Category Archives: Network Security

Charles Leaver – Your Guide To GDPR And Monitoring Cyber Security

Published by:

Written By Dr Al Hartmann And Presented By Charles Leaver


Robust enterprise cybersecurity naturally consists of monitoring of network, endpoint, application, database, and user activity to avert, detect, and respond to cyber risks that could breach personal privacy of business staff, partners, providers, or customers. In cyberspace, any obstructions to your view end up being totally free fire zones for the legions of hackers seeking to do harm. However tracking also captures event records that might include user “personal data” under the broad European Union GDPR analysis of that term. Business staff are “natural persons” and thus “data subjects” under the policy. Prudently balancing security and personal privacy concerns throughout the business can be challenging – let’s talk about this.

The Mandate for Cyber Security Tracking

GDPR Chapter 4 governs controller and processor functions under the guideline. While not explicitly mandating cybersecurity monitoring, this can be presumed from its text:

-” … When it comes to an individual data breach, the controller shall without undue delay and, where feasible, not more than seventy two hours after having become aware of it, inform the personal data breach to the supervisory authority …” [Art. 33( 1)]

-” … the controller and the processor shall implement suitable technical and organizational measures to guarantee a level of security appropriate to the risk …” [Art. 32( 1)]

-” Each supervisory authority will have [the power] to perform examinations through data protection audits.” [Art. 58( 1)]

It can be reasoned that to spot a breach one needs to monitor, or that to verify and to scope a breach and offer timely breach alerting to the supervisory authority that one should likewise monitor, or that to carry out suitable technical measures that a person must monitor, or that to react to a data defense audit that a person need to have an audit trail which audit trails are produced by monitoring. In short, for a business to protect its cyberspace and the individual data therein and validate its compliance, it reasonably needs to monitor that area.

The Business as Data Controller

Under the GDPR it is the controller that “figures out the purposes and methods of the processing of personal data.” The enterprise decides the purposes and scope of monitoring, picks the tools for such monitoring, identifies the probe, sensing, and agent deployments for the monitoring, picks the solutions or personnel which will access and review the monitored data, and decides the actions to be taken as a result. Simply put, the business serves in the controller role. The processor supports the controller by supplying processing services on their behalf.

The business also utilizes the personnel whose personal data might be included in the event records recorded by tracking. Personal data is defined rather broadly under GDPR and might include login names, system names, network addresses, filepaths that consist of the user profile directory site, or other incidental info that could reasonably be linked to “a natural individual”. Event data will often include these elements. An event data stream from a particular probe, sensing unit, or agent might then be linked to an individual, and expose aspects of that person’s work performance, policy compliance, or perhaps elements of their individual lives (if enterprise devices or networks are incorrectly used for personal business). Although not the goal of cyber security monitoring, prospective privacy or profiling issues could be raised.

Attaining Transparency through Fair Processing Notices

As the enterprise utilizes the staff whose personal data may be captured in the cybersecurity monitoring dragnet, they have the opportunity in employment contracts or in separate disclosures to notify staff of the need and function of cybersecurity tracking and get informed permission directly from the data topics. While it might be argued that the lawful basis for cybersecurity monitoring does not necessarily demand informed consent (per GDPR Art, 6( 1 )), but is a consequence of the data security level the enterprise has to keep to otherwise comply with law, it is far preferable to be open and transparent with staff. Employment contracts have actually long consisted of such arrangements specifying that staff members consent to have their office interactions and devices monitored, as a condition of work. However the GDPR raises the bar considerably for the explicitness and clarity of such approvals, described Fair Processing Notices, which need to be “freely offered, specific, informed and unambiguous”.

Fair Processing Notifications should plainly lay out the identity of the data controller, the types of data collected, the purpose and legal basis for this collection, the data subject rights, in addition to contact information for the data controller and for the supervisory authority having jurisdiction. The notice should be clear and quickly comprehended, and not buried in some lengthy legalistic employment agreement. While numerous sample notices can be found with a simple web search, they will require adaptation to fit a cybersecurity tracking context, where data subject rights might contravene forensic data retention requirements. For example, an insider hacker might demand the removal of all their activity data (to ruin proof), which would overturn personal privacy guidelines into a tool for the obstruction of justice. For other assistance, the widely utilized NIST Cyber Security Framework addresses this balance in Sec. 3.6 (” Methodology to Secure Privacy and Civil Liberties”).

Think Globally, Act In Your Area

Given the viral jurisdictional nature of the GDPR, the extreme penalties imposed upon violators, the difficult characteristics of filtering out EEA from non-EEA data subjects, and the likely spread of similar policies internationally – the safe path is to apply stringent personal privacy guidelines across the board, as Microsoft has actually done.

