Category Archives: Network Security

Charles Leaver – The Target Cyber Attack Took Months To Recover From And Caused Severe Financial Loss

Published by:

By Charles Leaver CEO Ziften


After Target was breached it took several months for the business to recover and be offered a clean bill of health.

Constant Recovery Effort And Reports Of Financial Loss

It was a major story when Target experienced its data breach. Like all major news stories it faded into the background as far as being covered nationally, but as far as the store is concerned it was still a major concern. The store minimized its profit projections for 2014 once again, which suggests that the company had actually undervalued the effect of the harmful attack that they were exposed to, according CNN Money.

The decrease in earnings was actually significant and the business wound up declaring 62% less earnings. In addition to this they needed to pay out $111 million as a direct result of the breach in the 2nd fiscal quarter and all of this amounts to a business that was at one time robust now looking a shadow of its previous self because of a cyber attack.

As the fallout continued, the scale of the cyber attack began to emerge. Data for around 110 million people was jeopardized, and taken charge card data was experienced by 40 million of those individuals. As news got out about the breach, the company made some major modifications which included the execution of more rigid cyber security steps and the change out of the system admin. Long standing CEO, Gregg Steinhafel, likewise resigned. However it is not considered enough to reduce the effect of the attack. The stakeholders of Target are soaking up the negative results of the attack as much as the business itself according to Brian Sozzi of Belus Capital.

In an e-mail to CNN Money Sozzi stated “Target simply dropped an epic complete year profits warning onto the heads of its remaining investors.” “Target has offered financiers ABSOLUTELY NO reason to be encouraged that a global turn-around is covertly emerging.”

Target Provides A Lesson For All Organizations About Improved Pre-emptive Steps

No matter how proactive a company is to a cyber attack, there is no assurance that the recovery time will be quicker. The bottom line is that a data breach is bad news for any company no matter how you call it or attempt to repair it. Preventative procedures are the very best way forward and you have to take actions to ensure an attack does not happen to your organization in the first place. Using endpoint threat detection systems can have a significant role in maintaining strong defenses for any company that opts to implement it.


Billions Of Credentials Stolen By Russian Cyber Criminals. Defend Your Organization Now With Continuous Endpoint Monitoring – Charles Leaver

Published by:

Charles Leaver Ziften CEO

It is believed that the greatest known cyber attack in the history of data breaches has actually been found by an American cyber security company. It is believed by the company that a group of cyber criminals from Russia that they have been investigating for numerous months is responsible for taking passwords in the billions and other sensitive personal data. It is declared that the Russian group took 4.5 billion credentials, although a lot were duplicated, and the final outcome was 1.2 billion unique data profiles being taken. The group took the information from 420,000 sites of various sizes, from big brand name sites to smaller mom and pop shops.

The New York Times stated that the cyber crooks comprised of about 12 people. Starting out with small scale spamming approaches in 2011 they gained the majority of the data by buying stolen databases.

In an interview with PCMag, the founder of the company that found the breach, Alex Holden, said “the gang begun by just purchasing the databases that were offered over the Internet.” The group used to buy at fire sales and were referred to as “bottom feeders”. As time went by they started the purchase of higher quality databases. It’s kind of like graduating from taking bikes to stealing costly automobiles.”

A Progression From Spamming To Using Botnets

The cyber criminal group began to alter their behavior. Botnets were utilized by the group to gather the stolen data on a much larger scale. Through using the botnets the group were able to automate the process of recognizing sites that were susceptible and this enabled them to work 24/7. Anytime that an infected user would visit a website, the bot would check to see if the vulnerability would could go through an SQL injection automatically. Using these injections, which is a commonly used hacking tool, the database of the website would be required to reveal its contents through the entering of a basic query. The botnets would flag those websites that were vulnerable and the hackers returned later to extract the information from the website. Using the bot was the ultimate downfall of the group as they were spotted by the security company utilizing it.

