Monthly Archives: May 2015

Charles Leaver – The Risk Of Data Breaches Are Now Higher So Data Loss Prevention Policies Must Be Pursued

Published by:

By Ziften CEO Charles Leaver


For US businesses the occurrence of a significant cyber attack and substantial data leak is looking more like “when” instead of “if”, because of the brand-new dangers that are presenting themselves with fragmented endpoint strategies, cloud computing and data intensive applications. All too often companies are overlooking or improperly resolving vulnerabilities that are known to them, and with aging IT assets that are not appropriately secured the cyber bad guys start to take notice.

The variety of data breaches that are occurring is really disturbing. In a report from the Verizon Risk Team there were 855 significant breaches which led to 174 million records being lost back in 2011. The stakes are very high for businesses that handle personally identifiable information (PII), because if workers are not informed on compliance and inadequate endpoint data protection measures remain in place then expensive legal action is most likely to happen.

” The probability of a data breach or personal privacy problem taking place in any company has ended up being a virtual certainty,” Jeffrey Vagle, legal expert writing for Mondaq mentioned. He recommended that record keepers have to reassess their approach to network and device security, employee data access controls and the administration of PII information. The increase in the use of cloud services can make the prevention of data breaches more challenging, as these services make it possible for the massive exchange of info every time. It would only take one occurrence and countless files could be lost.

Known Vulnerabilities Require Focus

A lot of IT departments worry continually about zero day attacks that will trigger a data breach and catch them off guard. As an example of this, Dirk Smith of Network World wrote about an Adobe Acrobat exploit that provided access for hackers to perform advanced monitoring. A lot of IT vulnerabilities can come when software is not patched up to date, and a great deal of zero day dangers can take place from weak points in legacy code that includes a bug in Windows which targeted functions that were first presented 20 years back.

Security expert, Jim Kennedy wrote in a Continuity Central post “one thing that I have found is that a lot of the breaches and intrusions which were successful did so by attacking known vulnerabilities that had been determined and had been around for many years: not from some advanced ‘zero-day’ attack which was unidentified and unknown up until just the other day by the security community at large.” “And, even more disturbing, social engineering continues to be a most effective method to start and/precipitate an attack.”

Now the cyber criminal fraternity has access to an extensive series of pre packaged malware. These tools have the ability to carry out network and computer analytics that are complex in nature and then recommend the ideal attack method. Another threat is a human one, where workers are not trained correctly to screen out calls or messages from individuals who lie about being a member of the technical support team of an external security service provider.

It is definitely crucial to proactively prevent zero day attacks with robust endpoint protection software, however also companies have to combine efficient training and processes with the hardware and software solutions. While many organizations will have a variety of security policies in place there is normally an issue with enforcing them. This can result in risky fluctuations in the movement of data and network traffic that must be examined by security staff being overlooked and not being resolved.


Charles Leaver – Organization Endpoints Are Being Targeted BY Malicious Cyber Attackers

Published by:

From The Desk Of Charles Leaver CEO Ziften Technologies

With the advent of bring your own device (BYOD) methods and cloud computing the protecting of specific endpoints has ended up being more difficult, as administrators could be making ease of data access a priority over security. The threats exist however, since the majority of the current generation of endpoint security software have not been modified to protect from aggressive hacking and malicious cyber attack strategies that target individual endpoints as the launch pad for attacks that are widely distributed.

There was a really famous endpoint attack that happened in recent times where a malware strain named Comfoo was used to jeopardize the networks of many multinational organizations back in 2010. The Comfoo malware included a number of custom designed backdoor Trojans and exploits that might constantly disperse malware. A more major effect was that this malware could cause destructive data leaks by scraping account and network info and monitor all user input, according to CRN contributor Robert Westervelt. It is thought that the Comfoo malware could have been a part of an advanced cyber espionage project, because of the methodology that was used and the evasion of standard endpoint monitoring.

