Written By Jesse Sampson And Presented By Ziften CEO Charles Leaver
There is a great deal of debate at the moment about the hacking danger from Russia and it would be easy for security professionals to be overly concerned about cyber espionage. Given that the objectives of any cyber espionage project determine its targets, Ziften Labs can help address this question by diving into the reasons states conduct these campaigns.
Last week, the three significant US intelligence agencies launched an extensive declaration on the activities of Russia related to the 2016 United States elections: Examining Russian Activities and Intentions in Current United States Elections (Activities and Intents). While some doubters remain unsure by the new report, the risks determined by the report that are covered in this post are compelling adequate to demand examination and reasonable countermeasures – in spite of the near impossibility of incontrovertibly identifying the source of the attack. Obviously, the official Russian position has actually been winking rejection of hacks.
“Usually these sort of leaks take place not since cyber attackers gained access, however, as any professional will tell you, due to the fact that someone simply forgot the password or set the basic password 123456.” German Klimenko, Putin’s top Internet consultant
While agencies get criticized for administrative language like “high confidence,” the thought about rigor of briefings like Activities and Objectives contrasts with the headline grabbing “1000% certainty” of a mathematically-disinclined hustler of the media like Julian Assange.
Activities and Intentions is most observant when it finds making use of hacking and cyber espionage in “multifaceted” Russian teaching:
” Moscow’s use of disclosures throughout the United States election was extraordinary, but its impact project otherwise followed a time tested Russia messaging method that blends hidden intelligence operations – such as cyber activity – with overt efforts by Russian Government agencies, state-funded media, third party intermediaries, and paid social media users or “giants.”
The report is weakest when assessing the motives behind the teaching, a.k.a. technique. Apart from some incantations about fundamental Russian opposition to the liberal democratic order, it claims that:.
” Putin most likely wanted to discredit Secretary Clinton due to the fact that he has actually openly blamed her since 2011 for prompting mass protests against his routine in late 2011 and early 2012, and because he deeply resents remarks he almost certainly viewed as disparaging him.”.
A more nuanced evaluation of Russian motivations and their cyber manifestations will assist us better plan security strategy in this environment. Ziften Labs has determined three significant tactical imperatives at work.
Initially, as Kissinger would say, through history “Russia came to see itself as a beleaguered outpost of civilization for which security could be discovered only through applying its outright will over its neighbors (52)”. United States policy in the William Clinton era threatened this notion to the growth of NATO and dislocating financial interventions, possibly contributing to a Russian choice for a Trump presidency.
Russia has actually used cyber warfare methods to safeguard its impact in former Soviet areas (Estonia, 2007, Georgia, 2008, Ukraine, 2015).
Second, President Putin wants Russia to be a terrific force in geopolitics once again. “Above all, we should acknowledge that the collapse of the Soviet Union was a major geopolitical disaster of the century,” he stated in 2005. Hacking identities of popular individuals in political, academic, defense, technology, and other organizations that operatives might expose to embarrassing or outrageous impact is an easy method for Russia to reject the US. The understanding that Russia can affect election outcomes in the US with a keystroke calls into question the legitimacy of US democracy, and muddles conversation around similar problems in Russia. With other prestige-boosting efforts like pioneering the ceasefire talks in Syria (after leveling numerous cities), this technique could improve Russia’s international profile.
Finally, President Putin may harbor concerns about his the security of his position. In spite of extremely favorable election results, according to Activities and Intents, protests in 2011 and 2012 still loom large with him. With a number of regimes changing in his community in the 2000s and 2010s (he called it an “epidemic of disintegration”), a few of which happened as a result of NATO intervention and the United States, President Putin is wary of Western interventionists who wouldn’t mind a comparable result in Russia. A coordinated campaign might help reject rivals and put the least aggressive candidates in power.
In light of these factors for Russian cyber attacks, who are the most likely targets?
Due to the overarching objectives of discrediting the authenticity of the United States and NATO and assisting non interventionist prospects where possible, government agencies, especially those with roles in elections are at greatest risk. So too are campaign organizations and other NGOs close to politics like think tanks. These have actually provided softer targets for cyber criminals to get to sensitive details. This indicates that agencies with account info for, or access to, prominent people whose details might result in shame or confusion for US political, organizations, scholastic, and media organizations should be extra cautious.
