At Ziften We Are Very Proud To Be A Red Herring Award Winner – Charles Leaver

Written By Rachel Munsch And Presented By Charles Leaver CEO Ziften

There is some exciting news to share: For 2015 Ziften has actually been selected as a Top 100 North America award winner. There were around 1200 businesses from the USA and Canada evaluated in the yearly competition and our Endpoint Detection and Response solution managed to raise us into the top 100.

It is well recognized that the Red Herring 100 Awards are commonly understood to be among the sector’s more distinguished acknowledgments. Those that reach the finals have to go through an extensive selection process which is based upon over 20 requirements that includes technological development, addressable market, business model, customer footprint and level of specialty. Alex Vieux, CEO and Red Herring Publisher, felt that the competition was truly strong this year and the process of selection was difficult:

“However after much thought, extensive consideration and discussion, we narrowed our list down from hundreds of candidates from across North America to the North America winners. Our company believe Ziften embodies the vision, drive and innovation that define a successful entrepreneurial venture. Ziften must be proud of its achievement, as the competition was extremely strong.”

Here at Ziften we are really proud to be named a Red Herring award winner. It’s always gratifying to have our work confirmed and be acknowledged, especially when you consider the prestigious list of finalists. Our dedication to assisting companies safeguard themselves from the advanced threats that exist today stays strong, and this award will act as an inspiration in the future as we continue to make every effort to be the leader in endpoint security and protection.


Charles Leaver – With The Number Of Vishing Scams Increasing You Need To Be On The Alert

Written By David Shefter And Presented By Ziften CEO Charles Leaver


I was enjoying TV in August, 2015 and I had a call from a 347 location code telephone number. I thought that it was a business coworker of mine who lives in the external boroughs, so I answer the call.

The call was a complete surprise, “Roy Callahan from the NYC Police Department” threatens me with a warrant for my arrest within minutes, and specifies that I have to turn myself into the local police department. So, I spoke to my buddy Josh Linder. He says that it’s rampant in the area where he lives and similarly happened to him, but they threatened him if he didn’t comply by buying a $9000 Green Dot prepaid card.

If You Think This Sounds Embellished …

This occurs thousands of times every day. Law enforcement agencies (LEA’s) ranging from regional municipalities to the FBI, and everything in between are overwhelmed. They can’t contend – bad actors are fast, wise, and ahead of the curve.

These lawbreakers likewise know how budget, talent and resource constrained the LEA’s are. The local ones are best at catching shoplifters and pulling over speeding cars, not tracking terrorists to their origin throughout federal or state borders. With little coordination or interest and a lack of tools, over 99% of these rip-offs go unsettled.

How Did They Find Me?

First, social networking has created a treasure trove of details. People entrust their name, address, telephone number, work history, academic background, and social circles to the public domain. This is where the danger lies, not the much publicized hacks at federal government agencies, banks, health care companies and merchants.

Nevertheless, the big exposures at merchants like Home Depot, Target and Michael’s in addition to the more recent hacks at the United States Office of Personal Management (OPM), United Airlines and Anthem need to be of significant issue. This information enables criminals the ability to triangulate data, and develop a rich persona of individuals like you and me.

Putting this into context, tens of millions of records were exposed, which could be used to go far beyond extortion payments, and move towards the exploit physical susceptibilities in military workers, executives or even normal people.

How Rapidly Will I Be Exposed?

According to a 2014 FBI rip-off alert, victims reported having money illegally withdrawn from their bank accounts within ten minutes of getting a vishing call, and another of having hundreds or thousands of fraudulent withdrawals in the days following.

What Can I Do?

As an individual, it is best to be watchful and utilize sound judgment. No matter what a “vishing” caller ID says, the U.S. Internal Revenue Service will not require money or account numbers. Do not fall victim to Vishing’s wicked cousin Phishing and click links in e-mails which might take you to a malware website – invest an additional 2 seconds validating that the e-mail is in fact who it is from, not simply a familiar name.

Second, it’s best to secure your social profiles on the Internet. Facebook, LinkedIn, Twitter, and the trove of other tools have most likely currently exposed you. Carry out an easy Google search, then move towards clean up the public aspects of your online persona.

Third, imitate a business to secure your staff members as if they were your relatives. Large organizations have invested greatly in antivirus, drive encryption, email security, and next generation firewall software. None of this matters – phishing and vishing rip-offs go right around these. You require training, ongoing education, alertness, and innovation which is smarter. A key approach to this is carrying out continuous endpoint visibility on your devices. At Ziften, our solution plugs security exposures to form a more resilient wall.

The fight for cyber security defense is consuming your resources, from your individuals to your budget. Hazards are faster, smarter, and more focused than before, and working their way around traditional prevention solutions and getting straight to the point; your endpoints. When breached you have less than 60 minutes before the cyber attack finds extra victims within your company. Time is of the essence, and given that we cannot produce more of that, we focus on taking full advantage of constant intelligence so your team can make the correct choice, right now.