Utilizing email phishing and social engineering the malware was able to compromise targeted devices, which highlights how ripe endpoints have ended up being for malware infiltration, so says Jason O’Reilly, security executive. When he was talking to ITWeb, O’Reilly said that conventional endpoint software does not adequately account for access from places beyond the IT department the majority of the time, and it does not limit data exposure to authorized parties through the use of access controls.

O’Reilly mentioned that “endpoint security services need to provide layered protection that surpasses signature-based detection just to consist of heuristic-based detection and polymorphic-based detection.” “Today’s networks are exposed to threats from many different sources.”

Real Time Threat Catching And Report Generation

The high stakes for control strategies and endpoint security were recognized by business consulting company Frost & Sullivan, as they felt both of these areas were under pressure from both external attackers and the insatiable demand from staff members for gadget choice versatility.

Chris Rodriguez, Frost & Sullivan analyst stated “business IT organizations now deal with tremendous pressure to make it possible for workers to access the corporate network and files from their own individual devices.” “Considering their seemingly universal nature, fast data connections, and effective hardware and os, these gadgets represent prime targets for hackers.”

When asked exactly what companies can do to tighten up on the special weak points of mobile hardware, O’Reilly suggested that any solutions need to supply clear and extensive visibility into what is happening on each endpoint so that action can be taken rapidly when any risks are detected.


Charles Leaver – So Many Organizations Think That They Are Immune To Cyber Attacks Without The Right Defenses

Published by:

By Charles Leaver Ziften Technologies CEO


A a great deal of companies have the belief that there is no need for them to pursue assiduous data loss prevention, they relate to cyber attacks as either very not likely to occur or have very little monetary effect if they do happen. There is an increase in the recorded cases of cyber attacks and advanced consistent threats have contributed to this complacency. These harmful attacks tend to avert conventional endpoint security software, and while they do not have the teeth of denial-of-service attacks, they have the potential to cause considerable damage.

Over 67% of organizations declare that they have actually not been the victims of a cyber attack in the last 18 months, or that they had little or no visibility into whether an attack had jeopardized their network according to Infosecurity. The planners of the study were skeptical about the outcomes and highlighted the many vulnerable desktop and mobile endpoints that are now very common in organizations.

Security expert and study coordinator Tom Cross stated “Any system you link to the Web is going to be targeted by hackers very quickly thereafter.” “I would assert that if you’re unsure whether your organization has had a security event, the chances are extremely high that the answer is yes.”

Around 16% stated that they had experienced a DDoS attack over the exact same period, and 18% reported malware infiltrations. In spite of this, most of the organizations assessed the consequences as minor and not justifying the implementation of brand-new endpoint security and control systems. Approximately 38% said that they had not experienced discovered security breaches, and only 20% did admit to monetary losses.

The loss of reputation was more widespread, impacting around 25% of the participants. Highlighting the potential effect of a cyber attack on finances and credibility, an occurrence at The University of Delaware resulted in 74,000 individuals having their sensitive data exposed, according to Amy Cherry, WDEL contributor. The hackers targeted the school’s website and scraped information about university identifications and Social Security Numbers, which made it provide totally free credit monitoring of the affected parties.


It Is Time To Move On From Cyber Security Dark Ages Claims RSA President In Keynote Presentation – Charles Leaver

Published by:

Written By Dr Al Hartmann And Presented By Charles Leaver CEO Ziften Technologies


A 5 Point Plan For A New Security Approach Proposed By Amit Yoran

Amit Yoran’s, RSA President provided an excellent keynote speech at the RSA Conference which reinforced the Ziften philosophy. Ziften is intently focused on continuous endpoint monitoring, silo-busting Ziften Open Visibility ™, risk-focused security analytics, and to provide robust defenses in a new era of sophisticated cyber attacks. Present company security techniques were criticized as being mired in the Dark Ages of cyber moats and castle walls by Yoran, it was described as an “epic fail”, and he detailed his vision for the way forward with 5 bottom lines, and commentary from Ziften’s viewpoint has been added.

