Generic Is Limited Extensible Is Limitless – Charles Leaver

Written By Charles Leaver Ziften CEO


Whether you call them extensions, or call them modifications – no matter what they are called, the very best technology platforms can be customized to fit a company’s specific business needs. Generic operations tools are fine at carrying out generic operations jobs. Generic security tools are fine at attending to generic security challenges. Generic can just take you so far, though, and that’s where extensibility steps in.

Extensibility shows up typically when I’m talking to customers and potential customers, and I’m proud that a Global 10 business chose Ziften over everybody else in the market mostly on that basis. For that client, and lots of others, the capability to deeply tailor platforms is a requirement.

This isn’t about simply developing custom reports or custom alerts. Let’s be sincere – the capability to create reports are baseline capability of numerous IT operations and security management tools. True extensibility goes deep into the solution to provide it abilities that solve real issues for the company.

One client used lots of mobile IoT devices, and had to have our Zenith real time visibility and control system be able to gain access to (and monitor) the memory of those devices. That’s not a basic feature provided by Zenith, because our low footprint agent doesn’t hook into the os kernel or work through standard device drivers. However, we dealt with the client to customize Zenith with that ability – and it turned out to be simpler than anyone imagined.

Another customer took a look at the standard set of end point data that the agent collects, and wished to include extra data fields. They also wished to setup the administrative console with custom-made actions using those data fields, and press those actions back out to those endpoints. No other endpoint tracking and security option could supply the function for adding that functionality other than Ziften.

What’s more, the client developed those extensions themselves … and owns the code and intellectual property. It becomes part of their own secret sauce, their own organization differentiator, and distinct to their organization. They could not be happier. And neither could we.

With lots of other IT operations and security systems, if clients desire extra features or capabilities, the only choice is to submit that as a future feature demand, and hope that it appears in an approaching version of the product. Till then, regrettable.

That’s not how we designed our flagship solutions, Zenith and ZFlow. Due to the fact that our end point agent isn’t really based upon kernel hooks or device drivers, we can enable significant extensibility, and open up that extensibility for customers to access directly.

Similarly, with our administrative consoles and back-end monitoring systems; everything is customizable. And that was built in right from the beginning.

Another area of customization is that our real-time and historic visibility database can integrate into your other IT operations and security platforms, including SIEM tools, risk intelligence, IT ticketing system, job orchestration systems, and data analytics. With Zenith and ZFlow, there are no more silos. Ever.

In the world of endpoint tracking and management, extensions are significantly where it’s at. IT operations and business security teams need the capability to customize their tools platforms to fit their specific requirements for monitoring and handling IoT, standard endpoints, the data center, and the cloud. In numerous customer conversations, our integrated extensibility has actually caused eyes to illuminate, and won us trials and implementations. Tell us about your customized requirements, and let’s see exactly what we can do.

You Can See Our Endpoint Security Architecture In This Video – Charles Leaver

Written By Mike Hamilton And Presented By Ziften CEO Charles Leaver


End Point security is all the rage these days. And there are lots of various suppliers out there touting their services in this market. But it’s in some cases challenging to comprehend exactly what each vendor offers. What’s much more tough is to comprehend how each supplier solution is architected to supply their services.

I believe that the back-end architecture of whatever you choose can have an extensive impact on the future scalability of your execution. And it can create lots of unpredicted work and costs if you’re not cautious.

So, in the spirit of openness, and since we believe our architecture is not the same, unique and powerful, we invite all endpoint security suppliers to “reveal to us your architecture”.

I’ll get the ball rolling in the following video where I show you the Ziften architecture, and a number of exactly what I think about legacy architectures for comparison. Particularly, I’ll discuss:

– Ziften’s architecture developed using next-gen cloud concepts.
– One business peer-to-peer “mish-mash” architecture.
– Tradition hub-spoke-hub architectures.

I have actually revealed you the power of our really cloud-based platform. Now it’s my rival’s turn. What are you waiting for folks – show us your architectures!

Offense And Defense For Managing Security And Risk – Charles Leaver

Written By Roark Pollock And Presented By Charles Leaver Ziften CEO


Threat management and security management have long been handled as different functions typically performed by different functional teams within an organization. The recognition of the need for continuous visibility and control across all assets has actually increased interest in trying to find commonalities between these disciplines and the schedule of a new generation of tools is enabling this effort. This discussion is really timely given the continued difficulty the majority of business organizations experience in drawing in and retaining competent security personnel to manage and safeguard IT infrastructure. An unification of activity can help to much better take advantage of these crucial personnel, minimize expenses, and help automate response.

