Charles Leaver – How You Can Prevent Operational Issues Becoming Security Problems

Published by:

Written By Dr Al Hartmann And Presented By Ziften CEO Charles Leaver


Get Back To Fundamentals With Hygiene And Avoid Serious Problems

When you were a child you will have been taught that brushing your teeth properly and flossing will prevent the need for pricey crowns and root canal procedures. Basic health is way simpler and far cheaper than disregard and disease. This very same lesson is applicable in the realm of enterprise IT – we can run a sound operation with correct endpoint and network hygiene, or we can deal with increasing security issues and disastrous data breaches as lax health extracts its difficult toll.

Operational and Security Issues Overlap

Endpoint Detection and Response (EDR) tools like those we have created here at Ziften provide analytic insight into system operation across the enterprise endpoint population. They likewise provide endpoint derived network operation insights that substantially broaden on wire visibility alone and extend into cloud and virtual environments. These insights benefit both security and operations groups in significant ways, given the considerable overlap between functional and security concerns:

On the security side, EDR tools supply important situational awareness for incident response. On the operational side, EDR tools offer essential endpoint visibility for functional control. Critical situational awareness requires a baseline understanding of endpoint population operating norms, which understanding facilitates appropriate operational control.

Another method to explain these interdependencies is:

You can’t secure what you do not manage.
You can’t manage what you do not measure.
You cannot measure what you do not monitor.

Managing, measuring, and monitoring has as much to do with the security role as with the operational role, do not attempt to split the infant. Management indicates adherence to policy, that adherence should be determined, and functional measurements constitute a time series that must be tracked. A couple of sparse measurements of crucial dynamic time series does not have interpretive context.

Tight security does not make up for lax management, nor does tight management make up for lazy security. [Check out that once more for emphasis.] Objective execution imbalances here lead to unsustainable inefficiencies and scale difficulties that inevitably cause major security breaches and functional shortages.

Where The Areas Overlap

Substantial overlaps between functional and security issues include:

Configuration hardening and standard images
Group policy
Cloud management and application control
Network segmentation and management
Data security and file encryption
Asset management and device restore
Management of mobile devices
Management of logs
Backups and data restore
Vulnerability and patch management
Identity management
Access management
Worker continuous cyber awareness training

For instance, asset management and device restore in addition to backup and data restore are likely operational team responsibilities, but they become major security problems when ransomware sweeps the network, bricking all devices (not simply the typical endpoints, but any network connected devices such as printers, badge readers, security cams, network routers, medical imaging devices, industrial control systems, and so on). What would your enterprise response time be to reflash and refresh all device images from scratch and restore their data? Or is your contingency strategy to without delay stuff the aggressors’ Bitcoin wallets and hope they haven’t exfiltrated your data for more extortion and money making. And why would you unload your data restore duty to a criminal syndicate, blindly trusting in their perfect data restoration integrity – makes definitely zero sense. Operational control duty rests with the business, not with the enemies, and may not be shirked – shoulder your duty!

For another example, basic image construction using finest practices setup hardening is clearly a joint responsibility of operations and security staff. In contrast to ineffective signature-based endpoint protection platforms (EPP), which all large business breach victims have long had in place, configuration hardening works, so bake it in and constantly revitalize it. Also consider the needs of business personnel whose job function demands opening of unsolicited email attachments, such as resumes, invoices, legal notifications, or other required files. This should be performed in a cloistered virtual sandbox environment, not on your production endpoints. Security staff will make these decisions, but operations personnel will be imaging the endpoints and supporting the staff members. These are shared duties.

Example Of Overlap:

Use a safe environment to detonate. Do not utilize production endpoints for opening unsolicited but necessary email files, like resumes, invoices, legal notices, etc

Focus Limited Security Resources on the Tasks Just They Can Perform

Many large businesses are challenged to successfully staff all their security roles. Left unaddressed, deficiencies in functional effectiveness will stress out security staff so quickly that security roles will always be understaffed. There will not be enough fingers on your security team to jam in the multiplying holes in the security dike that lax or inattentive endpoint or network or database management creates. And it will be less hard to staff operational roles than to staff security roles with gifted experts.

Offload regular formulaic activities to operations personnel. Concentrate restricted security resources on the jobs only they can perform:

Staffing of the Security Operations Center (SOC)
Preventative penetration screening and red teaming
Reactive occurrence response and forensics
Proactive attack hunting (both external and insider).
Security oversight of overlapping functional roles (making sure existing security mindset).
Security policy development and stake holder buy-in.
Security architecture/tools/methodology design, selection, and advancement.

