Here Is What Ziften Can Do To Help You With WannaCry Ransomware – Charles Leaver

Written By Michael Vaughn And Presented By Charles Leaver Ziften CEO


Answers To Your Concerns About WannaCry Ransomware

The WannaCry ransomware attack has actually infected more than 300,000 computers in 150 countries so far by making use of vulnerabilities in Microsoft’s Windows os.
In this quick video Chief Data Scientist Dr. Al Hartmann and I discuss the nature of the attack, along with how Ziften can assist companies protect themselves from the vulnerability called “EternalBlue.”.

As discussed in the video, the issue with this Server Message Block (SMB) file-sharing service is that it’s on many Windows operating systems and found in a lot of environments. Nevertheless, we make it simple to determine which systems in your environment have actually or haven’t been patched yet. Significantly, Ziften Zenith can likewise from another location disable the SMB file-sharing service entirely, giving companies valuable time to make sure that those machines are properly patched.

If you’re curious about Ziften Zenith, our 20 minute demo consists of a consultation with our professionals around how we can assist your company prevent the worst digital catastrophe to strike the internet in years.

Here Is Why Customers Of Comcast Are At Risk From Data Exfiltration And Shared Hacking – Charles Leaver

Written By Michael Pawloski And Presented By Ziften CEO Charles Leaver

The Clients Of Comcast Are Victims Of Data Exfiltration and Shared Hacks Via Other Companies

The personal info of approximately 200,000 Comcast consumers was jeopardized on November 5th 2015. Comcast was forced to make this announcement when it emerged that a list of 590,000 Comcast customer e-mails and passwords could be bought on the dark web for a mere $1,000. Comcast maintains that there was no security attack to their network however rather it was through past, shared hacks from other companies. Comcast further claims that just 200,000 of these 590,000 consumers actually still exist in their system.

Less than 2 months previously, Comcast had actually already been slapped with a $22 million penalty over its unintentional publishing of nearly 75,000 consumers’ personal details. Somewhat ironically, these consumers had actually specifically paid Comcast for “unlisted voice-over-IP,” a line item on the Comcast bill that specified that each consumer’s details would be kept private.

Comcast instituted a mass-reset of 200,000 client passwords, who may have accessed these accounts prior to the list was offered. While a basic password reset by Comcast will to some extent secure these accounts going forward, this does nothing to secure those customers who might have recycled the same e-mail and password combination on banking and payment card logins. If the client accounts were accessed prior to being divulged it is definitely possible that other individual information – such as automatic payment info and home address – were currently obtained.

The conclusion to this: Presuming Comcast wasn’t hacked directly, they were the victim of numerous other hacks which contained data connected to their consumers. Detection and Response systems like Ziften can avoid mass data exfiltration and frequently alleviate damage done when these inevitable attacks occur.

The Use Of Continuous Monitoring Is The Best Way For Experian To Learn From Past Mistakes – Charles Leaver

Written By Josh Applebaum And Presented By Charles Leaver Ziften CEO

Experian Have to Learn from Mistakes Of The Past And Implement A Continuous Monitoring Service

Working in the security sector, I have actually constantly felt my work was hard to explain to the average individual. Over the last few years, that has actually altered. Regrettably, we are seeing a new data breach revealed every few weeks, with many more that are kept private. These breaches are getting front page headlines, and I can now discuss to my friends what I do without losing them after a few sentences. However, I still question what it is we’re learning from all of this. As it ends up, numerous companies are not learning from their own errors.

Experian, the global credit reporting company, is a company with a lot to learn. Several months ago Experian announced it had discovered its servers had actually been breached and consumer data had been taken. When Experian revealed the breach they reassured clients that “our consumer credit database was not accessed in this event, and no credit card or banking info was taken.” Although Experian took the time in their announcement to assure their customers that their financial information had not been stolen, they further elaborated on what data in fact was taken: consumers’ names, addresses, Social Security numbers, birth dates, driver’s license numbers, military ID numbers, passport numbers, and additional information used in T- Mobile’s own credit assessment. This is scary for two reasons: the first is the type of data that was taken; the 2nd is the fact that this isn’t really the first time this has actually happened to Experian.