Stop Believing That Even Advanced Protections Suffice

” No matter how high or smart the walls, focused enemies will discover methods over, under, around, and through.”

A great deal of the previous, more sophisticated attacks did not use malware as the primary strategy. Conventional endpoint antivirus, firewall software and standard IPS were criticized by Yoran as examples of the Dark Ages. He specified that these legacy defenses could be quickly scaled by experienced hackers and that they were mostly inadequate. A signature based antivirus system can just secure against previously seen risks, but hidden threats are the most threatening to a company (since they are the most common targeted attacks). Targeted cyber lawbreakers make use of malware just 50% of the time, perhaps only briefly, at the start of the attack. The attack artifacts are readily altered and not utilized again in targeted attacks. The accumulation of short-term indicators of compromise and malware signatures in the billions in huge anti-viruses signature databases is a meaningless defensive approach.

Embrace a Deep and Prevalent Level of Real Visibility All over – from the Endpoint to the Cloud

“We need pervasive and true visibility into our business environments. You merely cannot do security today without the visibility of both constant complete packet capture and endpoint compromise evaluation visibility.”

This means continuous endpoint monitoring across the business endpoint population for generic indicators of compromise (not stale attack artifacts) that show classic techniques, not short lived hex string happenstance. And any organization carrying out continuous full packet capture (comparatively costly) can quickly afford endpoint threat assessment visibility (relatively low-cost). The logging and auditing of endpoint process activity supplies a wealth of security insight using just primary analytics techniques. A targeted hacker counts on the relative opacity of endpoint user and system activity to mask and hide any attacks – while real visibility offers a bright light.

Identity and Authentication Matter More than Ever

” In a world with no boundary and with fewer security anchor points, identity and authentication matter more than ever … At some point in [any successful attack] campaign, the abuse of identity is a stepping stone the attackers use to enforce their will.”

The use of stronger authentication fine, but it just makes for bigger walls that are still not impenetrable. Exactly what the hacker does when they get over the wall is the most crucial thing. The tracking of user endpoint logins (both local and remote), and the engagement of applications for signs of irregular user activity (insider attack or potential jeopardized credentials). Any activity that is observed that is varies from regular patterns is possibly suspicious. One departure from normality does not make a case, but security analytics that triangulates numerous normality departures concentrates security attention on the greatest risk abnormalities for triage.

External Risk Intelligence Is A Core Capability

” There are amazing sources for the ideal risk intelligence … [which] ought to be machine-readable and automated for increased speed and leverage. It should be operationalized into your security program and tailored to your organization’s assets and interests so that analysts can quickly resolve the threats that posture the most risk.”

The majority of targeted attacks typically do not utilize readily signatured artifacts once again or recycle network addresses and C2 domains, but there is still value in risk intelligence feeds that aggregate timely discoveries from countless endpoint and network threat sensors. Here at Ziften we incorporate 3rd party threat feeds by means of the Ziften Knowledge Cloud, plus the exposure of Ziften discoveries into SIEM and other enterprise security and operations infrastructure by means of our Open Visibility ™ architecture. With the developing of more machine-readable risk intelligence (MRTI) feeds, this capability will efficiently grow.

Understand Exactly what Matters Most To Your Company And Exactly what Is Mission Critical

” You need to comprehend exactly what matters to your company and what is mission critical. You need to … defend what is essential and safeguard it with everything you have.”

This is the case for risk driven analytics and instrumentation that focuses security attention and action on areas of greatest enterprise threat exposure. Yoran promotes that asset value prioritization is only one side of enterprise risk analysis, and that this goes much deeper, both pragmatically and academically. Security analytics that focus security staff attention on the most prominent dynamic threats (for instance by filtering, associating and scoring SIEM alert streams for security triage) need to be well-grounded in all sides of enterprise risk analysis.

At Ziften we applaud Amit Yoran’s messages in his RSA 2015 keynote address as the cyber security market progresses beyond the present Dark Ages of facile targeted attacks and entrenched exploitations.