In Closing

Today, individuals are so concentrated on deceptive credit card charges, and organizations are locking down endpoints at a record rate.

More has to be done. The lawbreakers are much faster, more intelligent, more equipped – and outside the bounds of the law. While news will continue to come regarding the success of capturing large-scale scammers and untouchable foreign nationals in China and Russia, there will be countless small exploits daily.

At Ziften, we have one objective, to make endpoint security rapid and easy for the end user to not only implement, however handle and drive daily value. By integrating real-time user, device, and behavior monitoring with powerful analytics and reporting, Ziften instantly empowers any company to view, inspect, and respond to the very latest attacks.

Many thanks to Josh Linder for his conversations on this topic.


Charles Leaver – Trust Ziften To Implement Your Gartner SOC Nuclear Triad

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO

Anton Chuvakin, VP and security expert at Gartner Research posted about the three necessary Security Operations Center (SOC) tools required to supply reliable cyber attack visibility. Chuvakin compared them to the cold war’s “nuclear triad” principle of siloed, air-borne, and nuclear submarine abilities needed to guarantee survival in a total nuclear exchange. Similarly, the SOC visibility triad is essential to guaranteeing the survival of a cyber attack, “your SOC triad looks to substantially decrease the possibility that the attacker will operate on your network long enough to achieve their objectives” as Chuvakin wrote in his post.

Now we will look at the Gartner designated essentials of the SOC triad and how Ziften supports each ability.

SIEM (Security Information and Event Management) – Ziften Open Visibility ™ extends existing security, event monitoring tools and system management by providing crucial open intelligence of any enterprise endpoint. Ziften’s Open Visibility platform now includes integration with Splunk, ArcSight, and QRadar, in addition to any SIEM supporting Common Event Format (CEF) notifications. Unlike contending product integrations that only supply summary data, Ziften Open Visibility exposes all Ziften collected endpoint data for complete highlighted integration exploitation.

NFT (Network Forensics Tools)– Ziften ZFlow ™ extends network flow based security tools with vital endpoint context and attribution, considerably enhancing visibility to network events. This new standards based technology extends network visibility down within the endpoint, gathering vital context that cannot be observed over the wire. Ziften has an existing product integration with Lancope, and also has the capability to rapidly integrate with other network flow collectors utilizing Ziften Open Visibility architecture.

EDR (Endpoint Detection and Response)– The Ziften Endpoint Detection and Response service constantly examines user and device habits and highlights anomalies in real time, allowing security experts to hone in on advanced risks much faster and minimize Time To Resolution (TTR). Ziften EDR enables organizations to more quickly determine the origin of a breach and select the necessary restorative actions.

While other security tools play supporting roles, these are the 3 essentials that Gartner asserts do constitute the core protector visibility into attacker actions within the targeted company. Arm up your SOC triad with Ziften. For a no commitment free trial, see: to get more information.


Time Is Money With Incident Response So Reduce Time With Endpoint Visibility – Charles Leaver

Written By Kyle Flaherty And Presented By Ziften CEO Charles Leaver

It was rather a day on July 9 2015 in the world of cyber security. The first thing to occur was the grounding of flights by United Airlines due to a technical problem, this was followed just afterwards by the New York Stock Exchange (NYSE) revealing they had to halt trading. This report originated from the Wall Street Journal as you would expect, and they went offline soon after.

This caused complete panic on the Internet! There was an enormous buzz on Twitter and there were a great deal of rumors that a well collaborated cyber attack was occurring. People were jumping off the virtual bridge and stating a virtual Armageddon.

There was general mayhem till the 3 companies stated in public that the issues were not connected to cyber attacks but the feared unidentified “technical glitch”.

Visibility Is The Concern For Cyber Attacks Or Glitches

In today’s world it is assumed that “glitch” implies “attack” and it is true to state that a good group of hackers can make them look the same. There are still no information about the occurrences on that day and there probably never will (although there are rumors about network resiliency problems with one of the most significant ISPs). At the end of the day, when an incident like this occurs all organizations require to know why.

Stats recommend that each hour of incident response may cost thousands of dollars an hour, and when it comes to companies such as United and NYSE, downtime has actually not been considered. The board of directors at these businesses do not wish to hear that something like this will take hours, and they might not even care how it took place, they simply want it dealt with rapidly.

This is why visibility is always in the spotlight. It is very important when emergencies strike that an organization knows all of the endpoints in their environment and the contextual behavior behind those endpoints. It might be a desktop, a server, a laptop and it might be offline or online. In this modern-day period of security, where the idea of “prevent & block” is not a suitable strategy, our capability to “rapidly identify & respond” has become increasingly more important.

So how are you making the transition to this new period of cyber security? How do you minimize the time in determining whether it was an attack or a glitch, and what to do about it?