In contrast to worldwide application stands regional application, where the safe course is to put cybersecurity tracking infrastructure in geographical locales, instead of to come to grips with trans border data transfers. Even remotely querying and having sight of personal data may count as such a transfer and argue for pseudonymization (tokenizing individual data fields) or anonymization (editing individual data fields) across non-cooperating jurisdictional boundaries. Only in the final stages of cybersecurity analytics would natural person identification of data subjects become appropriate, then most likely only be of actionable value in your area.

Charles Leaver – Understanding Network Whitelisting

Published by:

Written By Roark Pollock And Presented By Charles Leaver



Similar to any type of security, the world of IT security is one of establishing and implementing a set of allow/disallow guidelines – or more officially titled, security policies. And, simply stated, allow/disallow rules can be expressed as a ‘whitelist’ or a ‘blacklist’.

Back in the good ‘ole days, the majority of guidelines were blacklist in nature. The good ‘ole days were when we relied on almost everyone to behave well, and when they did this, it would be rather simple to determine bad habits or anomalies. So, we would just have to compose a few blacklist rules. For instance, “do not allow anybody into the network coming from an IP address in say, Russia”. That was sort of the exact same thing as your grandparents never ever locking the doors to your home on the farm, considering that they knew everybody within a 20 mile radius.

Then the world changed. Behaving well ended up being an exception, and bad actors/behavior became legion. Naturally, it took place gradually – and in phases – dating to the beginning of the true ‘Web’ back in the early 90’s. Keep in mind script kiddies unlawfully accessing public and private websites, simply to prove to their high school pals that they could?

Fast forward to the contemporary age. Everything is online. And if it has value, somebody in the world is attempting to take or damage it – continuously. And they have a lot of tools that they can use. In 2017, 250,000 brand-new malware variants were introduced – each day. We used to count on desktop and network anti-virus packages to add brand-new blacklist signatures – on a weekly basis – to counter the bad guys using malicious strings of code to do their bidding. However at over 90 million new malware variants each year, blacklist methods alone won’t cut it.

Network whitelisting technologies have been a crucial form of protection for on premises network security – and with the majority of companies rapidly moving their work to the cloud, the same mechanisms will be needed there too.

Let’s take a closer look at both approaches.

What is Blacklisting?

A blacklist lines out known malicious or suspicious “entities” that shouldn’t be enabled access, or rights of execution, in a system or network. Entities consist of bad software applications (malware) consisting of viruses, Trojans, worms, spyware, and keystroke loggers. Entities likewise include any user, application, process, IP address, or organization known to posture a risk to a business.

The essential word above is “known”. With 250,000 new versions appearing each day, the number that are out there we don’t know about – at least until much later in time, which may be days, weeks, or even years?

What is Whitelisting?

So, exactly what is whitelisting? Well, as you may have thought, it is the opposite of blacklisting. Whitelisting begins from a viewpoint that almost all things are bad. And, if that holds true, it should be more efficient just to define and enable “excellent entities” into the network. A simple example would be “all workers in the financial department that are director level or greater are permitted to access our financial reporting application on server X.” By extension, everyone else is denied access.

Whitelisting is typically described as a “zero trust” approach – deny all, and permit only certain entities access based upon a set of ‘excellent’ properties associated with user and device identity, habits, location, time, etc

Whitelisting is commonly accepted for high risk security environments, where rigid guidelines take precedence over user liberty. It is also extremely valued in environments where organizations are bound by rigorous regulative compliance.

Do you go Black, White or mix it up?

First, there are not many that would tell you that blacklisting is totally aged out. Definitely at the endpoint device level, it remains fairly simple to set up and keep and rather reliable – specifically if it is kept up to date by third party risk intelligence service providers. However, on its own, will it suffice?

Second, depending upon your security background or experience, you’re most likely thinking, “Whitelisting would never ever work for us. Our service applications are just too diverse and complicated. The time, effort, and resources needed to put together, monitor, and upgrade whitelists at an enterprise level would be untenable.”

Fortunately, this isn’t actually an either-or option. It’s possible to take a “best of both worlds” approach – blacklisting for malware and invasion detection, operating along with whitelisting for system and network access at large.

Ziften and Cloud Whitelisting

The secret to whitelisting comes down to simplicity of implementation – especially for cloud-based work. And ease of implementation becomes a function of scope. Think about whitelisting in 2 ways – application and network. The former can be a quagmire. The latter is far simpler to execute and preserve – if you have the best visibility within your cloud environment.

This is where Ziften comes in.