The next tier of danger consists of vital infrastructure. While recent Washington Post reports of a compromised US electrical grid turned out to be overblown, Russia truly has hacked power networks and perhaps other parts of physical infrastructure like oil and gas. Beyond important physical infrastructure, technology, financing, telecommunications, and media could be targeted as took place in Georgia and Estonia.
Lastly, although the intelligence agencies efforts over the past weeks has caught some heat for presenting “apparent” suggestions, everybody truly would take advantage of the tips presented in the Homeland Security/FBI report, and in this post about solidifying your setup by Ziften’s Dr Hartmann. With significant elections showing up this year in critical NATO members France, the Netherlands and Germany, only one thing is certain: it will be a busy year for Russian cyber operators and these recs must be a top priority.
Written By Roark Pollock And Presented By Charles Leaver CEO Ziften
Reliable IT asset management and discovery can be a network and security admin’s buddy.
I don’t need to inform you the obvious; all of us know an excellent security program starts with an understanding of all the devices linked to the network. Nevertheless, maintaining an existing stock of every linked device used by staff members and organisation partners is difficult. Much more challenging is ensuring that there are no linked unmanaged assets.
Exactly what is an Un-managed Asset?
Networks can have countless connected devices. These might consist of the following among others:
– User devices such as laptops, desktops, workstations, virtual desktop systems, bring your own devices (BYOD), smart phones, and tablet devices.
– Data center and cloud devices such as servers, virtual machines (VM), orphaned VM’s, containers, and storage systems.
– Networking devices such as routers, switches, firewalls, load balancers, and WiFi access points.
– Other devices such as printers, and more just recently – Internet of things (IoT) devices.
Regrettably, a number of these connected devices might be unidentified to IT, or not handled by IT group policies. These unknown devices and those not managed by IT policies are described as “unmanaged assets.”
The number of unmanaged assets continues to increase for numerous companies. Ziften discovers that up to 30% to 50% of all connected devices can be unmanaged assets in today’s enterprise networks.
IT asset management tools are usually enhanced to identify assets such as PCs, servers, load balancers, firewalls, and devices for storage utilized to provide business applications to the business. However, these management tools usually overlook assets not owned by the company, such as BYOD endpoints, or user-deployed wireless access points. Much more uncomfortable is that Gartner asserts in “Beyond BYOD to IoT, Your Enterprise Network Access Policy Need to Change”, that IoT devices have exceeded employees and guests as the most significant user of the business network.1.
Gartner goes on to explain a new trend that will introduce much more unmanaged assets into the business environment – bring your own things (BYOT).
Essentially, staff members bringing items which were designed for the wise home, into the office environment. Examples include wise power sockets, wise kettles, wise coffee machines, smart light bulbs, domestic sensors, wireless web cams, plant care sensing units, environmental protections, and ultimately, home robotics. Much of these items will be brought in by personnel seeking to make their workplace more congenial. These “things” can sense information, can be controlled by apps, and can communicate with cloud services.1.
Why is it Important to Discover Un-managed Assets?
Quite simply, unmanaged assets produce IT and security blind spots. Mike Hamilton, SVP of Product at Ziften said, “Security starts with understanding exactly what physical and virtual devices are linked to the corporate network. However, BYOD, shadow IT, IoT, and virtualization are making that more difficult.”.
These blind spots not only increase security and compliance threats, they can increase legal threats. Information retention policies developed to limit legal liability are not likely to be applied to electronically stored details consisted of on unapproved cloud, mobile, and virtual assets.
Keeping an up-to-date inventory of the assets on your network is important to great security. It’s common sense; if you have no idea it exists, you can’t know if it is protected. In fact, asset visibility is so essential that it is a fundamental part of most information security infrastructures including:
– SANS Important Security Controls for effective cyber defense: Establishing an inventory of authorized and unauthorized devices is top on the list.
– Council on CyberSecurity Crucial Security Controls: Developing a stock of licensed and unauthorized devices is the first control in the focused list.
– NIST Details Security Constant Tracking for Federal Information Systems and Organizations – SP 800-137: Information security continuous tracking is specified as keeping continuous awareness of information security, vulnerabilities, and risks to support organizational risk management decisions.
– ISO/IEC 27001 Info Management Security System Requirements: The basic requires that assets be plainly identified and a stock of very important assets be prepared and preserved.
– Ziften’s Adaptive Security Framework: The very first pillar includes discovery of all your authorized and unapproved physical and virtual devices.
Factors To Consider in Examining Asset Discovery Solutions.
