Written By Michael Pawloski And Presented By Ziften CEO Charles Leaver

The Consumers Of Comcast Are Victims Of Data Exfiltration and Shared Hacks Via Other Companies

The private information of roughly 200,000 Comcast customers was jeopardized on November 5th 2015. Comcast was required to make this announcement when it came to light that a list of 590,000 Comcast client emails and passwords could be acquired on the dark web for a token $1,000. Comcast argues that there was no security breach to their network but rather it was via past, shared hacks from other businesses. Comcast even more declares that just 200,000 of these 590,000 clients in fact still exist in their system.

Less than 2 months earlier, Comcast had currently been slapped with a $22 million fine over its unintentional publishing of nearly 75,000 consumers’ individual information. Somewhat ironically, these customers had actually specifically paid Comcast for “unlisted voice-over-IP,” a line item on the Comcast bill that stipulated that each consumer’s information would be kept private.

Comcast instituted a mass-reset of 200,000 consumer passwords, who may have accessed these accounts before the list was put up for sale. While a simple password reset by Comcast will to some extent safeguard these accounts going forward, this doesn’t do anything to protect those consumers who might have recycled the same e-mail and password mix on banking and charge card logins. If the customer accounts were accessed before being revealed it is definitely possible that other individual information – such as automated payment info and home address – were already acquired.

The conclusion to this: Assuming Comcast wasn’t attacked directly, they were the victim of various other hacks that contained data associated with their consumers. Detection and Response services like Ziften can avoid mass data exfiltration and frequently reduce damage done when these inevitable attacks happen.

Written By Josh Applebaum And Presented By Charles Leaver Ziften CEO

Experian Have to Learn from Past Errors And Implement A Continuous Monitoring Solution

Working in the security industry, I’ve always felt my job was hard to explain to the typical person. Over the last few years, that has altered. Sadly, we are seeing a brand-new data breach revealed every few weeks, with many more that are kept secret. These breaches are getting front page attention, and I can now explain to my friends exactly what I do without losing them after a couple of sentences. However, I still question exactly what it is we’re learning from all of this. As it turns out, numerous businesses are not learning from their own mistakes.

Experian, the international credit reporting firm, is a company with a lot to learn. Several months ago Experian revealed it had discovered its servers had been breached and that consumer data had been taken. When Experian revealed the breach they assured customers that “our consumer credit database was not accessed in this event, and no credit card or banking information was obtained.” Although Experian put in the time in their announcement to assure their clients that their financial info had not been taken, they elaborated further on what data really was taken: customers’ names, addresses, Social Security numbers, date of birth, driver’s license numbers, military ID numbers, passport numbers, and extra info utilized in T- Mobile’s own credit assessment. This is frightening for 2 reasons: the first is the kind of data that was stolen; the second is the fact that this isn’t really the first time this has actually happened to Experian.

Although the cyber criminals didn’t leave with “payment card or banking information” they did leave with individual data that could be exploited to open brand-new credit card, banking, and other monetary accounts. This in itself is a reason the T-Mobile customers involved should be concerned. Nevertheless, all Experian customers ought to be a little worried.

As it turns out, this isn’t the very first time the Experian servers have been jeopardized by hackers. In early 2014, T-Mobile had announced that a “fairly small” number of their consumers had their personal details stolen when Experian’s servers were breached. Brian Krebs has a very well-written post about how the hackers breached the Experian servers the first time, so we won’t get into too much detail here. In the very first breach of Experian’s servers, hackers had exploited a vulnerability in the organization’s support ticket system that was left exposed without first requiring a user to verify before utilizing it. Now to the frightening part: although it has actually ended up being widely known that the cyber attackers utilized a vulnerability in the organization’s support ticket system to gain access, it wasn’t until not long after the 2nd hack that their support ticket system was shut down.

It would be difficult to believe that it was a coincidence that Experian chose to close down their support ticket system mere weeks after they announced they had been breached. If this wasn’t a coincidence, then let’s ask: exactly what did Experian learn from the very first breach where consumers got away with sensitive consumer data? Companies who save their customers’ sensitive info need to be held accountable to not only protect their consumers’ data, but if also to guarantee that if breached they patch the holes that are discovered while investigating the attack.