It is believed by the security company that the billions of pieces of data that were stolen were not taken at the same time, and that most of the records were most likely bought from other cyber criminals. According to the Times, very few of the records that were taken have been sold online, instead the hacking team have chosen to utilize the information for the sending out of spam messages on social media for other groups so that they can earn money. Different cyber security professionals are asserting that the magnitude of this breach signifies a trend of cyber wrongdoers stockpiling huge amounts of personal profiles with time and saving them for use later, according to the Wall Street Journal.

Security expert at the research study company Gartner, Avivah Litan, said “companies that depend on user names and passwords have to cultivate a sense of urgency about altering this.” “Till they do, lawbreakers will simply keep stockpiling individuals’s credentials.”

Cyber attacks and breaches on this scale underline the requirement for organizations to safeguard themselves with the latest cyber security defenses. Systems that use endpoint threat detection and response will help companies to create a clearer picture of the risks facing their networks and receive info that is actionable on how best to prevent attacks. Today, when substantial data breaches are going to take place more and more, the use of continuous endpoint visibility is crucial for the security of a business. If the network of the company is constantly monitored, hazards can be recognized in real time, and this will decrease the damage that a data breach can inflict on the reputation and bottom line of a company.


Charles Leaver – Ziften And Splunk Active Response Framework What Are The Advantages?

Published by:

Written By Charles Leaver CEO Ziften



We were the sponsor in Las Vegas for a great Splunk.conf2014 show, we returned stimulated and raring to go to push on even further forward with our solution here at Ziften. A talk that was of specific interest was by the Security Solutions Architect for Splunk, Jose Hernandez. “Using Splunk to Automatically Reduce Risks” was the name of his talk. If you want to see his slides and a recording of the talk then please go to

Making use of Splunk to assist with mitigation, or as I want to describe it as “Active Response” is an excellent idea. Having all your intelligence data flowing into Splunk is extremely effective, and it can be endpoint data, outside risk feeds etc, then you will have the ability to take action on this data truly completes the loop. At Ziften we have our effective continuous monitoring on the endpoint solution, and being married to Splunk is something that we are really extremely proud of. It is a truly strong move in the right direction to have real time data analysis coupled with the ability to respond and act against incidents.

Ziften have actually developed a mitigation action which utilizes the readily available Active Response code. There is a demo video included in this blog below. Here we were able to develop a mitigation action within our Ziften App for Splunk as proof of concept. After the action is created, results within Splunk ES (Enterprise Security) can be observed and tracked. This actually is a significant addition and now users will be able to monitor and track mitigations within Splunk ES, which offers you with the major advantage of being able to complete the loop and establish a history of your actions.

That Splunk is driving such an effort thrills us, this is most likely to progress and we are dedicated to constantly support it and make more progress with it. It is really exciting at the moment in the Endpoint Detection and Response area and the Active Response Framework built into Splunk being added will certainly promote a high degree of interest in my opinion.

For any questions concerning the Ziften App for Splunk, please send out an e-mail to




Charles Leaver – A Reliable Endpoint Monitoring System Needs More Than Narrow Indicators Of Compromise

Published by:

Presented By Charles Leaver And Written By Dr Al Hartmann Of Ziften Inc.


The Breadth Of The Indicator – Broad Versus Narrow

An extensive report of a cyber attack will typically offer details of indicators of compromise. Often these are slim in their scope, referencing a specific attack group as viewed in a particular attack on an organization for a limited period of time. Typically these narrow indicators are specific artifacts of an observed attack that could constitute particular evidence of compromise by themselves. For the attack it implies that they have high uniqueness, however often at the cost of low sensitivity to comparable attacks with different artifacts.

Essentially, slim indicators offer extremely restricted scope, and it is the factor that they exist by the billions in massive databases that are continually expanding of malware signatures, network addresses that are suspicious, malicious pc registry keys, file and packet content snippets, filepaths and intrusion detection guidelines and so on. The continuous endpoint monitoring solution provided by Ziften aggregates a few of these third party databases and threat feeds into the Ziften Knowledge Cloud, to take advantage of understood artifact detection. These detection elements can be used in real time in addition to retrospectively. Retrospective application is essential because of the short-term characteristics of these artifacts as hackers constantly render conceal the info about their cyber attacks to annoy this narrow IoC detection approach. This is the factor that a continuous monitoring solution must archive monitoring results for a long time (in relation to industry reported common attacker dwell times), to provide an enough lookback horizon.

