Charles Leaver – No Organization Is Totally Resilient To A Cyber Attack But You Can Stop Them

Written By Charles Leaver CEO Ziften


No company, however small or large, is resistant from a cyber attack. Whether the attack is started from an external source or from the inside – no company is fully secure. I have lost count of the number of times that senior managers from businesses have stated to me, “why would anyone wish to hack us?”

Cyberattacks Can Take Numerous Types

The expansion of devices that can link to enterprise networks (laptop computers, mobile phones and tablets) suggest an increased danger of security vulnerabilities. The aim of a cyberattack is to exploit those vulnerabilities.


Among the most common cyber attack methods is the use of malware. Malware is code that has a destructive intent and can include viruses, Trojans and worms. The aim with malware is often to take sensitive data or even damage computer networks. Malware is often in the form of an executable file that will distribute across your network.

Malware is becoming a lot more advanced, and now there is rogue software that will masquerade itself as genuine security software that has actually been developed to protect your network.

Phishing Attacks

Phishing attacks are also common. Frequently it’s an e-mail that is sent from an apparently “trustworthy authority” asking that the user supply individual data by clicking a link. Some of these phishing emails look extremely genuine and they have deceived a great deal of users. If the link is clicked and data input the info will be taken. Today an increasing variety of phishing e-mails can consist of ransomware.

Password Attacks

A password attack is one of the easiest forms of cyber attacks. This is where an unauthorized 3rd party will try to access to your systems by “breaking” the login password. Software applications can be employed here to conduct brute force attacks to guess passwords, and combination of words utilized for passwords can be compared utilizing a dictionary file.

If an attacker gains access to your network through a password attack then they can quickly introduce malicious malware and cause a breach of your delicate data. Password attacks are one of the easiest to prevent, and strict password policies can supply a really reliable barrier. Changing passwords routinely is likewise advised.

Denial of Service

A Denial of Service (DoS) attack is everything about causing maximum interruption of the network. Attackers will send out really high volumes of traffic through the network and normally make lots of connection requests. The outcome is an overload of the network and it will shut down.

Several computer systems can be used by hackers in DoS attacks that will create extremely significant levels of traffic to overload the network. Just recently the largest DoS attack in history utilized botnets versus Krebs On Security. On a regular basis, endpoint devices linked to the network such as PC’s and laptop computers can be pirated and will then add to the attack. If a DoS attack is experienced, it can have serious consequences for network security.

Man in the Middle

Man in the middle attacks are accomplished by impersonating endpoints of a network during an info exchange. Info can be stolen from the end user or even the server that they are interacting with.

How Can You Completely Prevent Cyber Attacks?

Complete prevention of a cyber attack is not possible with current innovation, but there is a lot that you can do to secure your network and your delicate data. It is essential not to think that you can just acquire and implement a security software suite then sit back. The more advanced cyber lawbreakers know all of the security software application services in the marketplace, and have actually devised techniques to overcome the safeguards that they provide.

Strong and frequently changed passwords is a policy that you should adopt, and is among the easiest safeguards to put in place. Encrypting your sensitive data is another no-brainer. Beyond installing anti-viruses and malware protection suites along with a great firewall program, you need to guarantee that regular backups remain in place and that you have a data breach occurrence response/remediation plan in case the worst takes place. Ziften helps businesses constantly monitor for risks that may survive their defenses, and do something about it instantly to eliminate the risk completely.


Charles Leaver – Don’t Migrate To The Cloud Until You Have Endpoint Visibility

Written By Logan Gilbert And Posted By Charles Leaver Ziften CEO


Fears Over Compliance And Security Prevent Companies From Cloud Migration

Migrating segments of your IT operations to the cloud can seem like a huge task, and a harmful one at that. Security holes, compliance record keeping, the danger of presenting errors into your architecture … cloud migration provides a lot of hairy problems to handle.

If you have actually been wary about moving, you’re not alone – but aid is on the way.

When Evolve IP surveyed 1,000+ IT professionals previously this year for their Adoption of Cloud Services North America report, 55% of those surveyed stated that security is their greatest issue about cloud adoption. For companies that don’t currently have some cloud existence, the number was even greater – 70%. The next biggest barrier to cloud adoption was compliance, cited by 40% of respondents. (That’s up eleven percent this year.).