When businesses are investigating a breach (or potential breach) it is essential that they have access to historic data so those investigating can try to piece back together the puzzle of how the attack unfolded. At Ziften, we offer a service that allows our customers to have a constant, real time view of the whole picture that takes place in their environment. In addition to providing real-time visibility for discovering attacks as they occur, our continuous monitoring system records all historical data to allow customers to “rewind the tape” and piece together what had occurred in their environment, regardless of how far back they have to look. With this brand-new visibility, it is now possible to not just learn that a breach took place, but to also learn why a breach happened, and hopefully learn from past mistakes to keep them from taking place again.

Written By Michael Vaughn And Presented By Charles Leaver Ziften CEO

Life is Too Short to Not Implement Endpoint Security.

Ashley Madison’s tagline is “Life is short. Have an affair.” It appears security falls very short at the company, nevertheless, as millions of customer records were blasted out for the entire world to see in a current cyber attack. Publicly, there are only theories as to who precisely breached the scandalous operation. It could have been an insider. Other parties, for example the infamous hacking group Impact Team, are claiming success over the red-lettered organization. But what appears is the publicly-published list of thirty two million user identities. Furthermore, CEO Noel Biderman lost his job, and the business is taking on an overwhelming variety of legal claims.

It has been discovered that bots were communicating with users, and the number of users consisted of just a small number of women. In a near-comedic fashion, the website still states it received a “Trusted Security Award” and provides total confidentiality for its users. Their claim of “Over 42,705,000 confidential members!” on the home page is as outrageous as the service they provide. The taken list of users is so easily available that 3rd parties have actually already created interactive websites with the names and addresses of the exposed cheaters. Per Ashley Madison’s media page, they “immediately introduced an extensive investigation using premier forensics experts and other security specialists to figure out the origin, methodology, and impact of this incident.” If Ashley Madison had actually been more proactive in their methods of endpoint security, they might have potentially been alerted of the cyber attack and stopped it before data might have been taken.

Advanced endpoint security and forensic applications – for example those provided by Ziften – could have potentially saved this company from the humiliation it has actually had to deal with. Not only might Ziften have actually alerted security officers of the suspect network events in the dead of night of a cyber attack, but it might have prevented a variety of actions on the database from being carried out, all while letting their security team sleep a little easier. Life is too short to let security concerns keep you awake during the night.

Written By David Shefter And Presented By Ziften CEO Charles Leaver

We are now residing in a new world of the Internet of Things (IoT), and the risk of cyber hazards and attacks grow significantly. As deployments develop, new vulnerabilities are emerging.

Symantec released a report this spring which examined 50 smart house devices and declared “none of the analyzed devices provided shared authentication between the client and the server.” Previously this summer season, analysts showed the capability to hack into a Jeep while it was driving on the highway, first controlling the radio, windshield wipers, a/c and finally cutting the transmission.

Typically, toys, tools, home appliance, and automobile producers have actually not needed to secure against external dangers. Manufacturers of medical devices, elevators, HVAC, electric, and plumbing infrastructure parts (all of which are likely to be linked to the Internet in the coming years) have not always been security conscious.

As we are all aware, it is challenging enough daily to secure PCs, mobile phones, servers, as well as the network, which have actually been through substantial security checking, evaluations and assessments for many years. How can you secure alarms, individual electronics, and house devices that seemingly come out daily?

To start, one must specify and think about where the security platforms will be implemented – hardware, software, network, or all the above?

Solutions such as Ziften listen to the network (from the device perspective) and utilize innovative machine-type learning to recognize patterns and scan for anomalies. Ziften presently provides a worldwide hazard analytics platform (the Ziften KnowledgeCloud), which has feeds from a variety of sources that allows review of 10s of millions of endpoint, binary, MD5, etc data today.

It will be an obstacle to release software onto all IoT devices, a lot of which use FPGA and ASIC designs as the control platform(s). They are typically included into anything from drones to automobiles to commercial and scada control systems. A large number of these devices operate on solid-state chips without a running os or x86 type processor. With insufficient memory to support advanced software, many merely can not support modern security software applications. In the realm of IoT, extra modification develops danger and a vacuum that strains even the most robust services.

Solutions for the IoT space need a multi-pronged technique at the endpoint, which incorporates desktops, laptop computers, and servers presently combined with the network. At Ziften, we currently deliver collectors for Windows, Linux, and OS X, supporting the core desktop, server, and network infrastructure which contains the intellectual property and assets that the attackers seek to obtain access to. After all, the criminals don’t actually want any information from the company refrigerator, but simply want to use it as a channel to where the important data resides.

