Author Archives: leavcharl1

Charles Leaver – The Lowdown On Patch Validation

Published by:

Written By Logan Gilbert And Presented By Charles Leaver



A current report indicates almost twenty thousand brand-new software application vulnerabilities were discovered in 2017 – an all-time record. Think of that for a second. That’s an average of 55 brand-new vulnerabilities per day. That’s a big amount for any IT store to handle.

Actually there’s good news and bad news. The bright side is that patches were offered for eighty six percent of those vulnerabilities on the day of disclosure. The bad news is that a lot of organizations continue to have a problem with patch prioritization, application, and validation. And as IT tasks progressively move to the cloud, vulnerability visibility tends to reduce – worsening an already difficult challenge.

Let’s take a better look at ways to manage cloud patch validation efficiently.

Initially, a Patch Management Primer

Patch management is the practice of updating software applications with code modifications that address vulnerabilities exploitable by cyber hackers. Despite the fact that it’s been around for decades, patch management remains a difficult procedure for a lot of IT organizations.

Modern businesses have complicated IT environments with multiple integration points in between business systems. That means it is difficult for software designers to represent all unintended effects, e.g., a condition that might close a port, disable crucial infrastructure interaction, or perhaps crash its host server.

And concentrating on the effective patching of known vulnerabilities is the unquestionable ‘big bang for the buck’ play. In 2017, Gartner reported 99% of exploits are based upon vulnerabilities that have actually currently been understood to security and IT professionals for a minimum of 12 months.

Cloud Patching Principles

The first secret to closing down the right vulnerabilities in your cloud IT infrastructure is being able to see everything. Without visibility into your cloud systems and applications, you can’t truly understand if both those systems and applications are patched where it is crucial. The 2nd key is patch validation. Just firing off a patch is no assurance that it triggered appropriately. It may, or might not, have actually released successfully.

How would you be sure of this?

The Ziften Method

Ziften supplies the visibility and validation you require to guarantee your cloud IT environment is safe and secure from the vulnerabilities that are the most crucial:

– In-depth capture of discovered OS and application vulnerabilities

– Findings mapped to vulnerability insight references, e.g., OWASP, CIS, CVE, CWE, and OSVDB

– Detailed descriptions of the ramifications of findings, organization effects, and dangers for each of the determined exposures

– Vulnerability prioritization based upon asset criticality and threat of attack

– Remediation suggestions to close identified shortages

– Comprehensive actions to follow while mitigating reported deficiencies

– Detection and mitigation of attacks that take advantage of unpatched systems with quarantine procedures

Far too frequently we find that the data from customer’s patching systems incorrectly report that vulnerabilities are indeed patched. This develops a false sense of security that is undesirable for IT operations and security operations groups.

Charles Leaver – Your Guide To GDPR And Monitoring Cyber Security

Published by:

Written By Dr Al Hartmann And Presented By Charles Leaver


Robust enterprise cybersecurity naturally consists of monitoring of network, endpoint, application, database, and user activity to avert, detect, and respond to cyber risks that could breach personal privacy of business staff, partners, providers, or customers. In cyberspace, any obstructions to your view end up being totally free fire zones for the legions of hackers seeking to do harm. However tracking also captures event records that might include user “personal data” under the broad European Union GDPR analysis of that term. Business staff are “natural persons” and thus “data subjects” under the policy. Prudently balancing security and personal privacy concerns throughout the business can be challenging – let’s talk about this.

The Mandate for Cyber Security Tracking

GDPR Chapter 4 governs controller and processor functions under the guideline. While not explicitly mandating cybersecurity monitoring, this can be presumed from its text:

-” … When it comes to an individual data breach, the controller shall without undue delay and, where feasible, not more than seventy two hours after having become aware of it, inform the personal data breach to the supervisory authority …” [Art. 33( 1)]

-” … the controller and the processor shall implement suitable technical and organizational measures to guarantee a level of security appropriate to the risk …” [Art. 32( 1)]

-” Each supervisory authority will have [the power] to perform examinations through data protection audits.” [Art. 58( 1)]

It can be reasoned that to spot a breach one needs to monitor, or that to verify and to scope a breach and offer timely breach alerting to the supervisory authority that one should likewise monitor, or that to carry out suitable technical measures that a person must monitor, or that to react to a data defense audit that a person need to have an audit trail which audit trails are produced by monitoring. In short, for a business to protect its cyberspace and the individual data therein and validate its compliance, it reasonably needs to monitor that area.