But here’s the bigger problem: If these concerns are keeping your company from the cloud, you cannot benefit from the performance and cost advantages of cloud services, which becomes a strategic impediment for your whole business. You require a method to migrate that also answers concerns about security, compliance, and operations.

Improved Security in Any Environment With Endpoint Visibility.

This is where endpoint visibility wins the day. Being able to see exactly what’s going on with every endpoint gives you the visibility you need to enhance security, compliance, and functional performance when you move your data center to the cloud.

And I mean any endpoint: desktop computer, laptop, mobile phone, server, VM, or container.

As a very long time IT professional, I comprehend the temptation to think you have more control over your servers when they’re locked in a closet and you’re the one who holds the keys. Even when you understand that segments of your environment count on kludges, they’re your kludges, and they’re stable. Plus, when you’re running your very own data center – unlike when you’re in the cloud – you can use network taps and an entire host of tracking tools to look at traffic on the wire, figure out a great deal about who’s speaking with whom, and fix your problems.

However that level of info fades in comparison to endpoint visibility, in the data center or in the cloud. The granularity and control of Ziften’s solution gives you much more control than you could ever get with a network tap. You can detect malware and other issues anywhere (even off your network), isolate them instantly, then track them back to whichever user, application, device, or procedure was the weak spot in the chain. Ziften provides the capability to carry out lookback forensics and to rapidly fix concerns in much less time.

Eliminating Your Cloud Migration Headaches.

Endpoint visibility makes a huge distinction anytime you’re ready to move a segment of your environment to the cloud. By evaluating endpoint activity, you can develop a baseline stock of your systems, clear out unmanaged assets such as orphaned VMs, and search out vulnerabilities. That gets everything safe and steady within your own data center prior to your relocate to a cloud company like AWS or Azure.

After you’ve moved to the cloud, ongoing visibility into each device, user, and application suggests that you can administer all parts of your infrastructure better. You avoid losing resources by preventing VM expansion, plus you have a detailed body of data to satisfy the audit requirements for NIST 800-53, HIPAA, and other compliance guidelines.

When you’re ready to relocate to the cloud, you’re not destined to weak security, incomplete compliance, or functional SNAFUs. Ziften’s method to endpoint security provides you the visibility you need for cloud migration without the headaches.

Charles Leaver – Make Your Endpoints Visible And React Fast If An Incident Occurs

Written By Logan Gilbert And Presented By Charles Leaver


Ziften helps with incident response, remediation, and investigation, even for endpoints that are not connected to your network.

When incidents occur, security analysts have to act quickly and comprehensively.

With telecommuting workforces and business “cloud” infrastructures, removal and analysis on an endpoint pose a truly challenging job. Below, view how you can utilize Ziften to take actions on the endpoint and identify the origin and propagation of a compromise in minutes – no matter where the endpoints reside.

Initially, Ziften notifies you to malicious activities on endpoints and directs you to the reason for the alert. In seconds, Ziften lets you take remediation actions on the endpoint, whether it’s on the organization network, a worker’s home, or the local cafe. Any remediation action you ‘d normally perform by means of a direct access to the endpoint, Ziften makes available through its web console.

Simply that quickly, removal is taken care of. Now you can use your security competence to go risk searching and do a bit of forensics work. You can immediately dive into much more information about the procedure that resulted in the alert; and then ask those vital questions to find how extensive the issue is and where it spread from. Ziften provides thorough incident remediation for security analysts.

See firsthand how Ziften can help your security team zero in on threats in your environment with our Thirty Days totally free trial.

Charles Leaver – The Review Of The OPM Data Breach Provides Lessons For All CISO’s

Written by Dr Al Hartmann And Presented By Ziften CEO Charles Leaver

Cyber attacks, attributed to the Chinese federal government, had breached sensitive workers databases and stolen data of over 22 million existing, previous, and potential U.S. civil servants and members of their family. Stern cautions were overlooked from the Office of the Inspector General (OIG) to close down systems without existing security authorization.

Presciently, the OIG specifically alerted that failure to shut down the unauthorized systems brought nationwide security ramifications. Like the captain of the Titanic who preserved flank speed through an iceberg field, the OPM reacted,

” We concur that it is very important to keep current and legitimate ATO’s for all systems but do not think that this condition rises to the level of a Material Weak point.”