Historically, danger management has been considered as an attack mandate, and is generally the field of play for IT operations teams. Often referred to as “systems management”, IT operations teams actively perform device state posture monitoring and policy enforcement, and vulnerability management. The goal is to proactively mitigate potential risks. Activities that enhance risk decreasing and that are performed by IT operations consist of:

Offensive Danger Mitigation – Systems Management

Asset discovery, inventory, and revitalize

Software application discovery, usage tracking, and license justification

Mergers and acquisition (M&A) threat assessments

Cloud work migration, tracking, and enforcement

Vulnerability evaluations and patch installs

Proactive help desk or systems analysis and concern response/ repair work

On the other side of the field, security management is deemed a defensive strategy, and is generally the field of play for security operations teams. These security operations groups are usually responsible for hazard detection, event response, and resolution. The objective is to react to a risk or a breach as quickly as possible in order to lessen impacts to the organization. Activities that fall squarely under security management and that are carried out by security operations consist of:

Defensive Security Management – Detection and Response

Hazard detection and/or hazard hunting

User behavior monitoring / insider risk detection and/or searching

Malware analysis and sandboxing

Event response and threat containment/ removal

Lookback forensic examinations and source determination

Tracing lateral risk motions, and further threat elimination

Data exfiltration identification

Effective companies, obviously, need to play both offense AND defense equally well. This need is driving companies to recognize that IT operations and security operations have to be as lined up as possible. Hence, as much as possible, it assists if these 2 teams are playing utilizing the same playbook, or a minimum of working with the exact same data or single source of truth. This means both groups ought to aim to utilize some of the exact same analytic and data collection tools and methodologies when it concerns managing and protecting their endpoint systems. And if companies count on the same personnel for both jobs, it definitely assists if those people can pivot between both jobs within the very same tools, leveraging a single data set.

Each of these offending and defensive tasks is crucial to safeguarding an organization’s copyright, reputation, and brand. In fact, managing and focusing on these jobs is what frequently keeps CIOs and CISOs up during the night. Organizations need to acknowledge opportunities to align and combine groups, innovations, and policies as much as possible to guarantee they are concentrated on the most immediate need along the existing threat and security management spectrum.

When it concerns handling endpoint systems, it is clear that companies are approaching an “all the time” visibility and control model that allows constant danger assessments, constant hazard tracking, as well as constant performance management.

Thus, organizations have to try to find these 3 crucial abilities when evaluating brand-new endpoint security systems:

Solutions that supply “all the time” visibility and control for both IT operations teams and security operations groups.

Solutions that supply a single source of reality that can be utilized both offensively for danger management, and defensively for security detection and response.

Architectures that easily integrate into existing systems management and security tool ecosystems to provide even greater value for both IT and security groups.

What We Took From Black Hat And Defcon This Year – Charles Leaver

Written by Michael Vaughn And Presented By Ziften CEO Charles Leaver


Here are my experiences from Black Hat 2017. There is a minor addition in approaching this year’s synopsis. It is large in part due to the style of the opening talk given by Facebook’s Chief Security Officer, Alex Stamos. Stamos projected the importance of re focusing the security neighborhood’s efforts in working better together and diversifying security options.

“Working much better together” is seemingly an oxymoron when taking a look at the mass competitiveness amongst hundreds of security companies striving for customers throughout Black Hat. Based off Stamos’s messaging throughout the opening keynote this year, I felt it essential to add a few of my experiences from Defcon also. Defcon has actually historically been an occasion for finding out and consists of independent hackers and security specialists. Last week’s Black Hat style concentrated on the social element of how companies need to get along and really assist others and one another, which has constantly been the overlying message of Defcon.

People checked in from all over the world last week:

Jeff Moss, aka ‘Dark Tangent’, the founder of Black Hat and Defcon, likewise wishes that to be the style: Where you aim to help people acquire understanding and gain from others. Moss desires guests to remain ‘good’ and ‘useful’ throughout the conference. That is on par with what Alex Stamos from Facebook conveyed in his presentation about security companies. Stamos asked that we all share in the responsibility of helping those that can not help themselves. He also raised another relevant point: Are we doing enough in the security industry to truly assist individuals rather than just doing it to make cash? Can we accomplish the goal of actually assisting individuals? As such is the juxtaposition of the two occasions. The main distinctions between Black Hat and Defcon is the more corporate consistency of Black Hat (from vendor hall to the presentations) to the true hacker community at Defcon, which showcases the creative side of exactly what is possible.

The company I work for, Ziften, provides Systems and Security Operations software applications – providing IT and security teams visibility and control across all endpoints, on or off a business network. We likewise have a pretty sweet sock game!

Numerous participants flaunted their Ziften assistance by decorating prior year Ziften sock designs. Looking good, feeling great!

The concept of signing up with forces to fight versus the corrupt is something most attendees from around the world accept, and we are not any different. Here at Ziften, we aim to really assist our consumers and the neighborhood with our services. Why offer or count on a service which is limited to just exactly what’s inside the box? One that offers a single or handful of particular functions? Our software is a platform for integration and provides modular, individualistic security and functional solutions. The whole Ziften team takes the imagination from Defcon, and we push ourselves to try and develop new, customized features and forensic tools where traditional security businesses would shy away from or merely stay consumed by daily jobs.

Providing all-the-time visibility and control for any asset, anywhere is one of Ziften’s main focuses. Our unified systems and security operations (SysSecOps) platform empowers IT and security operations groups to quickly fix end point issues, decrease general risk posture, speed hazard response, and enhance operations performance. Ziften’s safe and secure architecture delivers continuous, streaming endpoint tracking and historic data collection for enterprises, federal governments, and managed security companies. And remaining with 2017’s Black Hat style of collaborating, Ziften’s partner integrations extend the value of incumbent tools and fill the gaps in between siloed systems.

