Monthly Archives: January 2015

Charles Leaver – Don’t Stress Your Environment. Use A Lightweight Solution For Endpoint Security

Published by:

Charles Leaver Ziften CEO Presents A Post By CTO David Shefter

If you are an organization with 5000 or more employees, it is likely that your IT Security and Operations groups are overwhelmed with the degree of data they need to sift through for just a small percentage of visibility about what their users are doing on a recurring basis. Antivirus suites have been installed and they have actually shut off USB ports and even enforced user access restrictions, but the risk of cyber attacks and malware problems still remains. What action do you take?

Up to 72% of advance malware and cyber criminal invasions take place in the endpoint environment, so says a Verizon Data Breach Report. Your business needs to ask itself how essential its reputation is first. If you take Target as an example, it cost them over $ 6 Billion in market cap loss because of a malware attack. Sadly the modern world positions us constantly under attack from unhappy or rogue staff members, anarchists and other cyber bad guys. This circumstance is only likely worsen.

Your network is secured by a firewall program etc but you are not able to see what is occurring past the network switch port. The only real method to resolve this threat is by implementing a solution that works well with and compliments existing network based solutions that are in place. Ziften (which is Dutch for “To Sift”) can provide this solution which offers “Open Visibility” with a lightweight technique. You need to manage the whole environment which includes servers, the network, desktops etc. However you do not wish to add extra overheads and tension on your network. A significant Ziften commitment is that the solution will not have a negative influence on your environment, however it will offer a deeply impactful visibility and security solution.

The groundbreaking software application from Ziften completely understands machine behavior and abnormalities, allowing analysts to zoom in on sophisticated hazards faster to lower dwell time to a minimum. Ziften’s solution will continuously monitor activity at the endpoint, resource consumption, IP connections, user interactions and so on. With the Ziften solution your organization will be able to determine faster the root cause of any intrusion and fix the problem.

It is a lightweight solution that is not kernel or driver based, minimal memory use, there is little to no overhead at the system level and almost zero network traffic.

For driver and kernel based solutions there are extreme accreditation requirements that can take longer than 9 months. By the time the new software application is developed and baked, the OS could be at the next version of release. This is a time consuming, non-supportable and troublesome process.

The Ziften approach is a genuine differentiator in the marketplace. The application of a really light weight and non invasive agent and also executing this as a system service, it conquers the stresses that the majority of brand-new software solutions introduce at the endpoint. Ease of application leads to faster times to market, easy support, scalability, and simple solutions that do not restrain the user environment.

To sum up, with the existing level of cyber threats and the dangers of a cyber attack increasing daily that can significantly taint your reputation, you have to implement constant monitoring of all your endpoint gadgets 24/7 to make sure that you have clear visibility of any endpoint security dangers, gaps, or instabilities and Ziften can deliver this to you.


Cyber Readiness Is Critical To Prevent Attacks So Enact These Five Items – Charles Leaver

Published by:

Presented by Charles Leaver, Chief Executive Officer Ziften Technologies – Written By Dr Al Hartmann

1. Security Operations Center (SOC).

You have a Security Operations Center implemented that has 24/7 coverage either in house or outsourced or a mix. You do not desire any spaces in cover that might leave you open to intrusion. Handovers need to be formalized by watch managers, and suitable handover reports offered. The supervisor will provide a summary each day, which provides information about any attack detections and defense countermeasures. If possible the cyber bad guys must be identified and differentiated by C2 infrastructure, attack method etc and codenames given to these. You are not attempting to attribute attacks here as this would be too difficult, but simply noting any attack activity patterns that correlate with various cyber bad guys. It is necessary that your SOC familiarizes themselves with these patterns and have the ability to distinguish attackers or even spot brand-new hackers.

2. Security Vendor Support Readiness.

It is not possible for your security workers to learn about all elements of cyber security, nor have visibility of attacks on other companies in the same market. You have to have external security support groups on standby which might include the following:.

( i) Emergency situation response group support: This is a short list of suppliers that will respond to the most severe of cyber attacks that are headline material. You ought to ensure that one of these vendors is ready for a significant risk, and they must get your cyber security reports on a regular basis. They should have legal forensic capabilities and have working relationships with law enforcement.

( ii) Cyber risk intelligence assistance: This is a supplier that is gathering cyber threat intelligence in your vertical, so that you can take the lead when it concerns risks that are emerging in your vertical. This team needs to be plugged in to the dark net trying to find any indications of you organizational IP being discussed or chats between hackers discussing your company.

( iii) IoC and Blacklist support: Due to the fact that this involves numerous areas you will require several vendors. This includes domain blacklists, SHA1 or MD5 blacklists, IP blacklists, and signs of compromise (suspect config settings, registry keys and file paths, etc). It is possible that some of your installed security services for network or endpoint security can supply these, or you can select a third party professional.

( iv) Support for reverse engineering: A supplier that focuses on the analysis of binary samples and offers comprehensive reports of content and any prospective risk and also the family of malware. Your present security vendors may provide this service and specialize in reverse engineering.

( v) Public relations and legal support: If you were to suffer a significant breach then you want to ensure that public relations and legal support remain in place so that your CEO, CIO and CISO do not become a case study for students at Harvard Business School to learn about how not to handle a significant cyber attack.

3. Inventory of your assets, category and readiness for security.

You have to guarantee that of your cyber assets undergo an inventory, their relative values categorized, and implemented worth proper cyber defences have actually been enacted for each asset category. Do not rely totally on the assets that are known by the IT team, employ a business system sponsor for asset recognition particularly those hidden in the public cloud. Also make sure crucial management procedures are in place.

4. Attack detection and diversion readiness.

For each one of the significant asset classifications you can create reproductions using honeypot servers to draw cyber crooks to infiltrate them and divulge their attack techniques. When Sony was attacked the hackers found a domain server that had actually a file called ‘passwords.xlsx’ which consisted of cleartext passwords for the servers of the business. This was a good ruse and you ought to utilize these tactics in tempting places and alarm them so that when they are accessed alarms will sound instantly meaning that you have an immediate attack intelligence system in place. Modify these lures often so that they appear active and it doesn’t appear like an apparent trap. As the majority of servers are virtual, hackers will not be as prepared with sandbox evasion approaches, as they would with client endpoints, so you might be fortunate and really see the attack occurring.

5. Monitoring preparedness and continuous visibilities.

Network and endpoint activity should be kept track of continuously and be made visible to the SOC group. Because a lot of client endpoints are mobile and for that reason outside of the organization firewall software, activity at these endpoints should likewise be monitored. The tracking of endpoints is the only particular method to perform process attribution for monitored network traffic, because protocol fingerprinting at the network level can not constantly be trusted (it can be spoofed by cyber bad guys). Data that has actually been kept track of needs to be conserved and archived for future referral, as a number of attacks can not be determined in real time. There will be a need to trust metadata more often than on the capture of full packets, since that enforces a substantial collection overhead. However, a variety of dynamic threat based monitoring controls can lead to a low collection overhead, and also react to major hazards with more granular observations.