Written By Patrick Kilgore And Presented By Charles Leaver Ziften CEO
A report was released called “Investors pour billions in to cyber security firms” by CEO of Cybersecurity Ventures, Steve Morgan. This is not guesswork. The previous year alone, venture backed cyber security organizations raised nearly $2 billion dollars. With this influx of capital, you would be forgiven for believing that things have achieved their peak. But you would be incorrect …
At the midpoint of 2015, start ups in cyber security had already raised $1.2 billion in funding. There appears to be no end in sight when it concerns cyber security as Morgan indicates. Top companies like Allegis Capital have actually even raised funds (to the tune of $100M) to back cyber security innovation, solely.
The normal suspects are not there on the list of names. Morgan’s article states that most of the financing statements are for fast growing companies like ours. Ziften remains in great company among innovators who are keeping up with the demands of modern-day cyber security. While we lead the pack in constant endpoint visibility – others companies have actually taken special approaches, such as using artificial intelligence to the battle against cyber attacks or streamlining key lookups to bring public key file encryption to the masses. They are all taking on a various pieces of the puzzle.
And it definitely is a puzzle. Because many services are highly specialized, collaborating is going to be crucial. The requirement for incorporating the different elements in the market for a sophisticated view of the issue set is clear. That’s why we built Ziften Open Visibility ™ – to supply APIs, connectors, and alerts to incorporate endpoint context and attribution data with existing financial investments.
Market Vision That Is 20/20
It might look like market saturation to the layman but it is just the tip of the cyber security iceberg. Every day, cyber attacks become more sophisticated, discovering brand-new methods to devastate consumers and companies. This list of backed organizations is a testament to the idea that legacy endpoint and network security is failing. The concept of prevention is a good one, but security specialists now realize that a two pronged strategy is required that incorporates detection and response.
You can have a 20/20 view of your security landscape, or you can keep your present blind spots. Which one do you believe will help you to sleep at night?
Written By Michael Bunyard And Presented By Ziften CEO Charles Leaver
Taking a look through the Cisco 2015 Midyear Security Report, the view was that “the bad guys are innovating faster than the security community.” This is not an unique statement and can be found in a great deal of cyber security reports, since they are reactive studies to previous cyber attacks.
If all you do is focus on unfavorable outcomes and losses then any report is going to look bad. The fact is that the vendors that are releasing these reports have a lot to gain from companies that wish to purchase more cyber security products.
If you look thoroughly within these reports you will find great pieces of guidance that might considerably enhance the security arrangements of your organization. So why do these reports not begin with this info? Well it’s everything about offering services right?
One anecdote stood apart after checking out the report from Cisco that would be easy for organization security teams to address. The increasing vulnerabilities and exploits of Adobe Flash were detailed, and they are being integrated often into exploit kits such as Angler and Nuclear. The Flash Player is regularly updated by Adobe, but a number of users are slow to use these updates that would supply them with the defense that they need. This means that hackers are benefiting from the gap between the vulnerability being discovered and the upgrade patch being applied.
Vulnerability Management Is Not Resolving The Issue
You would be forgiven for thinking that because there are a whole range of solutions in the marketplace which scan endpoints for vulnerabilities that are known, it would be extremely basic to make sure that endpoints were upgraded with the current patches. All that is required is for a scan to be run, the endpoints that require updating recognized, run the updates and job done right? The concern here is that scans are only run periodically, patches fail, users will present vulnerable apps inadvertently, and the company is now wide open up until the next scan. Furthermore, scans will report on applications that are installed however not used, which leads to significant numbers of vulnerabilities that make it hard for an analyst to focus on and manage.
What Is So Easy To Address Then?
The scans need to be run continuously and all endpoints monitored so that as quickly as a system is not compliant you will know about it and can react instantly. Continuous visibility that supplies real time notifying and substantial reporting is the brand-new mandate as endpoint security is redefined and individuals realize the era of prevention – first is over. Leveraging the National Vulnerabilities Database (NVD), each application that is actually running a known vulnerability can immediately be acknowledged, security personnel alerted, and the patch applied. Additionally, solutions can search for suspicious activity from susceptible applications, like unexpected application crashes, which is a possible sign of an exploit effort. Lastly, they can likewise find when a user’s system has actually not been restarted since the last security patch was available.
There Definitely Is Hope
The good news about real-time endpoint visibility is that it works on any vulnerable application (not only Adobe Flash) because, hackers will move from app to app to evolve their techniques. There are simple services to huge issues. Security groups just have to be informed that there is a better way of handling and securing their endpoints. It just takes the proper endpoint detection and response system.
Written By Patrick Kilgore And Presented By Charles Leaver CEO Ziften
When you are at the Black Hat yearly conference there are discussions going on all over about hacking and cyber security and it can make you paranoid. For a lot of individuals this is just an appetizer for the DEF CON hacking program.
