Monthly Archives: January 2017

Charles Leaver – Security Fabric Is All The Buzz At Conference Fortinet Accelarate 2017

Published by:

Written By Josh Applebaum And Presented By Ziften CEO Charles Leaver

The Fortinet Accelerate 2017 conference was held just recently in Las Vegas. Ziften has sponsored Fortinet’s annual International Partner Conference for the second time, and it was a pleasure to be in attendance! The energy at the show was noticeable, and this was not due to the energy drinks you constantly see individuals carting around in Las Vegas. The buzz and energy was contributed by an essential theme the entire week: the Fortinet Security Fabric.

The theme of Fortinet’s Security Fabric is basic: take the disparate security “point products” that an organization has released, and link them to leverage the deep intelligence each item has in their own security vault to offer a combined end-to-end security blanket over the whole organization. Though Fortinet is generally thought of as a network security business, their method to providing a complete security service spans more than the traditional network to include endpoints, IoT devices, as well as the cloud. By exposing APIs to the Fabric Ready partners along with making it possible for the exchange of actionable threat intelligence, Fortinet is creating a path for a more collective strategy throughout the whole security market.

It is revitalizing to see that Fortinet has the exact same beliefs as we have at Ziften, which is that the only way that we as an industry are going to reach (and go beyond) the hackers is through integration and collaboration throughout all reaches of security, no matter which vendor supplies each part of the overall service. This is not an issue we are going to solve on our own, however rather one that will be fixed through a combined approach like the one set out by Fortinet with their Security Fabric. Ziften is proud to be a founding member of Fortinet’s Fabric Ready Alliance program, combining our unique approach to endpoint security with Fortinet’s “think different” mindset of what it implies to integrate and collaborate.

Throughout the week, Fortinet’s (really enthusiastic) channel partners had the chance to walk the show floor to see the incorporated solutions provided by the numerous innovation partners. Ziften showcased their combinations with Fortinet, containing the integration of our service with Fortinet’s FortiSandbox.

The Ziften service collects unknown files from endpoints (clients or servers running OS X, Linux or Windows) and submits them to the FortiSandbox for detonation and analysis. Outcomes are immediately fed back into Ziften for informing, reporting, and (if possible) automated mitigation actions.

It was interesting to see that the Fortinet channel partners clearly got the value of a Security Fabric approach. It was clear to them, as well as Ziften, that the Security Fabric is not a marketing trick, but rather a real method assembled by, and led by, Fortinet. While this is only the start of Fortinet’s Security Fabric story, Ziften is excited to team up with Fortinet and enjoy the story continue to unfold!

Charles Leaver – Discover Cyber Espionage Strategies That Will Occur In 2017

Published by:

Written By Jesse Sampson And Presented By Ziften CEO Charles Leaver

 

There is a lot of controversy at this time about the hacking hazard from Russia and it would be simple for security experts to be excessively concerned about cyber espionage. Since the goals of any cyber espionage project determine its targets, Ziften Labs can help answer this concern by diving into the reasons states conduct these campaigns.

Very recently, the three significant United States intelligence agencies launched a comprehensive declaration on the activities of Russia related to the 2016 United States elections: Assessing the Activities of Russia and Intentions in Recent United States Elections (Activities and Intents). While some doubters remain skeptical by the new report, the dangers identified by the report that we cover in this post are compelling adequate to demand evaluation and reasonable countermeasures – in spite of the near impossibility of incontrovertibly determining the source of the attack. Obviously, the official Russian position has been winking denial of hacks.

“Typically these type of leaks take place not due to the fact that cyber attackers broke in, however, as any specialist will inform you, since somebody just forgot the password or set the basic password 123456.” German Klimenko, Putin’s leading Web adviser

While agencies get panned for governmental language like “high confidence,” the considered rigor of instructions like Activities and Intentions contrasts with the headline grabbing “1000% certainty” of a mathematically-disinclined media hustler like Julian Assange.