Slim IoC’s have significant detection worth however they are mostly inefficient in the detection of brand-new cyber attacks by knowledgeable hackers. New attack code can be pre tested against common enterprise security solutions in laboratory environments to confirm non-reuse of artifacts that are detectable. Security solutions that operate merely as black/white classifiers suffer from this weak point, i.e. by supplying an explicit decision of destructive or benign. This approach is really easily averted. The defended organization is most likely to be completely attacked for months or years prior to any noticeable artifacts can be recognized (after extensive investigation) for the particular attack circumstances.

In contrast to the simplicity with which cyber attack artifacts can be obscured by normal hacker toolkits, the particular techniques and strategies – the modus operandi – used by attackers have been sustained over several decades. Typical strategies such as weaponized websites and docs, brand-new service installation, vulnerability exploitation, module injection, sensitive directory and registry area adjustment, new arranged tasks, memory and drive corruption, credentials compromise, malicious scripting and numerous others are broadly typical. The proper use of system logging and monitoring can detect a lot of this particular attack activity, when appropriately paired with security analytics to focus on the greatest threat observations. This entirely eliminates the opportunity for hackers to pre test the evasiveness of their destructive code, because the quantification of dangers is not black and white, but nuanced shades of gray. In particular, all endpoint danger is differing and relative, throughout any network/ user environment and time period, and that environment (and its temporal characteristics) can not be duplicated in any lab environment. The basic attacker concealment approach is foiled.

In future posts we will analyze Ziften endpoint risk analysis in more detail, along with the vital relationship between endpoint security and endpoint management. “You can’t protect what you don’t manage, you can’t manage what you do not measure, you can’t measure what you don’t track.” Organizations get breached due to the fact that they have less oversight and control of their endpoint environment than the cyber attackers have. Look out for future posts…


The Ziften Continuous Endpoint Monitoring Advantage Carbanak Case Study Part 3 – Charles Leaver

Published by:

Presented By Charles Leaver And Written By Dr Al Hartmann

Part 3 in a 3 part series


Below are excerpts of Indicators of Compromise (IoC) from the technical reports on the Anunak/Carbanak APT attacks, with discussions their discovery by the Ziften continuous endpoint monitoring solution. The Ziften system has a concentrates on generic indicators of compromise that have been consistent for years of hacker attacks and cyber security experience. IoC’s can be recognized for any os such as Linux, OS X and Windows. Specific indicators of compromise also exist that suggest C2 infrastructure or particular attack code instances, however these are not utilized long term and not normally made use of once again in fresh attacks. There are billions of these artifacts in the security world with thousands being included every day. Generic IoC’s are ingrained for the supported operating systems by the Ziften security analytics, and the specific IoC’s are employed by the Ziften Knowledge Cloud from subscriptions to a number of industry threat feeds and watch lists that aggregate these. These both have value and will help in the triangulation of attack activity.

1. Exposed vulnerabilities

Excerpt: All observed cases used spear phishing emails with Microsoft Word 97– 2003 (. doc) files attached or CPL files. The doc files exploit both Microsoft Office (CVE-2012-0158 and CVE-2013-3906) and Microsoft Word (CVE- 2014-1761).

Remark: Not actually a IoC, critical exposed vulnerabilities are a major hacker exploit and is a large warning that increases the threat rating (and the SIEM priority) for the end point, particularly if other indications are also present. These vulnerabilities are indicators of lazy patch management and vulnerability lifecycle management which causes a weakened cyber defense position.

2. Locations That Are Suspect

Excerpt: Command and Control (C2) servers situated in China have been determined in this project.