With Ziften, it becomes simple to:

– Identify and establish visibility within all cloud servers and virtual machines

– Gain constant visibility into devices and their port usage activity

– See east-west traffic flows, including in-depth tracking into protocols in use over specific port pairs

– Convert ‘seeing’ what’s happening into a discernable array of whitelists, complete with accurate procedure and port mappings

– Set up near real time alerting on any anomalous or suspicious resource or service activations

Charles Leaver – How To Do Advanced Hunting With Windows Defender ATP

Published by:

Written By Josh Harrimen And Presented By Charles Leaver


Following on the heels of our recent collaboration statement with Microsoft, our Ziften Security Research team has actually started leveraging a very fantastic element of the Windows Defender Advanced Threat Protection (Windows Defender ATP) Security Center platform. The Advanced Searching function lets users run inquiries against the data that has actually been sent out by products and tools, such as Ziften, to find interesting behaviors quickly. These queries can be saved and shared among the community of Windows Defender ATP users.

We have included a handful of shared inquiries so far, however the results are rather intriguing, and we enjoy the ease of use of the searching interface. Because Ziften sends endpoint data gathered from macOS and Linux systems to Windows Defender ATP, we are focusing on those operating systems in our query development efforts to display the total protection of the platform.

You can access the Advanced Hunting interface by choosing the database icon on the left-hand side as revealed below.

You can observe the high-level schema on the top left of that page with events such as ProcessCreation, Machineinfo, NetworkCommunication and others. We ran some current malware within our Redlab and produced some inquiries to discover that data and produce the outcomes for examination. One such sample was OceanLotus. We developed a small number of inquiries to find both the files and dropper related to this danger.

After running the inquiries, you get results with which you can connect with.

Upon assessment of the outcomes, we see some systems that have actually shown the looked for behavior. When you choose these systems, you can see the information of the system under examination. From there you can view signals activated and an event timeline. Information from the harmful procedure are revealed below.

Additional behavior based queries can likewise be run. For instance, we carried out another destructive sample which leveraged a few strategies that we queried. The screenshot directly below shows an inquiry we ran when trying to find the Gatekeeper program on a macOS being disabled from the command line. While this action may be an administrative action, it is certainly something you would wish to know is happening within your environment.

From these query results, you can again select the system in question and further investigate the suspicious habits.

This article certainly doesn’t function as a thorough tutorial on utilizing the Advanced Hunting feature within the Windows Defender Advanced Threat Protection platform. However we wanted to put something together quickly to share our passion about how simple it is to utilize this function to perform your own customized danger hunting in a multi-system environment, and across Linux, Windows and macOS systems.

We eagerly anticipate sharing more of our experimentation and research studies utilizing queries constructed utilizing the Advanced Hunting function. We share our successes with everyone here, so check out this blog often.

Charles Leaver – What Happened At RSA 2018

Published by:

Written By Logan Gilbert And Presented By Charles Leaver


After spending a couple of days with the Ziften group at the 2018 RSA Conference, my technology observation was: more of the same, the typical suspects and the typical buzzwords. Buzz words like – “AI”, “machine learning”, “predictive” were splendidly overused. Lots of attention paid to avoidance, everybody’s preferred attack vector – email, and everyone’s preferred vulnerability – ransomware.

The one surprise I encountered was seeing a small number of NetFlow analysis businesses – lots of smaller businesses attempting to make their mark utilizing a very rich, however tough to work with, data set. Extremely cool stuff! Find the little cubicles and you’ll discover tons of innovation. Now, in fairness to the bigger suppliers I understand there are some truly cool technologies therein, but RSA barely lends itself to cutting through the buzzwords to actual value.

RSA Buzz

I may have a biased view given that Ziften has actually been partnering with Microsoft for the last 6+ months, however Microsoft seemed to play a far more popular leadership role at RSA this year. Initially, on Monday, Microsoft announced it’s all new Intelligent Security Association combining their security partnerships “to concentrate on safeguarding clients in a world of increased threats”, and more notably – reinforcing that security through shared security intelligence throughout this ecosystem of partners. Ziften is naturally proud to be an establishing member in the Intelligent Security Association.

In addition, on Tuesday, Microsoft revealed a ground breaking partnership with many in the cyber security industry named the “Cybersecurity Tech Accord.” This accord requires a “digital Geneva Convention” that sets standards of behavior for cyberspace just as the Geneva Conventions set rules for the conduct of war in the physical world.

RSA Attendees

A true point of interest to me though was the different types included of the expo audience itself. As I was likewise an exhibitor at RSA, I noted that of my visitors, I saw more “suits” and less t-shirts.

Ok, maybe not suits as such, however more security Supervisors, Directors, VPs, CISOs, and security leaders than I remember seeing at previous events. I was encouraged to see what I think are the business decision makers checking out security companies first hand, rather than delegating that job to their security group. From this audience I often heard the very same overtones:

– This is overwhelming.
– I can’t discriminate between one innovation and another.