The Business as Data Controller

Under the GDPR it is the controller that “figures out the purposes and methods of the processing of personal data.” The enterprise decides the purposes and scope of monitoring, picks the tools for such monitoring, identifies the probe, sensing, and agent deployments for the monitoring, picks the solutions or personnel which will access and review the monitored data, and decides the actions to be taken as a result. Simply put, the business serves in the controller role. The processor supports the controller by supplying processing services on their behalf.

The business also utilizes the personnel whose personal data might be included in the event records recorded by tracking. Personal data is defined rather broadly under GDPR and might include login names, system names, network addresses, filepaths that consist of the user profile directory site, or other incidental info that could reasonably be linked to “a natural individual”. Event data will often include these elements. An event data stream from a particular probe, sensing unit, or agent might then be linked to an individual, and expose aspects of that person’s work performance, policy compliance, or perhaps elements of their individual lives (if enterprise devices or networks are incorrectly used for personal business). Although not the goal of cyber security monitoring, prospective privacy or profiling issues could be raised.

Attaining Transparency through Fair Processing Notices

As the enterprise utilizes the staff whose personal data may be captured in the cybersecurity monitoring dragnet, they have the opportunity in employment contracts or in separate disclosures to notify staff of the need and function of cybersecurity tracking and get informed permission directly from the data topics. While it might be argued that the lawful basis for cybersecurity monitoring does not necessarily demand informed consent (per GDPR Art, 6( 1 )), but is a consequence of the data security level the enterprise has to keep to otherwise comply with law, it is far preferable to be open and transparent with staff. Employment contracts have actually long consisted of such arrangements specifying that staff members consent to have their office interactions and devices monitored, as a condition of work. However the GDPR raises the bar considerably for the explicitness and clarity of such approvals, described Fair Processing Notices, which need to be “freely offered, specific, informed and unambiguous”.

Fair Processing Notifications should plainly lay out the identity of the data controller, the types of data collected, the purpose and legal basis for this collection, the data subject rights, in addition to contact information for the data controller and for the supervisory authority having jurisdiction. The notice should be clear and quickly comprehended, and not buried in some lengthy legalistic employment agreement. While numerous sample notices can be found with a simple web search, they will require adaptation to fit a cybersecurity tracking context, where data subject rights might contravene forensic data retention requirements. For example, an insider hacker might demand the removal of all their activity data (to ruin proof), which would overturn personal privacy guidelines into a tool for the obstruction of justice. For other assistance, the widely utilized NIST Cyber Security Framework addresses this balance in Sec. 3.6 (” Methodology to Secure Privacy and Civil Liberties”).

Think Globally, Act In Your Area

Given the viral jurisdictional nature of the GDPR, the extreme penalties imposed upon violators, the difficult characteristics of filtering out EEA from non-EEA data subjects, and the likely spread of similar policies internationally – the safe path is to apply stringent personal privacy guidelines across the board, as Microsoft has actually done.

In contrast to worldwide application stands regional application, where the safe course is to put cybersecurity tracking infrastructure in geographical locales, instead of to come to grips with trans border data transfers. Even remotely querying and having sight of personal data may count as such a transfer and argue for pseudonymization (tokenizing individual data fields) or anonymization (editing individual data fields) across non-cooperating jurisdictional boundaries. Only in the final stages of cybersecurity analytics would natural person identification of data subjects become appropriate, then most likely only be of actionable value in your area.

Charles Leaver – Understanding Network Whitelisting

Published by:

Written By Roark Pollock And Presented By Charles Leaver



Similar to any type of security, the world of IT security is one of establishing and implementing a set of allow/disallow guidelines – or more officially titled, security policies. And, simply stated, allow/disallow rules can be expressed as a ‘whitelist’ or a ‘blacklist’.

Back in the good ‘ole days, the majority of guidelines were blacklist in nature. The good ‘ole days were when we relied on almost everyone to behave well, and when they did this, it would be rather simple to determine bad habits or anomalies. So, we would just have to compose a few blacklist rules. For instance, “do not allow anybody into the network coming from an IP address in say, Russia”. That was sort of the exact same thing as your grandparents never ever locking the doors to your home on the farm, considering that they knew everybody within a 20 mile radius.

Then the world changed. Behaving well ended up being an exception, and bad actors/behavior became legion. Naturally, it took place gradually – and in phases – dating to the beginning of the true ‘Web’ back in the early 90’s. Keep in mind script kiddies unlawfully accessing public and private websites, simply to prove to their high school pals that they could?