Comment: The geolocation of endpoint network touches and scoring by location both add to the risk score that drives up the SIEM priority. There are valid reasons for having contact with Chinese servers, and some organizations might have installations situated in China, but this should be validated with spatial and temporal checking of abnormalities. IP address and domain information must be added with a resulting SIEM alarm so that SOC triage can be conducted rapidly.

3. Binaries That Are New

Excerpt: Once the remote code execution vulnerability is effectively exploited, it installs Carbanak on the victim’s system.

Comment: Any brand-new binaries are always suspicious, but not all them must raise alarms. The metadata of images should be evaluated to see if there is a pattern, for example a new app or a brand-new variation of an existing app from an existing supplier on a most likely file path for that supplier etc. Hackers will try to spoof apps that are whitelisted, so signing data can be compared as well as size, size of the file and filepath etc to filter out apparent instances.

4. Uncommon Or Sensitive Filepaths

Excerpt: Carbanak copies itself into “% system32% com” with the name “svchost.exe” with the file attributes: system, concealed and read-only.

Comment: Any writing into the System32 filepath is suspicious as it is a sensitive system folder, so it is subject to examination by checking anomalies immediately. A classic abnormality would be svchost.exe, which is a vital system procedure image, in the unusual location the com subdirectory.

5. New Autostarts Or Services

Excerpt: To ensure that Carbanak has autorun privileges the malware produces a new service.

Remark: Any autostart or new service is common with malware and is constantly examined by the analytics. Anything low prevalence would be suspicious. If inspecting the image hash against industry watchlists results in an unknown quantity to the majority of anti-virus engines this will raise suspicions.

6. Low Prevalence File In High Prevalence Folder

Excerpt: Carbanak develops a file with a random name and a.bin extension in %COMMON_APPDATA% Mozilla where it stores commands to be executed.

Remark: This is a classic example of “one of these things is not like the other” that is simple for the security analytics to examine (continuous monitoring environment). And this IoC is absolutely generic, has definitely nothing to do with which filename or which directory is created. Despite the fact that the technical security report notes it as a specific IoC, it is trivially genericized beyond Carabanak to future attacks.

7. Suspect Signer

Excerpt: In order to render the malware less suspicious, the current Carbanak samples are digitally signed

Comment: Any suspect signer will be treated as suspicious. One case was where a signer provides a suspect anonymous gmail e-mail address, which does not inspire confidence, and the risk score will rise for this image. In other cases no e-mail address is supplied. Signers can be easily noted and a Pareto analysis performed, to determine the more versus less trusted signers. If a less trusted signer is found in a more sensitive directory then this is very suspicious.

8. Remote Administration Tools

Excerpt: There seems a preference for the Ammyy Admin remote administration tool for remote control thought that the hackers utilized this remote administration tool due to the fact that it is frequently whitelisted in the victims’ environments as a result of being utilized regularly by administrators.

Comment: Remote admin tools (RAT) constantly raise suspicions, even if they are whitelisted by the organization. Checking of anomalies would happen to identify whether temporally or spatially each new remote admin tool is consistent. RAT’s are subject to abuse. Hackers will always prefer to utilize the RAT’s of an organization so that they can avoid detection, so they need to not be given access each time even if they are whitelisted.

9. Patterns Of Remote Login

Excerpt: Logs for these tools suggest that they were accessed from 2 dissimilar IPs, most likely utilized by the attackers, and located in Ukraine and France.

Remark: Always suspect remote logins, because all hackers are presumed to be remote. They are likewise used a lot with insider attacks, as the insider does not want to be recognized by the system. Remote addresses and time pattern anomalies would be examined, and this ought to expose low prevalence usage (relative to peer systems) plus any suspect locations.

10. Atypical IT Tools

Excerpt: We have actually also discovered traces of various tools utilized by the hackers inside the victim ´ s network to gain control of extra systems, such as Metasploit, PsExec or Mimikatz.

Comment: Being sensitive apps, IT tools ought to always be examined for abnormalities, due to the fact that numerous hackers overturn them for harmful purposes. It is possible that Metasploit could be utilized by a penetration tester or vulnerability researcher, but instances of this would be uncommon. This is a prime example where an uncommon observation report for the vetting of security staff would result in restorative action. It likewise highlights the problem where blanket whitelisting does not help in the identification of suspicious activity.


