Charles Leaver – Train Your Staff Effectively About Security

Published by:

Written By Charles Leaver Ziften CEO


Effective corporate cybersecurity assumes that people – your staff members – do the best thing. That they do not turn over their passwords to a caller who claims to be from the IT department doing a “qualifications audit.” That they do not wire $10 million to an Indonesian checking account after getting a midnight demand from “the CEO”.

That they do not set up an “immediate upgrade” to Flash Player based upon a pop-up on a porn website. That they do not overshare on social networks. That they do not save business details on file sharing services outside the firewall. That they don’t link to unsecure WiFi networks. And they don’t click on links in phishing e-mails.

Our research study reveals that 75+% of security incidents are triggered or helped by staff member errors.

Sure, you’ve installed endpoint security, email filters, and anti-malware solutions. Those precautions will probably be for nothing, however, if your employees do the wrong thing time and again when in a hazardous scenario. Our cybersecurity efforts are like having an elegant automobile alarm: If you don’t teach your teenager to lock the vehicle when it’s at the mall, the alarm is worthless.

Security awareness isn’t enough, of course. Employees will make errors, and there are some attacks that do not need a worker bad move. That’s why you need endpoint security, email filters, anti-malware, and so on. But let’s speak about reliable security awareness training.

Why Training Frequently Fails to Have an Effect

Initially – in my experience, a lot of staff member training, well, is poor. That’s particularly true of online training, which is usually dreadful. However for the most parts, whether live or canned, the training does not have credibility, in part due to the fact that lots of IT experts are poor and unconvincing communicators. The training often focuses on communicating and implementing rules – not altering dangerous behavior and habits. And it’s like getting mandatory copy machine training: There’s nothing in it for the staff members, so they don’t accept it.

It’s not about implementing rules. While security awareness training might be “owned” by various departments, such as IT, CISO, or HR, there’s often an absence of knowledge about what a safe awareness program is. First of all, it’s not a checkbox; it needs to be ongoing. The training should be delivered in different ways and times, with a mix of live training, newsletters, small-group conversations, lunch-and-learns, and yes, even online resources.

Safeguarding yourself is not complicated!

But a big problem is the absence of objectives. If you do not know exactly what you’re attempting to do, you cannot see if you have actually done an excellent job in the training – and if dangerous habits in fact alter.

Here are some sample goals that can result in effective security awareness training:

Offer staff members with the tools to acknowledge and handle ongoing day-to-day security dangers they may receive online and via e-mail.

Let workers understand they belong to the group, and they can’t just rely on the IT/CISO teams to deal with security.

Halt the cycle of “unintended ignorance” about safe computing practices.

Modify state of minds toward more safe practices: “If you observe something, say something”.

Review of company guidelines and procedures, which are described in actionable terms which relate to them.

Make it Appropriate

No matter who “owns” the program, it’s important that there is visible executive backiong and management buy-in. If the officers don’t care, the staff members will not either. Effective training won’t talk about tech buzzwords; rather, it will concentrate on changing behaviors. Relate cybersecurity awareness to your staff members’ individual life. (And while you’re at it, teach them the best ways to keep themselves, their family, and their house safe. Odds are they don’t know and hesitate to ask).

To make security awareness training truly relevant, obtain employee ideas and motivate feedback. Step success – such as, did the variety of external links clicked by workers decrease? How about calls to tech assistance originating from security violations? Make the training prompt and real-world by consisting of recent rip-offs in the news; unfortunately, there are so many to select from.

In other words: Security awareness training isn’t fun, and it’s not a silver bullet. However, it is important for guaranteeing that risky staff member habits do not weaken your IT/CISO efforts to protect your network, devices, applications, and data. Make certain that you continually train your employees, and that the training works.

Charles Leaver – Feel The Excitement Of The Latest Splunk .conf

Published by:

Written By Josh Applebaum And Presented By Charles Leaver


Like so many of you, we’re still recuperating from Splunk.conf recently. As usual,. conf had terrific energy and the people who remained in participation were passionate about Splunk and the many usage cases that it offers through the large app ecosystem.

One crucial statement throughout the week worth discussing was a new security offering called “Content Updates,” which basically is pre-built Splunk searches for assisting to detect security events.

