Monthly Archives: November 2015

Charles Leaver – To Prevent Data Breaches You Must Invest In Endpoint Threat Detection

Published by:

Written By Charles Leaver Ziften CEO

Defending against data breaches is a hard thing to achieve, but vital to be successful in the existing business climate. Because of the sheer amount of cyber bad guys waiting in the wings to steal individual information, charge card information, and other important data from consumers, businesses have to know the high quantity of risks to info online, and take action to prevent it. Using endpoint threat detection and response software is one of the very best ways to look after this issue, as it can permit a simple way to combat against a range of various exploits hackers can utilize to obtain access to a company network.

In order to create a much better, more attack proof system, developing a strong sense of back-end security is necessary. The New York Times’ article on protecting data discusses a few, very important measures that can make a big difference in keeping client details from ending up in the wrong hands. A few of the procedures the short article discusses include utilizing point-of-sale systems for client transactions only, devoting one computer system to all monetary business, and keeping software applications updated. These are clever pointers due to the fact that they secure against several manners in which hackers want to use to breach systems. A PoS system that doesn’t connect to the Web except to transfer data to bank servers is more secure than one that isn’t really so limited since it decreases the risk of a virus getting onto the network through the Internet. Making one computer the single access point for monetary transactions and absolutely nothing else can keep viruses or other harmful surveillance software from getting in. In this way, a company can greatly safeguard its clients while not actually taking on that many additional expenses.

Make Sure That Security And Safety Come First

Property Casualty 360 has a similar list of recommendations, including automating patches to company systems, utilizing encryption on all devices, implementing strong passwords, and keeping an eagle-eyed approach to email. Encrypting info, especially financial details, is highly crucial. It is possible for a hacker to obtain financial information saved as plain text extremely easily without using file encryption procedures. Naturally, strong endpoint threat response systems must be used to deal with this danger, but security, like clothes in Autumn, is best when layered. Utilizing numerous different strategies simultaneously significantly minimizes the opportunity of a given organization’s data from being leaked, which can, in time, make it a lot easier to safeguard against any sort of damage that might be done.

Numerous breaches occur not when a piece of malware has effectively planted itself on a server, but when a staff member’s e-mail account contains an insecure password. Dictionary words, like “cat” or “password,” should never be utilized. They are simple to hack and to break in to, and they can cause whole stores of data being taken. Similarly, a staff member unintentionally sending a list of clients to somebody without checking their designated receivers list can wind up sending out an entire fleet of info out to the incorrect person, easily causing huge data loss. This sort of leakage needs to be prevented by strong training.

In response to the multitude of risks out there currently, the very best way to handle them is to use strong endpoint threat response software in order to keep from losing important data. Utilizing a big range of various security methods in order to protect against all incoming attacks in a wise way to be certain that your organization is able to weather a range of knocks. This kind of mindset can keep an organization from being sunk by the big amount of attacks presently striking businesses.


Charles Leaver – Be Prepared For Extra Hacker Activity This Holiday Season

Published by:

Written by Ziften CEO Charles Leaver

Throughout the holiday period it is a time of opportunity for the cyber bad guys, syndicates and state-sponsored cyber groups to hack your organization. A minimized variety of IT personnel at work could enhance the chances for unnoticed endpoint compromise, stealthy lateral pivoting, and unnoticed data exfiltration. Experienced attack groups are most likely appointing their top talent for a well-coordinated holiday hackathon. Penetration of your business would likely begin with an endpoint compromise by means of the normal targeted methods of spear phishing, social engineering, watering hole attacks, and so on

With thousands of enterprise client endpoints available, initial infiltration barely poses a difficulty to skilled enemies. Conventional endpoint security suites are there to protect against previously-encountered commodity malware, and are essentially ineffective against the one-off crafted exploits used in targeted attacks. The attack organization will have examined your business and assembled your standard cyber defense systems in their labs for pre-deployment avoidance testing of prepared exploits. This pre-testing might include proper sandbox evasion techniques if your defenses include sandbox detonation safeguards at the enterprise boundary, although this is not always required, for instance with off-VPN laptops visiting compromised industry watering holes.

The ways in which business endpoints may end up being compromised are too numerous to list. In many cases the compromise might just include jeopardized credentials, without any malware needed or present, as validated by industry studies of malicious command and control traffic observed from pristine endpoints. Or the user, and it only takes one among thousands, might be an insider opponent or a disgruntled staff member. In any large business, some incidence of compromise is inescapable and consistent, and the holiday season is ripe for it.