Charles Leaver – Carbanak Case Study Part Two Explains Why Continuous Endpoint Monitoring Is SO Efficient

Published by:

Presented By Charles Leaver And Written By Dr Al Hartmann

Part 2 in a 3 part series


Continuous Endpoint Monitoring Is Extremely Efficient


Convicting and obstructing malicious scripts before it is able to jeopardize an endpoint is great. But this approach is mainly inefficient in the defense of cyber attacks that have been pre tested to evade this sort of approach to security. The genuine issue is that these hidden attacks are conducted by knowledgeable human hackers, while conventional defense of the endpoint is an automated procedure by endpoint security systems that rely mainly on standard antivirus innovation. The intelligence of human beings is more imaginative and versatile than the intelligence of machines and will constantly be superior to automatic machine defenses. This highlights the findings of the Turing test, where automated defenses are trying to adapt to the intellectual level of a skilled human hacker. At the current time, artificial intelligence and machine learning are not advanced enough to fully automate cyber defense, the human hacker is going to win, while those attacked are left counting their losses. We are not residing in a sci-fi world where machines can out think human beings so you must not think that a security software application suite will automatically take care of all of your issues and prevent all attacks and information loss.

The only genuine way to prevent an undaunted human hacker is with a resolute human cyber defender. In order to engage your IT Security Operations Center (SOC) personnel to do this, they must have complete visibility of network and endpoint operations. This type of visibility will not be accomplished with standard endpoint antivirus solutions, instead they are developed to remain silent unless implementing a capture and quarantining malware. This traditional method renders the endpoints opaque to security personnel, and the hackers use this endpoint opacity to hide their attacks. This opacity extends backwards and forwards in time – your security workers do not know exactly what was running across your endpoint population in the past, or at this moment, or exactly what can be expected in the future. If diligent security personnel discover clues that require a forensic look back to discover hacker traits, your antivirus suite will be unable to help. It would not have acted at the time so no events will have been recorded.

In contrast, continuous endpoint monitoring is always working – providing real time visibility into endpoint operations, offering forensic look back’s to take action against new evidence of attacks that is emerging and find indications earlier, and providing a standard for normal patterns of operation so that it understands exactly what to expect and notify any abnormalities in the future. Supplying not only visibility, continuous endpoint monitoring offers informed visibility, with the application of behavioral analytics to spot operations that appear irregular. Irregularities will be continually analyzed and aggregated by the analytics and reported to SOC staff, through the organization’s security information event management (SIEM) network, and will flag the most worrying suspicious abnormalities for security personnel interest and action. Continuous endpoint monitoring will amplify and scale human intelligence and not replace it. It is a bit like the old game on Sesame Street “One of these things is not like the other.”

A child can play this game. It is simplified due to the fact that a lot of items (referred to as high prevalence) look like each other, but one or a small amount (called low prevalence) are different and stand apart. These different actions taken by cyber bad guys have actually been quite consistent in hacking for decades. The Carbanak technical reports that noted the indicators of compromise ready examples of this and will be discussed below. When continuous endpoint monitoring security analytics are enacted and show these patterns, it is easy to acknowledge something suspicious or unusual. Cyber security personnel will be able to perform fast triage on these unusual patterns, and rapidly figure out a yes/no/maybe response that will identify uncommon but known to be good activities from malicious activities or from activities that require extra tracking and more insightful forensics examinations to confirm.

There is no way that a hacker can pre test their attacks when this defense application is in place. Continuous endpoint monitoring security has a non-deterministic risk analytics component (that notifies suspect activity) along with a non-deterministic human aspect (that performs alert triage). Depending on the present activities, endpoint population mix and the experience of the cyber security workers, developing attack activity might or may not be uncovered. This is the nature of cyber warfare and there are no warranties. However if your cyber security fighters are geared up with continuous endpoint monitoring analytics and visibility they will have an unreasonable advantage.