Basically, it has a look at the most recent attacks, and the Splunk security group produces new searches for how they would look through Splunk ES data to discover these types of attacks, and after that ships those brand-new searches to consumer’s Splunk ES environments for automatic notifications when seen.

The best part? Because these updates are using mainly CIM (Common Info Model) data, and Ziften populates a great deal of the CIM models, Ziften’s data is already being matched versus the new Content Updates Splunk has actually produced.

A fast demonstration revealed which vendors are adding to each type of “detection” and Ziften was pointed out in a great deal of them.

For instance, we have a current blog post that shares how Ziften’s data in Splunk is utilized to identify and react to WannaCry.

Overall, with the around 500 individuals who came by the booth over the course of.conf I have to say it was one of the very best occasions we have actually done in terms of quality discussions and interest. We had nothing but positive reviews from our thorough discussions with all walks of business life – from extremely technical experts in the public sector to CISOs in the monetary sector.

The most typical conversation usually began with, “We are just beginning to roll out Splunk and are new to the platform.” I like those, because people can get our Apps totally free and we can get them an agent to try out and it gets them something to use right out of the box to show value right away. Other folks were extremely skilled and actually liked our approach and architecture.

Bottom line: People are genuinely thrilled about Splunk and real services are offered to assist people with real problems!

Want to know more? The Ziften ZFlow App and Technology Add-on assists users of Splunk and Splunk ES usage Ziften-generated extended NetFlow from end points, servers, and cloud VMs to see what they are missing out on at the perimeters of their network, their data centers, and in their cloud implementations.

Charles Leaver – Find Out How Ziften Services Can Protect You

Published by:

Written By Josh Harriman And Presented By Charles Leaver


Having the correct tools to hand is a given in our industry. However having the right tools and services is one thing. Getting the best worth from them can be a challenge. Even with all the right intentions and properly experienced personnel, there can be spaces. Ziften Services can assist to fill those spaces and maintain your path for success.

Ziften Services can augment, or even straight-out lead your IT Operations and Security groups to better equip your company with 3 fantastic offerings. Every one is customized for a particular requirement and given the stats from a recent report by ESG (Enterprise Strategy Group) entitled “Trends in Endpoint Security Study”, which stated 51% of responders in the study said they will be deploying and using an EDR (endpoint detection and response) solution now and 35% of them plan to use managed services for the execution, proves the need is out there for appropriate services around these products and services. Therefore, Ziften is providing our services understanding that many companies lack the scale or competence to execute and completely use needed tools such as EDR.

Ziften services are as follows:

Ziften Assess Service
Ziften Hunt Service
Ziften Respond Service

While each of the three services cover a special purpose, the latter 2 are more complementary to each other. Let’s look at each in a bit more information to better comprehend the advantages.

Assess Service

This service covers both IT functional and security groups. To determine your success in proper documentation and adherence of procedures and policies, you need to begin with a good solid base line. The Assess services start by carrying out thorough interviews with key decision makers to actually comprehend exactly what is in place. From there, a Ziften Zenith release provides tracking and data collection of crucial metrics within client device networks, data centers and cloud deployments. The reporting covers asset management and performance, licensing, vulnerabilities, compliance and even anomalous habits. The result can cover a series of issues such as M&An assessments, pre cloud migration preparation and regular compliance checks.

Hunt Service

This service is a true 24 × 7 managed endpoint detection and response (MDR) offering. Organizations struggle to completely cover this crucial aspect to security operations. That could be because of minimal personnel or important proficiency in danger hunting techniques. Again, making use of the Ziften Zenith platform, this service utilizes continuous tracking across client devices, servers, cloud VMs supporting Windows, Mac OSX and Linux operating systems. Among the main results of this service is considerably minimizing risk dwell times within the environment. This has been talked about quite often in the past couple of years and the numbers are shocking, typically in the order of 100s of days that hazards remain hidden within organizations. You need somebody that can actively look for these enemies and even can retrospectively recall to past occasions to find behaviors you were not knowledgeable about. This service does use some hours of dedicated Incident Response as well, so you have all your bases covered.

Respond Service

When you are against the ropes and have a true emergency situation, this service is what you need. This is a tried and true IR group prepared for war 24 × 7 with a broad range of response tool sets at their disposal. You will get instant event examination and triage. Recommended actions line up with the seriousness of the threat and what response actions need to happen. The groups are extremely versatile and will work remotely or if required, can be on site where conditions necessitate. This could be your whole IR group, or will augment and mix right in with your current team.