Enforce disciplined operations management and focus minimal security resources on important security roles. Then your business might prevent letting operations issues fester into security issues.


Charles Leaver – Security Fabric Is All The Buzz At Conference Fortinet Accelarate 2017

Published by:

Written By Josh Applebaum And Presented By Ziften CEO Charles Leaver

The Fortinet Accelerate 2017 conference was held just recently in Las Vegas. Ziften has sponsored Fortinet’s annual International Partner Conference for the second time, and it was a pleasure to be in attendance! The energy at the show was noticeable, and this was not due to the energy drinks you constantly see individuals carting around in Las Vegas. The buzz and energy was contributed by an essential theme the entire week: the Fortinet Security Fabric.

The theme of Fortinet’s Security Fabric is basic: take the disparate security “point products” that an organization has released, and link them to leverage the deep intelligence each item has in their own security vault to offer a combined end-to-end security blanket over the whole organization. Though Fortinet is generally thought of as a network security business, their method to providing a complete security service spans more than the traditional network to include endpoints, IoT devices, as well as the cloud. By exposing APIs to the Fabric Ready partners along with making it possible for the exchange of actionable threat intelligence, Fortinet is creating a path for a more collective strategy throughout the whole security market.

It is revitalizing to see that Fortinet has the exact same beliefs as we have at Ziften, which is that the only way that we as an industry are going to reach (and go beyond) the hackers is through integration and collaboration throughout all reaches of security, no matter which vendor supplies each part of the overall service. This is not an issue we are going to solve on our own, however rather one that will be fixed through a combined approach like the one set out by Fortinet with their Security Fabric. Ziften is proud to be a founding member of Fortinet’s Fabric Ready Alliance program, combining our unique approach to endpoint security with Fortinet’s “think different” mindset of what it implies to integrate and collaborate.

Throughout the week, Fortinet’s (really enthusiastic) channel partners had the chance to walk the show floor to see the incorporated solutions provided by the numerous innovation partners. Ziften showcased their combinations with Fortinet, containing the integration of our service with Fortinet’s FortiSandbox.

The Ziften service collects unknown files from endpoints (clients or servers running OS X, Linux or Windows) and submits them to the FortiSandbox for detonation and analysis. Outcomes are immediately fed back into Ziften for informing, reporting, and (if possible) automated mitigation actions.

It was interesting to see that the Fortinet channel partners clearly got the value of a Security Fabric approach. It was clear to them, as well as Ziften, that the Security Fabric is not a marketing trick, but rather a real method assembled by, and led by, Fortinet. While this is only the start of Fortinet’s Security Fabric story, Ziften is excited to team up with Fortinet and enjoy the story continue to unfold!

Charles Leaver – Discover Cyber Espionage Strategies That Will Occur In 2017

Published by:

Written By Jesse Sampson And Presented By Ziften CEO Charles Leaver


There is a lot of controversy at this time about the hacking hazard from Russia and it would be simple for security experts to be excessively concerned about cyber espionage. Since the goals of any cyber espionage project determine its targets, Ziften Labs can help answer this concern by diving into the reasons states conduct these campaigns.

Very recently, the three significant United States intelligence agencies launched a comprehensive declaration on the activities of Russia related to the 2016 United States elections: Assessing the Activities of Russia and Intentions in Recent United States Elections (Activities and Intents). While some doubters remain skeptical by the new report, the dangers identified by the report that we cover in this post are compelling adequate to demand evaluation and reasonable countermeasures – in spite of the near impossibility of incontrovertibly determining the source of the attack. Obviously, the official Russian position has been winking denial of hacks.

“Typically these type of leaks take place not due to the fact that cyber attackers broke in, however, as any specialist will inform you, since somebody just forgot the password or set the basic password 123456.” German Klimenko, Putin’s leading Web adviser

While agencies get panned for governmental language like “high confidence,” the considered rigor of instructions like Activities and Intentions contrasts with the headline grabbing “1000% certainty” of a mathematically-disinclined media hustler like Julian Assange.

Activities and Intents is most perceptive when it finds the use of hacking and cyber espionage in “diverse” Russian doctrine:

” Moscow’s use of disclosures throughout the United States election was unmatched, however its influence project otherwise followed a time tested Russia messaging strategy that blends covert intelligence operations – like cyber activities – with obvious efforts by Russian Federal government agencies, state funded media, third party intermediaries, and paid social media users or “giants.”

The report is at its weakest when evaluating the intentions behind the doctrine, a.k.a. method. Aside from some incantations about fundamental Russian hostility to the liberal democratic order, it claims that:.