There are several methods used for asset discovery and network mapping, and each of the methods have benefits and disadvantages. While evaluating the myriad tools, keep these 2 crucial considerations in mind:.
Constant versus point-in-time.
Strong information security needs constant asset identification regardless of what approach is employed. However, lots of scanning strategies utilized in asset discovery take some time to finish, and are thus executed regularly. The drawback to point-in-time asset identification is that short-term systems may just be on the network for a short time. Therefore, it is highly possible that these short-term systems will not be discovered.
Some discovery strategies can activate security notifications in network firewall programs, invasion detection systems, or virus scanning tools. Since these methods can be disruptive, discovery is only carried out at regular, point-in-time intervals.
There are, nevertheless, some asset identification techniques that can be used continually to locate and identify connected assets. Tools that offer constant monitoring for un-managed assets can provide much better unmanaged asset identification results.
” Due to the fact that passive detection runs 24 × 7, it will detect temporal assets that may just be sometimes and briefly connected to the network and can send out alerts when new assets are spotted.”.
Passive versus active.
Asset identification tools supply intelligence on all discovered assets consisting of IP address, hostname, MAC address, device manufacturer, and even the device type. This technology helps operations teams rapidly tidy up their environments, getting rid of rogue and unmanaged devices – even VM expansion. Nevertheless, these tools tackle this intelligence gathering differently.
Tools that employ active network scanning efficiently penetrate the network to coax responses from devices. These actions offer clues that assist determine and fingerprint the device. Active scanning regularly takes a look at the network or a section of the network for devices that are linked to the network at the time of the scan.
Active scanning can generally provide more in-depth analysis of vulnerabilities, malware detection, and configuration and compliance auditing. However, active scanning is performed regularly because of its disruptive nature with security infrastructure. Sadly, active scanning threats missing out on short-term devices and vulnerabilities that arise between scheduled scans.
Other tools utilize passive asset identification methods. Because passive detection operates 24 × 7, it will find transitory assets that might only be sometimes and briefly connected to the network and can send out notifications when new assets are detected.
In addition, passive discovery does not interrupt sensitive devices on the network, such as commercial control systems, and permits visibility of Web and cloud services being accessed from systems on the network. Further passive discovery techniques avoid setting off alerts on security tools throughout the network.
BYOD, shadow IT, IoT, virtualization, and Gartner’s newly-coined BYOT indicate more and more assets on to the organization network. Sadly, much of these assets are unidentified or unmanaged by IT. These unmanaged assets position severe security holes. Eliminating these unmanaged assets from the network – which are far more most likely to be “patient zero” – or bringing them in line with business security requirements greatly reduces an organization’s attack surface area and general risk. The good news is that there are options that can provide continuous, passive discovery of unmanaged assets.
Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO
Diminishing Effectiveness of Business Antivirus?
Google Security Guru Labels Antivirus Apps As Inefficient ‘Magic’.
At the current Kiwicon hacking conference in Wellington, New Zealand, Google’s Platform Integrity team manager Darren Bilby preached cyber-security heresy. Tasked with investigation of highly sophisticated attacks, consisting of the 2009 Operation Aurora project, Bilby lumped enterprise anti-virus into a collection of ineffective tools set up to tick a compliance check box, however at the cost of real security:
We need to stop buying those things we have actually revealed are not effective… Anti-virus does some useful things, however in reality, it is more like a canary in a coal mine. It is even worse than that. It’s like we are standing around the dead canary saying ‘Thank god it breathed in all the dangerous gas.
Google security gurus aren’t the very first to weigh in against enterprise anti-virus, or to draw uncomplimentary analogies, in this case to a dead canary.
Another extremely skilled security group, FireEye Mandiant, compared fixed defenses such as business antivirus to that notoriously failed World War II defense, the Maginot Line:
Like the Maginot Line, today’s cyber defenses are quick ending up being an antique in today’s hazard landscape. Organizations spend billions of dollars each year on IT security. However assailants are easily outflanking these defenses with clever, fast moving attacks.
An example of this was given by a Cisco managed security services executive speaking at a conference in Poland. Their team had actually found anomalous activity on one of their enterprise client’s networks, and reported the presumed server compromise to the customer. To the Cisco team’s awe, the client merely ran an anti-virus scan on the server, discovered no detections, and placed it back into service. Frightened, the Cisco team conferenced in the client to their tracking console and had the ability to show the cyber attacker conducting a live remote session at that very minute, complete with typing errors and reissue of commands to the jeopardized server. Finally convinced, the customer took the server down and completely re-imaged it – the enterprise anti-virus had been a futile diversion – it had actually not served the customer and it had actually not prevented the enemy.