Those who were Absent from RSA

There were certainly less “technology trolls”. What, you might ask, are technology trolls? Well, as a vendor and security engineer, these are the individuals (constantly men) that appear five minutes before the close of the day and drag you into a technical due-diligence workout for an hour, or at least till the happy hour parties start. Their objective – absolutely nothing useful to anyone – and here I’m assuming that the troll in fact works for a company, so nothing helpful for the company that actually paid countless dollars for their attendance. The only thing gained is the troll’s self-affirmation that they have the ability to “beat down the supplier” with their technical expertise. I’m being severe, however I have actually experienced the trolls from both sides of the fence, both as a seller, and as a buyer – and back at the home office nobody is basing buying decisions based on troll recommendations. I can only presume that companies send out tech trolls to RSA and comparable expos since they do not desire them in their workplace.

Holistic Security Conversations

Which brings me back to the kind of people I did see a great deal of at RSA: security savvy (not just tech savvy) security leaders, who understand the corporate argument and choices behind security innovations. Not only are they influencers however in most cases business owners of security for their particular organizations. Now, apart from the aforementioned questions, these security leaders seemed less focused on a technology or specific use case, but rather a focus on a desire for “holistic” security. As we know, excellent security needs a collection of innovations, policy and practice. Security smart customers needed to know how our technology fitted into their holistic service, which is a refreshing change of dialog. As such, the types of concerns I would hear:

– How does your innovation partner with other solutions I currently utilize?
– More notably: Does your business actually buy into that collaboration?

That last concern is critical, basically asking if our partnerships are just fodder for a site, or, if we really have an acknowledgment with our partner that the sum is greater than the parts.

The latter is exactly what security experts are looking for and require.

To Conclude

Overall, RSA 2018 was great from my point of view. After you get past the lingo, much of the buzz focussed on things that matter to customers, our industry, and us as individuals – things like security partner ecosystems that add value, more holistic security through genuine collaboration and significant integrations, and face to face discussions with business security leaders, not technology trolls.

Charles Leaver – You Need To Discover All Of Your Unmanaged Assets

Published by:

Written By Logan Gilbert And Presented By Charles Leaver


All of us relate to the image of the hooded villain hovering over his laptop late at night – accessing a business network, taking valuable data, vanishing without a trace. We personify the attacker as intelligent, persistent, and crafty. But the reality is the large majority of attacks are enabled by simple human carelessness or recklessness – making the task of the cyber criminal an easy one. He’s inspecting all the doors and windows constantly. All it takes is one mistake on your part and hegets in.

What do we do? Well, you already know the answer. We spend a good chunk of our IT budget plan on security defense-in-depth systems – developed to discover, trick, fool, or outright block the bad guys. Let’s park the discourse on whether or not we are winning that war. Because there is a far simpler war underway – the one where the aggressor enters your network, organization critical application, or IP/PPI data through a vector you didn’t even know you had – the unmanaged asset – often referred to as Shadow IT.

Believe this is not your company? A recent study recommends the typical enterprise has 841 cloud apps in use. Surprisingly, most IT executives think the variety of cloud apps in use by their organization is in the order of thirty to forty – indicating they are incorrect by an aspect of 20 times. The very same report highlights that more than 98% of cloud apps are not GDPR ready, and 95% of enterprise class cloud apps are not SOC 2 ready.

Shadow IT/ Unmanaged Assets Defined

Shadow IT is defined as any SaaS application used – by staff members, departments, or entire service groups – without the comprehension or authorization of the business’s IT department. In addition, the advent of ‘everything as a service’ has actually made it even easier for workers to access whatever software application they feel is needed to make them more efficient.

The Effect

Well-intentioned workers typically do not understand they’re breaking business guidelines by activating a brand-new server instance, or downloading unapproved apps or software offerings. However, it takes place. When it does, three problems can develop:

1. Corporate standards within an organization are jeopardized given that unapproved software means each computer system has different abilities.

2. Rogue software applications typically includes security flaws, putting the entire network at risk and making it a lot more hard for IT to manage security threats.

3. Asset blind spots not just increase security and compliance dangers, they can increase legal risk. Information retention policies developed to restrict legal liability are being skirted with details contained on unauthorized cloud assets.

3 Vital Factors To Consider for Dealing With Unmanaged Asset Dangers

1. First, release tools that can offer comprehensive visibility into all cloud assets- managed and unmanaged. Know what brand-new virtual machines have been triggered recently, along with exactly what other devices and applications with which each VM instance is interacting.

2. Second, make certain your tooling can provide continuous inventory of authorized and unapproved virtual devices operating in the cloud. Ensure you can see all IP connections made to each asset.

3. Third, for compliance and/or forensic analysis purposes look for a service that provides a capture of any and all assets (physical and virtual) that have ever existed on the network – not just a service that is limited to active assets – and within a short look back window.

