Monthly Archives: August 2015

Charles Leaver – Investment In Cyber Security Companies Will Continue To Increase At Record Pace

Published by:

Written By Patrick Kilgore And Presented By Charles Leaver Ziften CEO

A report was released called “Financiers pour billions into cyber security companies” by CEO of Cybersecurity Ventures, Steve Morgan. This is not guesswork. The previous year alone, venture backed cyber security organizations raised almost $2 billion dollars. With this increase of capital, you would be forgiven for believing that things have actually achieved their peak. However you would be incorrect …

At the midpoint of 2015, start ups in cyber security had actually already raised $1.2 billion in financing. There appears to be no end in sight when it comes to cyber security as Morgan says. Top firms like Allegis Capital have even raised funds (to the tune of $100M) to back cyber security development, exclusively.

The normal suspects are not there on the list of names. Morgan’s article specifies that the majority of the funding statements are for quick growing organizations like ours. Ziften remains in excellent company amongst innovators who are keeping pace with the demands of modern-day cyber security. While we lead the pack in constant endpoint visibility – others businesses have actually taken special approaches, such as using artificial intelligence to the battle against cyber attacks or simplifying essential lookups to bring public key encryption to the masses. They are all taking on a various pieces of the puzzle.

And it certainly is a puzzle. Because lots of solutions are extremely specialized, working together is going to be critical. The need for incorporating the different elements in the market for a sophisticated view of the issue set is clear. That’s why we developed Ziften Open Visibility ™ – to offer APIs, connectors, and alerts to integrate endpoint context and attribution data with existing financial investments.

Market Vision That Is 20/20

It may seem like market saturation to the layman however it is just the tip of the cyber security iceberg. Every day, cyber attacks become more advanced, discovering brand-new ways to devastate consumers and organizations. This list of endorsed organizations is a testament to the notion that legacy endpoint and network security is failing. The notion of prevention is a good one, however security experts now understand that a 2 pronged strategy is required that integrates detection and response.

You can have a 20/20 view of your security landscape, or you can keep your current blind spots. Which one do you think will help you to sleep during the night?


Charles Leaver – The Cisco 2015 Midyear Security Report Has Some Positives That You Can Act On Immediately

Published by:

Written By Michael Bunyard And Presented By Ziften CEO Charles Leaver

Having a look through the Cisco 2015 Midyear Security Report, the consensus was that “the bad guys are innovating faster than the security community.” This is not an unique declaration and can be discovered in a lot of cyber security reports, due to the fact that they are reactive studies to previous cyber attacks.

If all you do is focus on unfavorable results and losses then any report is going to look negative. The fact is that the suppliers that are publishing these reports have a lot to gain from companies that wish to buy more cyber security products.

If you look carefully within these reports you will find excellent pieces of guidance that might significantly improve the security plans of your organization. So why do these reports not begin with this info? Well it’s everything about offering services isn’t it?

One anecdote stood apart after checking out the report from Cisco that would be easy for company security groups to deal with. The increasing vulnerabilities and exploits of Adobe Flash were detailed, and they are being incorporated frequently into exploit kits such as Angler and Nuclear. The Flash Player is often updated by Adobe, but a variety of users are sluggish to apply these updates that would supply them with the defense that they need. This means that hackers are making the most of the gap between the vulnerability being found and the upgrade patch being applied.

Vulnerability Management Is Not Resolving The Issue

You would be forgiven for thinking that due to the fact that there are an entire variety of services in the market which scan endpoints for vulnerabilities that are known, it would be really easy to make sure that endpoints were updated with the current patches. All that is required is for a scan to be run, the endpoints that require updating recognized, run the updates and job done right? The concern here is that scans are only run from time to time, patches fail, users will present susceptible apps accidentally, and the company is now wide open up until the next scan. Additionally, scans will report on applications that are installed but not utilized, which leads to substantial varieties of vulnerabilities that make it hard for an expert to prioritize and control.

What Is So Easy To Address Then?

The scans have to be run continuously and all endpoints monitored so that as soon as a system is not compliant you will learn about it and can react instantly. Constant visibility that provides real time notifying and substantial reporting is the brand-new requirement as endpoint security is redefined and individuals realize the era of prevention – first is over. Leveraging the National Vulnerabilities Database (NVD), each application that is actually running a known vulnerability can quickly be acknowledged, security personnel alerted, and the patch applied. Additionally, solutions can try to find suspicious activity from susceptible applications, like abrupt application crashes, which is a possible sign of an exploit effort. Finally, they can likewise identify when a user’s system has not been restarted since the last security patch was available.

There Definitely Is Hope

The good news about real-time endpoint visibility is that it works on any vulnerable application (not only Adobe Flash) because, hackers will move from app to app to evolve their methods. There are easy services to big issues. Security teams just have to be made aware that there is a much better method of managing and securing their endpoints. It simply takes the appropriate endpoint detection and response solution.


Charles Leaver – Why Accepting Hacking As A Human Activity Is Vital

Published by:

Written By Patrick Kilgore And Presented By Charles Leaver CEO Ziften

When you are at the Black Hat yearly conference there are conversations going on everywhere about hacking and cyber security and it can make you paranoid. For a lot of individuals this is simply an appetizer for the DEF CON hacking program.

