Charles Leaver – RSA President Keynote Speech Confirms Cyber Security Dark Ages Must Be Moved Away From

Written By Dr Al Hartmann And Presented By Charles Leaver CEO Ziften Technologies


A 5 Point Plan For A New Security Strategy Proposed By Amit Yoran

Amit Yoran’s, RSA President provided an exceptional keynote speech at the RSA Conference which reinforced the Ziften philosophy. Ziften is intently focused on continuous endpoint monitoring, silo-busting Ziften Open Visibility ™, risk-focused security analytics, and to provide robust defenses in a brand-new period of advanced cyber attacks. Current organization security techniques were slammed as being bogged down in the Dark Ages of cyber moats and castle walls by Yoran, it was described as an “impressive fail”, and he detailed his vision for the future with five bottom lines, and commentary from Ziften’s viewpoint has been included.

Stop Believing That Even Advanced Protections Suffice

” No matter how high or smart the walls, focused adversaries will find methods over, under, around, and through.”

A great deal of the previous, more sophisticated attacks did not employ malware as the main technique. Standard endpoint antivirus, firewalls and standard IPS were criticized by Yoran as examples of the Dark Ages. He stated that these traditional defenses could be easily scaled by experienced hackers and that they were largely inefficient. A signature based anti-virus system can only protect against formerly seen hazards, however hidden hazards are the most threatening to a company (considering that they are the most typical targeted attacks). Targeted cyber wrongdoers make use of malware only 50% of the time, perhaps just briefly, at the start of the attack. The attack artifacts are easily altered and not utilized ever again in targeted campaigns. The accumulation of short-term indicators of compromise and malware signatures in the billions in huge antivirus signature databases is a pointless defensive technique.

Embrace a Deep and Prevalent Level of Real Visibility Everywhere – from the Endpoint to the Cloud

“We require pervasive and true visibility into our business environments. You merely cannot do security today without the visibility of both constant complete packet capture and endpoint compromise evaluation visibility.”

This indicates continuous endpoint monitoring throughout the enterprise endpoint population for generic indicators of compromise (not stale attack artifacts) that show timeless methods, not fleeting hex string happenstance. And any company executing consistent complete packet capture (relatively expensive) can easily pay for endpoint threat assessment visibility (relatively inexpensive). The logging and auditing of endpoint process activity supplies a wealth of security insight using only elementary analytics methods. A targeted hacker counts on the relative opacity of endpoint user and system activity to cloak and hide any attacks – while real visibility provides a bright light.

Identity and Authentication Matter More than Ever

” In a world with no border and with less security anchor points, identity and authentication matter even more … At some point in [any effective attack] campaign, the abuse of identity is a stepping stone the opponents use to enforce their will.”

Making use of more powerful authentication fine, but it only produces bigger walls that are still not impenetrable. What the hacker does when they get over the wall is the most important thing. The tracking of user endpoint logins (both local and remote), and the engagement of applications for signs of abnormal user activity (insider attack or potential compromised credentials). Any activity that is observed that is different from normal patterns is potentially suspicious. One departure from normality does not make a case, however security analytics that triangulates several normality departures focuses security attention on the highest danger abnormalities for triage.

External Threat Intelligence Is A Core Capability

” There are incredible sources for the ideal threat intelligence … [which] must be machine-readable and automated for increased speed and leverage. It must be operationalized into your security program and tailored to your organization’s assets and interests so that analysts can quickly resolve the risks that pose the most risk.”

Many targeted attacks typically do not use readily signatured artifacts once again or recycle network addresses and C2 domains, but there is still value in risk intelligence feeds that aggregate prompt discoveries from millions of endpoint and network threat sensors. Here at Ziften we incorporate 3rd party risk feeds via the Ziften Knowledge Cloud, plus the exposure of Ziften discoveries into SIEM and other enterprise security and operations infrastructure through our Open Visibility ™ architecture. With the evolving of more machine-readable threat intelligence (MRTI) feeds, this ability will effectively grow.

Understand What Matters Most To Your Company And Exactly what Is Mission Critical

” You need to comprehend what matters to your organization and what is mission critical. You need to … defend exactly what’s important and protect it with everything you have.”

This is the case for risk driven analytics and instrumentation that focuses security attention and action on areas of highest business threat exposure. Yoran advocates that asset worth prioritization is only one side of business risk analysis, and that this goes much deeper, both pragmatically and academically. Security analytics that focus security staff attention on the most prominent dynamic risks (for instance by filtering, correlating and scoring SIEM alert streams for security triage) must be well-grounded in all sides of enterprise threat analysis.

At Ziften we commend Amit Yoran’s messages in his RSA 2015 keynote address as the cyber security market evolves beyond the current Dark Ages of facile targeted attacks and established exploitations.