Unmanaged Asset Discovery with Ziften

Ziften makes it simple to quickly discover cloud assets that have been commissioned outside of IT’s purview. And we do it continuously and with deep historic recall at your fingertips – including when each device first linked to the network, when it last appeared, and how frequently it reconnects. And if a virtual device is decommissioned, no problem, we still have all its historical behavior data.

Recognize and secure covert attack vectors coming from shadow IT – prior to a disaster. Know exactly what’s happening in your cloud environment.

Charles Leaver – The Lowdown On The Intelligent Security Association From Microsoft

Published by:

Written By David Shefter And Presented By Charles Leaver


It’s an excellent plan: Microsoft has actually produced a system for third party security businesses, like Ziften, to work together to much better protect our customers. Everybody wins with the brand-new Microsoft Intelligent Security Association, revealed this week – and we are proud to be a founding member and part of the launch. Congratulations to Microsoft!

Security Intelligence Sharing

Among the most exciting tasks coming out of Microsoft has been the new Microsoft Intelligent Security Graph, a risk intelligence engine built on machine learning. The Intelligent Security Graph forms the foundation of the brand-new association – and the foundation of a lot of new opportunities for development.

As Microsoft states, “At the present time, with the immense computing benefits offered by the cloud, the Machine learning and Artificial Intelligence is finding new ways to use its abundant analytics engines and by applying a combination of automated and manual processes, machine learning and human specialists, we are able to create an intelligent security graph that learns from itself and develops in real-time, lowering our collective time to discover and respond to new occurrences.”

The need for much better, more intelligent, security is substantial, which is why we’re delighted to be an establishing member of the new association.

As Microsoft’s Brad Anderson, Microsoft Corporate Vice President, Enterprise Mobility + Security, recently wrote, “Roughly 96% of all malware is polymorphic – meaning that it is just experienced by a single user and device before being changed with yet another malware variation. This is since most of the time malware is captured almost as fast as it’s produced, so malware developers continuously evolve to attempt and stay ahead. Data such as this hammers home how crucial it is to have security options in place that are as nimble and innovative as the attacks.”

Advanced Endpoint Detection and Response

Which brings us to the kind of sophisticated endpoint detection and response (EDR) that Ziften offers to desktops, servers, and cloud assets – giving the enterprise distinct all-the-time visibility and control for any asset, anywhere. Nobody offers the capability you’ll discover in Ziften’s Zenith security platform.

That’s where the Microsoft Intelligent Security Association shines. At the end of the day, even the very best defenses can be breached, and security groups must react faster and more strongly to make sure the safety of their data and systems.

Ziften and Microsoft are delivering totally integrated risk protection that covers customers’ endpoints – implying client devices, servers, and the cloud – with a structure of shared intelligence and the power of the cloud to transform tracking of enterprise systems.

What Microsoft is Saying

“The Intelligent Security Association improves cooperation from leading sources to secure clients,” said Microsoft. “Having actually already accomplished strong client momentum with our incorporated Ziften and Microsoft Windows Defender ATP solution, clients stand to additionally gain from continued collaboration.”

In addition, “Continued integration and intelligence sharing within the context of the Microsoft Intelligent Security Graph enables joint clients to faster and accurately identify, investigate and react to attacks throughout their entire endpoint and cloud base.”

What Ziften is Saying

Ziften’s CEO, Chuck Leaver, is telling everyone that our founding membership in the Microsoft Intelligent Security Association is a significant win for our joint clients and prospects – and it combines everybody in the Microsoft universe and beyond (note that Ziften’s Mac and Linux products are likewise part of the Microsoft collaboration). “As security vendors, we all acknowledge the requirement to cooperate and team up to safeguard our clients and their staff members. Kudos to Microsoft for pioneering this market effort,” Chuck said.

The outcome: Improved security for our customers, and tighter integration and more innovation in the market. It’s a real win for everybody. Apart from the hackers, naturally. They lose. No apologies guys.

Charles Leaver – Preparing Properly For Cloud Asset Migration

Published by:

Written By Logan Gilbert And Presented By Charles Leaver


It bears repeating – the Internet has actually permanently altered the world for people and organizations alike. In the case of the latter, every aspect of modern-day IT is going through digital improvement. IT departments all over are under pressure to make information highly available and at lower cost – all while securing critical data from damage, loss, or cyber theft.

Central to this method is the migration of data centers to the cloud. In fact, 19% of organization workloads are anticipated to be in the general public cloud by the end of 2019, and fifty percent over the next ten years.

What is Cloud Asset Migration?

Cloud migration is the procedure of moving data, applications or other organization aspects from an organization’s on premise infrastructure to the cloud or moving them from one cloud service to another.

The diagram below illustrates this migration of file-server(s), data, and application(s) from an on premise server infrastructure to a cloud environment.

Cloud service providers allow businesses to move some or all IT infrastructure to the cloud for scale, speed, service flexibility, ease of management, and reduced expenses. The benefits are nothing except compelling.