Although the cyber criminals didn’t walk away with “payment card or banking details” they did walk away with personal data that could be exploited to open brand-new charge card, banking, and other monetary accounts. This in itself is a reason the T-Mobile clients included need to be nervous. However, all Experian customers ought to be a little anxious.

As it ends up, this isn’t really the very first time the Experian servers have actually been jeopardized by hackers. In early 2014, T-Mobile had announced that a “relatively small” number of their customers had their personal details taken when Experian’s servers were breached. Brian Krebs has a very well-written blog post about how the hackers breached the Experian servers the very first time, so we will not enter into too much information here. In the first breach of Experian’s servers, hackers had exploited a vulnerability in the organization’s support ticket system that was left exposed without initially needing a user to confirm before using it. Now to the scary part: although it has actually ended up being widely understood that the cyber attackers made use of a vulnerability in the organization’s support ticket system to get access, it wasn’t until soon after the second hack that their support ticket system was closed down.

It would be difficult to imagine that it was a coincidence that Experian chose to take down their support ticket system just weeks after they revealed they had actually been breached. If this wasn’t a coincidence, then let’s ask: exactly what did Experian find out from the very first breach where consumers got away with delicate customer data? Companies who save their customers’ delicate details must be held accountable to not just protect their consumers’ data, but if likewise to make sure that if breached they patch the holes that are found while investigating the attack.

When companies are examining a breach (or possible breach) it is imperative that they have access to historical data so those investigating can aim to piece back together the puzzle of how the cyber attack unfolded. At Ziften, we offer a service that enables our clients to have a continuous, real time view of the whole picture that takes place in their environment. In addition to providing real-time visibility for finding attacks as they take place, our constant monitoring solution records all historical data to enable clients to “rewind the tape” and piece together what had actually occurred in their environment, no matter how far back they have to look. With this brand-new visibility, it is now possible to not only discover that a breach took place, but to also find out why a breach occurred, and hopefully learn from past errors to keep them from occurring once again.

Better Endpoint Security Would Have Stopped Adult Friend Finder Data Breach – Charles Leaver

Written By Chuck McAuley And Presented By Charles Leaver Ziften CEO

Endpoint Security Is The Best Friend For Adult Friend Finder

Adult Friend Finder, an online “dating service” and its affiliates were hacked in April. The leaked information included credit card numbers, usernames, passwords, dates of birth, physical addresses and personal – you know – preferences. Exactly what’s typically not highlighted in these cases is the financial value of such a breach. Many would argue that having an email address and the associated data might be of little worth. Nevertheless, the same way metadata collection offers insight to the NSA, this type of information offers opponents with lots of leverage that can be used against the general public. Spear phishing ends up being a lot easier when assailants not just have an email address, however likewise area, language, and race. The source IP addresses gathered can even supply exact street locations for attacks.

The attack methodology deployed in this example was not publicized, however it would be fair to presume that it leveraged a kind of SQL Injection attack or similar, where the info is wormed out of the back-end database through a flaw in the web server. Another possible methodology could have been pirating ssh keys from a jeopardized admin account or github, however those tend to be secondary for the most part. Either way, the database dump itself is 570 megabytes, and presuming the data was exfiltrated in a couple of big transactions, it would have been extremely obvious on a network level. That is, if Adult Friend Finder were using a solution that offered visibility into network traffic.

Ziften ZFlow ™ enables network visibility into the cloud to catch aberrant data transfers and credit to specific executing processes. In this case, the administrator would have had two opportunities to discover the irregularity: 1) At the database level, as the data was extracted. 2) At the webserver level, where an abnormal amount of traffic would be sent to a particular address. Organizations like Adult Friend Finder should acquire the essential endpoint and network visibility needed to protect their consumers’ individual data and “hook up” with a company like Ziften.

Does Your Organization Have A Watcher Of Watchers? – Charles Leaver

Written By Charles Leaver CEO Ziften

High level cyber attacks highlight how an absence of auditing on existing compliance products can make the worst sort of front page news.

In the previous Java attacks into Facebook, Microsoft and Apple in addition to other big hitters in the industry, didn’t need to dig too deep into their playbooks to discover a technique to attack. As a matter of fact they employed one of, if not the oldest axiom in the book – they utilized a remote vulnerability in massively distributed software applications and exploited it to set up remote access to software capability. And in this case on an application that (A) wasn’t the latest version and (B) most likely didn’t need to be running.