” Putin most likely wished to reject Secretary Clinton because he has actually openly blamed her since 2011 for prompting mass protests against his program in late 2011 and early 2012, and due to the fact that he holds a grudge for remarks he almost certainly viewed as disparaging him.”.

A more nuanced examination of Russian inspiration and their cyber symptoms will help us better plan security strategy in this environment. ZiftenLabs has recognized three major strategic imperatives at work.

First, as Kissinger would say, through history “Russia decided to see itself as a beleaguered station of civilization for which security could be discovered only through exerting its outright will over its neighbors (52)”. United States policy in the Bill Clinton era threatened this imperative to the expansion of NATO and dislocating economic interventions, possibly contributing to a Russian preference for a Trump presidency.

Russia has actually utilized cyber warfare techniques to protect its influence in previous Soviet territories (Estonia, 2007, Georgia, 2008, Ukraine, 2015).

Second, President Putin wants Russia to be an excellent force in geopolitics again. “Above all, we should acknowledge that the collapse of the Soviet Union was a significant geopolitical disaster of the century,” he said in 2005. Hacking identities of prominent people in political, academic, defense, technology, and other institutions that operatives might leak to humiliating or outrageous result is a simple way for Russia to discredit the United States. The perception that Russia can affect election results in the US with a keystroke calls into question the legitimacy of US democracy, and muddles discussion around similar problems in Russia. With other prestige-boosting efforts like leading the ceasefire talks in Syria (after leveling numerous cities), this technique could enhance Russia’s worldwide profile.

Finally, President Putin might have concerns about his the security of his position. In spite of extremely beneficial election results, in accordance with Activities and Objectives, demonstrations in 2011 and 2012 still loom large with him. With a number of regimes altering in his area in the 2000s and 2010s (he called it an “epidemic of disintegration”), some of which came about as a result of intervention by NATO and the US, President Putin is wary of Western interventionists who would not mind a similar result in Russia. A collaborated campaign might help discredit competitors and put the least aggressive prospects in power.

In light of these reasons for Russian hacking, who are the most likely targets?

Due to the overarching goals of discrediting the legitimacy of the US and NATO and assisting non-interventionist prospects where possible, government agencies, especially those with roles in elections are at greatest threat. So too are campaign organizations and other NGOs close to politics like think tanks. These have actually supplied softer targets for cyber criminals to gain access to sensitive information. This suggests that agencies with account information for, or access to, prominent individuals whose details might lead to shame or confusion for US political, organizations, scholastic, and media organizations must be additionally careful.

The next tier of danger consists of vital infrastructure. While recent Washington Post reports of a compromised US electrical grid turned out to be over hyped, Russia actually has hacked power networks and perhaps other parts of physical infrastructure like oil and gas. Beyond critical physical infrastructure, innovation, financing, telecommunications, and media could be targeted as happened in Georgia and Estonia.

Lastly, although the intelligence agencies efforts over the past few months has actually caught some heat for providing “obvious” recommendations, everyone really would benefit from the pointers presented in the Homeland Security/FBI report, and in this post about solidifying your configuration by Ziften’s Dr Hartmann. With significant elections turning up this year in important NATO members France, the Netherlands and Germany, only one thing is certain: it will be a hectic year for Russian hackers and these recs need to be a top priority.

Charles Leaver – Enhance Your Security With Asset Management And Discovery

Published by:

Written By Roark Pollock And Presented By Charles Leaver CEO Ziften


Reputable IT asset management and discovery can be a network and security admin’s friend.

I do not have to inform you the apparent; all of us know a good security program begins with an audit of all the devices linked to the network. Nevertheless, preserving a current stock of every linked device utilized by employees and business partners is difficult. A lot more challenging is guaranteeing that there are no linked un-managed assets.

What is an Un-managed Asset?

Networks can have thousands of connected devices. These may consist of the following to name a few:

– User devices such as laptop computers, desktop PC’s, workstations, virtual desktop systems, bring your own devices (BYOD), cellular phones, and tablet devices.

– Cloud and Data center devices such as servers, virtual machines (VM), orphaned VM’s, containers, and storage systems.

– Networking devices such as switches, load balancers, firewalls, switches, and WiFi access points.

– Other devices such as printers, and more just recently – Internet of things (IoT) devices.

Unfortunately, a number of these connected devices might be unknown to IT, or not managed by IT group policies. These unidentified devices and those not handled by IT policies are referred to as “un-managed assets.”

The variety of un-managed assets continues to increase for many companies. Ziften finds that as many as 30% to 50% of all connected devices can be unmanaged assets in today’s business networks.

