Charles Leaver – Guarding Against Data Breaches Requires Investment In Endpoint Threat Detection

Written By Charles Leaver Ziften CEO

Resisting data breaches is a hard thing to do, however essential to be successful in the current business climate. Because of the sheer amount of cyber criminals waiting in the wings to steal individual details, credit card info, and other important data from consumers, organizations need to understand the high amount of risks to info online, and take steps to prevent it. Making use of endpoint threat detection and response systems is one of the best methods to take care of this problem, as it can enable an easy method to combat against a variety of different exploits hackers can use to gain access to a company network.

In order to produce a better, more attack proof system, establishing a strong sense of back-end security is necessary. The New York Times’ article on securing data discusses a couple of, very important steps that can make a huge difference in keeping client information from falling into the wrong hands. Some of the procedures the short article discusses consist of utilizing point-of-sale systems for consumer transactions only, dedicating one computer system to all financial company, and keeping software applications up to date. These are wise suggestions due to the fact that they secure against numerous ways that hackers want to use to breach systems. A PoS system that doesn’t connect to the Web except to send data to bank servers is much safer than one that isn’t really so limited due to the fact that it lowers the threat of a virus getting onto the network through the Web. Making one computer system the single access point for monetary transactions and nothing else can keep infections or other malicious surveillance software applications from getting in. In this way, a company can greatly safeguard its customers while not really taking on that many extra expenses.

Ensure That Security And Safeguarding Come First

Property Casualty 360 has a comparable list of recommendations, including automating patches to enterprise systems, utilizing file encryption on all devices, imposing strong passwords, and keeping an eagle-eyed approach to email. Encrypting info, particularly monetary info, is extremely essential. It is possible for a hacker to get financial info saved as plain text very easily without the use of encryption procedures. Of course, strong endpoint threat response systems need to be utilized to deal with this threat, however security, like clothing in Fall, is best when layered. Using several various techniques simultaneously significantly lowers the opportunity of a given company’s data from being leaked, which can, with time, make it much easier to protect against any type of damage that could be done.

Numerous breaches take place not when a piece of malware has effectively planted itself on a server, but when a worker’s email account contains an insecure password. Dictionary words, like ” pet” or “password,” need to never be used. They are easy to hack and to break in to, and they can cause whole stores of data being taken. Likewise, an employee accidentally sending a list of customers to someone without examining their desired recipients list can wind up sending out a whole fleet of information out to the wrong person, easily causing huge data loss. This kind of leakage needs to be prevented by strong training.

In response to the myriad of threats out there currently, the best way to handle them is to utilize strong endpoint threat response systems in order to avoid losing important data. Utilizing a big variety of different security strategies in order to protect against all incoming attacks in a clever way to be certain that your company is able to weather a variety of blows. This kind of mindset can keep a company from being sunk by the big quantity of attacks presently striking organizations.


Charles Leaver – During Holiday Season Hackers Will Not Rest

Written by Ziften CEO Charles Leaver



Throughout the Christmas season it is a prime time for the cyber lawbreakers, syndicates and state-sponsored cyber groups to hack your company. A lowered variety of IT staff at work could enhance the odds for undetected endpoint compromise, stealthy lateral pivoting, and undetected data exfiltration. Experienced attack teams are more than likely assigning their top talent for a well-coordinated holiday hackathon. Penetration of your business would likely start with an endpoint compromise via the normal targeted methods of spear phishing, social engineering, watering hole attacks, and so on

With thousands of business client endpoints on offer, preliminary infiltration barely presents a challenge to experienced assailants. Traditional endpoint security suites are there to protect against previously-encountered commodity malware, and are basically useless against the one-off crafted exploits used in targeted attacks. The attack group will have reconnoitered your business and assembled your standard cyber defense products in their laboratories for pre-deployment avoidance testing of planned exploits. This pre-testing might include suitable sandbox evasion approaches if your defenses include sandbox detonation safeguards at the business perimeter, although this is not always needed, for instance with off-VPN laptop computers visiting compromised industry watering holes.

The ways in which enterprise endpoints may end up being compromised are too numerous to list. In many cases the compromise may simply involve jeopardized credentials, with no malware required or present, as confirmed by market studies of destructive command and control traffic seen from pristine endpoints. Or the user, and it only takes one amongst thousands, might be an insider enemy or a disgruntled worker. In any big enterprise, some occurrence of compromise is inescapable and continuous, and the Christmas period is ripe for it.