At the end of the day, you require services to assist optimize your possibilities of success in today’s world. Ziften has three terrific offerings and desires all our clients to feel secured and aligned with the very best operational and security posture readily available. Please reach out to us so we can help you. It’s exactly what we love to do!

Charles Leaver – Dismiss Vulnerability Lifecycle Management At Your Peril

Published by:

Written By Dr Al Hartmann And Presented By Charles Leaver


The following heading hit the news last week on September 7, 2017:

Equifax Inc. today revealed a cyber security occurrence potentially impacting around 143 million U.S. consumers. Lawbreakers exploited a U.S. site application vulnerability to gain access to certain files. Based upon the business’s investigation, the unauthorized gain access to occurred from the middle of May through July 2017.

Lessons from Past Data Breaches

If you like your occupation, appreciate your role, and dream to maintain it, then don’t leave the door open up to enemies. A major data breach frequently begins with an unpatched vulnerability that is readily exploitable. Then the inevitable occurs, the hackers are inside your defenses, the crown jewels have actually left the building, the press releases fly, costly consultants and outside legal counsel rack up billable hours, regulators come down, lawsuits are flung, and you have “some serious ‘splainin’ to do”!

We are unsure if the head splainer in the present Equifax breach will endure, as he is still in ‘splainin’ mode, asserting the breach started with the exploitation of an application vulnerability.

In such cases the typical rhumba line of resignations is – CISO first, followed by CIO, followed by CEO, followed by the board of directors shakeup (particularly the audit and corporate duty committees). Do not let this happen to your career!

Steps to Take Now

There are some commonsense steps to take to avert the unavoidable breach disaster arising from unpatched vulnerabilities:

Take stock – Inventory all data and system assets and map your network topology and attached devices and open ports. Know your network, it’s segmentation, what devices are connected, what those devices are running, what vulnerabilities those systems and apps expose, what data assets they gain access to, the level of sensitivity of those assets, what defenses are layered around those assets, and exactly what checks are in place along all prospective access points.

Improve and toughen up – Implement best practices suggestions for identity and access management, network division, firewall software and IDS setups, os and application setups, database access controls, and data file encryption and tokenization, while streamlining and cutting the number and intricacy of subsystems across your business. Anything too complex to manage is too intricate to secure. Choose configuration hardening paradise over breach response hell.

Continuously monitor and scrutinize – Periodic audits are necessary but inadequate. Continuously monitor, track, and evaluate all relevant security occasions and exposed vulnerabilities – create visibility, event capture, analysis, and archiving of every system and session login, every application launch, every active binary and vulnerability exposure, every script execution, every command provided, every networking contact, every database transaction, and every delicate data access. Any holes in your security event visibility produce an attacker free-fire zone. Develop key efficiency metrics, track them ruthlessly, and drive for relentless improvement.

Don’t accept functional excuses for insufficient security – There are always safe and effective operational policies, but they may not be painless. Not suffering a devastating data breach is way down the organizational discomfort scale from the alternative. Functional expedience or running traditional or misaligned priorities are not valid reasons for extenuation of bad cyber practices in an intensifying threat environment. Lay down the law.

Charles Leaver – What You Need To Do After The Equifax Security Breach

Published by:

Written By Michael Levin And Presented By Charles Leaver

Equifax, among the three significant U.S. based credit reporting services just revealed a significant data breach where hackers have actually stolen delicate info from 143 million American customers.

Ways that the Equifax security infiltration WILL affect you:

– Personal – Your personal and family’s identity details is now known to hackers and will be targeted!

– Business – Your organizations may be affected and targeted.

– Nationally – Terrorist, Nation States and organized crime groups could be included or use this data to commit cybercrime to get financial gain.

Securing yourself is not complicated!

5 suggestions to protect yourself immediately:

– Sign up for a credit monitoring service and/or lock your credit. The quickest way to be notified that your credit is compromised is through a credit tracking service. Equifax has actually currently started the procedure of establishing free credit monitoring for those impacted. Other credit tracking services are readily available and need to be considered.

– Monitor all your financial accounts consisting of charge cards and all checking accounts. Make sure that all notices are turned on. Ensure you are receiving instant text and e-mail alerts for any modifications in your account or enhanced transactions or balances.