IT asset management tools are typically enhanced to identify assets such as computers, servers, load balancers, firewalls, and devices for storage utilized to provide enterprise applications to organization. Nevertheless, these management tools generally ignore assets not owned by the organization, such as BYOD endpoints, or user-deployed wireless access points. Even more uncomfortable is that Gartner asserts in “Beyond BYOD to IoT, Your Business Network Access Policy Should Change”, that IoT devices have actually gone beyond workers and visitors as the most significant user of the business network.1.

Gartner goes on to explain a brand-new pattern that will present even more unmanaged assets into the business environment – bring your own things (BYOT).

Essentially, employees bringing products which were designed for the wise home, into the office environment. Examples consist of clever power sockets, wise kettles, wise coffee machines, clever light bulbs, domestic sensors, wireless webcams, plant care sensing units, environmental protections, and eventually, home robots. Much of these things will be brought in by personnel seeking to make their working environment more congenial. These “things” can notice details, can be managed by apps, and can communicate with cloud services.1.

Why is it Crucial to Discover Un-managed Assets?

Quite simply, unmanaged assets produce IT and security blind spots. Mike Hamilton, SVP of Product at Ziften said, “Security begins with knowing what physical and virtual devices are connected to the corporate network. But, BYOD, shadow IT, IoT, and virtualization are making that more challenging.”.

These blind spots not just increase security and compliance danger, they can increase legal danger. Info retention policies developed to limit legal liability are not likely to be applied to digitally kept info included on unauthorized virtual, mobile and cloud assets.

Preserving an up-to-date stock of the assets on your network is vital to great security. It’s common sense; if you do not know it exists, you cannot know if it is secure. In fact, asset visibility is so crucial that it is a fundamental part of most information security frameworks including:

– SANS Critical Security Controls for efficient cyber defense: Developing an inventory of licensed and unapproved devices is number one on the list.

– Council on CyberSecurity Crucial Security Controls: Developing an inventory of authorized and unauthorized devices is the very first control in the prioritized list.

– NIST Details Security Constant Monitoring for Federal Info Systems and Organizations – SP 800-137: Information security constant monitoring is defined as maintaining continuous awareness of information security, vulnerabilities, and threats to support organizational danger management decisions.

– ISO/IEC 27001 Information Management Security System Requirements: The basic needs that all assets be clearly recognized and a stock of all important assets be prepared and kept.

– Ziften’s Adaptive Security Structure: The first pillar includes discovery of all your licensed and unapproved physical and virtual devices.

Factors To Consider in Evaluating Asset Discovery Solutions.

There are several techniques used for asset discovery and network mapping, and each of the methods have benefits and downsides. While examining the myriad tools, keep these two key considerations in mind:.

Continuous versus point-in-time.

Strong info security needs continuous asset identification despite exactly what approach is employed. However, lots of scanning strategies used in asset discovery take time to complete, and are thus carried out periodically. The drawback to point-in-time asset discovery is that transient systems may just be on the network for a quick time. Therefore, it is highly possible that these short-term systems will not be found.

Some discovery strategies can activate security notifications in network firewall software, intrusion detection systems, or infection scanning tools. Because these methods can be disruptive, identification is just carried out at regular, point-in-time periods.

There are, nevertheless, some asset discovery techniques that can be used continually to locate and recognize linked assets. Tools that offer continuous monitoring for un-managed assets can provide better un-managed asset discovery outcomes.

” Because passive detection operates 24 × 7, it will discover temporal assets that might just be periodically and quickly linked to the network and can send notifications when brand-new assets are spotted.”.

Passive versus active.

Asset identification tools offer intelligence on all found assets consisting of IP address, hostname, MAC address, device producer, as well as the device type. This technology helps operations teams rapidly tidy up their environments, getting rid of rogue and unmanaged devices – even VM expansion. Nevertheless, these tools go about this intelligence gathering in a different way.

Tools that utilize active network scanning efficiently penetrate the network to coax actions from devices. These responses offer ideas that assist identify and fingerprint the device. Active scanning periodically takes a look at the network or a sector of the network for devices that are linked to the network at the time of the scan.

Active scanning can generally provide more in-depth analysis of vulnerabilities, malware detection, and setup and compliance auditing. Nevertheless, active scanning is performed occasionally because of its disruptive nature with security infrastructure. Unfortunately, active scanning risks missing out on short-term devices and vulnerabilities that occur between scheduled scans.

Other tools use passive asset identification strategies. Due to the fact that passive detection operates 24 × 7, it will identify temporal assets that may only be sometimes and briefly linked to the network and can send out alerts when brand-new assets are found.