Charles Leaver – First Part Of Carbanak Case Study And The Benefits Of Continuous Endpoint Monitoring

Published by:

Presented By Charles Leaver And Written By Dr Al Hartmann


Part 1 in a 3 part series



Carbanak APT Background Particulars

A billion dollar bank raid, which is targeting more than a hundred banks across the world by a group of unknown cyber wrongdoers, has actually remained in the news. The attacks on the banks began in early 2014 and they have been expanding around the world. The majority of the victims suffered dreadful breaches for a variety of months throughout numerous endpoints prior to experiencing monetary loss. Most of the victims had actually implemented security steps which included the implementation of network and endpoint security software, but this did not provide a great deal of warning or defense against these cyber attacks.

A number of security companies have actually produced technical reports about the incidents, and they have been codenamed either Carbanak or Anunak and these reports noted signs of compromise that were observed. The companies consist of:

Fox-IT from Holland
Group-IB from Russia
Kaspersky Laboratory of Russia

This post will serve as a case study for the cyber attacks and address:

1. The factor that the endpoint security and the standard network security was unable to spot and resist the attacks?
2. Why continuous endpoint monitoring (as supplied by the Ziften solution) would have warned early about endpoint attacks then triggered a reaction to prevent data loss?

Standard Endpoint Security And Network Security Is Inefficient

Based upon the legacy security design that relies too much on obstructing and prevention, traditional endpoint and network security does not offer a well balanced strategy of blocking, prevention, detection and response. It would not be difficult for any cyber criminal to pre test their attacks on a limited number of standard endpoint security and network security products so that they could be sure an attack would not be detected. A number of the hackers have actually looked into the security products that were in place at the victim organizations then became competent in breaking through undetected. The cyber criminals knew that most of these security services just respond after the occasion but otherwise will do nothing. Exactly what this means is that the typical endpoint operation remains generally opaque to IT security workers, which suggests that malicious activity becomes masked (this has actually already been checked by the hackers to avoid detection). After a preliminary breach has actually taken place, the malicious software can extend to reach users with higher privileges and the more delicate endpoints. This can be quickly attained by the theft of credentials, where no malware is required, and conventional IT tools (which have been white listed by the victim organization) can be used by cyber criminal created scripts. This means that the existence of malware that can be identified at endpoints is not utilized and there will be no alarms raised. Conventional endpoint security software application is too over reliant on looking for malware.

Traditional network security can be controlled in a comparable way. Hackers test their network activities first to avoid being found by commonly distributed IDS/IPS guidelines, and they carefully monitor regular endpoint operation (on endpoints that have actually been compromised) to hide their activities on a network within regular transaction durations and normal network traffic patterns. A new command and control infrastructure is produced that is not registered on network address blacklists, either at the IP or domain levels. There is very little to give the hackers away here. Nevertheless, more astute network behavioral assessment, specifically when associated with the endpoint context which will be talked about later on in this series of posts, can be a lot more effective.

It is not time to give up hope. Would continuous endpoint monitoring (as supplied by Ziften) have offered an early warning of the endpoint hacking to begin the procedure of stopping the attacks and avoid data loss? Find out more in part 2.

Tax Season Is Coming So Defend Your Environment Form A Rise In Cyber Attacks – Charles Leaver

Published by:

Written By Ziften CEO Charles Leaver

There are lots of business seasons each year and it is necessary that leaders of companies comprehend what those time periods mean for their for their cyber security defenses. In the retail sector the Christmas shopping season represents a spike in consumer expenditure, however it also represents a great time for cyber bad guys to attempt and steal customer data. When tax season shows up, organizations are busy preparing what is required for federal government agencies and accountancy firms and this can be a vulnerable time for cyber attacks.

Tax Season Represents An Opportunity For Cyber Criminals

With income tax returns now gone digital there is no requirement for United States citizens to mail their tax returns by the due date as all can be done using the Internet. This is certainly faster and more convenient but it can introduce security threats that organizations need to know. When there are large quantities of data on the move a golden opportunity exists for hackers to access information that belongs to the company.