– Safeguard your bank and financial accounts, ensure that two-factor authentication is turned on for all accounts. Learn about 2 level authentication and turn it on for all financial accounts.

– Phishing e-mail messages can be your biggest everyday danger! Slow down when managing e-mail messages. Stop immediately clicking on every email link and attachment you get. Instead of clicking links and attachments in e-mail messages, go independently to the sites beyond the e-mail message. When you get an email, you were not anticipating from a name you acknowledge consider contacting the sender separately before you click on links or attachments.

– Strong passwords – consider changing all your passwords. Develop strong passwords and secure them. Utilize various passwords for your accounts.

Other Security Considerations:

– Backup all computers and update operating systems and software applications routinely.

– Social media security – Sharing excessive details on social media increases the danger that you will be taken advantage of. For instance, telling the world, you are on vacation with pictures opens the threat your house will be robbed.

– Secure your devices – Do not leave your laptop, phone or tablet unattended even for a second. Don’t leave anything in your vehicle you do not desire taken since it’s just a matter of time.

– Internet of things and device management – Understand how all your devices link to the Web and what information you are sharing. Examine security settings for all devices and be sure to include smart watches and fitness bands.

The value of training on security awareness:

– This is another cyber crime, where security awareness training can help to lower danger. Being aware of brand-new cyber crimes and scams in the news is a basic part of security awareness training. Ensuring that employees, family and friends know this fraud will greatly minimize the probability that you will be taken advantage of.

– Sharing new rip-offs and crimes you find out about in the news with others, is very important to ensure that the people you appreciate do not fall victim to these types of criminal activities.

Charles Leaver – You Need An Extensible Security Solution Not Generic One

Published by:

Written By Charles Leaver Ziften CEO


Whether you call them extensions, or call them personalizations – no matter what you call it, the best innovation platforms can be tailored to fit an organization’s specific business requirements. Generic operations tools are great at carrying out generic operations tasks. Generic security tools are great at attending to generic security obstacles. Generic can only take you so far, unfortunately, and that’s where extensibility steps in.

Extensibility turns up often when I’m speaking with clients and possible clients, and I’m proud that a Global 10 company selected Ziften over everybody else in the marketplace primarily on that basis. For that customer, and numerous others, the capability to deeply personalize platforms is a need.

This isn’t really about merely creating customized reports or customized signals. Let’s be sincere – the ability to produce reports are baseline ability of lots of IT operations and security management tools. Real extensibility goes deep into the service to offer it capabilities that solve genuine issues for the company.

One customer used lots of mobile IoT devices, and needed to have our Zenith real time visibility and control system have the ability to access (and track) the memory of those devices. That’s not a standard function provided by Zenith, due to the fact that our low-footprint agent doesn’t hook into the operating system kernel or work through basic device drivers. Nevertheless, we dealt with the client to personalize Zenith with that capability – and it ended up being easier than anyone imagined.

Another client looked at the standard set of endpoint data that the agent gathers, and wanted to include additional data fields. They also wished to setup the administrative console with custom-made actions utilizing those data fields, and press those actions back out to those end points. No other endpoint monitoring and security option was able to offer the facilities for including that functionality other than Ziften.

In addition, the customer developed those extensions themselves … and owns the code and intellectual property. It’s part of their own secret sauce, their own company differentiator, and unique to their company. They couldn’t be happier. And neither could we.

With numerous other IT operations and security systems, if customers want additional features or abilities, the only option is to submit that as a future feature demand, and hope that it appears in an approaching version of the solution. Till then, regrettable.

That’s not how we designed our flagship solutions, Zenith and ZFlow. Due to the fact that our end point agent isn’t really based upon device drivers or kernel hooks, we can allow for significant extensibility, and open that extensibility for clients to access directly.

Similarly, with our administrative consoles and back-end monitoring systems; anything is adjustable. This was integrated in right from the start.

Another aspect of personalization is that our real-time and historical visibility database can integrate into your other IT operations and security platforms, such as SIEM tools, hazard intelligence, IT ticketing system, task orchestration systems, and data analytics. With Zenith and ZFlow, there are no silos. Ever.