Carbanak Case Study Part One The Case For Endpoint Monitoring Continuously – Charles leaver

Presented By Charles Leaver And Written By Dr Al Hartmann

Part 1 in a 3 part series

Carbanak APT Background Particulars

A billion dollar bank raid, which is targeting more than a hundred banks throughout the world by a group of unknown cyber wrongdoers, has actually remained in the news. The attacks on the banks started in early 2014 and they have actually been expanding across the globe. Most of the victims suffered dreadful breaches for a variety of months across a number of endpoints prior to experiencing financial loss. The majority of the victims had executed security measures which included the execution of network and endpoint security systems, however this did not supply a great deal of warning or defense against these cyber attacks.

A variety of security businesses have produced technical reports about the incidents, and they have been codenamed either Carbanak or Anunak and these reports noted signs of compromise that were observed. The businesses consist of:

Fox-IT of Holland
Group-IB of Russia
Kaspersky Laboratory of Russia

This post will act as a case study for the cyber attacks and investigate:

1. The factor that the endpoint security and the conventional network security was not able to spot and resist the attacks?
2. Why continuous endpoint monitoring (as supplied by the Ziften solution) would have cautioned early about endpoint attacks and then activated a response to prevent data loss?

Traditional Endpoint Security And Network Security Is Inadequate

Based on the legacy security design that relies excessively on obstructing and prevention, standard endpoint and network security does not offer a well balanced strategy of blocking, prevention, detection and response. It would not be hard for any cyber criminal to pre test their attacks on a limited number of standard endpoint security and network security services so that they could be sure an attack would not be spotted. A number of the hackers have actually researched the security products that were in place at the victim companies and then ended up being competent in breaking through undetected. The cyber lawbreakers knew that the majority of these security services only respond after the occasion but otherwise will not do anything. Exactly what this means is that the regular endpoint operation stays primarily opaque to IT security workers, which suggests that destructive activity ends up being masked (this has actually already been inspected by the hackers to prevent detection). After a preliminary breach has taken place, the malicious software can extend to reach users with greater privileges and the more sensitive endpoints. This can be easily achieved by the theft of credentials, where no malware is required, and traditional IT tools (which have actually been white listed by the victim organization) can be utilized by cyber criminal created scripts. This means that the existence of malware that can be identified at endpoints is not utilized and there will be no alarms raised. Standard endpoint security software application is too over reliant on searching for malware.

Traditional network security can be manipulated in a similar way. Hackers test their network activities initially to prevent being identified by extensively distributed IDS/IPS guidelines, and they thoroughly monitor regular endpoint operation (on endpoints that have actually been compromised) to conceal their activities on a network within regular transaction durations and normal network traffic patterns. A new command and control infrastructure is developed that is not registered on network address blacklists, either at the IP or domain levels. There is very little to give the cyber criminals away here. Nevertheless, more astute network behavioral evaluation, particularly when connected to the endpoint context which will be gone over later in this series of posts, can be a lot more efficient.

It is not time to abandon hope. Would continuous endpoint monitoring (as supplied by Ziften) have supplied an early warning of the endpoint hacking to start the process of stopping the attacks and avoid data loss? Find out more in part 2.

Endpoint Security Is best Achieved With A Lightweight Solution – Charles Leaver

Charles Leaver Ziften CEO Presents A Post By CTO David Shefter

If you are an organization with 5000 or more staff members, it is most likely that your IT Security and Operations groups are overwhelmed with the degree of data they need to crawl through for just a small percentage of visibility about what their users are doing on a repetitive basis. Anti-virus suites have been installed and they have shut off USB ports as well as imposed user access constraints, but the danger of cyber attacks and malware invasions still exists. What action do you take?

Up to 72% of advance malware and cyber criminal intrusions take place in the endpoint environment, so states a Verizon Data Breach Report. Your business has to ask itself how crucial its reputation is first. If you take Target as an example, it cost them over $ 6 Billion in market cap loss due to a malware infiltration. Regrettably the modern-day world positions us constantly under attack from disgruntled or rogue employees, anarchists and other cyber crooks. This scenario is just likely to get worse.

Your network is secured by firewall software etc however you are unable to see what is taking place past the network switch port. The only genuine way to address this risk is by enacting a solution that works well with and compliments existing network based solutions that are in place. Ziften (which is Dutch for “To Sift”) can offer this solution which offers “Open Visibility” with a lightweight approach. You have to manage the entire environment which includes servers, the network, desktops etc. However you do not wish to place additional overheads and stress on your network. A significant Ziften commitment is that the solution will not have a negative impact on your environment, but it will provide a deeply impactful visibility and security solution.

The cutting-edge software from Ziften completely comprehends machine behavior and abnormalities, permitting experts to focus on advanced dangers quicker to minimize dwell time to a minimum. Ziften’s solution will continuously monitor activity at the endpoint, resource usage, IP connections, user interactions and so on. With the Ziften solution your organization will be able to determine faster the source of any intrusion and fix the problem.

It is a lightweight solution that is not kernel or driver based, very little memory use, there is little to no overhead at the system level and almost no network traffic.