Fast forward to the contemporary age. Everything is online. And if it has value, somebody in the world is attempting to take or damage it – continuously. And they have a lot of tools that they can use. In 2017, 250,000 brand-new malware variants were introduced – each day. We used to count on desktop and network anti-virus packages to add brand-new blacklist signatures – on a weekly basis – to counter the bad guys using malicious strings of code to do their bidding. However at over 90 million new malware variants each year, blacklist methods alone won’t cut it.

Network whitelisting technologies have been a crucial form of protection for on premises network security – and with the majority of companies rapidly moving their work to the cloud, the same mechanisms will be needed there too.

Let’s take a closer look at both approaches.

What is Blacklisting?

A blacklist lines out known malicious or suspicious “entities” that shouldn’t be enabled access, or rights of execution, in a system or network. Entities consist of bad software applications (malware) consisting of viruses, Trojans, worms, spyware, and keystroke loggers. Entities likewise include any user, application, process, IP address, or organization known to posture a risk to a business.

The essential word above is “known”. With 250,000 new versions appearing each day, the number that are out there we don’t know about – at least until much later in time, which may be days, weeks, or even years?

What is Whitelisting?

So, exactly what is whitelisting? Well, as you may have thought, it is the opposite of blacklisting. Whitelisting begins from a viewpoint that almost all things are bad. And, if that holds true, it should be more efficient just to define and enable “excellent entities” into the network. A simple example would be “all workers in the financial department that are director level or greater are permitted to access our financial reporting application on server X.” By extension, everyone else is denied access.

Whitelisting is typically described as a “zero trust” approach – deny all, and permit only certain entities access based upon a set of ‘excellent’ properties associated with user and device identity, habits, location, time, etc

Whitelisting is commonly accepted for high risk security environments, where rigid guidelines take precedence over user liberty. It is also extremely valued in environments where organizations are bound by rigorous regulative compliance.

Do you go Black, White or mix it up?

First, there are not many that would tell you that blacklisting is totally aged out. Definitely at the endpoint device level, it remains fairly simple to set up and keep and rather reliable – specifically if it is kept up to date by third party risk intelligence service providers. However, on its own, will it suffice?

Second, depending upon your security background or experience, you’re most likely thinking, “Whitelisting would never ever work for us. Our service applications are just too diverse and complicated. The time, effort, and resources needed to put together, monitor, and upgrade whitelists at an enterprise level would be untenable.”

Fortunately, this isn’t actually an either-or option. It’s possible to take a “best of both worlds” approach – blacklisting for malware and invasion detection, operating along with whitelisting for system and network access at large.

Ziften and Cloud Whitelisting

The secret to whitelisting comes down to simplicity of implementation – especially for cloud-based work. And ease of implementation becomes a function of scope. Think about whitelisting in 2 ways – application and network. The former can be a quagmire. The latter is far simpler to execute and preserve – if you have the best visibility within your cloud environment.

This is where Ziften comes in.

With Ziften, it becomes simple to:

– Identify and establish visibility within all cloud servers and virtual machines

– Gain constant visibility into devices and their port usage activity

– See east-west traffic flows, including in-depth tracking into protocols in use over specific port pairs

– Convert ‘seeing’ what’s happening into a discernable array of whitelists, complete with accurate procedure and port mappings

– Set up near real time alerting on any anomalous or suspicious resource or service activations

Charles Leaver – How To Do Advanced Hunting With Windows Defender ATP

Published by:

Written By Josh Harrimen And Presented By Charles Leaver


Following on the heels of our recent collaboration statement with Microsoft, our Ziften Security Research team has actually started leveraging a very fantastic element of the Windows Defender Advanced Threat Protection (Windows Defender ATP) Security Center platform. The Advanced Searching function lets users run inquiries against the data that has actually been sent out by products and tools, such as Ziften, to find interesting behaviors quickly. These queries can be saved and shared among the community of Windows Defender ATP users.

We have included a handful of shared inquiries so far, however the results are rather intriguing, and we enjoy the ease of use of the searching interface. Because Ziften sends endpoint data gathered from macOS and Linux systems to Windows Defender ATP, we are focusing on those operating systems in our query development efforts to display the total protection of the platform.

You can access the Advanced Hunting interface by choosing the database icon on the left-hand side as revealed below.

You can observe the high-level schema on the top left of that page with events such as ProcessCreation, Machineinfo, NetworkCommunication and others. We ran some current malware within our Redlab and produced some inquiries to discover that data and produce the outcomes for examination. One such sample was OceanLotus. We developed a small number of inquiries to find both the files and dropper related to this danger.