In addition, passive discovery does not disturb delicate devices on the network, such as industrial control systems, and enables visibility of Web and cloud services being accessed from systems on the network. More passive discovery techniques prevent triggering alerts on security tools throughout the network.


BYOD, shadow IT, IoT, virtualization, and Gartner’s newly-coined BYOT indicate increasingly more assets on to the corporate network. Unfortunately, many of these assets are unknown or un-managed by IT. These unmanaged assets pose major security holes. Eliminating these un-managed assets from the network – which are even more likely to be “patient zero” – or bringing them up to business security standards greatly minimizes an organization’s attack surface and general risk. The good news is that there are solutions that can provide continuous, passive discovery of unmanaged assets.

Charles Leaver – Enterprise Antivirus Is Losing Its Touch

Published by:

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO


Dwindling Effectiveness of Enterprise Anti-virus?

Google Security Master Labels Antivirus Apps As Inadequate ‘Magic’.

At the current Kiwicon hacking conference in Wellington, New Zealand, Google’s Platform Integrity team manager Darren Bilby preached cyber-security heresy. Entrusted with investigation of extremely advanced attacks, including the 2009 Operation Aurora project, Bilby lumped business antivirus into a collection of inefficient tools set up to tick a compliance check box, however at the cost of real security:

We have to stop investing in those things we have revealed are not effective… Anti-virus does some helpful things, however in reality, it is more like a canary in a coal mine. It is worse than that. It’s like we are loafing around the dead canary stating ‘Thank god it inhaled all the dangerous gas.

Google security experts aren’t the first to weigh in against organization antivirus, or to draw uncomplimentary examples, in this case to a dead canary.

Another highly proficient security group, FireEye Mandiant, compared static defenses such as business anti-virus to that infamously stopped working World War II defense, the Maginot Line:

Like the Maginot Line, today’s cyber defenses are fast becoming a relic in today’s danger landscape. Organizations invest billions of dollars each year on IT security. But hackers are quickly outflanking these defenses with creative, fast moving attacks.

An example of this was offered by a Cisco managed security services executive speaking at a conference in Poland. Their team had actually identified anomalous activity on one of their business client’s networks, and reported the thought server compromise to the client. To the Cisco group’s awe, the customer just ran an antivirus scan on the server, discovered no detections, and placed it back into service. Horrified, the Cisco group conferenced in the customer to their monitoring console and had the ability to reveal the opponent conducting a live remote session at that very moment, complete with typing mistakes and reissue of commands to the compromised server. Lastly convinced, the client took the server down and completely re-imaged it – the enterprise anti-virus had been an useless interruption – it had actually not served the customer and it had actually not discouraged the opponent.

So Is It Time to Get Rid Of Organization Antivirus Already?

I am not yet ready to declare an end to the age of organization anti-virus. However I understand that organizations need to buy detection and response capabilities to match traditional anti-virus. But progressively I question who is matching whom.

Knowledgeable targeted enemies will always successfully evade anti-virus defenses, so against your biggest cyber threats, enterprise antivirus is basically useless. As Darren Bilby mentioned, it does do some beneficial things, but it does not supply the endpoint defense you require. So, don’t let it distract you from the highest concern cyber-security financial investments, and don’t let it distract you from security measures that do fundamentally assist.

Shown cyber defense procedures include:

Configuration hardening of networks and endpoints.

Identity management with strong authentication.

Application controls.

Constant network and endpoint monitoring, consistent caution.

Strong encryption and data security.

Staff training and education.

Continual risk re-assessment, penetration screening, red/blue teaming.

In contrast to Bilby’s criticism of organization anti-virus, none of the above bullets are ‘magic’. They are merely the continuous hard work of sufficient business cyber-security.

Charles Leaver – Learn About Cyber Attacks And Their Prevention

Published by:

Written By Charles Leaver CEO Ziften


No business, however little or large, is resistant from a cyberattack. Whether the attack is started from an outside source or from the inside – no organization is fully safeguarded. I have lost count of the number of times that executives from companies have stated to me, “why would anyone want to attack us?”

Cyberattacks Can Take Numerous Types

The proliferation of devices that can link to organization networks (laptop computers, cell phones and tablets) indicate an increased risk of security vulnerabilities. The objective of a cyber attack is to make use of those vulnerabilities.


One of the most common cyberattack approaches is the use of malware. Malware is code that has a harmful intent and can include infections, Trojans and worms. The goal with malware is frequently to steal sensitive data and even damage computer networks. Malware is often in the form of an executable file that will spread across your network.