However, there is an extra approach that we provide that can assist ease numerous existing concerns: scanning for anomalies at the network level. It’s believed that normally 30% of devices linked to a business network are unidentified IP’s. IoT trends will likely double that number in the next ten years. This is among the reasons connecting is not always an obvious choice.

As more devices are linked to the Web, more attack surfaces will emerge, leading to breaches that are much more harmful than those of email, financial, retail, and insurance – things that could even pose a threat to our way of living. Protecting the IoT has to make use of lessons learned from conventional enterprise IT security – and offer several layers, integrated to supply end-to-end robustness, capable of preventing and finding threats at every level of the emerging IoT value chain. Ziften can help from a wide variety of angles today and in the future.

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO


If you are not curious about BYOD then your users, particularly your executive users, probably will be. Being the most productive with the least effort is exactly what users want. Utilizing the most convenient, fastest, most familiar and comfortable device to do their work is the main objective. Also the convenience of using one device for both their work and personal activities is preferred.

The problem is that security and ease-of-use are diametrically opposed. The IT department would generally prefer complete ownership and control over all client endpoints. IT can disable admin rights and the client endpoint can be managed to a degree, such as just authorized applications being installed. Even the hardware can be limited to a specific footprint, making it much easier for IT to protect and manage.

But the control of their devices is exactly what BYOD advocates are fighting against. They wish to choose their hardware, apps and OS, and also have the liberty to set up anything they like, whenever they like.

This is tough enough for the IT security group, however BYOD can likewise greatly increase the quantity of devices accessing the network. Instead of a single desktop, with BYOD a user might have a desktop, laptop, mobile phone and tablet. This is an attack surface gone wild! Then there is the problem with smaller devices being lost or stolen or perhaps left in a bar under a cocktail napkin.

So what do IT specialists do about this? The first thing to do is to establish situational awareness of “trusted” client endpoints. With its minimalist and driverless agent, Ziften can supply visibility into the applications, versions, user activity and security/ compliance software which is really running on the endpoint. You can then restrict by enforceable policy what application, business network and data interaction can be performed on all other (“untrusted”) devices.

Client endpoints will invariably have security problems develop, like versions of applications that are vulnerable to attack, potentially hazardous processes and disabling of endpoint security measures. With the Ziften agent you will be made aware of these issues and you can then take restorative action with your existing system management tools.

Your users have to accept the reality that devices that are untrusted and too dangerous need to not be used to access organization networks, data and apps. Client endpoints and users are the source of most harmful exploits. There is no magic with present technology that will make it possible to access vital business assets with a device which is out of control.

Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO

After suffering a massive data breach at the Office of Management and Budget (OMB), agencies were ordered by Tony Scott, Federal Chief Information Officer, to take immediate and specific actions over the next 4 weeks to further enhance the security of their data and systems. For this big organization it was a vibrant step, however the lessons gained from software application development proved that acting quick or sprinting can make a lot of headway when approaching an issue in a small period of time. For large organizations this can be particularly real and the OMB is certainly large.

There were 8 principles that were concentrated on. We have broken these down and offered insight on how each principle could be more efficient in the timeframe to help the government make substantial inroads in just a month. As you would anticipate we are taking a look at things from the endpoint, and by reading the 8 principles you will find how endpoint visibility would have been essential to a successful sprint.

1. Protecting data: Better safeguard data at rest and in transit.

This is an excellent start, and rightly priority one, however we would certainly recommend to OMB to include the endpoint here. Numerous data defense systems forget the endpoint, however it is where data can be most vulnerable whether at rest or in transit. The group ought to inspect to see if they have the ability to assess endpoint software and hardware configuration, consisting of the existence of any data protection and system security agents, not forgetting Microsoft BitLocker configuration checking. And that is just the start; compliance checking of mandated agents should not be forgotten and it must be carried out continually, allowing for the audit reporting of percentage coverage for each agent.

2. Improving situational awareness: Enhance indication and warning.

Situational awareness resembles visibility; can you see what is in fact happening and where and why? And obviously this needs to be in real time. While the sprint is happening it must be confirmed that identity and tracking of logged-in users,, user focus activities, user existence indicators, active processes, network contacts with process-level attribution, system stress levels, notable log events and a myriad of other activity indicators throughout numerous thousands of endpoints hosting huge oceans of procedures is possible. THIS is situational awareness for both warning and indication.