After running the inquiries, you get results with which you can connect with.

Upon assessment of the outcomes, we see some systems that have actually shown the looked for behavior. When you choose these systems, you can see the information of the system under examination. From there you can view signals activated and an event timeline. Information from the harmful procedure are revealed below.

Additional behavior based queries can likewise be run. For instance, we carried out another destructive sample which leveraged a few strategies that we queried. The screenshot directly below shows an inquiry we ran when trying to find the Gatekeeper program on a macOS being disabled from the command line. While this action may be an administrative action, it is certainly something you would wish to know is happening within your environment.

From these query results, you can again select the system in question and further investigate the suspicious habits.

This article certainly doesn’t function as a thorough tutorial on utilizing the Advanced Hunting feature within the Windows Defender Advanced Threat Protection platform. However we wanted to put something together quickly to share our passion about how simple it is to utilize this function to perform your own customized danger hunting in a multi-system environment, and across Linux, Windows and macOS systems.

We eagerly anticipate sharing more of our experimentation and research studies utilizing queries constructed utilizing the Advanced Hunting function. We share our successes with everyone here, so check out this blog often.

Charles Leaver – What Happened At RSA 2018

Published by:

Written By Logan Gilbert And Presented By Charles Leaver


After spending a couple of days with the Ziften group at the 2018 RSA Conference, my technology observation was: more of the same, the typical suspects and the typical buzzwords. Buzz words like – “AI”, “machine learning”, “predictive” were splendidly overused. Lots of attention paid to avoidance, everybody’s preferred attack vector – email, and everyone’s preferred vulnerability – ransomware.

The one surprise I encountered was seeing a small number of NetFlow analysis businesses – lots of smaller businesses attempting to make their mark utilizing a very rich, however tough to work with, data set. Extremely cool stuff! Find the little cubicles and you’ll discover tons of innovation. Now, in fairness to the bigger suppliers I understand there are some truly cool technologies therein, but RSA barely lends itself to cutting through the buzzwords to actual value.

RSA Buzz

I may have a biased view given that Ziften has actually been partnering with Microsoft for the last 6+ months, however Microsoft seemed to play a far more popular leadership role at RSA this year. Initially, on Monday, Microsoft announced it’s all new Intelligent Security Association combining their security partnerships “to concentrate on safeguarding clients in a world of increased threats”, and more notably – reinforcing that security through shared security intelligence throughout this ecosystem of partners. Ziften is naturally proud to be an establishing member in the Intelligent Security Association.

In addition, on Tuesday, Microsoft revealed a ground breaking partnership with many in the cyber security industry named the “Cybersecurity Tech Accord.” This accord requires a “digital Geneva Convention” that sets standards of behavior for cyberspace just as the Geneva Conventions set rules for the conduct of war in the physical world.

RSA Attendees

A true point of interest to me though was the different types included of the expo audience itself. As I was likewise an exhibitor at RSA, I noted that of my visitors, I saw more “suits” and less t-shirts.

Ok, maybe not suits as such, however more security Supervisors, Directors, VPs, CISOs, and security leaders than I remember seeing at previous events. I was encouraged to see what I think are the business decision makers checking out security companies first hand, rather than delegating that job to their security group. From this audience I often heard the very same overtones:

– This is overwhelming.
– I can’t discriminate between one innovation and another.

Those who were Absent from RSA

There were certainly less “technology trolls”. What, you might ask, are technology trolls? Well, as a vendor and security engineer, these are the individuals (constantly men) that appear five minutes before the close of the day and drag you into a technical due-diligence workout for an hour, or at least till the happy hour parties start. Their objective – absolutely nothing useful to anyone – and here I’m assuming that the troll in fact works for a company, so nothing helpful for the company that actually paid countless dollars for their attendance. The only thing gained is the troll’s self-affirmation that they have the ability to “beat down the supplier” with their technical expertise. I’m being severe, however I have actually experienced the trolls from both sides of the fence, both as a seller, and as a buyer – and back at the home office nobody is basing buying decisions based on troll recommendations. I can only presume that companies send out tech trolls to RSA and comparable expos since they do not desire them in their workplace.

Holistic Security Conversations

Which brings me back to the kind of people I did see a great deal of at RSA: security savvy (not just tech savvy) security leaders, who understand the corporate argument and choices behind security innovations. Not only are they influencers however in most cases business owners of security for their particular organizations. Now, apart from the aforementioned questions, these security leaders seemed less focused on a technology or specific use case, but rather a focus on a desire for “holistic” security. As we know, excellent security needs a collection of innovations, policy and practice. Security smart customers needed to know how our technology fitted into their holistic service, which is a refreshing change of dialog. As such, the types of concerns I would hear:

– How does your innovation partner with other solutions I currently utilize?
– More notably: Does your business actually buy into that collaboration?