Given incessant attack activity with inevitable endpoint compromise, how can businesses best respond? Endpoint detection and response (EDR) with continuous monitoring and security analytics is a powerful method to recognize and react to anomalous endpoint activity, and to perform it at-scale across lots of enterprise endpoints. It likewise augments and synergizes with business network security, by supplying endpoint context around suspicious network activity. EDR supplies visibility at the endpoint level, equivalent to the visibility that network security offers at the network level. Together this offers the complete picture needed to recognize and react to uncommon and potentially considerable security events across the business.

Some examples of endpoint visibility of potential forensic value are:

  • Tracking of user login activity, particularly remote logins that might be attacker-directed
  • Tracking of user presence and user foreground activity, including common work patterns, activity periods, and so on
  • Monitoring of active procedures, their resource consumption patterns, network connections, procedure hierarchy, etc
  • Collection of executable image metadata, including cryptographic hashes, version information, filepaths, date/times of first appearance, and so on
  • Collection of endpoint log/audit incidents, ideally with optimal logging and auditing setup settings (to optimize forensic worth, decrease noise and overhead).
  • Security analytics to score and rank endpoint activity and bubble considerable operating pattern irregularities to the enterprise SIEM for SOC attention.
  • Support for nimble traversal and drill down of endpoint forensic data for quick analyst vetting of endpoint security anomalies.

Don’t get a lump of coal in your stocking by being caught unawares this Christmas. Arm your business to contend with the hazards arrayed against you.

Happy Christmas!


Charles Leaver – Who Is Responsible For Watching The Watchers In Your Enterprise?

Published by:

Written By Charles Leaver CEO Ziften

High profile hacks highlight how a lack of auditing on existing compliance products can make the worst type of front page news.

In the previous Java attacks into Facebook, Microsoft and Apple along with other giants of the market, didn’t need to dig too deep into their playbooks to discover a technique to attack. As a matter of fact they employed one of, if not the oldest axiom in the book – they used a remote vulnerability in enormously distributed software applications and exploited it to install remote access to software application ability. And in this case on an application that (A) wasn’t the latest version and (B) most likely didn’t have to be running.

While the hacks themselves have actually been headline news, the techniques organizations can utilize to prevent or curtail them is quite dull stuff. All of us hear “keep boxes current with patch management software” and “guarantee uniformity with compliance tools”. That is industry standard and old news. But to position a concern: who is “watching the watchers”? Which in this case the watchers being compliance, patch and systems management innovations. I think Facebook and Apple learned that just because a management system tells you that a software application current does not suggest you need to think it! Here at Ziften our results in the field say as much where we regularly discover dozens of variations of the SAME significant application running on Fortune 1000 websites – which by the way all are using compliance and systems management products.

In the case of the exploited Java plug-in, this was a MAJOR application with substantial circulation. This is the type of application that gets tracked by systems management, compliance and patch products. The lesson from this could not be clearer – having some kind of check against these applications is vital (just ask any of the companies that were attacked…). However this just makes up a part of the issue – this is a significant (debatably vital) application we are discussing here. If companies struggle to get their arms around maintaining updates on known authorized applications being utilized, then exactly what about all the unknown and unneeded running applications and plug-ins and their vulnerabilities? Simply speaking – if you cannot even understand exactly what you are expected to understand then how in the world can you understand (and in this case safeguard) about the important things you have no idea about or care about?


Charles Leaver – Extraneous Software Can Cause You Additional Security Headaches

Published by:

Written By Dr Al Hartmann And Presented By Charles Leaver CEO Ziften

The reality about the PC ecosystem is such that extraneous procedures are all over and enter enterprise computers by every ploy you can possibly imagine. Leading software application ISVs and hardware OEMs and IHVs have no ethical qualms with straining business PCs with unnecessary and undesirable software if they can get a few royalty bucks on the side at your cost. This one flew up on my screen just this morning as I handled the recent headline-making Java security vulnerabilities.

Here is the background – zero-day vulnerabilities were discovered just recently in Java, a crucial software element in numerous enterprise applications. Department of Homeland Security professionals encouraged switching off Java completely, however that cuts off Java business apps.

The option for where Java is required (within many businesses) is to upgrade Java, an Oracle software product, to acquire a minimum of the latest partial software patches from Oracle. But Oracle defaults setup of unwanted extraneous software in the form of the Ask Toolbar, which many security-conscious but naïve users will assume is practical given the Oracle suggestion (and golly gee it’s FREE), although internet browser add-ons are a well-known security threat.

Only Ziften combines security awareness with extraneous procedure identification and remediation capabilities to help businesses enhance both their security and their performance-driving operating effectiveness Do not go for half-measures that disregard extraneous procedures multiplying throughout your enterprise client landscape – use Ziften to acquire visibility and control over your endpoint population.