When it comes to endpoint tracking and management, extensions are significantly where it’s at. IT operations and enterprise security groups need the ability to personalize their tools platforms to fit their precise requirements for monitoring and managing IoT, conventional endpoints, the data center, and the cloud. In numerous customer discussions, our integrated extensibility has actually caused eyes to light up, and won us trials and deployments. Tell us about your customized needs, and let’s see exactly what we can do.

Charles Leaver – Video Reveals Our Endpoint Security Architecture

Published by:

Written By Mike Hamilton And Presented By Ziften CEO Charles Leaver


End Point security is all the rage these days. And there are great deals of various suppliers out there promoting their services in this market. However it’s in some cases hard to comprehend what exactly each vendor provides. What’s even more hard is to comprehend how each vendor service is architected to offer their services.

I think that the back-end architecture of whatever you pick can have a profound effect on the future scalability of your application. And it can produce lots of unforeseen work and costs if you’re not mindful.

So, in the spirit of transparency, and due to the fact that we believe our architecture is not the same, distinct and powerful, we welcome all end point security suppliers to “show us your architecture”.

I’ll get the ball rolling in the following video where I reveal to you the Ziften architecture, and a few of what I think about legacy architectures for comparison. Specifically, I’ll talk about:

– Ziften’s architecture designed utilizing next gen cloud principles.
– One company’s peer-to-peer “mish-mash” architecture.
– Legacy hub-spoke-hub architectures.

I have actually shown you the power of our truly cloud-based platform. Now it’s my competitor’s turn. What are you waiting for folks – show us your architectures!

Charles Leaver – Risk And Security Require Proper Management

Published by:

Written By Roark Pollock And Presented By Charles Leaver Ziften CEO


Danger management and security management have long been dealt with as separate functions frequently carried out by different practical teams within a company. The acknowledgment of the requirement for constant visibility and control across all assets has actually increased interest in trying to find commonalities in between these disciplines and the schedule of a brand-new generation of tools is allowing this effort. This conversation is very current provided the continued trouble most business companies experience in attracting and keeping qualified security personnel to handle and safeguard IT infrastructure. An unification of activity can assist to much better utilize these important personnel, minimize expenses, and assist automate response.

Historically, risk management has actually been viewed as an attack mandate, and is generally the field of play for IT operations groups. Often described as “systems management”, IT operations groups actively carry out device state posture monitoring and policy enforcement, and vulnerability management. The objective is to proactively reduce potential threats. Activities that further risk reduction and that are performed by IT operations consist of:

Offensive Threat Mitigation – Systems Management

Asset discovery, inventory, and revitalize

Software discovery, usage tracking, and license justification

Mergers and acquisition (M&A) threat evaluations

Cloud workload migration, monitoring, and enforcement

Vulnerability evaluations and patch installs

Proactive help desk or systems analysis and problem response/ repair work

On the other side of the field, security management is viewed as a defensive strategy, and is normally the field of play for security operations teams. These security operations teams are normally responsible for threat detection, event response, and remediation. The goal is to respond to a danger or a breach as quickly as possible in order to minimize effects to the organization. Activities that fall directly under security management which are performed by security operations include:

Defensive Security Management – Detection and Response

Threat detection and/or hazard searching

User habits monitoring / insider threat detection and/or searching

Malware analysis and sandboxing

Incident response and hazard containment/ removal

Lookback forensic investigations and root cause determination

Tracing lateral risk movements, and further threat removal

Data exfiltration determination

Successful businesses, naturally, need to play both offense AND defense equally well. This requirement is pressing organizations to acknowledge that IT operations and security operations have to be as lined up as possible. Thus, as much as possible, it assists if these 2 teams are playing using the very same playbook, or at least working with the very same data or single source of truth. This indicates both teams ought to make every effort to utilize a few of the same analytic and data collection tools and methods when it concerns managing and securing their endpoint systems. And if organizations rely on the same personnel for both tasks, it definitely assists if those people can pivot between both jobs within the same tools, leveraging a single data set.

Each of these offensive and defensive tasks is vital to securing a company’s copyright, credibility, and brand name. In fact, managing and focusing on these tasks is what frequently keeps CIOs and CISOs up at night. Organizations must recognize chances to line up and consolidate groups, innovations, and policies as much as possible to ensure they are focused on the most immediate need along the current risk and security management spectrum.

When it concerns handling endpoint systems, it is clear that organizations are approaching an “all the time” visibility and control design that enables continuous danger assessments, constant threat monitoring, as well as constant performance management.