That last concern is critical, basically asking if our partnerships are just fodder for a site, or, if we really have an acknowledgment with our partner that the sum is greater than the parts.

The latter is exactly what security experts are looking for and require.

To Conclude

Overall, RSA 2018 was great from my point of view. After you get past the lingo, much of the buzz focussed on things that matter to customers, our industry, and us as individuals – things like security partner ecosystems that add value, more holistic security through genuine collaboration and significant integrations, and face to face discussions with business security leaders, not technology trolls.

Charles Leaver – You Need To Discover All Of Your Unmanaged Assets

Published by:

Written By Logan Gilbert And Presented By Charles Leaver


All of us relate to the image of the hooded villain hovering over his laptop late at night – accessing a business network, taking valuable data, vanishing without a trace. We personify the attacker as intelligent, persistent, and crafty. But the reality is the large majority of attacks are enabled by simple human carelessness or recklessness – making the task of the cyber criminal an easy one. He’s inspecting all the doors and windows constantly. All it takes is one mistake on your part and hegets in.

What do we do? Well, you already know the answer. We spend a good chunk of our IT budget plan on security defense-in-depth systems – developed to discover, trick, fool, or outright block the bad guys. Let’s park the discourse on whether or not we are winning that war. Because there is a far simpler war underway – the one where the aggressor enters your network, organization critical application, or IP/PPI data through a vector you didn’t even know you had – the unmanaged asset – often referred to as Shadow IT.

Believe this is not your company? A recent study recommends the typical enterprise has 841 cloud apps in use. Surprisingly, most IT executives think the variety of cloud apps in use by their organization is in the order of thirty to forty – indicating they are incorrect by an aspect of 20 times. The very same report highlights that more than 98% of cloud apps are not GDPR ready, and 95% of enterprise class cloud apps are not SOC 2 ready.

Shadow IT/ Unmanaged Assets Defined

Shadow IT is defined as any SaaS application used – by staff members, departments, or entire service groups – without the comprehension or authorization of the business’s IT department. In addition, the advent of ‘everything as a service’ has actually made it even easier for workers to access whatever software application they feel is needed to make them more efficient.

The Effect

Well-intentioned workers typically do not understand they’re breaking business guidelines by activating a brand-new server instance, or downloading unapproved apps or software offerings. However, it takes place. When it does, three problems can develop:

1. Corporate standards within an organization are jeopardized given that unapproved software means each computer system has different abilities.

2. Rogue software applications typically includes security flaws, putting the entire network at risk and making it a lot more hard for IT to manage security threats.

3. Asset blind spots not just increase security and compliance dangers, they can increase legal risk. Information retention policies developed to restrict legal liability are being skirted with details contained on unauthorized cloud assets.

3 Vital Factors To Consider for Dealing With Unmanaged Asset Dangers

1. First, release tools that can offer comprehensive visibility into all cloud assets- managed and unmanaged. Know what brand-new virtual machines have been triggered recently, along with exactly what other devices and applications with which each VM instance is interacting.

2. Second, make certain your tooling can provide continuous inventory of authorized and unapproved virtual devices operating in the cloud. Ensure you can see all IP connections made to each asset.

3. Third, for compliance and/or forensic analysis purposes look for a service that provides a capture of any and all assets (physical and virtual) that have ever existed on the network – not just a service that is limited to active assets – and within a short look back window.

Unmanaged Asset Discovery with Ziften

Ziften makes it simple to quickly discover cloud assets that have been commissioned outside of IT’s purview. And we do it continuously and with deep historic recall at your fingertips – including when each device first linked to the network, when it last appeared, and how frequently it reconnects. And if a virtual device is decommissioned, no problem, we still have all its historical behavior data.

Recognize and secure covert attack vectors coming from shadow IT – prior to a disaster. Know exactly what’s happening in your cloud environment.

Charles Leaver – The Lowdown On The Intelligent Security Association From Microsoft

Published by:

Written By David Shefter And Presented By Charles Leaver


It’s an excellent plan: Microsoft has actually produced a system for third party security businesses, like Ziften, to work together to much better protect our customers. Everybody wins with the brand-new Microsoft Intelligent Security Association, revealed this week – and we are proud to be a founding member and part of the launch. Congratulations to Microsoft!