There have been a variety of cyber security attacks throughout tax season before, and this has actually raised concerns that the hackers will be ready and waiting again. The latest Anthem breach has led market experts to anticipate a boost in tax fraud hacking in the future. In this breach that impacted 80 million people, there was a huge amount of personal data such as social security numbers stolen according to Kelly Phillips Erb who is a Forbes contributor.

In Connecticut, locals have been prompted by the Department of Revenue Services to submit their income tax returns early, and act ahead of the cyber lawbreakers so that their data is not discovered and their identity stolen.

Deceitful Activity Spotted By Tax Software

To make matters worse, there have been some security concerns with one of the country’s most popular tax software application brand names. USA Today revealed that TurboTax representatives discovered a boost in cyber criminality related to their software. A variety of unauthorized users had been utilizing stolen individual data to submit phony tax returns with state governments. The company took the precaution of momentarily stopping all users from filing state taxes until an examination internally was completed.

This cyber criminal offense was consequently proved to be inapplicable to the TurboTax software application, but the event shows what a challenge it is for cyber security experts to stop instances of tax fraud today. Even if the TurboTax software application was flawed, it most likely wouldn’t affect organizations much, given that they utilize accounting firms to manage their income tax returns. Accounting firms also have to do exactly what they can to prevent a cyber attack, which is why organizations must be proactive and safeguard their sensitive data.

Staying Secure At The Business Level

When it is time for large companies to prepare their tax returns they will use a great deal of accountancy personnel and the services of external companies in all likelihood to collate their financial info. When this is taking place, more attack verticals are open to cyber bad guys and they might infiltrate a company undiscovered. If they have the ability to do this then they will have access to many files relating to company files, monetary data and staff member records.

If you wish to secure your company in the coming tax season, focus on best practices of cyber security and implement protective steps that totally cover enterprise environments. Traditional tools like firewall programs and antivirus programs are an excellent place to start, but more advanced options will be needed for those cyber attacks that can occur undetected. Endpoint threat detection and response is important here, as it makes it possible for company security groups to find suspicious activity rapidly that could have gone undiscovered. If such an attack was to infiltrate the network then this could be the start of a large scale security attack.

Cyber security measures are constantly developing and try to keep pace with the methods that hackers utilize. Basic network level defenses may catch a great deal of cyber attacks but they will not be able to prevent all of the attacks. This is where high quality endpoint threat detection and response is required. It will provide visibility throughout all of the endpoints of a company, and can accurately discern between malicious activity and something spurious. This will enable security groups to better secure the data of the company.


Charles Leaver – More And More Advanced Malware Attacks Are Occurring So Protect Your Network

Published by:

Written By Charles Leaver CEO Ziften

If you are in doubt about malware hazards increasing then please check out the rest of this post. Over the past couple of years there have been a variety of cyber security research studies that have revealed that there are countless brand-new malware hazards being developed each year. With limited security resources to cope with the variety of malware dangers this is a real concern. All organizations have to look carefully at their cyber security processes and search for areas of improvement to resolve this genuine threat to data security.

Not all malware is the same. A few of the malware strains are more destructive than others, and security personnel need to understand the malware threats that can cause genuine damage on their company. It was noted that some malware could be categorized as more irritating than threatening according to George Tubin who is a security intelligence contributor. Yes they can inflict issues with the efficiency of computers and need removal by tech support workers, however they will not trigger the same level of problems as the malware that impacted Target and Sony with their cyber attacks.

Advanced malware attacks need to be the focus of security teams discussed Tubin. These malicious strains, which are small in number compared to common malware strains, can cause significant damage if they are enabled to penetrate an organization’s network.

Tubin stated “due to the fact that the majority of malware detection software is created to find standard, known malware – and since standard, recognized malware represents the vast majority of enterprise malware – most companies incorrectly think they are discovering and eliminating practically all malware dangers.” “This is exactly what the advanced malware hackers desire them to believe. While many organizations are satisfied with their malware detection stats, this small sliver of innovative malware goes unnoticed and remains in position to trigger terrible damage.”

