they don’t contain malware, adopting the current hazard intelligence, matching versus recently found zero-days, and carrying out analysis on log files.

Finding fires, battling fires

Those are 2 different worlds. The security teams are fire spotters: They can see that something bad is taking place, can work rapidly to isolate the problem, and identify if harm happened (like data exfiltration). The IT teams are on-the-ground firefighters: They jump into action when an incident occurs to ensure that the systems are made safe and restored into operation.

Sounds excellent, doesn’t it? Sadly, all frequently, they don’t talk to each other – it resembles having the fire spotters and fire fighters utilizing dissimilar radios, different lingo, and dissimilar city maps. Worse, the teams cannot share the same data directly.

Our method to SysSecOps is to offer both the IT and security groups with the very same resources – which implies the same reports, provided in the suitable ways to experts. It’s not a dumbing down, it’s working smarter.

It’s ridiculous to operate in any other way. Take the WannaCry infection, for example. On one hand, Microsoft released a patch back in March 2017 that dealt with the underlying SMB flaw. IT operations teams didn’t install the patch, because they didn’t believe this was a big deal and didn’t talk with security. Security teams didn’t know if the patch was installed, because they don’t speak to operations. SysSecOps would have had everybody on the exact same page – and could have potentially avoided this issue.

Missing data indicates waste and risk

The dysfunctional gap between IT operations and security exposes companies to threats. Preventable risk. Unnecessary threats. It’s just inappropriate!

If your organization’s IT and security groups aren’t on the very same page, you are sustaining dangers and costs that you should not have to. It’s waste. Organizational waste. It’s wasteful since you have numerous tools that are offering partial data that have gaps, and each of your teams just sees part of the picture.

As Scott concluded in his report, “Collaborated SysSecOps visibility has actually currently proven its worth in helping companies assess, analyze, and prevent substantial threats to the IT systems and endpoints. If these goals are pursued, the security and management threats to an IT system can be greatly decreased.”

If your groups are collaborating in a SysSecOps sort of method, if they can see the exact same data at the same time, you not just have better security and more effective operations – however also lower risk and lower costs. Our Zenith software can assist you attain that effectiveness, not only dealing with your existing IT and security tools, but also completing the gaps to make sure everybody has the ideal data at the right time.