Utilizing Cloud Computing is transforming the corporate landscape. With the technological advancements, people are leaning more to a virtual office space meaning that you can work from anywhere and anytime making use of cloud computing.

What To Consider With Cloud Asset Migration

However, just like any significant IT infrastructure modification, a relocate to the cloud requires thoughtful planning and execution for the procedure to occur within budget and on-time. Moving a server, database, application, or all the above to the cloud is not without threat. System outages, performance destruction, data loss and more are likely to take place as a result of misconfigurations, system failures, and security exploits.

Case in point: 43% of those who have gone through a cloud asset migration have actually experienced a failed or postponed application. Why is this? Because each asset migration is a ‘snowflake’ with its own level of intricacy.

Let’s take a look at three areas to consider for effective cloud asset migration.

1. Have a Strategy

Initially, there needs to be a tactical migration strategy. That plan ought to assist respond to concerns like the following:

Which IT assets should be migrated in the first place?
If you are moving some, or all, of your infrastructure to the cloud, how will you develop and maintain asset control?
How will you identify what you have – prior to and after the move?
Do you even need to migrate everything?
What is the first thing to move?

2. Tidy up What remains in Place Now

To answer these strategic questions efficiently, you’ll require conclusive visibility into each asset under roof now, as well as relevant attributes of each asset. Whether your assets today are operating on physical or virtual server infrastructure, you have to comprehend:

What assets are there now? Discover all the connected assets and understand whether they are presently managed and unmanaged.
Recognize low usage and/or unused systems. Should these systems be removed or repurposed prior to migration?
Identify low use and/or unused applications. Are these applications needed at all? Should they be gotten rid of prior to migration?
Determine and tidy up aspects of duplication, be it systems and/or applications.
Now determine those business-critical systems and applications that will now be moved as part of your strategy. With this comprehensive asset data in hand, you can sharpen your migration technique by segmenting what must – and ought to not be moved – or at least clearly focus on based on business value.

3. Prepare For Cloud Visibility Post Migration

Now that you’re armed with comprehensive, precise existing and historical asset data, how will you keep this level of visibility after your successful cloud asset migration?

While the cost advantages of moving to the cloud are frequently exceptionally compelling, uncontrolled asset/ virtual device expansion can rapidly erode those cost benefits. So, prior to performing your cloud asset migration, make certain you have a cloud visibility solution in place that:

Finds/ screens all connected assets across your single or multi-cloud environment
Records, finger prints, and classifies found assets
Alerts on brand-new or unforeseen asset discovery and/or habits within the cloud environment
Incorporates with existing ticketing, workflow, and/or CMDB systems

Ziften Cloud Visibility and Security

Continuous cloud visibility into each device, user, and application indicates you can administer all elements of your infrastructure more effectively. You’ll avoid wasting resources by preventing VM expansion, plus you’ll have a detailed body of data to satisfy audit requirements for NIST 800-53, HIPAA, and other compliance regulations.

Follow the above when you migrate to the cloud, and you’ll avoid weak security, insufficient compliance, or operational problems. Ziften’s approach to cloud visibility and security offers you the intelligence you need for cloud asset migration without the headaches.

Charles Leaver – Golden Opportunity For Microsoft Channel Partners

Published by:

Written By Greg McCreight And Presented By Charles Leaver


Windows Defender Advanced Threat Protection (WDATP) is very good, popular with Microsoft channel partners all over the world. It is highly likely you’re already working with Microsoft clients to install and maintain WDATP on their Windows end points.

I’m delighted to tell you about a new chance: Get a quick start with an industry-leading service that integrates right into WDATP: Ziften Zenith. For a restricted time, Microsoft channel partners can utilize our new “Fast Start” program to collaborate with Ziften.

With “Fast Start,” you take pleasure in all the advantages of Ziften’s top tier partner status for a full year, and we’ll assist you to get up to speed quickly with joint market and business development resources – and with a waiver of the usual sales volume dedication related to Gold Status.

If you have no idea about Ziften, we supply infrastructure visibility and coordinated threat detection, prevention, and response across all endpoint devices and cloud environments. Zenith, our flagship security platform, easily deploys to client devices, virtual machines and servers.

When installed, Zenith constantly collects all the info required to accurately assess the present and historical state of all handled devices including system, user behavior, network connection, application, binary, and procedure data. Zenith supplies your customers’ IT and security groups with continuous visibility and control of all handled assets including constant tracking, informing, and automated or manual actions.

Zenith is cross platform – it operates with and secures Windows, Mac, Linux, and other end points.

What’s specifically notable – and here’s the chance – is that Ziften has collaborated with Microsoft to integrate Zenith with Windows Defender ATP. That means your clients can utilize WDATP on Windows systems and Zenith on their macOS and Linux systems to spot, see, and respond to cyber attacks all utilizing only the WDATP Management Console for all the systems. Zenith is concealed in the background.