With perpetual attack activity with unavoidable endpoint compromise, how can enterprises best react? Endpoint detection and response (EDR) with constant monitoring and security analytics is an effective technique to recognize and react to anomalous endpoint activity, and to perform it at-scale throughout numerous enterprise endpoints. It likewise enhances and synergizes with enterprise network security, by offering endpoint context around suspicious network activity. EDR offers visibility at the endpoint level, equivalent to the visibility that network security provides at the network level. Together this provides the complete image needed to identify and react to unusual and possibly considerable security events throughout the enterprise.

Some examples of endpoint visibility of prospective forensic worth are:

  • Tracking of user login activity, especially remote logins that might be attacker-directed
  • Monitoring of user presence and user foreground activity, consisting of normal work patterns, activity durations, and so on
  • Monitoring of active processes, their resource consumption patterns, network connections, procedure hierarchy, etc
  • Collection of executable image metadata, consisting of cryptographic hashes, version info, filepaths, date/times of first appearance, and so on
  • Collection of endpoint log/audit incidents, preferably with optimum logging and auditing setup settings (to optimize forensic worth, reduce noise and overhead).
  • Security analytics to score and rank endpoint activity and bubble significant operating pattern abnormalities to the enterprise SIEM for SOC attention.
  • Support for nimble traversal and drill down of endpoint forensic data for quick expert vetting of endpoint security anomalies.

Don’t get a lump of coal in your stocking by being caught unawares this Christmas. Arm your enterprise to contend with the hazards arrayed against you.

Happy Christmas!


Charles Leaver – If You Don’t Watch The Watchers Then Trouble Lies Ahead

Written By Charles Leaver CEO Ziften

High profile cyber attacks highlight how a lack of auditing on existing compliance products can make the worst kind of headlines.

In the previous Java attacks into Facebook, Microsoft and Apple along with other giants of the industry, didn’t have to dig too deep into their playbooks to discover an approach to attack. As a matter of fact they employed one of, if not the oldest axiom in the book – they used a remote vulnerability in massively distributed software applications and exploited it to set up remote access to software application capability. And in this case on an application that (A) wasn’t the latest version and (B) probably didn’t need to be running.

While the hacks themselves have actually been headline news, the techniques companies can use to prevent or curtail them is quite dull stuff. We all hear “keep boxes current with patch management software applications” and “guarantee harmony with compliance tools”. That is industry standard and old news. However to present a concern: who is “watching the watchers”? Which in this case the watchers being compliance, patch and systems management technologies. I think Facebook and Apple learned that even if a management system informs you that a software application current doesn’t suggest you must think it! Here at Ziften our results in the field state as much where we regularly uncover dozens of versions of the SAME significant application running on Fortune 1000 websites – which by the way all are utilizing compliance and systems management products.

When it comes to the exploited Java plug-in, this was a MAJOR application with huge distribution. This is the type of application that gets tracked by systems management, compliance and patch products. The lesson from this couldn’t be clearer – having some type of check against these applications is important (simply ask any of the organizations that were attacked…). But this just makes up a part of the problem – this is a significant (debatably vital) application we are talking about here. If companies find it difficult to get their arms around maintaining updates on known licensed applications being utilized, then exactly what about all the unknown and unnecessary running applications and plug-ins and their vulnerabilities? Simply speaking – if you can’t even understand exactly what you are expected to understand then how in the world can you know (and in this case secure) about the things you don’t know or care about?


Charles Leaver – With Extraneous Software You Are Running Additional Security Risks

Written By Dr Al Hartmann And Presented By Charles Leaver CEO Ziften

The fact about the PC ecosystem is such that extraneous processes are all over and enter enterprise PC’s by every ruse you can possibly imagine. Leading software ISVs and hardware OEMs and IHVs have no ethical qualms with burdening enterprise PCs with unneeded and unwanted software applications if they can get a couple of royalty bucks on the side at your cost. This one flew up on my screen only this morning as I dealt with the current headline-making Java security vulnerabilities.

Here is the setting – zero-day vulnerabilities were discovered just recently in Java, a key software element in many business applications. Department of Homeland Security specialists advised shutting off Java totally, however that cuts off Java business apps.

The alternative for where Java is required (within numerous enterprises) is to update Java, an Oracle software, to acquire a minimum of the latest partial software patches from Oracle. However Oracle defaults setup of unwanted extraneous software through the Ask Toolbar, which lots of security-conscious however naïve users will assume is helpful given the Oracle suggestion (and golly gee it’s FREE), although browser add-ons are a well-known security threat.

Just Ziften combines security consciousness with extraneous procedure identification and remediation abilities to assist businesses enhance both their security and their performance-driving operating performance Do not choose half-measures that neglect extraneous procedures proliferating across your business client landscape – utilize Ziften to gain visibility and control over your client population.