Some time ago a story was published by the Daily Dot which was named “The art of hacking humans” which discussed the Social Engineering “Capture the Flag” contest that has actually been running from 2010. In it, participants use the very best tool a hacker has at their disposal – their wits – and utilize tall stories and social subterfuge to convince unwary victims to supply sensitive info in exchange for points. A couple of errors here, a remark about applications there, and a bang! You’re hacked and on the front page of the New York Times.

For the companies being “Targeted” (such as huge box sellers who will stay anonymous …), the contest was initially deemed a problem. In the years since its beginning however, the Capture the Flag contest has actually gotten the thumbs up from numerous a corporate security experts. Its participants engage each year to evaluate their nerve and assist prospective hacking victims comprehend their vulnerabilities. It’s a white hat education in exactly what not to do and has actually made strides for corporate awareness.

Human Hacking Starts With … Humans (duh).

As we understand, the majority of harmful attacks start at the endpoint, since that is where the humans in your company live. All it takes is access from a nebulous area to do severe damage. However rather than think about hacks as something to react to or a mere procedure to be eliminated, we need to remind ourselves that behind every attack there is a person. And ultimately, that’s who we have to arm ourselves against. How do we do that?

Because companies operate in the real world, we must all accept that there are those who would do us damage. Rather than attempting to prevent hacks from taking place, we need to re-wire our brains on the matter. The secret is identifying destructive user habits as it is occurring so that you can respond appropriately. The new era of endpoint security is focused on this ability to picture user habits, inspect and examine it rapidly, and then respond quickly. At Black Hat we are showing folks how they can continuously monitor the fringes of their network so that when (not if) breaches occur, they can be swiftly tackled.

As a wise man once said, “You cannot protect what you cannot manage and you can’t manage what you cannot see.” The outcome drastically lowers time to identify and time to respond (TTR). And that’s no lie.


People Fighting Each Other Is What Cyber Security Is All About – Charles Leaver

Published by:

Written By Michael Bunyard And Presented By Charles Leaver CEO Ziften

Cyber security is all about people vs. people. Each day that we sort through the current attack news (like the recent Planned Parenthood breach) it ends up being more and more obvious that not only are individuals the issue, in many ways, but individuals are also the answer. The opponents are available in various classifications from insiders to hackers to organized crime and State sponsored terrorists, however at the end of the day, it’s people that are directing the attacks on companies and are for that reason the problem. And it’s individuals that are the primary targets exploited in the cyber attack, normally at the endpoint, where individuals access their connected business and personal worlds.

The endpoint (laptop computer, desktop, mobile phone, tablet) is the device that individuals utilize throughout their day to get their tasks done. Think about how often you are attached to your endpoint( s). It’s a lot, right? Not only are these endpoints susceptible (see the Stagefright Android vuln for a good example), individuals at the endpoint are often the weak spot in the chain that supplies the opening for the enemies to make use of. All it takes is a single person to open the incorrect email, click to the incorrect site or open the incorrect file and it’s game on. Regardless of all the security awareness in the world, individuals will make mistakes. When speaking about the Planned Parenthood breach my associate Mike Hamilton, who directs the product vision here at Ziften, provided a really fascinating insight:

” Every company will have individuals against it, and now those people have the ways and mission to interrupt them or take their data. Leveraging existing blind spots, cyber criminals or perhaps hackers have simple access through susceptible endpoints and utilize them as a point of entry to hide their activities, evade detection, make use of the network and prey on the targeted company. It is now more important than ever for organizations to be able to see suspicious behavior beyond the network, and certainly beyond simply their web server.”

People Powered Security

It makes sense that cyber security services ought to be purpose built for individuals that are defending our networks, and keeping track of the behaviors of individuals as they utilize their endpoints. However typically this hasn’t been the case. In fact, the endpoint has actually been a virtual black box when it comes to having constant visibility of user habits. This has actually resulted in a scarcity of information about what is truly taking place on the endpoint – the most vulnerable component in the security stacks. And cyber security solutions certainly don’t seem to have individuals defending the network in mind when silos of diverse pieces of info flood the SIEM with so many incorrect positive alerts that they can’t see the real risks from the benign.

People powered security enables seeing, examining, and responding by examining endpoint user behavior. This needs to be performed in a manner that is painless and quick due to the fact that there is a big lack of skills in companies today. The very best technology will make it possible for a level one responder to handle the majority of suspected risks by providing basic and concise details to their fingertips.

My security master colleague (yeah, I’m lucky that on one hallway I can speak to all these folks) Dr. Al Hartmann says “Human-Directed Attacks require Human Directed Response”. In a current blog post, he nailed this:

” Human intelligence is more versatile and innovative than machine intelligence and will always ultimately adapt and beat an automatic defense. This is the cyber-security versio of the Turing test, where a machine defense is trying to rise to the intellectual level of a competent human hacker. At least here in the 21st Century, expert systems and artificial intelligence are not up to the job of fully automating cyber defense, the cyber attacker inevitably triumphs, while the victims lament and count their losses. Just in science fiction do thinking machines overpower humans and take over the planet. Don’t subscribe to the cyber fiction that some autonomous security software application will outwit a human hacker foe and save your organization.”

Individual powered security empowers well briefed vibrant response by the people trying to prevent the aggressors. With any other approach we are just kidding ourselves that we can stay up to date with enemies.