For driver and kernel based solutions there are intense certification requirements that can take longer than nine months. By the time the brand-new software is developed and baked, the OS could be at the next version of release. This is a time consuming, non-supportable and cumbersome procedure.

The Ziften method is a genuine differentiator in the market. The execution of an extremely light weight and non invasive agent as well as implementing this as a system service, it overcomes the tensions that a lot of brand-new software solutions introduce at the endpoint. Ease of implementation leads to faster times to market, simple support, scalability, and simple solutions that do not hinder the user environment.

To summarize, with the present level of cyber threats and the dangers of a cyber attack increasing daily that can seriously tarnish your reputation, you have to implement continuous monitoring of all your endpoint devices 24/7 to make sure that you have clear visibility of any endpoint security threats, gaps, or instabilities and Ziften can deliver this to you.

Charles Leaver – If You Don’t Tighten Up Your Information Security Then You Could Face Legal Problems

Written By Charles Leaver CEO Ziften

Many organizations require no reminder that the danger of a cyber attack is extremely genuine and might do some major damage to them; work is going on with the lawmakers to develop data breach notice laws that are more extensive. This highlights that companies truly need to implement more powerful security procedures and safeguard their data from being stolen. Organizations need to take responsibility and create a system that will safeguard them from the risk of cyber attacks, they have to notify their workers, implement cutting edge endpoint detection and response systems, and ensure that any sensitive data on servers is encrypted. The general public have actually ended up being more security aware and they are keeping a careful eye on organizations so this is another reason why every company should safeguard itself from cyber attacks.

There is interest in standardizing the data breach laws even from companies that have actually been infiltrated already. The Hill specifies that there is “a general agreement that federal requirements are required on data breach alerts.” This is important as at the moment a great deal of companies are announcing data breaches without being able to follow a standard process. Without this process there is an incentive for companies to hide the breach or under report the effect that it has actually had so that they can stay competitive.


Stopping A Malicious Infiltration


Organizations can use different methods to preserve the privacy of their data. 5W Public Relations PR Executive, Ronn Torossian, has actually compiled a list of actions that companies can carry out to prevent cyber attacks. The list just has a couple of basic guidelines, and this consists of the implementation of state of the art endpoint detection and response systems. The other bottom lines are the use of encryption and the routine change of passwords. These are certainly an excellent beginning point but what about the latest cyber attack prevention technology?

All companies need to be making use of file encryption, anti malware and anti virus scanning and install a endpoint hazard detection and response software application and a firewall program. This is a really effective mix and will make a network about as protected as is possible. Utilizing a combination of security methods will provide a much higher level of defense than any single security procedure could. This does not mean that any single approach is weak, but different tools perform different security jobs.

The workers of the company ought to be informed to keep modifying passwords which is simply one (however an essential) element of a total security strategy. These passwords need to be strong as well. Using alphanumerics and special characters along with long passwords should be encouraged. Password security is crucial for staff members dealing with delicate data, such as those in the monetary and oil and gas markets, as worker login pages have to be totally protected from hackers. Other security devices such as optical scanners can be installed in safe and secure locations to minimize the chance of an external attack. This is a big decision for companies and choosing the very best way to make everything protected can be challenging and it can even involve experimentation.

Making Our Company Fearless – Charles Leaver

Ziften Technologies are based in Austin, Texas, and Charles Leaver is the CEO.

This video from the Commonwealth Club includes Steve Blank and he discusses how it is possible to develop a fantastic business step by step.

There is no doubt that Steve is an intelligent man and his funny bone is good. His business insights are extremely valued and there are numerous points that he made that I agree with:

He remarked in the video that “there is absolutely nothing that you can find out inside your own office so you have to leave it!” Steve claimed that this was a lesson that business in Silicon Valley needed to learn the hard way. Now at Ziften we make sure that we visit our potential customers and clients on a weekly basis. Our company is young but the essential execs and I know that we have to understand and be sensible about the market and reflect this in our company design. When we know exactly what the marketplace needs we can actually include worth.

We constantly put our customers first and continue to listen to them. In the video Steve discusses how tough it is for business owners to listen to their customers instead of trying to force their perspective on the marketplace. What we also do at Ziften is to encourage our individuals to listen before speaking. When we are speaking with our prospects and customers we need to comprehend that they care a lot more about how we can solve their issues rather than pay attention to how clever we are.

Steve makes another interesting point in the video when he speaks about how development is perceived in the United States compared to the remainder of the world. The thinking in the U.S.A is right when it pertains to our attitudes to failing. Any person is encouraged to learn from failure, and these will turn these individuals into skilled executives who can really affect and include a lot of worth to a new business. It is necessary that there ought to be no fear of failure due to the fact that this will stifle innovation.

I constantly persuade individuals that work for us to take risks without any fear of a comeback. I strongly believe that this is forging us closer to our goal of closing the space between enterprise customer security and security technology and we are arriving quickly. This is a substantial change and we are actually close to our goal.

Charles Leaver