Security Intelligence Sharing

Among the most exciting tasks coming out of Microsoft has been the new Microsoft Intelligent Security Graph, a risk intelligence engine built on machine learning. The Intelligent Security Graph forms the foundation of the brand-new association – and the foundation of a lot of new opportunities for development.

As Microsoft states, “At the present time, with the immense computing benefits offered by the cloud, the Machine learning and Artificial Intelligence is finding new ways to use its abundant analytics engines and by applying a combination of automated and manual processes, machine learning and human specialists, we are able to create an intelligent security graph that learns from itself and develops in real-time, lowering our collective time to discover and respond to new occurrences.”

The need for much better, more intelligent, security is substantial, which is why we’re delighted to be an establishing member of the new association.

As Microsoft’s Brad Anderson, Microsoft Corporate Vice President, Enterprise Mobility + Security, recently wrote, “Roughly 96% of all malware is polymorphic – meaning that it is just experienced by a single user and device before being changed with yet another malware variation. This is since most of the time malware is captured almost as fast as it’s produced, so malware developers continuously evolve to attempt and stay ahead. Data such as this hammers home how crucial it is to have security options in place that are as nimble and innovative as the attacks.”

Advanced Endpoint Detection and Response

Which brings us to the kind of sophisticated endpoint detection and response (EDR) that Ziften offers to desktops, servers, and cloud assets – giving the enterprise distinct all-the-time visibility and control for any asset, anywhere. Nobody offers the capability you’ll discover in Ziften’s Zenith security platform.

That’s where the Microsoft Intelligent Security Association shines. At the end of the day, even the very best defenses can be breached, and security groups must react faster and more strongly to make sure the safety of their data and systems.

Ziften and Microsoft are delivering totally integrated risk protection that covers customers’ endpoints – implying client devices, servers, and the cloud – with a structure of shared intelligence and the power of the cloud to transform tracking of enterprise systems.

What Microsoft is Saying

“The Intelligent Security Association improves cooperation from leading sources to secure clients,” said Microsoft. “Having actually already accomplished strong client momentum with our incorporated Ziften and Microsoft Windows Defender ATP solution, clients stand to additionally gain from continued collaboration.”

In addition, “Continued integration and intelligence sharing within the context of the Microsoft Intelligent Security Graph enables joint clients to faster and accurately identify, investigate and react to attacks throughout their entire endpoint and cloud base.”

What Ziften is Saying

Ziften’s CEO, Chuck Leaver, is telling everyone that our founding membership in the Microsoft Intelligent Security Association is a significant win for our joint clients and prospects – and it combines everybody in the Microsoft universe and beyond (note that Ziften’s Mac and Linux products are likewise part of the Microsoft collaboration). “As security vendors, we all acknowledge the requirement to cooperate and team up to safeguard our clients and their staff members. Kudos to Microsoft for pioneering this market effort,” Chuck said.

The outcome: Improved security for our customers, and tighter integration and more innovation in the market. It’s a real win for everybody. Apart from the hackers, naturally. They lose. No apologies guys.

Charles Leaver – Check Out Ziften’s New Channel Program

Published by:

Written By Greg McCreight And Presented By Charles Leaver


If you are a reseller, integrator, distributor, managed service provider – the new Ziften Activate Partner Program is here, it’s ready, and it’s going to be terrific for your bottom line (and for decreasing your customers’ stress and anxiety about cybersecurity).

Ziften is 100% dedicated to the channel, and as we grow and progress in the market, we understand that your success is our success – and also our success is your success. And it is already happening: 96 percent of our sales in 2017 came through the channel! That’s why we built the brand-new Activate Partner Program to give you the resources you need to grow your company with Ziften security solutions.

We kicked it all off with a very effective, cross-platform Endpoint Detection and Response (EDR) solution, Ziften Zenith. Customers love it. Innovation Partners love it. Resellers really love it. The market really love it. And analysts really love it.

I have to share this from the conclusion of our broadband testing report, which discusses SysSecOps, or Systems Security Operations – an emerging classification where Ziften is leading the market:

Key to Ziften’s endpoint method in this category is total visibility – after all, how can you secure what you can’t see or do not know what is there to start with? With its Zenith platform, Ziften has a solution that ticks all the SysSecOps boxes and more …

Overall, Ziften has a really competitive offering in what is a really legitimate, emerging IT category in the form of SysSecOps and one that must be on the assessment short-list.

