Monthly Archives: December 2016

Charles Leaver – Enhance Your Security With Asset Management And Discovery

Published by:

Written By Roark Pollock And Presented By Charles Leaver CEO Ziften


Reputable IT asset management and discovery can be a network and security admin’s friend.

I do not have to inform you the apparent; all of us know a good security program begins with an audit of all the devices linked to the network. Nevertheless, preserving a current stock of every linked device utilized by employees and business partners is difficult. A lot more challenging is guaranteeing that there are no linked un-managed assets.

What is an Un-managed Asset?

Networks can have thousands of connected devices. These may consist of the following to name a few:

– User devices such as laptop computers, desktop PC’s, workstations, virtual desktop systems, bring your own devices (BYOD), cellular phones, and tablet devices.

– Cloud and Data center devices such as servers, virtual machines (VM), orphaned VM’s, containers, and storage systems.

– Networking devices such as switches, load balancers, firewalls, switches, and WiFi access points.

– Other devices such as printers, and more just recently – Internet of things (IoT) devices.

Unfortunately, a number of these connected devices might be unknown to IT, or not managed by IT group policies. These unidentified devices and those not handled by IT policies are referred to as “un-managed assets.”

The variety of un-managed assets continues to increase for many companies. Ziften finds that as many as 30% to 50% of all connected devices can be unmanaged assets in today’s business networks.

IT asset management tools are typically enhanced to identify assets such as computers, servers, load balancers, firewalls, and devices for storage utilized to provide enterprise applications to organization. Nevertheless, these management tools generally ignore assets not owned by the organization, such as BYOD endpoints, or user-deployed wireless access points. Even more uncomfortable is that Gartner asserts in “Beyond BYOD to IoT, Your Business Network Access Policy Should Change”, that IoT devices have actually gone beyond workers and visitors as the most significant user of the business network.1.

Gartner goes on to explain a brand-new pattern that will present even more unmanaged assets into the business environment – bring your own things (BYOT).

Essentially, employees bringing products which were designed for the wise home, into the office environment. Examples consist of clever power sockets, wise kettles, wise coffee machines, clever light bulbs, domestic sensors, wireless webcams, plant care sensing units, environmental protections, and eventually, home robots. Much of these things will be brought in by personnel seeking to make their working environment more congenial. These “things” can notice details, can be managed by apps, and can communicate with cloud services.1.

Why is it Crucial to Discover Un-managed Assets?

Quite simply, unmanaged assets produce IT and security blind spots. Mike Hamilton, SVP of Product at Ziften said, “Security begins with knowing what physical and virtual devices are connected to the corporate network. But, BYOD, shadow IT, IoT, and virtualization are making that more challenging.”.

These blind spots not just increase security and compliance danger, they can increase legal danger. Info retention policies developed to limit legal liability are not likely to be applied to digitally kept info included on unauthorized virtual, mobile and cloud assets.

Preserving an up-to-date stock of the assets on your network is vital to great security. It’s common sense; if you do not know it exists, you cannot know if it is secure. In fact, asset visibility is so crucial that it is a fundamental part of most information security frameworks including:

– SANS Critical Security Controls for efficient cyber defense: Developing an inventory of licensed and unapproved devices is number one on the list.

– Council on CyberSecurity Crucial Security Controls: Developing an inventory of authorized and unauthorized devices is the very first control in the prioritized list.

– NIST Details Security Constant Monitoring for Federal Info Systems and Organizations – SP 800-137: Information security constant monitoring is defined as maintaining continuous awareness of information security, vulnerabilities, and threats to support organizational danger management decisions.

– ISO/IEC 27001 Information Management Security System Requirements: The basic needs that all assets be clearly recognized and a stock of all important assets be prepared and kept.

– Ziften’s Adaptive Security Structure: The first pillar includes discovery of all your licensed and unapproved physical and virtual devices.

Factors To Consider in Evaluating Asset Discovery Solutions.

There are several techniques used for asset discovery and network mapping, and each of the methods have benefits and downsides. While examining the myriad tools, keep these two key considerations in mind:.

Continuous versus point-in-time.

Strong info security needs continuous asset identification despite exactly what approach is employed. However, lots of scanning strategies used in asset discovery take time to complete, and are thus carried out periodically. The drawback to point-in-time asset discovery is that transient systems may just be on the network for a quick time. Therefore, it is highly possible that these short-term systems will not be found.

Some discovery strategies can activate security notifications in network firewall software, intrusion detection systems, or infection scanning tools. Because these methods can be disruptive, identification is just carried out at regular, point-in-time periods.

There are, nevertheless, some asset discovery techniques that can be used continually to locate and recognize linked assets. Tools that offer continuous monitoring for un-managed assets can provide better un-managed asset discovery outcomes.

” Because passive detection operates 24 × 7, it will discover temporal assets that might just be periodically and quickly linked to the network and can send notifications when brand-new assets are spotted.”.