While the hacks themselves have actually been front page news, the approaches organizations can use to prevent or curtail them is pretty boring stuff. We all hear “keep boxes up to date with patch management software” and “guarantee harmony with compliance tools”. That is industry standard and old news. However to present a concern: who is “watching the watchers”? Which in this case the watchers being compliance, patch and systems management innovations. I believe Facebook and Apple discovered that just because a management system tells you that software is up to date does not mean you ought to believe it! Here at Ziften our results in the field state as much where we consistently discover dozens of variations of the SAME major application running on Fortune 1000 websites – which by the way all are using compliance and systems management products.

In the case of the exploited Java plug-in, this was a MAJOR application with large distribution. This is the type of application that gets tracked by systems management, compliance and patch products. The lesson from this could not be clearer – having some kind of check against these applications is necessary (just ask any of the organizations that were hacked…). But this only constitutes a portion of the problem – this is a major (debatably vital) application we are talking about here. If organizations find it difficult to get their arms around keeping ahead with updates on known licensed applications being utilized, then what about all the unknown and unneeded running applications and plug-ins and their vulnerabilities? Stated simply – if you can’t even understand exactly what you are expected to understand then how on Earth can you understand (and in this case safeguard) about the things you have no idea about or care about?

The Security Risks With The Internet Of Things Is Mind Blowing – Charles Leaver

Written By David Shefter And Presented By Ziften CEO Charles Leaver

We are now living in a brand-new world of the Internet of Things (IoT), and the danger of cyber risks and attacks grow greatly. As releases develop, new vulnerabilities are emerging.

Symantec launched a report this spring which analyzed 50 smart house devices and declared “none of the evaluated devices offered shared authentication between the client and the server.” Previously this summer, analysts demonstrated the capability to hack into a Jeep while it was cruising on the highway, initially managing the radio, windscreen wipers, a/c and lastly cutting the transmission.

Typically, toys, tools, home appliance, and auto manufacturers have actually not needed to secure against external risks. Makers of medical devices, elevators, heating and cooling, electric, and plumbing infrastructure components (all of which are most likely to be linked to the Internet in the coming years) have actually not always been security conscious.

As we are all mindful, it is challenging enough every day to secure computers, phones, servers, as well as the network, which have been through significant security monitoring, reviews and assessments for years. How can you secure alarms, individual electronic devices, and home devices that apparently come out daily?

To start, one must define and consider where the security platforms will be implemented – hardware, software, network, or all the above?

Solutions such as Ziften pay attention to the network (from the device viewpoint) and use innovative machine-type learning to determine patterns and scan for anomalies. Ziften presently offers an international hazard analytics platform (the Ziften KnowledgeCloud), which has feeds from a range of sources that enables review of 10s of millions of endpoint, binary, MD5, etc data today.

It will be an obstacle to deploy software onto all IoT devices, a number of which make use of FPGA and ASIC designs as the control platform(s). They are generally included into anything from drones to cars to industrial and scada control systems. A large number of these devices operate on solid-state chips without a running os or x86 type processor. With inadequate memory to support innovative software, many just can’t support contemporary security software. In the realm of IoT, additional customization develops threat and a vacuum that strains even the most robust services.

Solutions for the IoT area need a multi-pronged approach at the endpoint, which incorporates desktops, laptops, and servers presently combined with the network. At Ziften, we presently deliver collectors for Windows, Linux, and OS X, supporting the core desktop, server, and network infrastructure which contains the intellectual property and assets that the opponents seek to obtain access to. After all, the bad guys don’t really desire any info from the company refrigerator, however simply wish to use it as a channel to where the important data resides.

However, there is an additional approach that we deliver that can help alleviate numerous current concerns: scanning for anomalies at the network level. It’s believed that generally 30% of devices linked to a corporate network are unknown IP’s. IoT patterns will likely double that number in the next ten years. This is one of the reasons linking is not always an obvious choice.