The Integrity Of Data Is Under Serious Risk From Advanced Malware

There are zero day malware threats, and these can infiltrate the defenses at the boundary of the network without being detected and can stay active within the environment for months without being seen. This means that cyber lawbreakers have a lot of time to gain access to delicate data and steal essential information. To combat advanced malware and keep the organization environment safe, security personnel ought to enact advanced endpoint threat detection and response systems.

It is vital that organizations can monitor all of their endpoints and guarantee that they can determine malware hazards quickly and eliminate the hazard. Cyber crooks have a number of alternatives to make the most of when they target an organization, and this is even more of a problem as organizations become more complex. Individual laptop computers can be a genuine gateway for cyber wrongdoers to infiltrate the network states Tubin. When a laptop links to a point that is unsecure outside of the environment, there is a likelihood that it can be jeopardized.

This is a genuine factor underlining why security groups need to truthfully examine where the greatest weaknesses are and take restorative action to repair the problem. Endpoint security systems that continually monitor endpoints can offer immense benefits to companies who are concerned about their network defenses. At the end of the day, an organization should execute cyber security processes that match their requirements and resources.


Charles Leaver

Charles Leaver – Don’t Stress Your Environment. Use A Lightweight Solution For Endpoint Security

Published by:

Charles Leaver Ziften CEO Presents A Post By CTO David Shefter

If you are an organization with 5000 or more employees, it is likely that your IT Security and Operations groups are overwhelmed with the degree of data they need to sift through for just a small percentage of visibility about what their users are doing on a recurring basis. Antivirus suites have been installed and they have actually shut off USB ports and even enforced user access restrictions, but the risk of cyber attacks and malware problems still remains. What action do you take?

Up to 72% of advance malware and cyber criminal invasions take place in the endpoint environment, so says a Verizon Data Breach Report. Your business needs to ask itself how essential its reputation is first. If you take Target as an example, it cost them over $ 6 Billion in market cap loss because of a malware attack. Sadly the modern world positions us constantly under attack from unhappy or rogue staff members, anarchists and other cyber bad guys. This circumstance is only likely worsen.

Your network is secured by a firewall program etc but you are not able to see what is occurring past the network switch port. The only real method to resolve this threat is by implementing a solution that works well with and compliments existing network based solutions that are in place. Ziften (which is Dutch for “To Sift”) can provide this solution which offers “Open Visibility” with a lightweight technique. You need to manage the whole environment which includes servers, the network, desktops etc. However you do not wish to add extra overheads and tension on your network. A significant Ziften commitment is that the solution will not have a negative influence on your environment, however it will offer a deeply impactful visibility and security solution.

The groundbreaking software application from Ziften completely understands machine behavior and abnormalities, allowing analysts to zoom in on sophisticated hazards faster to lower dwell time to a minimum. Ziften’s solution will continuously monitor activity at the endpoint, resource consumption, IP connections, user interactions and so on. With the Ziften solution your organization will be able to determine faster the root cause of any intrusion and fix the problem.

It is a lightweight solution that is not kernel or driver based, minimal memory use, there is little to no overhead at the system level and almost zero network traffic.

For driver and kernel based solutions there are extreme accreditation requirements that can take longer than 9 months. By the time the new software application is developed and baked, the OS could be at the next version of release. This is a time consuming, non-supportable and troublesome process.

The Ziften approach is a genuine differentiator in the marketplace. The application of a really light weight and non invasive agent and also executing this as a system service, it conquers the stresses that the majority of brand-new software solutions introduce at the endpoint. Ease of application leads to faster times to market, easy support, scalability, and simple solutions that do not restrain the user environment.

To sum up, with the existing level of cyber threats and the dangers of a cyber attack increasing daily that can significantly taint your reputation, you have to implement constant monitoring of all your endpoint gadgets 24/7 to make sure that you have clear visibility of any endpoint security dangers, gaps, or instabilities and Ziften can deliver this to you.