Furthermore the OPM worried that shutting down those systems would suggest a lapse in retirement and worker benefits and paychecks. Provided an option in between a security lapse and an operational lapse, the OPM decided to run insecurely and were pwned.

Then director, Katherine Archuleta, resigned her office in July 2015, a day after revealing that the scope of the breach significantly surpassed original damage assessments.

Despite this high value details preserved by OPM, the agency cannot focus on cybersecurity and properly safe high worth data.

Exactly what are the Lessons for CISO’s?

Logical CISO’s will want to prevent professional immolation in an enormous flaming data breach catastrophe, so let’s rapidly review the essential lessons from the Congressional report executive summary.

Focus on Cyber Security Commensurate with Asset Value

Have a reliable organizational management structure to implement risk-appropriate IT security policies. Chronic absence of compliance with security best practices and lagging recommendation implementation timelines are signs of organizational failure and bureaucratic atherosclerosis. Shock the organization or prepare your post breach panel grilling prior to the inquisitors.

Don’t Tolerate a Lax State of Information Security

Have the necessary tracking in place to keep important situational awareness, leave no observation gaps. Do not fail to comprehend the scope or level or gravity of attack signs. Assume if you determine attack indicators, there are other indicators you are missing. While OPM was forensically observing one attack channel, another parallel attack went unseen. When OPM did do something about it the hackers understood which attack had been discovered and which attack was still effective, quite valuable intelligence to the enemy.

Mandate Basic Needed Security Tools and Expeditiously Deploy State Of The Art Security Tools

OPM was incredibly negligent in implementing mandated multi-factor authentication for privileged accounts and failed to deploy available security technology that might have prevented or mitigated exfiltration of their most important security background investigation files.

For restricted data or control access authentication, the phrase “password secured” has been an oxymoron for years – passwords are not security, they are an invite to compromise. In addition to appropriate authentication strength, complete network monitoring and visibility is requisite for avoidance of delicate data exfiltration. The Congressional investigation blamed careless cyber protection and inadequate system traffic visibility for the assailants’ consistent presence in OPM networks.

Do Not Fail to Intensify the Alarm When Your Most Important Delicate Data Is Being Attacked

In the OPM breach, observed attack activity “ought to have sounded a high level multi agency national security alarm that a sophisticated, persistent actor was looking to gain access to OPM’s highest-value data.” Instead, absolutely nothing of consequence was done “up until after the agency was severely compromised, and up until after the agency’s most delicate information was lost to dubious actors.” As a CISO, sound that alarm in time (or rehearse your panel appearance face).

Lastly, don’t let this be said of your business security posture:

The Committee received documentation and testimony showing OPM’s info security posture was undermined by a woefully unsecured IT environment, internal politics and bureaucracy, and inappropriate top priorities related to the deployment of security tools that slowed important security choices.

Charles Leaver – Cloud Migration Provides Benefits But Also Brings Security Concerns

Written By Charles Leaver CEO Ziften


What Worries Enterprise CISOs When Migrating To The Cloud

Moving to the cloud provides a number of benefits to enterprise companies, however there are real security concerns that make changing over to a cloud environment worrisome. What CISOs desire when moving to the cloud is constant insight into that cloud environment. They require a method to monitor and determine danger and the confidence that they have the proper security controls in place.

Increased Security Risk

Migration to the cloud implies using managed IT services and many believe this implies relinquishing a high level of visibility and control. Although the leading cloud service providers use the current security technology and file encryption, even the most up to date systems can stop working and expose your delicate data to the hackers.

In reality, cloud environments are subject to similar cyber hazards as private enterprise data centers. Nevertheless, the cloud is ending up being a more attractive target due to the substantial quantity of data that has been stored on servers in the cloud.

Cyber attackers understand that enterprises are gradually migrating to the cloud, and they are already targeting cloud environments. Alert Logic, a security as a service provider, published a report that concluded that those who make IT choices ought to not assume that their data that is saved off site is more difficult for cyber wrongdoers to get.

The report went on to mention that there had been a 45% increase in application attacks against implementations in the cloud. There had actually also been an increase in attack frequency on companies that store their infrastructure in the cloud.