In addition to this: Microsoft recently partnered with Ziften to develop an integration between Zenith and Microsoft Windows Defender ATP, to permit Microsoft customers to protect Linux and Mac systems with the same single pane of glass as they utilize to secure Windows systems.

Enough about us. Let’s concentrate on you. How you will benefit with the Activate Partner Program.

We’ve assembled a multi tier partner program that has better discounts, more resources, and powerful market advancement support. We understand a one-size-fits-all program does not work, not in today’s market.

With Activate, we take a hands-on stance to onboarding new partners; making it easy for those for whom security is a fairly small element of your business; and rewarding top tier partners who have actually dedicated themselves to Ziften.

Here’s exactly what you get with the Activate Partner Program – and we’ll work alongside with you to ensure that Activate fits your needs perfectly:

Security for more of your consumer’s environment – end points, servers, and the cloud

Visibility and security for your customer’s complex, multi-cloud implementations

Basic security tool integrations to deliver truly customized, differentiated solutions

Hands-on, tailored assistance and life-cycle competence

Rich financial rewards that motivate your long term investment and reward on-going success

Market development support to drive incremental need and lead generation

First-rate, hands-on assistance from our field sales, sales engineers, technical support, and specialists

The Activate program combines our effective security services, financial investments, and hands on support to assist you create more business opportunities and close more deals.

Charles Leaver – Preparing Properly For Cloud Asset Migration

Published by:

Written By Logan Gilbert And Presented By Charles Leaver


It bears repeating – the Internet has actually permanently altered the world for people and organizations alike. In the case of the latter, every aspect of modern-day IT is going through digital improvement. IT departments all over are under pressure to make information highly available and at lower cost – all while securing critical data from damage, loss, or cyber theft.

Central to this method is the migration of data centers to the cloud. In fact, 19% of organization workloads are anticipated to be in the general public cloud by the end of 2019, and fifty percent over the next ten years.

What is Cloud Asset Migration?

Cloud migration is the procedure of moving data, applications or other organization aspects from an organization’s on premise infrastructure to the cloud or moving them from one cloud service to another.

The diagram below illustrates this migration of file-server(s), data, and application(s) from an on premise server infrastructure to a cloud environment.

Cloud service providers allow businesses to move some or all IT infrastructure to the cloud for scale, speed, service flexibility, ease of management, and reduced expenses. The benefits are nothing except compelling.

Utilizing Cloud Computing is transforming the corporate landscape. With the technological advancements, people are leaning more to a virtual office space meaning that you can work from anywhere and anytime making use of cloud computing.

What To Consider With Cloud Asset Migration

However, just like any significant IT infrastructure modification, a relocate to the cloud requires thoughtful planning and execution for the procedure to occur within budget and on-time. Moving a server, database, application, or all the above to the cloud is not without threat. System outages, performance destruction, data loss and more are likely to take place as a result of misconfigurations, system failures, and security exploits.

Case in point: 43% of those who have gone through a cloud asset migration have actually experienced a failed or postponed application. Why is this? Because each asset migration is a ‘snowflake’ with its own level of intricacy.

Let’s take a look at three areas to consider for effective cloud asset migration.

1. Have a Strategy

Initially, there needs to be a tactical migration strategy. That plan ought to assist respond to concerns like the following:

Which IT assets should be migrated in the first place?
If you are moving some, or all, of your infrastructure to the cloud, how will you develop and maintain asset control?
How will you identify what you have – prior to and after the move?
Do you even need to migrate everything?
What is the first thing to move?

2. Tidy up What remains in Place Now

To answer these strategic questions efficiently, you’ll require conclusive visibility into each asset under roof now, as well as relevant attributes of each asset. Whether your assets today are operating on physical or virtual server infrastructure, you have to comprehend:

What assets are there now? Discover all the connected assets and understand whether they are presently managed and unmanaged.
Recognize low usage and/or unused systems. Should these systems be removed or repurposed prior to migration?
Identify low use and/or unused applications. Are these applications needed at all? Should they be gotten rid of prior to migration?
Determine and tidy up aspects of duplication, be it systems and/or applications.
Now determine those business-critical systems and applications that will now be moved as part of your strategy. With this comprehensive asset data in hand, you can sharpen your migration technique by segmenting what must – and ought to not be moved – or at least clearly focus on based on business value.

3. Prepare For Cloud Visibility Post Migration

Now that you’re armed with comprehensive, precise existing and historical asset data, how will you keep this level of visibility after your successful cloud asset migration?