Passive versus active.

Asset identification tools offer intelligence on all found assets consisting of IP address, hostname, MAC address, device producer, as well as the device type. This technology helps operations teams rapidly tidy up their environments, getting rid of rogue and unmanaged devices – even VM expansion. Nevertheless, these tools go about this intelligence gathering in a different way.

Tools that utilize active network scanning efficiently penetrate the network to coax actions from devices. These responses offer ideas that assist identify and fingerprint the device. Active scanning periodically takes a look at the network or a sector of the network for devices that are linked to the network at the time of the scan.

Active scanning can generally provide more in-depth analysis of vulnerabilities, malware detection, and setup and compliance auditing. Nevertheless, active scanning is performed occasionally because of its disruptive nature with security infrastructure. Unfortunately, active scanning risks missing out on short-term devices and vulnerabilities that occur between scheduled scans.

Other tools use passive asset identification strategies. Due to the fact that passive detection operates 24 × 7, it will identify temporal assets that may only be sometimes and briefly linked to the network and can send out alerts when brand-new assets are found.

In addition, passive discovery does not disturb delicate devices on the network, such as industrial control systems, and enables visibility of Web and cloud services being accessed from systems on the network. More passive discovery techniques prevent triggering alerts on security tools throughout the network.


BYOD, shadow IT, IoT, virtualization, and Gartner’s newly-coined BYOT indicate increasingly more assets on to the corporate network. Unfortunately, many of these assets are unknown or un-managed by IT. These unmanaged assets pose major security holes. Eliminating these un-managed assets from the network – which are even more likely to be “patient zero” – or bringing them up to business security standards greatly minimizes an organization’s attack surface and general risk. The good news is that there are solutions that can provide continuous, passive discovery of unmanaged assets.

Charles Leaver – Enterprise Antivirus Is Losing Its Touch

Published by:

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO


Dwindling Effectiveness of Enterprise Anti-virus?

Google Security Master Labels Antivirus Apps As Inadequate ‘Magic’.

At the current Kiwicon hacking conference in Wellington, New Zealand, Google’s Platform Integrity team manager Darren Bilby preached cyber-security heresy. Entrusted with investigation of extremely advanced attacks, including the 2009 Operation Aurora project, Bilby lumped business antivirus into a collection of inefficient tools set up to tick a compliance check box, however at the cost of real security:

We have to stop investing in those things we have revealed are not effective… Anti-virus does some helpful things, however in reality, it is more like a canary in a coal mine. It is worse than that. It’s like we are loafing around the dead canary stating ‘Thank god it inhaled all the dangerous gas.

Google security experts aren’t the first to weigh in against organization antivirus, or to draw uncomplimentary examples, in this case to a dead canary.

Another highly proficient security group, FireEye Mandiant, compared static defenses such as business anti-virus to that infamously stopped working World War II defense, the Maginot Line:

Like the Maginot Line, today’s cyber defenses are fast becoming a relic in today’s danger landscape. Organizations invest billions of dollars each year on IT security. But hackers are quickly outflanking these defenses with creative, fast moving attacks.

An example of this was offered by a Cisco managed security services executive speaking at a conference in Poland. Their team had actually identified anomalous activity on one of their business client’s networks, and reported the thought server compromise to the client. To the Cisco group’s awe, the customer just ran an antivirus scan on the server, discovered no detections, and placed it back into service. Horrified, the Cisco group conferenced in the customer to their monitoring console and had the ability to reveal the opponent conducting a live remote session at that very moment, complete with typing mistakes and reissue of commands to the compromised server. Lastly convinced, the client took the server down and completely re-imaged it – the enterprise anti-virus had been an useless interruption – it had actually not served the customer and it had actually not discouraged the opponent.

So Is It Time to Get Rid Of Organization Antivirus Already?

I am not yet ready to declare an end to the age of organization anti-virus. However I understand that organizations need to buy detection and response capabilities to match traditional anti-virus. But progressively I question who is matching whom.

Knowledgeable targeted enemies will always successfully evade anti-virus defenses, so against your biggest cyber threats, enterprise antivirus is basically useless. As Darren Bilby mentioned, it does do some beneficial things, but it does not supply the endpoint defense you require. So, don’t let it distract you from the highest concern cyber-security financial investments, and don’t let it distract you from security measures that do fundamentally assist.

Shown cyber defense procedures include:

Configuration hardening of networks and endpoints.

Identity management with strong authentication.

Application controls.

Constant network and endpoint monitoring, consistent caution.

Strong encryption and data security.

Staff training and education.

Continual risk re-assessment, penetration screening, red/blue teaming.

In contrast to Bilby’s criticism of organization anti-virus, none of the above bullets are ‘magic’. They are merely the continuous hard work of sufficient business cyber-security.