3. Increasing cyber security proficiency: Guarantee a robust capability to recruit and keep cyber security personnel.

This is a difficulty for any security program. Discovering great talent is difficult and keeping it even more so. When you wish to attract this sort of skillset then encourage them by providing the latest tools for cyber battle. Make sure that they have a system that supplies complete visibility of what is happening at the endpoint and the whole environment. As part of the sprint the OMB must analyse the tools that are in place and check whether each tool changes the security group from the hunted to the hunter. If not then change that tool.

4. Boost awareness: Enhance total threat awareness by all users.

Threat awareness starts with efficient threat scoring, and luckily this is something that can be accomplished dynamically all the way to the endpoint and help with the education of every user. The education of users is a problem that is never ever complete, as confirmed by the high success of social engineering attacks. But when security teams have endpoint threat scoring they have concrete items to show to users to show where and how they are vulnerable. This real life situational awareness (see # 2) increases user understanding, along with offering the security group with accurate information on say, known software application vulnerabilities, cases of jeopardized credentials and insider attackers, along with constantly keeping track of system, user, and application activity and network points of contact, in order to use security analytics to highlight elevated risks leading to security staff triage.

5. Standardizing and automating processes: Reduce time required to manage configurations and patch vulnerabilities.

More protection should be required from security solutions, and that they are instantly deployable without tedious preparation, network standup or comprehensive personnel training. Did the solutions in place take longer than a couple of days to execute and require another full-time employee (FTE) or maybe 1/2 a FTE? If so you have to reassess those solutions due to the fact that they are probably hard to use (see # 3) and aren’t getting the job done that you need so you will have to improve the existing tools. Likewise, look for endpoint services that not only report software and hardware setups and active services and processes, but applies the National Vulnerability Database to report on actual running exposed vulnerabilities and after that associates a general vulnerability score for each endpoint to facilitate patching prioritization by over worked support personnel.

6. Controlling, containing and recovering from events: Contain malware expansion, privilege escalation, and lateral motion. Quickly determine and solve events and incidents.

The fast recognition and response to issues is the primary objective in the new world of cyber security. During their 30 day sprint, OMB should assess their solutions and make certain to discover innovations that can not just monitor the endpoint, however track every process that runs and all of its network contacts including user login efforts, to help with tracking of harmful software proliferation and lateral network motion. The data originated from endpoint command and control (C2) accesses related to major data breaches shows that about half of jeopardized endpoints do not host identifiable malware, heightening the significance of login and contact activity. The right endpoint security will monitor OMB data for long term analysis, considering that numerous indicators of compromise appear only after the occasion, or even long afterwards, while consistent hackers may silently lurk or remain inactive for extended periods of time. Attack code that can be sandbox detonated and identified within minutes is not indicative of sophisticated attackers. This ability to maintain clues and connect the dots throughout both spatial and temporal dimensions is vital to complete identification and total non-recidivist resolution.

7. Reinforcing systems lifecycle security: Boost fundamental security of platforms by buying more secure systems and retiring legacy systems in a prompt way.

This is a reputable goal to have, and an enormous challenge at a big organization such as OMB. This is another place where the right endpoint visibility can immediately determine and report endpoint software and hardware setups, operating system SKUs and patch levels, system stress levels, endpoint mishaps (such as application crashes or hangs, service failures, or system crashes), and other indicators of endpoints outliving their useful or secure life span. Now you have a full inventory list that you can focus on for retirement and replacement.

8. Reducing attack surfaces: Decrease the complexity and amount of things defenders have to secure.

If numbers 1 through 7 are done, and the endpoint is considered properly, this will be a big step in decreasing the attack risk. However, in addition, endpoint security can likewise really supply a visual of the actual attack surface. Think about the capability to quantify attack surface area, based upon a variety of unique binary images exposed across the entire endpoint population. For instance, our ‘Ziften Pareto analysis’ of binary image frequency statistics produces a typical “ski slope” distribution, with a long skinny distribution tail showing vast varieties of really unusual binary images (present on less than 0.1% of overall endpoints). Ziften determines attack surface area bloat factors, including application sprawl and version proliferation (which likewise intensifies vulnerability lifecycle management). Data from numerous customer deployments exposes outright bloat factors of 5-10X, compared with a firmly handled and disciplined endpoint population. Such lax endpoint management and bloated attack surface areas develops a target-rich attackers’ paradise.