As more devices are linked to the Web, more attack surfaces will emerge, resulting in breaches that are much more harmful than those of email, financial, retail, and insurance – things that might even present a danger to our way of life. Protecting the IoT has to make use of lessons learned from traditional business IT security – and provide multiple layers, integrated to supply end-to-end robustness, efficient in preventing and spotting risks at every level of the emerging IoT value chain. Ziften can help from a wide variety of angles today and in the future.

Prevention And Blocking Are Not Sufficient So A New Path For Endpoint Security Is Required – Charles Leaver

Written By Josh Harriman And Presented By Charles Leaver Ziften CEO

Traditional endpoint security solutions, a few of which have been around for over twenty years, rely greatly on the exact same protection methods every year. And even though there is constantly innovation and strides to improve, the underlying problem still exists. Hazards will constantly find a way into your organization. And most of the time, you will have to wait until your implemented solution finally spots the threat prior to you even can begin to assess the damage and possibly avoid it from happening once again (as soon as you get all of the appropriate info to make that informed decision, obviously). Another drawback to these technologies is that they typically create a big efficiency concern on the real device they are safeguarding. This in turn causes dissatisfied end-users and other concerns such as management and dependability.

But this blog is not about deserting your present service, however rather augmenting and empowering your total security posture. Organizations have to move towards and accept those solutions that provide continuous monitoring and full visibility of all activity taking place on their endpoint population. Stopping or avoiding recognized malware from running is undoubtedly crucial, but does not have the general protection needed in today’s risk landscape. The ability to run much deeper forensics from current or in some cases more importantly, past events, can really just be done by systems that use continuous tracking. This info is vital in assessing the damage and comprehending the scope of the infection within your organization.

This, obviously, needs to be done effectively and with a limited quantity of system overhead.

Just as there are numerous systems in the traditional endpoint security space, a new league of suppliers is popping up in this essential action of the evolution. Most of these companies have workers from the ‘old guard’ and comprehend that a new vision is required as the threat landscape continues to change. Just reporting and notifying on only bad things is entirely missing the point. You MUST look at everything, everybody and all behaviors and actions in order to provide yourself the very best opportunity of reacting rapidly and completely to dangers within your company.

By making use of systems that fall into this “New Path of Endpoint Security” world, Security Ops or Incident Responders within the organization will have the much needed visibility they have been yearning. We hear this constantly from our consumers and prospects and are doing our utmost to offer the services that assist safeguard everybody.

BYOD Can Be A Serious Security Risk So Do This – Charles Leaver

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO

If you are not curious about BYOD then your users, specifically your executive users, probably will be. Being the most efficient with the least effort is exactly what users want. Using the most convenient, fastest, most familiar and comfortable device to do their work is the primary aim. Also the convenience of using one device for both their work and individual activities is preferred.

The problem is that security and ease-of-use are diametrically opposed. The IT department would typically prefer total ownership and control over all client endpoints. IT can disable admin rights and the client endpoint can be managed to a degree, such as only authorized applications being installed. Even the hardware can be restricted to a particular footprint, making it much easier for IT to secure and manage.

But the control of their devices is what BYOD supporters are fighting against. They want to pick their hardware, apps and OS, as well as have the flexibility to install anything they like, whenever they like.

This is hard enough for the IT security group, but BYOD can likewise considerably increase the amount of devices accessing the network. Instead of a single desktop, with BYOD a user may have a desktop, laptop computer, cell phone and tablet. This is an attack surface gone wild! Then there is the issue with smaller sized devices being lost or stolen or perhaps left in a bar under a cocktail napkin.

So what do IT specialists do about this? The first thing to do is to establish situational awareness of “trusted” client endpoints. With its minimalist and driverless agent, Ziften can provide visibility into the applications, versions, user activity and security/ compliance software which is in fact running on the endpoint. You can then restrict by enforceable policy what application, enterprise network and data interaction can be performed on all other (“untrusted”) devices.

Client endpoints will invariably have security problems develop, like versions of applications that are susceptible to attack, potentially hazardous procedures and disabling of endpoint security steps. With the Ziften agent you will be warned of these issues and you can then take corrective action with your existing system management tools.

Your users have to accept the reality that devices that are untrusted and too risky should not be utilized to gain access to organization networks, data and apps. Client endpoints and users are the source of the majority of destructive exploits. There is no magic with existing technology that will make it possible to access important business assets with a device which is out of control.