So Is It Time to Dispose Of Business Antivirus Now?
I am not yet prepared to declare an end to the age of organization antivirus. However I understand that companies have to buy detection and response abilities to match traditional anti-virus. However increasingly I question who is complementing whom.
Competent targeted hackers will constantly effectively evade antivirus defenses, so versus your biggest cyber hazards, business anti-virus is essentially ineffective. As Darren Bilby stated, it does do some useful things, but it does not provide the endpoint defense you need. So, do not let it sidetrack you from the highest concern cyber-security financial investments, and don’t let it distract you from security procedures that do basically assist.
Shown cyber defense steps include:
Configuration hardening of networks and endpoints.
Identity management with strong authentication.
Continuous network and endpoint monitoring, constant watchfulness.
Strong encryption and data security.
Personnel education and training.
Continual risk re-assessment, penetration screening, red/blue teaming.
In contrast to Bilby’s criticism of business antivirus, none of the above bullets are ‘magic’. They are simply the continuous hard work of adequate organization cyber-security.
Written By Charles Leaver CEO Ziften
No company, however small or large, is resistant from a cyber attack. Whether the attack is started from an external source or from the inside – no company is fully secure. I have lost count of the number of times that senior managers from businesses have stated to me, “why would anyone wish to hack us?”
Cyberattacks Can Take Numerous Types
The expansion of devices that can link to enterprise networks (laptop computers, mobile phones and tablets) suggest an increased danger of security vulnerabilities. The aim of a cyberattack is to exploit those vulnerabilities.
Among the most common cyber attack methods is the use of malware. Malware is code that has a destructive intent and can include viruses, Trojans and worms. The aim with malware is often to take sensitive data or even damage computer networks. Malware is often in the form of an executable file that will distribute across your network.
Malware is becoming a lot more advanced, and now there is rogue software that will masquerade itself as genuine security software that has actually been developed to protect your network.
Phishing attacks are also common. Frequently it’s an e-mail that is sent from an apparently “trustworthy authority” asking that the user supply individual data by clicking a link. Some of these phishing emails look extremely genuine and they have deceived a great deal of users. If the link is clicked and data input the info will be taken. Today an increasing variety of phishing e-mails can consist of ransomware.
A password attack is one of the easiest forms of cyber attacks. This is where an unauthorized 3rd party will try to access to your systems by “breaking” the login password. Software applications can be employed here to conduct brute force attacks to guess passwords, and combination of words utilized for passwords can be compared utilizing a dictionary file.
If an attacker gains access to your network through a password attack then they can quickly introduce malicious malware and cause a breach of your delicate data. Password attacks are one of the easiest to prevent, and strict password policies can supply a really reliable barrier. Changing passwords routinely is likewise advised.
Denial of Service
A Denial of Service (DoS) attack is everything about causing maximum interruption of the network. Attackers will send out really high volumes of traffic through the network and normally make lots of connection requests. The outcome is an overload of the network and it will shut down.
Several computer systems can be used by hackers in DoS attacks that will create extremely significant levels of traffic to overload the network. Just recently the largest DoS attack in history utilized botnets versus Krebs On Security. On a regular basis, endpoint devices linked to the network such as PC’s and laptop computers can be pirated and will then add to the attack. If a DoS attack is experienced, it can have serious consequences for network security.
Man in the Middle
Man in the middle attacks are accomplished by impersonating endpoints of a network during an info exchange. Info can be stolen from the end user or even the server that they are interacting with.
How Can You Completely Prevent Cyber Attacks?
Complete prevention of a cyber attack is not possible with current innovation, but there is a lot that you can do to secure your network and your delicate data. It is essential not to think that you can just acquire and implement a security software suite then sit back. The more advanced cyber lawbreakers know all of the security software application services in the marketplace, and have actually devised techniques to overcome the safeguards that they provide.
Strong and frequently changed passwords is a policy that you should adopt, and is among the easiest safeguards to put in place. Encrypting your sensitive data is another no-brainer. Beyond installing anti-viruses and malware protection suites along with a great firewall program, you need to guarantee that regular backups remain in place and that you have a data breach occurrence response/remediation plan in case the worst takes place. Ziften helps businesses constantly monitor for risks that may survive their defenses, and do something about it instantly to eliminate the risk completely.