Journalists are not enabled to take pictures of the Defcon crowd, however I am not the press and this was prior to entering a badge needed location:P The Defcon hoards and jerks (Defcon mega-bosses using red t-shirts) were at a dead stop for a solid twenty minutes waiting for initial access to the four massive Track meeting rooms on opening day.

The Voting Machine Hacking Village got a lot of attention at the event. It was fascinating however absolutely nothing new for veteran guests. I suppose it takes something notable to garner attention around particular vulnerabilities.? All vulnerabilities for most of the talks and particularly this village have currently been disclosed to the appropriate authorities prior to the event. Let us understand if you require aid locking down one of these (taking a look at you federal government folks).

A growing number of individual data is appearing to the general public. For example, Google & Twitter APIs are easily and openly available to query user data metrics. This data is making it much easier for hackers to social engineer focused attacks on people and particularly persons of power and rank, like judges and executives. This discussion entitled, Dark Data, showed how a simple yet brilliant de-anonymization algorithm and some data allowed these 2 white hats to recognize people with severe accuracy and reveal really personal info about them. This should make you think twice about what you have actually set up on your systems and individuals in your work environment. Most of the above raw metadata was collected through a popular browser add-on. The fine tuning occurred with the algothrim and public APIs. Do you understand what internet browser add-ons are running in your environment? If the response is no, then Ziften can assist.

This presentation was plainly about making use of Point-of-Sale systems. Although quite funny, it was a tad frightening at the quickness at which one of the most commonly utilized POS systems can be hacked. This specific POS hardware is most commonly utilized when paying in a taxi. The base os is Linux and although on an ARM architecture and safeguarded by tough firmware, why would a company risk leaving the security of client credit card details entirely up to the hardware vendor? If you seek extra defense on your POS systems, then look no further than Ziften. We secure the most typically used enterprise operating systems. If you wish to do the enjoyable thing and set up the computer game Doom on one, I can send you the slide deck.

This person’s slides were off the charts exceptional. What wasn’t exceptional was how exploitable the MacOS is throughout the installation procedure of typical applications. Generally every time you install an application on a Mac, it requires the entry of your intensified opportunities. But what if something were to slightly modify code a moment before you entering your Administrator qualifications? Well, most of the time, most likely something not good. Anxious about your Mac’s running malware wise enough to detect and modify code on common susceptible applications prior to you or your user base entering credentials? If so, we at Ziften Technologies can assist.

We help you by not replacing all your toolset, although we often discover ourselves doing just that. Our goal is to utilize the recommendations and current tools that work from numerous suppliers, guarantee they are running and installed, make sure the perscribed hardening is certainly intact, and ensure your operations and security teams work more effectively together to achieve a tighter security matrix throughout your environment.

Key Takeaways from Black Hat & Defcon 2017:

1) More powerful together

– Alex Stamos’s keynote
– Jeff Moss’s message
– Visitors from around the globe collaborating
– Black Hat need to preserve a friendly neighborhood spirit

2) More powerful together with Ziften

– Ziften plays great with other software vendors

3) Popular current vulnerabilities Ziften can help prevent and resolve

– Point-of-Sale accessing
– Voting machine tampering
– Escalating MacOS benefits
– Targeted specific attacks

Now Vulnerabilities In Subtitle Packages For Movie Apps Have Been Found – Charles Leaver

Written By Josh Harriman And Presented By Charles Leaver Ziften CEO


Do you like viewing movies with all the rage apps like Kodi, SmartTV or VLC on your devices? How about needing or desiring subtitles with those films and just getting the latest pack from OpenSubtitles. No problem, seems like a good evening in the house. Issue is, according to research by Check Point, you could be in for a nasty surprise.

For the hackers to take control of your ‘realm’, they require a vector or some way to get entry to your system. There are some common methods that happen nowadays, such as smart (and not so creative) social engineering techniques. Getting e-mails that appear to come from pals or co-workers which were spoofed and you opened an attachment, or went to some website and if the stars aligned, you were pwned. Generally the star positioning part is not that tough, only that you have some susceptible software running that can be accessed.

Given that the trick is getting users to work together, the target market can often be tough to find. However with this newest research study published, several of the major media players have a distinct vulnerability when it concerns accessing and decoding subtitle plans. The 4 primary media giants noted in the article are fixed to date, but as we have actually seen in the past (just take a look at the recent SMB v1 vulnerability problem) just because a fix is readily available, doesn’t imply that users are upgrading. The research study has also declined to show the technical information around the vulnerability as to enable other vendors time to patch. That is a great indication and the correct technique I think researchers ought to take. Inform the vendor so they can fix the issue and also announce it openly so ‘we the people’ are informed and understand exactly what to watch out for.

It’s difficult to keep up with the several methods you can get infected, however at least we have scientists who relentlessly try and ‘break’ things to discover those vulnerabilities. By conducting the appropriate disclosure techniques, they help everyone enjoy a much safer experience with their devices, and in this scenario, a fantastic night in viewing motion pictures.