The Cloud Is a Glittering Prize

With the moving of valuable data, production workloads, and software applications to cloud environments these discoveries must not come as a surprise. A statement from the report stated, “… cyber attackers, like everyone else, have a minimal quantity of time to complete their job. They want to invest their time and resources into attacks that will bear the most fruit: businesses using cloud environments are mainly considered that fruit bearing prize.”

The report likewise recommends that there is a misunderstanding within organizations about security. A variety of enterprise decision makers were under the impression that as soon as a cloud migration had taken place then the cloud service provider would be totally responsible for the security of their data.

Security in The Cloud Needs To Be A Shared Obligation

All businesses must take responsibility for the security of their data whether it is hosted in house or in the cloud. This duty can not be entirely relinquished to a cloud business. If your business experiences a data breach while utilizing cloud management services, it is not likely that you would have the ability to evade obligation.

It is essential that every organization totally comprehends the environment and the threats that are related to cloud management. There can be a myriad of legal, monetary, commercial, and compliance threats. Prior to moving to the cloud be sure to scrutinize contracts so that the supplier’s liability is completely comprehended if a data breach were to occur.

Vice president of Alert Logic Will Semple said, “the key to securing your critical data is being educated about how and where along the ‘cyber kill chain’ hackers penetrate systems and to utilize the right security tools, practices and financial investment to fight them.”

Cloud Visibility Is The Key

Whether you are utilizing cloud management services or are hosting your own infrastructure, you need complete visibility within your environment. If you are considering the migration of part – or all – of your environment to the cloud then this is essential.

After a cloud migration has taken place you can count on this visibility to monitor each user, device, application, and network activity for potential threats and possible hazards. Thus, the administration of your infrastructure ends up being far more efficient.

Do not let your cloud migration result in weakened security and insufficient compliance. Ziften can help maintain cloud visibility and security for your existing cloud implementations, or planned cloud migrations.

Charles Leaver – Avoid Cyber Attacks By Using The Right Endpoint Management Solution

Written By Charles Leaver Ziften CEO


Recognize and control any device that requires access to your organization’s network.

When an organization becomes larger so does its asset footprint, and this makes the job of managing the whole set of IT assets a lot more challenging. IT management has actually changed from the days where IT asset management included recording devices such as printers, making an inventory of all set up applications and guaranteeing that antivirus suites were updated.

Today, companies are under continuous threat of cyber attacks and using malicious code to infiltrate the business network. Numerous devices now have network access capabilities. Gone are the days when just desktop PC’s linked to an organization network. Now there is a culture of bring your own device (BYOD) where cell phones, tablets and laptops are all likely to link to the network.
While this offers versatility for the organizations with the capability for users to connect from another location, it opens up an entire new variety of vulnerabilities as these various endpoints make the issue of corporate IT security a lot more complex.

What Exactly Is Endpoint Management?

It is necessary that you have a policy based method to the endpoint devices that are connected to your network to reduce the threat of cyber attacks and data breaches. Making use of laptop computers, tablets, smart phones and other devices might be convenient, however they can expose companies to a huge selection of security dangers. The main goal of a sound endpoint management technique need to be that network activities are thoroughly kept an eye on and unauthorized devices can not access the network.

Many endpoint management software is most likely to examine that the device has an os that has been authorized, as well as anti-virus software applications, and examine the device for upgraded private virtual network systems.

Endpoint management solutions will identify and control any device that requires access to the corporate network. If anybody is attempting to access the enterprise environment from a non certified device they will be denied access. This is vital to combat attacks from cyber criminals and infiltrations from harmful groups.

Any device which does not abide by endpoint management policies are either quarantined or granted restricted access. Local administrative rights might be eliminated and searching the Internet restricted.

Organizations Can Always Do More

There are a number of techniques that an organization can use as part of their policy on endpoint management. This can consist of firewalls (both network and individual), the file encryption of sensitive data, more powerful authentication approaches which will certainly consist of the use of challenging to crack passwords that are regularly changed and device and network level anti-viruses and anti malware security.