Written By Logan Gilbert And Posted By Charles Leaver Ziften CEO
Fears Over Compliance And Security Prevent Companies From Cloud Migration
Migrating segments of your IT operations to the cloud can seem like a huge task, and a harmful one at that. Security holes, compliance record keeping, the danger of presenting errors into your architecture … cloud migration provides a lot of hairy problems to handle.
If you have actually been wary about moving, you’re not alone – but aid is on the way.
When Evolve IP surveyed 1,000+ IT professionals previously this year for their Adoption of Cloud Services North America report, 55% of those surveyed stated that security is their greatest issue about cloud adoption. For companies that don’t currently have some cloud existence, the number was even greater – 70%. The next biggest barrier to cloud adoption was compliance, cited by 40% of respondents. (That’s up eleven percent this year.).
But here’s the bigger problem: If these concerns are keeping your company from the cloud, you cannot benefit from the performance and cost advantages of cloud services, which becomes a strategic impediment for your whole business. You require a method to migrate that also answers concerns about security, compliance, and operations.
Improved Security in Any Environment With Endpoint Visibility.
This is where endpoint visibility wins the day. Being able to see exactly what’s going on with every endpoint gives you the visibility you need to enhance security, compliance, and functional performance when you move your data center to the cloud.
And I mean any endpoint: desktop computer, laptop, mobile phone, server, VM, or container.
As a very long time IT professional, I comprehend the temptation to think you have more control over your servers when they’re locked in a closet and you’re the one who holds the keys. Even when you understand that segments of your environment count on kludges, they’re your kludges, and they’re stable. Plus, when you’re running your very own data center – unlike when you’re in the cloud – you can use network taps and an entire host of tracking tools to look at traffic on the wire, figure out a great deal about who’s speaking with whom, and fix your problems.
However that level of info fades in comparison to endpoint visibility, in the data center or in the cloud. The granularity and control of Ziften’s solution gives you much more control than you could ever get with a network tap. You can detect malware and other issues anywhere (even off your network), isolate them instantly, then track them back to whichever user, application, device, or procedure was the weak spot in the chain. Ziften provides the capability to carry out lookback forensics and to rapidly fix concerns in much less time.
Eliminating Your Cloud Migration Headaches.
Endpoint visibility makes a huge distinction anytime you’re ready to move a segment of your environment to the cloud. By evaluating endpoint activity, you can develop a baseline stock of your systems, clear out unmanaged assets such as orphaned VMs, and search out vulnerabilities. That gets everything safe and steady within your own data center prior to your relocate to a cloud company like AWS or Azure.
After you’ve moved to the cloud, ongoing visibility into each device, user, and application suggests that you can administer all parts of your infrastructure better. You avoid losing resources by preventing VM expansion, plus you have a detailed body of data to satisfy the audit requirements for NIST 800-53, HIPAA, and other compliance guidelines.
When you’re ready to relocate to the cloud, you’re not destined to weak security, incomplete compliance, or functional SNAFUs. Ziften’s method to endpoint security provides you the visibility you need for cloud migration without the headaches.
Written By Logan Gilbert And Presented By Charles Leaver
Ziften helps with incident response, remediation, and investigation, even for endpoints that are not connected to your network.
When incidents occur, security analysts have to act quickly and comprehensively.
With telecommuting workforces and business “cloud” infrastructures, removal and analysis on an endpoint pose a truly challenging job. Below, view how you can utilize Ziften to take actions on the endpoint and identify the origin and propagation of a compromise in minutes – no matter where the endpoints reside.
Initially, Ziften notifies you to malicious activities on endpoints and directs you to the reason for the alert. In seconds, Ziften lets you take remediation actions on the endpoint, whether it’s on the organization network, a worker’s home, or the local cafe. Any remediation action you ‘d normally perform by means of a direct access to the endpoint, Ziften makes available through its web console.
Simply that quickly, removal is taken care of. Now you can use your security competence to go risk searching and do a bit of forensics work. You can immediately dive into much more information about the procedure that resulted in the alert; and then ask those vital questions to find how extensive the issue is and where it spread from. Ziften provides thorough incident remediation for security analysts.
See firsthand how Ziften can help your security team zero in on threats in your environment with our Thirty Days totally free trial.
