Monthly Archives: April 2015

Charles Leaver – The Target Cyber Attack Took Months To Recover From And Caused Severe Financial Loss

Published by:

By Charles Leaver CEO Ziften


After Target was breached it took several months for the business to recover and be offered a clean bill of health.

Constant Recovery Effort And Reports Of Financial Loss

It was a major story when Target experienced its data breach. Like all major news stories it faded into the background as far as being covered nationally, but as far as the store is concerned it was still a major concern. The store minimized its profit projections for 2014 once again, which suggests that the company had actually undervalued the effect of the harmful attack that they were exposed to, according CNN Money.

The decrease in earnings was actually significant and the business wound up declaring 62% less earnings. In addition to this they needed to pay out $111 million as a direct result of the breach in the 2nd fiscal quarter and all of this amounts to a business that was at one time robust now looking a shadow of its previous self because of a cyber attack.

As the fallout continued, the scale of the cyber attack began to emerge. Data for around 110 million people was jeopardized, and taken charge card data was experienced by 40 million of those individuals. As news got out about the breach, the company made some major modifications which included the execution of more rigid cyber security steps and the change out of the system admin. Long standing CEO, Gregg Steinhafel, likewise resigned. However it is not considered enough to reduce the effect of the attack. The stakeholders of Target are soaking up the negative results of the attack as much as the business itself according to Brian Sozzi of Belus Capital.

In an e-mail to CNN Money Sozzi stated “Target simply dropped an epic complete year profits warning onto the heads of its remaining investors.” “Target has offered financiers ABSOLUTELY NO reason to be encouraged that a global turn-around is covertly emerging.”

Target Provides A Lesson For All Organizations About Improved Pre-emptive Steps

No matter how proactive a company is to a cyber attack, there is no assurance that the recovery time will be quicker. The bottom line is that a data breach is bad news for any company no matter how you call it or attempt to repair it. Preventative procedures are the very best way forward and you have to take actions to ensure an attack does not happen to your organization in the first place. Using endpoint threat detection systems can have a significant role in maintaining strong defenses for any company that opts to implement it.


Billions Of Credentials Stolen By Russian Cyber Criminals. Defend Your Organization Now With Continuous Endpoint Monitoring – Charles Leaver

Published by:

Charles Leaver Ziften CEO

It is believed that the greatest known cyber attack in the history of data breaches has actually been found by an American cyber security company. It is believed by the company that a group of cyber criminals from Russia that they have been investigating for numerous months is responsible for taking passwords in the billions and other sensitive personal data. It is declared that the Russian group took 4.5 billion credentials, although a lot were duplicated, and the final outcome was 1.2 billion unique data profiles being taken. The group took the information from 420,000 sites of various sizes, from big brand name sites to smaller mom and pop shops.

The New York Times stated that the cyber crooks comprised of about 12 people. Starting out with small scale spamming approaches in 2011 they gained the majority of the data by buying stolen databases.

In an interview with PCMag, the founder of the company that found the breach, Alex Holden, said “the gang begun by just purchasing the databases that were offered over the Internet.” The group used to buy at fire sales and were referred to as “bottom feeders”. As time went by they started the purchase of higher quality databases. It’s kind of like graduating from taking bikes to stealing costly automobiles.”

A Progression From Spamming To Using Botnets

The cyber criminal group began to alter their behavior. Botnets were utilized by the group to gather the stolen data on a much larger scale. Through using the botnets the group were able to automate the process of recognizing sites that were susceptible and this enabled them to work 24/7. Anytime that an infected user would visit a website, the bot would check to see if the vulnerability would could go through an SQL injection automatically. Using these injections, which is a commonly used hacking tool, the database of the website would be required to reveal its contents through the entering of a basic query. The botnets would flag those websites that were vulnerable and the hackers returned later to extract the information from the website. Using the bot was the ultimate downfall of the group as they were spotted by the security company utilizing it.

It is believed by the security company that the billions of pieces of data that were stolen were not taken at the same time, and that most of the records were most likely bought from other cyber criminals. According to the Times, very few of the records that were taken have been sold online, instead the hacking team have chosen to utilize the information for the sending out of spam messages on social media for other groups so that they can earn money. Different cyber security professionals are asserting that the magnitude of this breach signifies a trend of cyber wrongdoers stockpiling huge amounts of personal profiles with time and saving them for use later, according to the Wall Street Journal.

Security expert at the research study company Gartner, Avivah Litan, said “companies that depend on user names and passwords have to cultivate a sense of urgency about altering this.” “Till they do, lawbreakers will simply keep stockpiling individuals’s credentials.”

Cyber attacks and breaches on this scale underline the requirement for organizations to safeguard themselves with the latest cyber security defenses. Systems that use endpoint threat detection and response will help companies to create a clearer picture of the risks facing their networks and receive info that is actionable on how best to prevent attacks. Today, when substantial data breaches are going to take place more and more, the use of continuous endpoint visibility is crucial for the security of a business. If the network of the company is constantly monitored, hazards can be recognized in real time, and this will decrease the damage that a data breach can inflict on the reputation and bottom line of a company.


Charles Leaver – Ziften And Splunk Active Response Framework What Are The Advantages?

Published by:

Written By Charles Leaver CEO Ziften



We were the sponsor in Las Vegas for a great Splunk.conf2014 show, we returned stimulated and raring to go to push on even further forward with our solution here at Ziften. A talk that was of specific interest was by the Security Solutions Architect for Splunk, Jose Hernandez. “Using Splunk to Automatically Reduce Risks” was the name of his talk. If you want to see his slides and a recording of the talk then please go to

Making use of Splunk to assist with mitigation, or as I want to describe it as “Active Response” is an excellent idea. Having all your intelligence data flowing into Splunk is extremely effective, and it can be endpoint data, outside risk feeds etc, then you will have the ability to take action on this data truly completes the loop. At Ziften we have our effective continuous monitoring on the endpoint solution, and being married to Splunk is something that we are really extremely proud of. It is a truly strong move in the right direction to have real time data analysis coupled with the ability to respond and act against incidents.

Ziften have actually developed a mitigation action which utilizes the readily available Active Response code. There is a demo video included in this blog below. Here we were able to develop a mitigation action within our Ziften App for Splunk as proof of concept. After the action is created, results within Splunk ES (Enterprise Security) can be observed and tracked. This actually is a significant addition and now users will be able to monitor and track mitigations within Splunk ES, which offers you with the major advantage of being able to complete the loop and establish a history of your actions.

That Splunk is driving such an effort thrills us, this is most likely to progress and we are dedicated to constantly support it and make more progress with it. It is really exciting at the moment in the Endpoint Detection and Response area and the Active Response Framework built into Splunk being added will certainly promote a high degree of interest in my opinion.

For any questions concerning the Ziften App for Splunk, please send out an e-mail to