Malware is becoming a lot more advanced, and now there is rogue malware that will masquerade itself as genuine security software that has been developed to protect your network.

Phishing Attacks

Phishing attacks are likewise common. Usually it’s an e-mail that is sent from an apparently “trusted authority” requesting that the user supply personal data by clicking on a link. A few of these phishing emails look really genuine and they have deceived a lot of users. If the link is clicked and data input the information will be taken. Today an increasing number of phishing emails can consist of ransomware.

Password Attacks

A password attack is one of the most basic types of cyberattacks. This is where an unapproved 3rd party will attempt to access to your systems by “cracking” the login password. Software applications can be used here to conduct brute force attacks to predict passwords, and mix of words utilized for passwords can be compared using a dictionary file.

If an attacker gains access to your network through a password attack then they can quickly release harmful malware and trigger a breach of your delicate data. Password attacks are among the simplest to prevent, and strict password policies can offer an extremely efficient barrier. Altering passwords regularly is also suggested.

Denial of Service

A Denial of Service (DoS) attack is everything about causing maximum interruption of the network. Attackers will send really high amounts of traffic through the network and typically make numerous connection demands. The result is an overload of the network and it will close down.

Several computers can be utilized by hackers in DoS attacks that will produce very significant levels of traffic to overload the network. Just recently the largest DoS attack in history utilized botnets versus Krebs On Security. Quite often, endpoint devices linked to the network such as PC’s and laptops can be pirated and will then add to the attack. If a DoS attack is experienced, it can have serious effects for network security.

Man in the Middle

Man in the middle attacks are attained by impersonating endpoints of a network throughout a details exchange. Details can be taken from the end user or even the server that they are communicating with.

How Can You Entirely Prevent Cyber Attacks?

Complete prevention of a cyber attack is not possible with present technology, but there is a lot that you can do to safeguard your network and your delicate data. It is very important not to think that you can simply buy and install a security software application suite and then sit back. The more advanced cyber bad guys know all of the security software services in the marketplace, and have developed techniques to overcome the safeguards that they offer.

Strong and regularly altered passwords is a policy that you should adopt, and is one of the simplest safeguards to implement. Encrypting your delicate data is another easy thing to do. Beyond setting up antivirus and malware security suites in addition to an excellent firewall program, you should make sure that regular backups remain in place and that you have a data breach event response/remediation strategy in case the worst occurs. Ziften helps businesses constantly monitor for dangers that might make it through their defenses, and take action right away to eliminate the danger completely.

Charles Leaver – Calling All Security Pros – You Can Migrate To The Cloud With Endpoint Visibility

Published by:

Written By Logan Gilbert And Posted By Charles Leaver Ziften CEO


Concerns Over Compliance And Security Keep Organizations From Cloud Migration

Migrating segments of your IT operations to the cloud can look like a huge task, and a harmful one at that. Security holes, compliance record keeping, the threat of introducing errors into your architecture … cloud migration provides a great deal of hairy concerns to handle.

If you have actually been leery about moving, you’re not alone – but aid is on the way.

When Evolve IP surveyed 1,000+ IT pros previously this year for their Adoption of Cloud Services North America report, 55% of those surveyed stated that security is their biggest fear about cloud adoption. For companies that do not currently have some cloud existence, the number was even higher – 70%. The next largest barrier to cloud adoption was compliance, pointed out by 40 percent of respondents. (That’s up eleven percent this year.).

However here’s the larger problem: If these issues are keeping your company out of the cloud, you can’t benefit from the efficiency and expense advantages of cloud services, which becomes a strategic obstacle for your whole organization. You need a method to move that also responds to issues about security, compliance, and operations.

Improved Security in Any Environment With Endpoint Visibility.

This is where endpoint visibility comes in. Having the ability to see exactly what’s happening with every endpoint provides you the visibility you have to enhance security, compliance, and functional performance when you move your data center to the cloud.

And I suggest any endpoint: desktop computer, laptop, mobile device, server, VM, or container.

As a long period of time IT professional, I understand the temptation to think you have more control over your servers when they’re locked in a closet and you’re the one who holds the keys. Even when you understand that segments of your environment count on kludges, they’re your kludges, and they’re stable. Plus, when you’re running your very own data center – unlike when you’re in the cloud – you can utilize network taps and an entire host of monitoring tools to take a look at traffic on the wire, determine a good deal about who’s speaking to whom, and fix your problems.

But that level of information fades in comparison to endpoint visibility, in the data center or in the cloud. The granularity and control of Ziften’s system offers you far more control than you could ever get with a network tap. You can spot malware and other problems anywhere (even off your network), separate them immediately, then track them back to whichever user, application, device, or process was the weak link in the chain. Ziften supplies the ability to perform lookback forensics and to rapidly fix issues in much less time.