While the cost advantages of moving to the cloud are frequently exceptionally compelling, uncontrolled asset/ virtual device expansion can rapidly erode those cost benefits. So, prior to performing your cloud asset migration, make certain you have a cloud visibility solution in place that:

Finds/ screens all connected assets across your single or multi-cloud environment
Records, finger prints, and classifies found assets
Alerts on brand-new or unforeseen asset discovery and/or habits within the cloud environment
Incorporates with existing ticketing, workflow, and/or CMDB systems

Ziften Cloud Visibility and Security

Continuous cloud visibility into each device, user, and application indicates you can administer all elements of your infrastructure more effectively. You’ll avoid wasting resources by preventing VM expansion, plus you’ll have a detailed body of data to satisfy audit requirements for NIST 800-53, HIPAA, and other compliance regulations.

Follow the above when you migrate to the cloud, and you’ll avoid weak security, insufficient compliance, or operational problems. Ziften’s approach to cloud visibility and security offers you the intelligence you need for cloud asset migration without the headaches.

Charles Leaver – Golden Opportunity For Microsoft Channel Partners

Published by:

Written By Greg McCreight And Presented By Charles Leaver


Windows Defender Advanced Threat Protection (WDATP) is very good, popular with Microsoft channel partners all over the world. It is highly likely you’re already working with Microsoft clients to install and maintain WDATP on their Windows end points.

I’m delighted to tell you about a new chance: Get a quick start with an industry-leading service that integrates right into WDATP: Ziften Zenith. For a restricted time, Microsoft channel partners can utilize our new “Fast Start” program to collaborate with Ziften.

With “Fast Start,” you take pleasure in all the advantages of Ziften’s top tier partner status for a full year, and we’ll assist you to get up to speed quickly with joint market and business development resources – and with a waiver of the usual sales volume dedication related to Gold Status.

If you have no idea about Ziften, we supply infrastructure visibility and coordinated threat detection, prevention, and response across all endpoint devices and cloud environments. Zenith, our flagship security platform, easily deploys to client devices, virtual machines and servers.

When installed, Zenith constantly collects all the info required to accurately assess the present and historical state of all handled devices including system, user behavior, network connection, application, binary, and procedure data. Zenith supplies your customers’ IT and security groups with continuous visibility and control of all handled assets including constant tracking, informing, and automated or manual actions.

Zenith is cross platform – it operates with and secures Windows, Mac, Linux, and other end points.

What’s specifically notable – and here’s the chance – is that Ziften has collaborated with Microsoft to integrate Zenith with Windows Defender ATP. That means your clients can utilize WDATP on Windows systems and Zenith on their macOS and Linux systems to spot, see, and respond to cyber attacks all utilizing only the WDATP Management Console for all the systems. Zenith is concealed in the background.

A single pane of glass, to handle Windows, Mac, Linux end points, which can consist of desktops, notebooks, and servers. That makes Zenith the best option to provide to your existing WDATP clients… and to make your bids for brand-new WDATP business more complete for multi platform business potential customers.

What’s more, providing Zenith can assist you speed customer migrations to Windows 10, and sell more Enterprise E5 commercial editions.

” Fast Start” with Gold Status for a Year

Ziften is totally focused on the channel: 96% of our sales in 2017 were through the channel. We are very excited to bring the “Fast Start” program to current Microsoft channel partners, anywhere in the world.

With “Fast Start,” you can sign up for the Ziften Channel Program with these benefits:

Expedited Approval and On-Boarding – Ziften channel managers and field sales work directly with you to get operating offering the Zenith endpoint security solution incorporated with Windows Defender ATP.

Superior Security Value – You’ll be distinctively positioned to offer clients and prospects greater security value throughout more of their overall environment than ever, increasing the variety of supported and protected Windows, Mac, and Linux systems.

Hands-On Partnership – Ziften dedicates field sales, sales engineers, and marketing to support your day-to-day pre-sales engagements, drive new sales opportunities, and help to close more business opportunities with Microsoft and Ziften endpoint security.

Here’s exactly what one major Microsoft channel partner, states about this – this is Ronnie Altit, creator and CEO of Insentra, a “partner-obsessed” Australian IT services business that works specifically through the IT channel:

” As a big Microsoft reseller, teaming with Ziften to offer their Zenith security platform incorporated with Microsoft Windows Defender ATP was a no-brainer. We’re thrilled at the seamless integration between Zenith and Windows Defender ATP providing our customers holistic security and visibility throughout their Windows and non-Windows systems. Ziften has actually been a pleasure to deal with, and encouraging at every step of the procedure. We anticipate to be extremely successful offering this effective security solution to our customers.”