Written by Dr Al Hartmann And Presented By Ziften CEO Charles Leaver
Cyber attacks, attributed to the Chinese federal government, had breached sensitive workers databases and stolen data of over 22 million existing, previous, and potential U.S. civil servants and members of their family. Stern cautions were overlooked from the Office of the Inspector General (OIG) to close down systems without existing security authorization.
Presciently, the OIG specifically alerted that failure to shut down the unauthorized systems brought nationwide security ramifications. Like the captain of the Titanic who preserved flank speed through an iceberg field, the OPM reacted,
” We concur that it is very important to keep current and legitimate ATO’s for all systems but do not think that this condition rises to the level of a Material Weak point.”
Furthermore the OPM worried that shutting down those systems would suggest a lapse in retirement and worker benefits and paychecks. Provided an option in between a security lapse and an operational lapse, the OPM decided to run insecurely and were pwned.
Then director, Katherine Archuleta, resigned her office in July 2015, a day after revealing that the scope of the breach significantly surpassed original damage assessments.
Despite this high value details preserved by OPM, the agency cannot focus on cybersecurity and properly safe high worth data.
Exactly what are the Lessons for CISO’s?
Logical CISO’s will want to prevent professional immolation in an enormous flaming data breach catastrophe, so let’s rapidly review the essential lessons from the Congressional report executive summary.
Focus on Cyber Security Commensurate with Asset Value
Have a reliable organizational management structure to implement risk-appropriate IT security policies. Chronic absence of compliance with security best practices and lagging recommendation implementation timelines are signs of organizational failure and bureaucratic atherosclerosis. Shock the organization or prepare your post breach panel grilling prior to the inquisitors.
Don’t Tolerate a Lax State of Information Security
Have the necessary tracking in place to keep important situational awareness, leave no observation gaps. Do not fail to comprehend the scope or level or gravity of attack signs. Assume if you determine attack indicators, there are other indicators you are missing. While OPM was forensically observing one attack channel, another parallel attack went unseen. When OPM did do something about it the hackers understood which attack had been discovered and which attack was still effective, quite valuable intelligence to the enemy.
Mandate Basic Needed Security Tools and Expeditiously Deploy State Of The Art Security Tools
OPM was incredibly negligent in implementing mandated multi-factor authentication for privileged accounts and failed to deploy available security technology that might have prevented or mitigated exfiltration of their most important security background investigation files.
For restricted data or control access authentication, the phrase “password secured” has been an oxymoron for years – passwords are not security, they are an invite to compromise. In addition to appropriate authentication strength, complete network monitoring and visibility is requisite for avoidance of delicate data exfiltration. The Congressional investigation blamed careless cyber protection and inadequate system traffic visibility for the assailants’ consistent presence in OPM networks.
Do Not Fail to Intensify the Alarm When Your Most Important Delicate Data Is Being Attacked
In the OPM breach, observed attack activity “ought to have sounded a high level multi agency national security alarm that a sophisticated, persistent actor was looking to gain access to OPM’s highest-value data.” Instead, absolutely nothing of consequence was done “up until after the agency was severely compromised, and up until after the agency’s most delicate information was lost to dubious actors.” As a CISO, sound that alarm in time (or rehearse your panel appearance face).
Lastly, don’t let this be said of your business security posture:
The Committee received documentation and testimony showing OPM’s info security posture was undermined by a woefully unsecured IT environment, internal politics and bureaucracy, and inappropriate top priorities related to the deployment of security tools that slowed important security choices.
Written By Charles Leaver CEO Ziften
What Worries Enterprise CISOs When Migrating To The Cloud
Moving to the cloud provides a number of benefits to enterprise companies, however there are real security concerns that make changing over to a cloud environment worrisome. What CISOs desire when moving to the cloud is constant insight into that cloud environment. They require a method to monitor and determine danger and the confidence that they have the proper security controls in place.
Increased Security Risk
Migration to the cloud implies using managed IT services and many believe this implies relinquishing a high level of visibility and control. Although the leading cloud service providers use the current security technology and file encryption, even the most up to date systems can stop working and expose your delicate data to the hackers.
In reality, cloud environments are subject to similar cyber hazards as private enterprise data centers. Nevertheless, the cloud is ending up being a more attractive target due to the substantial quantity of data that has been stored on servers in the cloud.
Cyber attackers understand that enterprises are gradually migrating to the cloud, and they are already targeting cloud environments. Alert Logic, a security as a service provider, published a report that concluded that those who make IT choices ought to not assume that their data that is saved off site is more difficult for cyber wrongdoers to get.