Eliminating Your Cloud Migration Headaches.

Endpoint visibility makes a big distinction anytime you’re ready to move a segment of your environment to the cloud. By examining endpoint activity, you can establish a baseline stock of your systems, clear out unmanaged assets such as orphaned VMs, and hunt down vulnerabilities. That gets all assets safe and secure and steady within your very own data center before your relocate to a cloud provider like AWS or Azure.

After you’ve migrated to the cloud, ongoing visibility into each device, user, and application suggests that you can administer all parts of your infrastructure more effectively. You avoid wasting resources by preventing VM proliferation, plus you have a detailed body of data to please the audit requirements for NIST 800-53, HIPAA, and other compliance policies.

When you’re ready to relocate to the cloud, you’re not doomed to weak security, incomplete compliance, or functional SNAFUs. Ziften’s method to endpoint security gives you the visibility you require for cloud migration without the headaches.

Charles Leaver – Endpoint Security Visibility And Tools For Remedial Action

Published by:

Written By Logan Gilbert And Presented By Charles Leaver


Ziften helps with incident response, remediation, and examination, even for endpoints that are not connected to your network.

When incidents happen, security analysts need to act quickly and comprehensively.

With telecommuting labor forces and business “cloud” infrastructures, removal and analysis on an endpoint posture a really difficult task. Below, view how you can use Ziften to act on the endpoint and determine the source and proliferation of a compromise in minutes – no matter where the endpoints are located.

First, Ziften alerts you to destructive activities on endpoints and steers you to the reason for the alarm. In seconds, Ziften lets you take removal actions on the endpoint, whether it’s on the corporate network, a worker’s home, or the regional coffee bar. Any remediation action you ‘d normally perform via a direct access to the endpoint, Ziften provides through its web console.

Just that quickly, removal is looked after. Now you can use your security expertise to go risk searching and do a bit of forensics work. You can instantly dive into far more detail about the procedure that caused the alert; then ask those important questions to find how prevalent the issue is and where it spread from. Ziften provides detailed event remediation for security analysts.

See directly how Ziften can help your security team zero in on threats in your environment with our Thirty Days free trial.

Charles Leaver – CISO’s Take Note Of The OPM Data Breach Review

Published by:

Written by Dr Al Hartmann And Presented By Ziften CEO Chuck Leaver


Cyber attacks, attributed to the Chinese federal government, had breached sensitive workers databases and stolen data of over 22 million existing, former, and potential U.S. civil servants and members of their family. Stern warnings were disregarded from the Office of the Inspector General (OIG) to close down systems without current security authorization.

Presciently, the OIG particularly cautioned that failure to close down the unauthorized systems carried national security implications. Like the Titanic’s doomed captain who preserved flank speed through an iceberg field, the OPM reacted,

” We concur that it is important to maintain updated and valid ATO’s for all systems however do not believe that this condition rises to the level of a Material Weakness.”

In addition the OPM stressed that closing down those systems would imply a lapse in retirement and worker benefits and incomes. Given a choice in between a security lapse and an operational lapse, the OPM opted to operate insecurely and were pwned.

Then director, Katherine Archuleta, resigned her office in July 2015, a day after exposing that the scope of the breach significantly exceeded initial damage assessments.

Regardless of this high value info maintained by OPM, the agency failed to prioritize cybersecurity and properly safe and secure high value data.

Exactly what are the Lessons for CISO’s?

Reasonable CISO’s will want to avoid career immolation in a massive flaming data breach disaster, so let’s quickly evaluate the essential lessons from the Congressional report executive summary.

Prioritize Cyber Security Commensurate with Asset Worth

Have an effective organizational management structure to carry out risk-appropriate IT security policies. Chronic absence of compliance with security best practices and lagging suggestion implementation timelines are indications of organizational failure and bureaucratic atherosclerosis. Shake up the business or make preparations for your post-breach panel appearance prior to the inquisitors.

Don’t Endure a Complacent State of Info Security

Have the essential tracking in place to keep critical situational awareness, leave no visibility gaps. Do not fail to understand the scope or extent or gravity of attack indicators. Presume if you recognize attack signs, there are other indicators you are missing. While OPM was forensically monitoring one attack channel, another parallel attack went unseen. When OPM did do something about it the cyber attackers knew which attack had been spotted and which attack was still effective, quite valuable intelligence to the attacker.