Thus, organizations need to look for these 3 essential abilities when examining brand-new endpoint security systems:

Solutions that offer “all the time” visibility and control for both IT operations teams and security operations groups.

Solutions that offer a single source of truth that can be used both offensively for danger management, and defensively for security detection and response.

Architectures that quickly integrate into current systems management and security tool environments to deliver even greater value for both IT and security teams.

Charles Leaver – What Happened At Black Hat And Defcon 2017

Published by:

Written by Michael Vaughn And Presented By Ziften CEO Chuck Leaver


Here are my experiences from Black Hat 2017. There is a slight addition in approaching this year’s summary. It is really in part because of the theme of the opening presentation given by Facebook’s Chief Security Officer, Alex Stamos. Stamos predicted the value of re-focusing the security neighborhood’s efforts in working much better together and diversifying security solutions.

“Working better together” is relatively an oxymoron when analyzing the mass competitiveness amongst numerous security businesses fighting for customers throughout Black Hat. Based off Stamos’s messaging throughout the opening presentation this year, I felt it important to add a few of my experiences from Defcon too. Defcon has traditionally been an event for finding out and includes independent hackers and security specialists. Last week’s Black Hat theme concentrated on the social element of how companies ought to get along and genuinely assist others and one another, which has actually always been the overlying message of Defcon.

Individuals arrived from all over the world this time:

Jeff Moss, aka ‘Dark Tangent’, the founder of Black Hat and Defcon, likewise wishes that to be the style: Where you seek to assist individuals get knowledge and learn from others. Moss wants guests to remain ‘great’ and ‘helpful’ throughout the conference. That is on par with what Alex Stamos from Facebook conveyed in his keynote about security companies. Stamos asked that all of us share in the duty of assisting those that can not help themselves. He likewise raised another valid point: Are we doing enough in the security industry to really assist individuals instead of simply doing it to make a profit? Can we accomplish the goal of truly helping people? As such is the juxtaposition of the 2 occasions. The main differences in between Black Hat and Defcon is the more business consistency of Black Hat (from vendor hall to the presentations) to the true hacker community at Defcon, which showcases the innovative side of what is possible.

The company I work for, Ziften, supplies Systems and Security Operations software – giving IT and security groups visibility and control across all endpoints, on or off a corporate network. We likewise have a pretty sweet sock video game!

Lots of attendees showed off their Ziften assistance by adorning previous year Ziften sock styles. Looking great, feeling excellent!

The concept of joining forces to fight against the corrupt is something most attendees from around the world welcome, and we are not any different. Here at Ziften, we aim to really assist our consumers and the community with our solutions. Why offer or count on a solution which is limited to just exactly what’s inside package? One that offers a single or handful of particular functions? Our software application is a platform for integration and supplies modular, individualistic security and functional options. The entire Ziften group takes the imagination from Defcon, and we motivate ourselves to try and build new, custom features and forensic tools where traditional security businesses would shy away from or simply stay consumed by day-to-day jobs.

Delivering all the time visibility and control for any asset, anywhere is one of Ziften’s primary focuses. Our unified systems and security operations (SysSecOps) platform empowers IT and security operations teams to quickly fix endpoint problems, minimize total danger posture, speed hazard response, and increase operations productivity. Ziften’s protected architecture delivers continuous, streaming endpoint tracking and historic data collection for enterprises, federal governments, and managed security companies. And sticking with 2017’s Black Hat style of collaborating, Ziften’s partner integrations extend the worth of incumbent tools and fill the spaces in between siloed systems.

The press is not allowed to take images of the Defcon crowd, but I am not the press and this was prior to going into a badge required area:P The Defcon masses and hooligans (Defcon mega-bosses wearing red shirts) were at a dead stop for a strong twenty minutes awaiting initial access to the four huge Track meeting rooms on opening day.

The Voting Machine Hacking Village got a great deal of attention at the event. It was intriguing but nothing brand-new for veteran participants. I suppose it takes something noteworthy to amass attention around specific vulnerabilities.? All vulnerabilities for most of the talks and specifically this town have already been divulged to the correct authorities prior to the occasion. Let us know if you require help locking down any of these (looking at you government folks).