A single pane of glass, to handle Windows, Mac, Linux end points, which can consist of desktops, notebooks, and servers. That makes Zenith the best option to provide to your existing WDATP clients… and to make your bids for brand-new WDATP business more complete for multi platform business potential customers.

What’s more, providing Zenith can assist you speed customer migrations to Windows 10, and sell more Enterprise E5 commercial editions.

” Fast Start” with Gold Status for a Year

Ziften is totally focused on the channel: 96% of our sales in 2017 were through the channel. We are very excited to bring the “Fast Start” program to current Microsoft channel partners, anywhere in the world.

With “Fast Start,” you can sign up for the Ziften Channel Program with these benefits:

Expedited Approval and On-Boarding – Ziften channel managers and field sales work directly with you to get operating offering the Zenith endpoint security solution incorporated with Windows Defender ATP.

Superior Security Value – You’ll be distinctively positioned to offer clients and prospects greater security value throughout more of their overall environment than ever, increasing the variety of supported and protected Windows, Mac, and Linux systems.

Hands-On Partnership – Ziften dedicates field sales, sales engineers, and marketing to support your day-to-day pre-sales engagements, drive new sales opportunities, and help to close more business opportunities with Microsoft and Ziften endpoint security.

Here’s exactly what one major Microsoft channel partner, states about this – this is Ronnie Altit, creator and CEO of Insentra, a “partner-obsessed” Australian IT services business that works specifically through the IT channel:

” As a big Microsoft reseller, teaming with Ziften to offer their Zenith security platform incorporated with Microsoft Windows Defender ATP was a no-brainer. We’re thrilled at the seamless integration between Zenith and Windows Defender ATP providing our customers holistic security and visibility throughout their Windows and non-Windows systems. Ziften has actually been a pleasure to deal with, and encouraging at every step of the procedure. We anticipate to be extremely successful offering this effective security solution to our customers.”

Charles Leaver – More Women Needed In Cybersecurity And Girl Scouts Pushing This

Published by:

Written By Kim Foster And Presented By Charles Leaver


It’s no secret that cybersecurity is getting more international attention than ever before, and enterprises are rightfully concerned if they are training sufficient security specialists to meet growing security dangers. While this issue is felt throughout the commercial world, lots of people did not expect Girl Scouts to hear the call.

Beginning this fall, countless Girl Scouts across the country have the opportunity to earn cybersecurity badges. Girl Scouts of the United States teamed up with Security Company (and Ziften tech partner) Palo Alto Networks to create a curriculum that informs girls about the basics of computer security. In accordance with Sylvia Acevedo, CEO of GSUSA, they produced the program based on demand from the girls themselves to protect themselves, their computer systems, and their family networks.

The timing is good, since according to a research study launched in 2017 by (ISC), 1.8 million cybersecurity positions will be unfilled by 2022. Factor in increased need for security pros with stagnant growth for ladies – only 11 percent for the past several years – our cybersecurity staffing troubles are poised to intensify without significant effort on behalf of the market for better inclusion.

Of course, we cannot rely on the Girl Scouts to do all the heavy lifting. More comprehensive educational efforts are a given: according to the Computing Technology Industry Association, 69 percent of U.S. females who do not have a profession in information technology mentioned not knowing exactly what chances were available to them as the factor they did not pursue one. One of the excellent untapped opportunities of our market is the recruitment of more diverse professionals. Targeted curricula and increased awareness needs to be high top priority. Raytheon’s Women Cyber Security Scholarship is a good example.

To reap the benefits of having actually females supported shaping the future of innovation, it’s important to resolve the exclusionary perception of “the boys’ club” and remember the groundbreaking contributions made by females of the past. Lots of people understand that the very first computer developer was a woman – Ada Lovelace. Then there is the work of other famous pioneers such as Grace Hopper, Hedy Lamarr, or Ida Rhodes, all who might stimulate some vague recollection amongst those in our industry. Female mathematicians created programs for one of the world’s first fully electronic general-purpose computers: Kay McNulty, Jean Jennings Bartik, Betty Snyder, Marlyn Meltzer, Fran Bilas, and Ruth Lichterman were simply a few of the initial programmers of the Electronic Numerical Integrator and Computer (better known as ENIAC), though their important work was not extensively acknowledged for over 50 years. In fact, when historians initially discovered pictures of the ladies in the mid-1980s, they misinterpreted them for “Refrigerator Ladies” – models posing in front of the machines.

It deserves keeping in mind that numerous folk believe the very same “boys’ club” mentality that overlooked the achievements of females in history has actually resulted in limited management positions and lower salaries for modern-day ladies in cybersecurity, in addition to outright exemption of female stars from speaking opportunities at industry conferences. As trends go, excluding bright people with suitable understanding from influencing the cybersecurity market is an unsustainable one if we want to stay up to date with the cybercriminals.