Endpoint management systems can work as a client and server basis where a software application is released and centrally handled on a server. The client program will need to be set up on all endpoint devices that are licensed to access the network. It is likewise possible to use a software as a service (SaaS) model of endpoint management where the supplier of the service will host and maintain the server and the security applications remotely.

When a client device tries a log in then the server based application will scan the device to see if it abides by the company’s endpoint management policy, and then it will verify the credentials of the user prior to access to the network can be approved.

The Problem With Endpoint Management Systems

Most companies see security software as a “total remedy” however it is not that clear cut. Endpoint security software that is bought as a set and forget system will never suffice. The skilled hackers out there learn about these software systems and are developing malicious code that will avert the defenses that a set and forget application can provide.

There has to be human intervention and Jon Oltsik, contributor at Network World said “CISOs must take ownership of endpoint security and designate a group of experts who own endpoint security controls as part of an overall obligation for incident prevention, detection, and response.”

Ziften’s endpoint security systems provide the continuous monitoring and look-back visibility that a cyber security group needs to discover and act upon to prevent any harmful breaches spreading out and taking the sensitive data of the company.

Charles Leaver – Splunk.conf 2016 Confirms The Need For Adaptive Response

Written By Michael Vaughn And Presented By Charles Leaver Ziften CEO

All the current success from Splunk

Recently I went to the annual Splunk conference in the excellent sunshine state – Florida. The Orlando-based occasion permitted Splunkers from worldwide to familiarize themselves with the current and most successful offerings from Splunk. Although there were a variety of enjoyable activities throughout the week, it was clear that participants were there to find out new stuff. The announcement of Splunk’s security-centric Adaptive Response initiative was favored and so happens to integrate quite nicely with Ziften’s endpoint service.

Of particular interest, the “Transforming Security” Keynote Presentation presented by Monzy Merza, Director of Cyber Research and Chief Security Evangelist for Splunk, Haiyan Song, SVP Security Markets for Splunk, and Mike Stone, CDIO for the UK Ministry of Defense, showed the power of Splunk’s new Adaptive Response interface to countless participants.

In the clip just below taken from that Keynote, Monzy Merza exemplifies how crucial data provided by a Ziften agent can also be used to enact bi-directional performance from Splunk by sending out instructional logic back to the Ziften agent to take instant actions on a compromised endpoint. Monzy had the ability to successfully determine a jeopardized Linux server and remove it from the operational network for additional forensic investigation. By not only offering critical security data to the Splunk instance, however also allowing the user to stay on the same interface to take operational and security actions, the Ziften endpoint agent makes it possible for users to bi-directionally utilize Splunk’s effective framework to take immediate action across all operating systems in an exacting way. After the talks our cubicle was swamped with demonstrations and extremely fascinating discussions concerning operations and security.

Take a look at a three minute Monzy highlight from the Keynote:

Over the weekend I was able to process the large variety of technical discussions I had with hundreds of fantastic people in our booth at.conf. Among the amusing things I discovered – which nobody would openly admit unless I pulled it from them – is that the majority of us are beginner-to-intermediate SPL( Splunk Processing Language) users. I also observed the obvious: incident response was the primary focus of this year’s event.

Nevertheless, many people use Ziften for Splunk for a range of things, such as application and operations management, network monitoring, and user behavior modeling. In an effort to light up the broad functionality of our Splunk App, here’s a taste of what folks at.conf2016 liked most about Ziften for Splunk:

1) It’s fantastic for Enterprise Security.

a. Generalized platform for absorbing real time data and taking instant action
b. Autotomizing remediation from a wide scope of signs of compromise

2) IT Operations adore us.

a. Tracking of Systems, Hardware Life Cycle, Resource Management
b. Management of Applications – Compliance, License Verification, Vulnerabilities

3) Network Monitoring with ZFlow is a game changer.

a. ZFlow ties netflow with binary, system and user data – in a single Splunk SPL entry. Do I need to say more here? This is the right Holy Grail from Indiana Jones, people!

4) Our User Behavior Modeling surpasses just notifications.

a. This could be connected back under IT Operations but it’s becoming its own beast
b. Ziften’s tracking of software application use, logins, elevated binaries, timestamps, etc is readily viewable in Splunk
c. Ziften offers a complimentary Security Centric Splunk package, however we transform all of the data we collect from each endpoint to Splunk CIM language – Not simply our ‘Alerts’.