More and more personal data is appearing to the public. For example, Google & Twitter APIs are easily and openly available to query user data metrics. This data is making it much easier for hackers to social engineer focused attacks on individuals and particularly persons of power and rank, like judges and executives. This discussion titled, Dark Data, showed how a simple yet brilliant de-anonymization algorithm and some data made it possible for these 2 white hats to identify people with extreme precision and discover extremely personal details about them. This must make you think twice about what you have actually set up on your systems and individuals in your work environment. The majority of the above raw metadata was collected through a popular browser add-on. The fine tuning occurred with the algothrim and public APIs. Do you know what internet browser add-ons are running in your environment? If the response is no, then Ziften can assist.

This discussion was clearly about exploiting Point-of-Sale systems. Although rather humorous, it was a little frightening at the speed at which one of the most commonly used POS systems can be hacked. This specific POS hardware is most commonly used when leaving payment in a taxi. The base operating system is Linux and although on an ARM architecture and protected by tough firmware, why would a business risk leaving the security of client charge card details solely in the hands of the hardware vendor? If you look for additional defense on your POS systems, then don’t look beyond Ziften. We secure the most frequently used enterprise operating systems. If you want to do the fun thing and set up the computer game Doom on one, I can send you the slide deck.

This man’s slides were off the charts exceptional. What wasn’t excellent was how exploitable the MacOS is during the installation process of typical applications. Generally each time you set up an application on a Mac, it needs the entry of your escalated privileges. But what if something were to somewhat modify code a moment prior to you entering your Administrator credentials? Well, most of the time, most likely something bad. Worried about your Mac’s running malware clever enough to detect and alter code on typical susceptible applications prior to you or your user base entering credentials? If so, we at Ziften Technologies can help.

We help you by not replacing all of your toolset, although we typically discover ourselves doing simply that. Our objective is to use the guidance and existing tools that work from numerous suppliers, guarantee they are running and installed, ensure the perscribed hardening is undoubtedly undamaged, and ensure your operations and security teams work more efficiently together to attain a tighter security matrix throughout your environment.

Secret Takeaways from Black Hat & Defcon 2017:

1) Stronger together

– Alex Stamos’s keynote
– Jeff Moss’s message
– Visitors from all over the world interacting
– Black Hat ought to keep a friendly community spirit

2) Stronger together with Ziften

– Ziften plays great with other software application vendors

3) Popular current vulnerabilities Ziften can assist prevent and solve

– Point-of-Sale accessing
– Voting machine tampering
– Escalating MacOS privileges
– Targeted private attacks

Charles Leaver – Who Would Have Thought That Watching A Movie With Subtitles On Your Device Would Be A Security Risk?

Published by:

Written By Josh Harriman And Presented By Charles Leaver Ziften CEO


Do you like seeing motion pictures with trendy apps like VLC or Kodi on your devices or SmartTV? How about requiring or wanting subtitles with those films and simply getting the latest pack from OpenSubtitles. No problem, seems like an excellent night at home. Problem is, in accordance with a research study by Check Point, there could be a nasty surprise waiting for you.

For the hackers to take control of your ‘world’, they require a vector or some method to acquire entry to your system. There are some typical ways that takes place nowadays, such as creative (and not so creative) social engineering techniques. Getting e-mails that appear to come from buddies or co-workers which were spoofed and you opened an attachment, or went to some site and if the stars lined up, you were pwned. Normally the star alignment part is not that difficult, only that you have some vulnerable software application running that can be accessed.

Since the trick is getting users to cooperate, the target audience can sometimes be tough to find. However with this most current research posted, several of the significant media players have an unique vulnerability when it concerns accessing and decoding subtitle plans. The 4 main media giants noted in the post are fixed to date, but as we have seen in the past (simply take a look at the current SMB v1 vulnerability concern) even if a repair is offered, doesn’t suggest that users are updating. The research has likewise omitted to reveal the technical information around the vulnerability as to enable other vendors time to patch. That is a great sign and the correct approach I believe researchers ought to take. Notify the supplier so they can fix the problem in addition to announce it publicly so ‘we the people’ are notified and know exactly what to look out for.

It’s tough to stay up to date with the several ways you can get contaminated, but at least we have researchers who tirelessly attempt to ‘break’ things to find those vulnerabilities. By carrying out the proper disclosure approaches, they help everyone delight in a much safer experience with their devices, and in this case, an excellent night in watching films.