A long time ago a story was released by the Daily Dot which was called “The art of hacking humans” which discussed the Social Engineering “Capture the Flag” contest that has been running since 2010. In it, participants utilize the very best tool a hacker has at their disposal – their wits – and take advantage of tall stories and social subterfuge to persuade unsuspecting victims to supply sensitive info in exchange for points. A couple of errors here, a comment about applications there, and a bang! You’re hacked and on the front page of the New York Times.
For the companies being “Targeted” (such as huge box merchants who will remain nameless …), the contest was initially viewed as an annoyance. In the years since its creation however, the Capture the Flag contest has actually gotten the thumbs up from many a business security experts. Its contestants engage each year to evaluate their nerve and assist possible hacking victims understand their vulnerabilities. It’s a white hat education in what not to do and has made strides for corporate awareness.
Human Hacking Begins With … Humans (duh).
As we know, the majority of harmful attacks begin at the endpoint, since that is where the people in your business live. All it takes is access from an ambiguous location to do serious damage. But rather than think of hacks as something to react to or a mere procedure to be eliminated, we have to advise ourselves that behind every attack there is a person. And ultimately, that’s who we need to equip ourselves against. How do we do that?
Since businesses operate in the real world, we must all accept that there are those who would do us damage. Instead of attempting to avoid hacks from happening, we need to re-wire our brains on the matter. The key is identifying malicious user habits as it is taking place so that you can react accordingly. The new period of endpoint security is focused on this capability to envision user behavior, inspect and examine it rapidly, and after that respond rapidly. At Black Hat we are showing folks how they can continually monitor the fringes of their network so that when (not if) breaches happen, they can be swiftly tackled.
As a wise man once stated, “You cannot protect what you can’t manage and you cannot manage what you cannot see.” The outcome dramatically reduces time to identify and time to respond (TTR). And that’s no lie.
Written By Michael Bunyard And Presented By Charles Leaver CEO Ziften
Cyber security is everything about people vs. people. Each day that we sift through the latest attack news (like the current Planned Parenthood breach) it ends up being more and more obvious that not only are individuals the issue, in many respects, but individuals are likewise the answer. The opponents come in numerous classifications from insiders to hackers to organized crime and State sponsored terrorists, but at the end of the day, it’s people that are directing the attacks on companies and are therefore the problem. And it’s individuals that are the main targets exploited in the attack, usually at the endpoint, where individuals access their connected business and personal worlds.
The endpoint (laptop computer, desktop, mobile phone, tablet) is the device that individuals utilize throughout their day to get their jobs done. Think of how often you are attached to your endpoint( s). It’s a lot, right? Not only are these endpoints susceptible (see the Stagefright Android vuln for a good example), the people at the endpoint are typically the weak spot in the chain that offers the opening for the aggressors to make use of. All it takes is someone to open the wrong email, click to the wrong site or open the incorrect file and it’s game on. In spite of all the security awareness in the world, individuals will make mistakes. When talking about the Planned Parenthood breach my colleague Mike Hamilton, who directs the product vision here at Ziften, offered a truly intriguing insight:
” Every organization will have people against it, and now those people have the methods and mission to disrupt them or take their data. Leveraging existing blind spots, cyber criminals and even hackers have simple access through vulnerable endpoints and utilize them as a point of entry to conceal their activities, avert detection, exploit the network and take advantage of the targeted organization. It is now more important than ever for organizations to be able to see suspicious behavior beyond the network, and certainly beyond merely their web server.”
People Powered Security
It makes sense that cyber security services should be purpose built for individuals that are defending our networks, and monitoring the behaviors of the people as they utilize their endpoints. However typically this hasn’t held true. In fact, the endpoint has been a virtual black box when it comes to having continuous visibility of user behaviors. This has resulted in a scarcity of information about what is truly taking place on the endpoint – the most vulnerable part in the security stacks. And cyber security services definitely do not appear to have the people defending the network in mind when silos of diverse pieces of information flood the SIEM with numerous incorrect positive notifications that they cannot see the real dangers from the benign.
People powered security makes it possible for viewing, checking, and reacting by evaluating endpoint user behavior. This has to be done in a manner that is painless and fast because there is a substantial scarcity of skills in companies today. The very best technology will make it possible for a level one responder to handle the majority of suspected threats by providing simple and concise info to their fingertips.
My security master coworker (yeah, I’m lucky that on one corridor I can speak with all these folks) Dr. Al Hartmann states “Human-Directed Attacks need Human Directed Response”. In a current blog post, he nailed this:
” Human intelligence is more flexible and creative than machine intelligence and will always ultimately adjust and defeat an automatic defense. This is the cyber-security versio of the Turing test, where a machine defense is trying to rise to the intellectual level of a competent human hacker. At least here in the 21st Century, expert systems and artificial intelligence are not up to the task of completely automating cyber defense, the cyber assailant undoubtedly triumphs, while the victims lament and count their losses. Only in science fiction do believing machines overpower humans and take over the world. Do not accept the cyber fiction that some autonomous security software will outwit a human hacker foe and conserve your company.”
Individual powered security empowers well informed vibrant response by the individuals attempting to prevent the aggressors. With any other technique we are just kidding ourselves that we can stay up to date with aggressors.