Whether or not we collectively act to promote more inclusive workplaces – like educating, recruiting, and promoting ladies in larger numbers – it is heartening to see an organization synonymous with charity event cookies effectively inform an entire industry to the fact that ladies are genuinely thinking about the field. As the Girls Scouts of today are given the tools to pursue a career in information security, we need to prepare for that they will become the very females who ultimately reprogram our expectations of what a cybersecurity expert looks like.

Charles Leaver – Don’t Believe The Hype As Macs Can Affect Your Security

Published by:

Written By Roark Pollock And Presented By Charles Leaver


Do you have Mac computers? That’s fine. I have one too. Are your’s locked down? If not, your business has a possibly major security weakness.

It’s a fallacy to believe that Macintosh computers are inherently secure and don’t have to be protected against hacking or malware. People think Macs are undoubtedly probably more secure than Windows desktops and notebooks, due to the style of the Unix-oriented kernel. Definitely, we see less security patches released for macOS from Apple, compared with security patches for Windows from Microsoft.

Less security defects is not absolutely no defects. And much safer doesn’t indicate 100% safe.

Examples of Mac Vulnerabilities

Take, for instance, the macOS 10.13.3 update, released on January 23, 2018, for the current variations of the Mac’s operating system. Like a lot of current computer systems running Intel processors, the Mac was susceptible to the Meltdown defect, which implied that malicious applications might be able to read kernel memory.

Apple had to patch this defect – along with lots of others.

For instance, another flaw might allow malicious audio files to perform random code, which might break the system’s security integrity. Apple needed to patch it.

A kernel flaw meant that a malicious application may be able to execute random code with kernel privileges, giving cyber criminals access to anything on the device. Apple needed to patch the kernel.

A flaw in the WebKit library indicated that processing maliciously crafted web content might result in arbitrary code execution. Apple needed to patch WebKit.

Another flaw meant that processing a malicious text message might result in application denial of service, locking up the system. Whoops. Apple had to patch that flaw too.

Do not Make The Exact Same Errors as Customers

Numerous customers, believing all the talk about how terrific macOS is, choose to run without protection, trusting the macOS and its built-in application firewall program to obstruct all manner of bad code. Problem: There’s no built-in anti virus or anti-malware, and the firewall program can only do so much. And many enterprises want to overlook macOS when it pertains to visibility for posture tracking and hardening, and threat detection/ hazard searching.

Customers often make these assumptions due to the fact that they do not know any better. IT and Security experts need to never ever make the same mistakes – we need to understand better.

If a Mac user sets up bad software, or adds a harmful internet browser extension, or opens a bad e-mail attachment, or clicks a phishing link or a nasty advertisement, their device is corrupted – similar to a Windows computer. But within the business, we have to be prepared to deal with these concerns, even with Mac computers.

So What Do You Do?

Exactly what do you need to do?

– Install anti virus and anti malware on business Macs – or any Mac that has access to your company’s material, servers, or networks.
– Monitor the state of Mac computers, just like you would with Windows machines.
– Be proactive in applying patches and fixes to Mac computers, once again, similar to with Windows.

You must likewise get rid of Macs from your business environment which are too old to run the latest version of macOS. That’s a lot of them, because Apple is pretty good at maintaining hardware that is older. Here is Apple’s list of Mac models that can run macOS 10.13:

– MacBook (Late 2009 or newer).
– MacBook Pro (Mid 2010 or newer).
– MacBook Air (Late 2010 or more recent).
– Mac mini (Mid 2010 or more recent).
– iMac (Late 2009 or more recent).
– Mac Pro (Mid 2010 or more recent).

When the next version of macOS comes out, some of your older machines may drop off the list. They ought to fall off your inventory as well.

Ziften’s Perspective.

At Ziften, with our Zenith security platform, we work hard to keep visibility and security feature parity between Windows systems, macOS systems, and Linux-based systems.

In fact, we’ve partnered with Microsoft to incorporate our Zenith security platform with Microsoft Windows Defender Advanced Threat Protection (ATP) for macOS and Linux monitoring and risk detection and response coverage. The combination allows customers to find, view, investigate, and react to innovative cyber-attacks on macOS computers (as well as Windows and Linux-based endpoints) straight within the Microsoft WDATP Management Console.

From our perspective, it has actually constantly been very important to give your security teams confidence that every desktop/ notebook endpoint is safeguarded – and thus, the enterprise is protected.

It can be hard to believe, 91% of enterprises say they have a number of Mac computers. If those computers aren’t secured, and also properly integrated into your endpoint security systems, the enterprise is not protected. It’s just that basic.