Mandate Basic Needed Security Tools and Quickly Deploy State Of The Art Security Tools

OPM was incredibly negligent in executing mandated multi-factor authentication for privileged accounts and didn’t deploy readily available security technology that could have prevented or reduced exfiltration of their most important security background examination files.

For restricted data or control access authentication, the expression “password safeguarded” has actually been an oxymoron for many years – passwords are not security, they are an invitation to jeopardize. In addition to sufficient authentication strength, complete network monitoring and visibility is needed for avoidance of sensitive data exfiltration. The Congressional investigation blamed sloppy cyber hygiene and insufficient system traffic visibility for the hackers’ relentless existence in OPM networks.

Don’t Fail to Intensify the Alarm When Your Critically Delicate Data Is Being Attacked

In the OPM breach, observed attack activity “ought to have sounded a high level multi-agency national security alarm that a sophisticated, persistent actor was looking to access OPM’s highest value data.” Instead, absolutely nothing of consequence was done “until after the agency was significantly compromised, and up until after the agency’s most sensitive info was lost to nefarious actors.” As a CISO, activate that alarm in good time (or practice your panel appearance face).

Finally, don’t let this be said of your enterprise security posture:

The Committee received documents and testaments proving OPM’s information security posture was undermined by an incredibly unsecured IT environment, internal politics and bureaucracy, and inappropriate top priorities related to the deployment of security tools that slowed essential security choices.

Charles Leaver – If You Plan To Migrate To The Cloud Make Sure You Have Visibility

Published by:

Written By Charles Leaver CEO Ziften


What Concerns Business CISOs When Migrating To The Cloud

Moving to the cloud offers a variety of advantages to enterprise companies, but there are real security concerns that make switching over to a cloud environment worrisome. What CISOs desire when moving to the cloud is constant insight into that cloud environment. They require a way to monitor and measure threat and the self-confidence that they have the correct security controls in place.

Enhanced Security Risk

Migration to the cloud indicates using managed IT services and lots of people believe this indicates relinquishing a high level of visibility and control. Although the leading cloud companies utilize the most recent security technology and file encryption, even the most current systems can stop working and expose your delicate data to the hackers.

In reality, cloud environments are subject to comparable cyber dangers as private enterprise data centers. However, the cloud is becoming a more appealing target due to the considerable amount of data that has actually been stored on servers in the cloud.

Attackers understand that enterprises are gradually moving to the cloud, and they are currently targeting cloud environments. Alert Logic, a security as a service provider, released a report that concluded that those who make IT decisions should not presume that their data that is stored off site is harder for cyber bad guys to obtain.

The report went on to state that there had actually been a 45% boost in application attacks against deployments in the cloud. There had actually also been a boost in attack frequency on organizations that store their infrastructure in the cloud.

The Cloud Is a Jackpot

With the shifting of important data, production workloads, and applications to cloud environments these discoveries should not come as a surprise. A statement from the report stated, “… hackers, like everyone else, have a limited amount of time to complete their task. They want to invest their time and resources into attacks that will bear the most fruit: businesses utilizing cloud environments are mainly considered that fruit bearing jackpot.”

The report also recommends that there is a mistaken belief within organizations about security. A variety of organization decision makers were under the impression that as soon as a cloud migration had actually happened then the cloud provider would be completely accountable for the security of their data.

Security in The Cloud Has to Be A Shared Responsibility

All organizations should take responsibility for the security of their data whether it is hosted on site or in the cloud. This responsibility can not be totally relinquished to a cloud business. If your company suffers from a data breach while utilizing cloud management services, it is not likely that you would be able to avert obligation.

It is vital that every organization totally understands the environment and the threats that are associated with cloud management. There can be a myriad of legal, monetary, commercial, and compliance threats. Prior to moving to the cloud make sure to inspect agreements so that the supplier’s liability is totally comprehended if a data breach were to take place.

Vice president of Alert Logic Will Semple said, “the secret to safeguarding your vital data is being knowledgeable about how and where along the ‘cyber kill chain’ assailants infiltrate systems and to use the best security tools, practices and financial investment to combat them.”

Cloud Visibility Is The Key

Whether you are utilizing cloud management services or are hosting your own infrastructure, you require complete visibility within your environment. If you are thinking about the migration of part – or all – of your environment to the cloud then this is necessary.

After a cloud migration has actually taken place you can depend on this visibility to monitor each user, device, application, and network activity for possible risks and possible hazards. Therefore, the administration of your infrastructure ends up being a lot more efficient.

Don’t let your cloud migration result in lesser security and incomplete compliance. Ziften can help maintain cloud visibility and security for your existing cloud deployments, or future cloud migrations.