The report went on to mention that there had been a 45% increase in application attacks against implementations in the cloud. There had actually also been an increase in attack frequency on companies that store their infrastructure in the cloud.
The Cloud Is a Glittering Prize
With the moving of valuable data, production workloads, and software applications to cloud environments these discoveries must not come as a surprise. A statement from the report stated, “… cyber attackers, like everyone else, have a minimal quantity of time to complete their job. They want to invest their time and resources into attacks that will bear the most fruit: businesses using cloud environments are mainly considered that fruit bearing prize.”
The report likewise recommends that there is a misunderstanding within organizations about security. A variety of enterprise decision makers were under the impression that as soon as a cloud migration had taken place then the cloud service provider would be totally responsible for the security of their data.
Security in The Cloud Needs To Be A Shared Obligation
All businesses must take responsibility for the security of their data whether it is hosted in house or in the cloud. This duty can not be entirely relinquished to a cloud business. If your business experiences a data breach while utilizing cloud management services, it is not likely that you would have the ability to evade obligation.
It is essential that every organization totally comprehends the environment and the threats that are related to cloud management. There can be a myriad of legal, monetary, commercial, and compliance threats. Prior to moving to the cloud be sure to scrutinize contracts so that the supplier’s liability is completely comprehended if a data breach were to occur.
Vice president of Alert Logic Will Semple said, “the key to securing your critical data is being educated about how and where along the ‘cyber kill chain’ hackers penetrate systems and to utilize the right security tools, practices and financial investment to fight them.”
Cloud Visibility Is The Key
Whether you are utilizing cloud management services or are hosting your own infrastructure, you need complete visibility within your environment. If you are considering the migration of part – or all – of your environment to the cloud then this is essential.
After a cloud migration has taken place you can count on this visibility to monitor each user, device, application, and network activity for potential threats and possible hazards. Thus, the administration of your infrastructure ends up being far more efficient.
Do not let your cloud migration result in weakened security and insufficient compliance. Ziften can help maintain cloud visibility and security for your existing cloud implementations, or planned cloud migrations.
Written By Charles Leaver Ziften CEO
Recognize and control any device that requires access to your organization’s network.
When an organization becomes larger so does its asset footprint, and this makes the job of managing the whole set of IT assets a lot more challenging. IT management has actually changed from the days where IT asset management included recording devices such as printers, making an inventory of all set up applications and guaranteeing that antivirus suites were updated.
Today, companies are under continuous threat of cyber attacks and using malicious code to infiltrate the business network. Numerous devices now have network access capabilities. Gone are the days when just desktop PC’s linked to an organization network. Now there is a culture of bring your own device (BYOD) where cell phones, tablets and laptops are all likely to link to the network.
While this offers versatility for the organizations with the capability for users to connect from another location, it opens up an entire new variety of vulnerabilities as these various endpoints make the issue of corporate IT security a lot more complex.
What Exactly Is Endpoint Management?
It is necessary that you have a policy based method to the endpoint devices that are connected to your network to reduce the threat of cyber attacks and data breaches. Making use of laptop computers, tablets, smart phones and other devices might be convenient, however they can expose companies to a huge selection of security dangers. The main goal of a sound endpoint management technique need to be that network activities are thoroughly kept an eye on and unauthorized devices can not access the network.
Many endpoint management software is most likely to examine that the device has an os that has been authorized, as well as anti-virus software applications, and examine the device for upgraded private virtual network systems.
Endpoint management solutions will identify and control any device that requires access to the corporate network. If anybody is attempting to access the enterprise environment from a non certified device they will be denied access. This is vital to combat attacks from cyber criminals and infiltrations from harmful groups.
Any device which does not abide by endpoint management policies are either quarantined or granted restricted access. Local administrative rights might be eliminated and searching the Internet restricted.
Organizations Can Always Do More
There are a number of techniques that an organization can use as part of their policy on endpoint management. This can consist of firewalls (both network and individual), the file encryption of sensitive data, more powerful authentication approaches which will certainly consist of the use of challenging to crack passwords that are regularly changed and device and network level anti-viruses and anti malware security.
Endpoint management systems can work as a client and server basis where a software application is released and centrally handled on a server. The client program will need to be set up on all endpoint devices that are licensed to access the network. It is likewise possible to use a software as a service (SaaS) model of endpoint management where the supplier of the service will host and maintain the server and the security applications remotely.