Ultimately, utilizing a single Splunk Adaptive Response user interface to handle a wide variety of tools within your environment is exactly what helps construct a strong enterprise fabric for your business – one in which operations, security and network teams more fluidly overlap. Make better decisions, quicker. Find out for yourself with our totally free 30 day trial of Ziften for Splunk!

Charles Leaver – Adobe Flash Is A Hacker’s Dream Get Rid Of It Now

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO

Be Strong or Get Attacked.

Extremely knowledgeable and talented cyber attack groups have targeted and are targeting your organization. Your large endpoint population is the most common point of entry for proficient attack organizations. These business endpoints number in the thousands, are loosely managed, laxly set up, and rife with vulnerability exposures, and are operated by partially trained, credulous users – the perfect target-rich opportunity. Mikko Hypponen, chief research officer at F-Secure, often remarks at industry symposia: “How many of the Fortune 500 are attacked right now? The response: 500.”

And for how long did it take to permeate your organization? White hat hackers performing penetration testing or red team exercises usually jeopardize target enterprises within the first few hours, despite the fact that ethically and lawfully limited in their methods. Black hat or state sponsored hackers may achieve penetration much more rapidly and protect their presence indefinitely. Provided typical hacker dwell duration’s determined in numerous days, the time-to-penetration is minimal, not an impediment.

Exploit Sets

The industrialization of hacking has actually developed a black market for attack tools, consisting of a variety of software applications for recognizing and making use of client endpoint vulnerabilities. These exploitation packages are marketed to cyber opponents on the dark web, with dozens of exploit set families and vendors. An exploitation kit operates by assessing the software setup on the endpoint, recognizing exposed vulnerabilities, and using an exploitation to a vulnerability exposure.

A relative handful of commonly released endpoint software represent the bulk of exploit package targeted vulnerabilities. This results from the sad reality that complex software applications have the tendency to exhibit a continual flow of vulnerabilities that leave them continually susceptible. Each patch release cycle the exploit kit developers will download the most recent security patches, reverse engineer them to find the underlying vulnerabilities, and upgrade their exploit sets. This will frequently be done faster than organizations use patches, with some vulnerabilities remaining unpatched and ripe for exploitation even years after a patch is provided.

Adobe Flash

Prior to extensive adoption of HTML 5, Adobe Flash was the most frequently utilized software for rich Internet material. Even with increasing adoption of HTML 5, legacy Adobe Flash keeps a substantial following, keeping its long-held position as the darling of exploitation package authors. A recent research study by Digital Shadows, In the Business of Exploitation, is instructional:

This report analyzes 22 exploit kits to understand the most frequently exploited software applications. We tried to find trends within the exploitation of vulnerabilities by these 22 sets to show exactly what vulnerabilities had been exploited most extensively, coupled with how active each exploitation set was, in order to notify our evaluation.

The vulnerabilities exploited by all twenty two exploitation kits showed that Adobe Flash Player was most likely to be the most targeted software application, with twenty seven of the seventy six determined vulnerabilities exploited relating to this software.

With relative consistency, dozens of fresh vulnerabilities are discovered in Adobe Flash monthly. To exploitation set designers, it is the present that continues giving.

The market is learning its lesson and moving beyond Flash for abundant web content. For instance, a Yahoo senior developer blogging recently in Streaming Media kept in mind:

” Adobe Flash, in the past the de-facto standard for media playback online, has lost favor in the industry due to increasing issues over security and performance. At the same time, requiring a plugin for video playback in browsers is losing favor among users as well. As a result, the industry is approaching HTML5 for video playback.”

Amit Jain, Sep 21, 2016

Eradicating Adobe Flash

One action enterprises might take today to solidify their endpoint setups is to get rid of Adobe Flash as a matter of organization security policy. This will not be convenient, it might hurt, however it will be handy in minimizing your organization attack surface area. It involves blacklisting Adobe Flash Player and imposing web browser security settings disabling Flash content. If done properly, this is what users will see where Flash material appears on a legacy website:


This message validates 2 realities:

1. Your system is properly configured to refuse Flash material.

Congratulate yourself!

2. This website would jeopardize your security for their convenience.

Ditch this website!