The Lightweight Ziften Agent Will Tell You Where Your IT Endpoint Is Hurting – Charles Leaver

Written By Dr Al Hartmann And Presented By Charles Leaver

It would be excellent if your IT client endpoints could inform you that they are sick instead of receiving undesirable calls from dissatisfied IT users wouldn’t it? But the truth is that IT clients can not tell you when there is something amiss. Many IT individuals may disagree with the need for situational awareness, however you really require this with your endpoints. The Ziften solution makes this OKAY by:

With Ziften there is a minimalist driverless agent. This differs from standard systems management or security agents and the Ziften package is extremely light-weight (around 1-2MB MSI package). But don’t let the small size fool you, it will offer performance management headroom and effectiveness to achieve more on IT endpoints, which will keep the users happy and working. The Ziften agent can be compared with light beer, “Great taste, less filling.”

Also the Ziften agent monitors and reports on other agents that are deployed if there is excessive disturbance with foreground tasks.

With the Ziften agent you will receive other advantages that an agentless method can not compare to. It can:

Supply real time response to dynamic events on the endpoint. If an agent is not present then periodic polling is needed, which means that endpoint events are reported in a cadence after they have occurred and not in real time.

The Ziften agent can adaptively throttle interfering procedures. As an example, if a backup program is causing extreme disturbance with user productivity, the backup program can be slowed down in favor of user efficiency.

It will alert on the failures of crucial services such as anti-viruses, backup, firewall programs and systems management. It is true that an agentless method might also do this, however it wouldn’t alert in real time so it is not as effective.

The Ziften Agent will alert on serious security incidents that are found at the client endpoint in real time.

It will recognize activity and user existence. With the Ziften agent, user presence can be discovered by watching keyboard and last mouse usage. It will likewise use the window proxy to determine which window is foreground and which remain in the background. With this information, the Ziften agent can determine application licenses really being used throughout the company.

If no agent exists then it is impossible to monitor and control when the endpoint is off the network. The Ziften agent can monitor off network endpoints and report cached observations when the endpoint reconnects. This eliminates off network blind spots in monitoring coverage. Also, the Ziften agent has the ability to enforce policy even while detached.

Minimization of network traffic load between client endpoints and the management server is possible with the Ziften agent. It attains this by abstracting, filtering, and summing up and encoding time series observations.

So with the Ziften agent your endpoint clients can “inform you where it hurts”.


Why Do Two Thirds Of Organizations Believe That They Have Immunity From Cyber Attacks? Charles Leaver

By Charles Leaver Ziften Technologies CEO


A a great deal of organizations have the belief that there is no need for them to pursue assiduous data loss prevention, they concern cyber attacks as either extremely not likely to occur or have minimal financial impact if they do take place. There is a boost in the recorded cases of cyber attacks and advanced persistent threats have actually contributed to this complacency. These destructive attacks tend to evade conventional endpoint security software, and while they lack the teeth of denial-of-service attacks, they have the potential to cause considerable damage.

Over 67% of organizations declare that they have actually not been the victims of a cyber attack in the last 18 months, or that they had little or no visibility into whether an attack had jeopardized their network according to Infosecurity. The planners of the survey were skeptical about the outcomes and highlighted the many vulnerable desktop and mobile endpoints that are now typical in businesses.

Security specialist and study organizer Tom Cross said “Any system you link to the Web is going to be targeted by attackers extremely rapidly thereafter.” “I would assert that if you’re unsure whether your organization has had a security incident, the possibilities are extremely high that the answer is yes.”

Around 16% stated that they had actually experienced a DDoS attack over the very same duration, and 18% reported malware infestations. Regardless of this, most of the organizations evaluated the consequences as minor and not justifying the application of new endpoint security and control systems. Approximately 38% said that they had actually not experienced found security breaches, and just 20% were able to admit to financial losses.

The loss of reputation was more extensive, impacting around 25% of the respondents. Highlighting the possible impact of a cyber attack on finances and reputation, an event at The University of Delaware resulted in 74,000 individuals having their sensitive data exposed, according to Amy Cherry, WDEL contributor. The hackers targeted the school’s site and scraped information about university identifications and Social Security Numbers, which made it provide free credit monitoring of the impacted parties.