When a client device tries a log in then the server based application will scan the device to see if it abides by the company’s endpoint management policy, and then it will verify the credentials of the user prior to access to the network can be approved.
The Problem With Endpoint Management Systems
Most companies see security software as a “total remedy” however it is not that clear cut. Endpoint security software that is bought as a set and forget system will never suffice. The skilled hackers out there learn about these software systems and are developing malicious code that will avert the defenses that a set and forget application can provide.
There has to be human intervention and Jon Oltsik, contributor at Network World said “CISOs must take ownership of endpoint security and designate a group of experts who own endpoint security controls as part of an overall obligation for incident prevention, detection, and response.”
Ziften’s endpoint security systems provide the continuous monitoring and look-back visibility that a cyber security group needs to discover and act upon to prevent any harmful breaches spreading out and taking the sensitive data of the company.
Written By Michael Vaughn And Presented By Charles Leaver Ziften CEO
All the current success from Splunk
Recently I went to the annual Splunk conference in the excellent sunshine state – Florida. The Orlando-based occasion permitted Splunkers from worldwide to familiarize themselves with the current and most successful offerings from Splunk. Although there were a variety of enjoyable activities throughout the week, it was clear that participants were there to find out new stuff. The announcement of Splunk’s security-centric Adaptive Response initiative was favored and so happens to integrate quite nicely with Ziften’s endpoint service.
Of particular interest, the “Transforming Security” Keynote Presentation presented by Monzy Merza, Director of Cyber Research and Chief Security Evangelist for Splunk, Haiyan Song, SVP Security Markets for Splunk, and Mike Stone, CDIO for the UK Ministry of Defense, showed the power of Splunk’s new Adaptive Response interface to countless participants.
In the clip just below taken from that Keynote, Monzy Merza exemplifies how crucial data provided by a Ziften agent can also be used to enact bi-directional performance from Splunk by sending out instructional logic back to the Ziften agent to take instant actions on a compromised endpoint. Monzy had the ability to successfully determine a jeopardized Linux server and remove it from the operational network for additional forensic investigation. By not only offering critical security data to the Splunk instance, however also allowing the user to stay on the same interface to take operational and security actions, the Ziften endpoint agent makes it possible for users to bi-directionally utilize Splunk’s effective framework to take immediate action across all operating systems in an exacting way. After the talks our cubicle was swamped with demonstrations and extremely fascinating discussions concerning operations and security.
Take a look at a three minute Monzy highlight from the Keynote:
Over the weekend I was able to process the large variety of technical discussions I had with hundreds of fantastic people in our booth at.conf. Among the amusing things I discovered – which nobody would openly admit unless I pulled it from them – is that the majority of us are beginner-to-intermediate SPL( Splunk Processing Language) users. I also observed the obvious: incident response was the primary focus of this year’s event.
Nevertheless, many people use Ziften for Splunk for a range of things, such as application and operations management, network monitoring, and user behavior modeling. In an effort to light up the broad functionality of our Splunk App, here’s a taste of what folks at.conf2016 liked most about Ziften for Splunk:
1) It’s fantastic for Enterprise Security.
a. Generalized platform for absorbing real time data and taking instant action
b. Autotomizing remediation from a wide scope of signs of compromise
2) IT Operations adore us.
a. Tracking of Systems, Hardware Life Cycle, Resource Management
b. Management of Applications – Compliance, License Verification, Vulnerabilities
3) Network Monitoring with ZFlow is a game changer.
a. ZFlow ties netflow with binary, system and user data – in a single Splunk SPL entry. Do I need to say more here? This is the right Holy Grail from Indiana Jones, people!
4) Our User Behavior Modeling surpasses just notifications.
a. This could be connected back under IT Operations but it’s becoming its own beast
b. Ziften’s tracking of software application use, logins, elevated binaries, timestamps, etc is readily viewable in Splunk
c. Ziften offers a complimentary Security Centric Splunk package, however we transform all of the data we collect from each endpoint to Splunk CIM language – Not simply our ‘Alerts’.
Ultimately, utilizing a single Splunk Adaptive Response user interface to handle a wide variety of tools within your environment is exactly what helps construct a strong enterprise fabric for your business – one in which operations, security and network teams more fluidly overlap. Make better decisions, quicker. Find out for yourself with our totally free 30 day trial of Ziften for Splunk!