Activities and Intents is most perceptive when it finds the use of hacking and cyber espionage in “diverse” Russian doctrine:

” Moscow’s use of disclosures throughout the United States election was unmatched, however its influence project otherwise followed a time tested Russia messaging strategy that blends covert intelligence operations – like cyber activities – with obvious efforts by Russian Federal government agencies, state funded media, third party intermediaries, and paid social media users or “giants.”

The report is at its weakest when evaluating the intentions behind the doctrine, a.k.a. method. Aside from some incantations about fundamental Russian hostility to the liberal democratic order, it claims that:.

” Putin most likely wished to reject Secretary Clinton because he has actually openly blamed her since 2011 for prompting mass protests against his program in late 2011 and early 2012, and due to the fact that he holds a grudge for remarks he almost certainly viewed as disparaging him.”.

A more nuanced examination of Russian inspiration and their cyber symptoms will help us better plan security strategy in this environment. ZiftenLabs has recognized three major strategic imperatives at work.

First, as Kissinger would say, through history “Russia decided to see itself as a beleaguered station of civilization for which security could be discovered only through exerting its outright will over its neighbors (52)”. United States policy in the Bill Clinton era threatened this imperative to the expansion of NATO and dislocating economic interventions, possibly contributing to a Russian preference for a Trump presidency.

Russia has actually utilized cyber warfare techniques to protect its influence in previous Soviet territories (Estonia, 2007, Georgia, 2008, Ukraine, 2015).

Second, President Putin wants Russia to be an excellent force in geopolitics again. “Above all, we should acknowledge that the collapse of the Soviet Union was a significant geopolitical disaster of the century,” he said in 2005. Hacking identities of prominent people in political, academic, defense, technology, and other institutions that operatives might leak to humiliating or outrageous result is a simple way for Russia to discredit the United States. The perception that Russia can affect election results in the US with a keystroke calls into question the legitimacy of US democracy, and muddles discussion around similar problems in Russia. With other prestige-boosting efforts like leading the ceasefire talks in Syria (after leveling numerous cities), this technique could enhance Russia’s worldwide profile.

Finally, President Putin might have concerns about his the security of his position. In spite of extremely beneficial election results, in accordance with Activities and Objectives, demonstrations in 2011 and 2012 still loom large with him. With a number of regimes altering in his area in the 2000s and 2010s (he called it an “epidemic of disintegration”), some of which came about as a result of intervention by NATO and the US, President Putin is wary of Western interventionists who would not mind a similar result in Russia. A collaborated campaign might help discredit competitors and put the least aggressive prospects in power.

In light of these reasons for Russian hacking, who are the most likely targets?

Due to the overarching goals of discrediting the legitimacy of the US and NATO and assisting non-interventionist prospects where possible, government agencies, especially those with roles in elections are at greatest threat. So too are campaign organizations and other NGOs close to politics like think tanks. These have actually supplied softer targets for cyber criminals to gain access to sensitive information. This suggests that agencies with account information for, or access to, prominent individuals whose details might lead to shame or confusion for US political, organizations, scholastic, and media organizations must be additionally careful.

The next tier of danger consists of vital infrastructure. While recent Washington Post reports of a compromised US electrical grid turned out to be over hyped, Russia actually has hacked power networks and perhaps other parts of physical infrastructure like oil and gas. Beyond critical physical infrastructure, innovation, financing, telecommunications, and media could be targeted as happened in Georgia and Estonia.

Lastly, although the intelligence agencies efforts over the past few months has actually caught some heat for providing “obvious” recommendations, everyone really would benefit from the pointers presented in the Homeland Security/FBI report, and in this post about solidifying your configuration by Ziften’s Dr Hartmann. With significant elections turning up this year in important NATO members France, the Netherlands and Germany, only one thing is certain: it will be a hectic year for Russian hackers and these recs need to be a top priority.