The OMB sprint is an excellent reminder to all of us that good things can be achieved rapidly, however that it takes vision, not to mention visibility. Visibility, to the endpoint, will be a critical piece for OMB to think about as part of their 30-day sprint.

By Charles Leaver Ziften Technologies CEO

A a great deal of organizations have the belief that there is no need for them to pursue assiduous data loss prevention, they regard cyber attacks as either extremely unlikely to occur or have very little monetary effect if they do occur. There is a boost in the recorded cases of cyber attacks and advanced persistent risks have actually contributed to this complacency. These harmful attacks tend to avert conventional endpoint security software applications, and while they do not have the teeth of denial-of-service attacks, they have the potential to cause significant damage.

Over 67% of companies declare that they have not been the victims of a cyber attack in the last 18 months, or that they had little or no visibility into whether an attack had jeopardized their network according to Infosecurity. The coordinators of the survey were skeptical about the results and highlighted the numerous vulnerable desktop and mobile endpoints that are now very common in companies.

Security expert and survey organizer Tom Cross stated “Any system you link to the Internet is going to be targeted by attackers really rapidly thereafter.” “I would assert that if you’re not sure whether or not your company has had a security event, the possibilities are extremely high that the answer is yes.”

Around 16% said that they had experienced a DDoS attack over the same duration, and 18% reported malware infiltrations. In spite of this, the majority of the companies examined the effects as minor and not justifying the implementation of new endpoint security and control systems. Roughly 38% stated that they had actually not struggled with discovered security breaches, and only 20% were able to admit to monetary losses.

The loss of reputation was more prevalent, impacting around 25% of the respondents. Highlighting the possible effect of a cyber attack on finances and credibility, an incident at The University of Delaware resulted in 74,000 people having their sensitive data exposed, according to Amy Cherry, WDEL contributor. The hackers targeted the school’s site and scraped information about university identifications and Social Security Numbers, which made it supply complimentary credit monitoring of the affected parties.

Charles Leaver Ziften CEO Presents A Post By CTO David Shefter

If you are a company with 5000 or more workers, it is likely that your IT Security and Operations groups are overwhelmed with the degree of data they have to crawl through for simply a small percentage of visibility about what their users are doing on a recurring basis. Antivirus suites have actually been implemented and they have actually shut down USB ports and even enforced user access limitations, but the danger of cyber attacks and malware invasions still exists. What action do you take?

Up to 72% of advance malware and cyber criminal invasions take place in the endpoint environment, so states a Verizon Data Breach Report. Your business has to ask itself how essential its credibility is first. If you take Target as an example, it cost them over $ 6 Billion in market cap loss due to a malware attack. Unfortunately the modern-day world positions us constantly under attack from unhappy or rogue workers, anarchists and other cyber crooks. This scenario is only likely worsen.

Your network is safeguarded by firewall software etc however you are unable to see exactly what is occurring past the network switch port. The only real method to address this risk is by implementing a solution that works with and compliments current network based solutions that are in place. Ziften (which is Dutch for “To Sift”) can provide this solution which supplies “Open Visibility” with a lightweight technique. You need to handle the entire environment that includes servers, the network, desktops and so on. But you do not want to place additional overheads and tension on your network. A substantial Ziften commitment is that the solution will not have a negative effect on your environment, but it will provide a deeply impactful visibility and security solution.

The innovative software application from Ziften absolutely understands machine behavior and abnormalities, enabling experts to zoom in on sophisticated hazards quicker to minimize dwell time to a minimum. Ziften’s solution will continuously monitor activity at the endpoint, resource consumption, IP connections, user interactions and so on. With the Ziften solution your organization will have the ability to identify faster the source of any intrusion and fix the problem.

It is a light-weight solution that is not kernel or driver based, minimal memory use, there is little to no overhead at the system level and practically zero network traffic.

For driver and kernel based solutions there are extreme accreditation requirements that can take longer than nine months. By the time the brand-new software is developed and baked, the operating system could be at the next version of release. This is a time consuming, non-supportable and troublesome procedure.

The Ziften technique is a genuine differentiator in the marketplace. The implementation of a really light weight and non intrusive agent as well as implementing this as a system service, it overcomes the stresses that many brand-new software application solutions present at the endpoint. Ease of application results in faster times to market, easy support, scalability, and straightforward solutions that do not hamper the user environment.

To summarize, with the present level of cyber risks and the threats of a cyber attack increasing daily that can significantly taint your credibility, you have to implement continuous monitoring of all your endpoint gadgets 24/7 to guarantee that you have clear visibility of any endpoint security threats, gaps, or instabilities and Ziften can provide this to you.

Written By Dr Al Hartmann and Presented By Charles Leaver

1. Security Operations Center (SOC).

You have a Security Operations Center established that has 24/7 coverage either in company or outsourced or a combination. You do not want any gaps in cover that could leave you open to intrusion. Handovers need to be formalized by watch supervisors, and suitable handover reports provided. The manager will offer a summary every day, which details any attack detections and defense countermeasures. If possible the cyber criminals must be determined and differentiated by C2 infrastructure, attack approach etc and codenames given to these. You are not trying to associate attacks here as this would be too challenging, however just keeping in mind any attack activity patterns that associate with various cyber wrongdoers. It is important that your SOC acquaints themselves with these patterns and have the ability to differentiate assailants or even spot new hackers.

2. Security Vendor Assistance Readiness.

It is not possible for your security workers to know about all aspects of cyber security, nor have knowledge of attacks on other organizations in the same industry. You need to have external security assistance teams on standby which might include the following:.

( i) Emergency situation response team support: This is a list of providers that will respond to the most severe of cyber attacks that are headline material. You ought to make sure that a single one of these vendors is ready for a major threat, and they must receive your cyber security reports on a regular basis. They need to have legal forensic capabilities and have working relationships with law enforcement.

( ii) Cyber hazard intelligence support: This is a vendor that is gathering cyber hazard intelligence in your vertical, so that you can take the lead when it concerns hazards that are emerging in your vertical. This team should be plugged into the dark net trying to find any signs of you organizational IP being mentioned or chats between hackers discussing your company.

( iii) IoC and Blacklist support: Due to the fact that this includes numerous areas you will require multiple vendors. This includes domain blacklists, SHA1 or MD5 blacklists, IP blacklists, and signs of compromise (suspect config settings, computer system registry keys and file paths, etc). It is possible that some of your installed security services for network or endpoint security can offer these, or you can designate a third party specialist.

( iv) Assistance for reverse engineering: A vendor that specializes in the analysis of binary samples and provides detailed reports of content and any potential threat including the family of malware. Your current security vendors may provide this service and focus on reverse engineering.

( v) Public relations and legal support: If you were to suffer a major breach then you want to ensure that public relations and legal support remain in place so that your CEO, CIO and CISO do not become a case study for students at Harvard Business School to learn about how not to deal with a significant cyber attack.

3. Inventory of your assets, category and preparedness for protection.

You need to make sure that all of your cyber assets undergo an inventory, their relative values classified, and implemented value suitable cyber defences have actually been enacted for each asset category. Do not rely totally on the assets that are understood by the IT group, get a business unit sponsor for asset identification particularly those concealed in the public cloud. Likewise make sure key management processes remain in place.

4. Attack detection and diversion readiness.

For each one of the major asset classifications you can develop reproductions utilizing honeypot servers to lure cyber wrongdoers to infiltrate them and reveal their attack approaches. When Sony was infiltrated the hackers discovered a domain server that had actually a file named ‘passwords.xlsx’ which included cleartext passwords for the servers of the company. This was a good ruse and you should utilize these strategies in tempting places and alarm them so that when they are accessed alarms will sound right away suggesting that you have an instantaneous attack intelligence system in place. Change these lures often so that they appear active and it doesn’t look like an obvious trap. As most servers are virtual, hackers will not be as prepared with sandbox evasion methods, as they would with client endpoints, so you may be fortunate and actually see the attack happening.

5. Monitoring preparedness and constant visibilities.

Network and endpoint activity need to be kept track of continually and be made visible to the SOC group. Since a lot of client endpoints are mobile and therefore beyond the organization firewall software, activity at these endpoints need to also be monitored. The tracking of endpoints is the only certain approach to carry out process attribution for monitored network traffic, because protocol fingerprinting at the network level can not constantly be relied upon (it can be spoofed by cyber criminals). Data that has actually been monitored should be conserved and archived for future referral, as a variety of attacks can not be recognized in real time. There will be a requirement to trust metadata more regularly than on the capture of complete packets, because that imposes a considerable collection overhead. However, a variety of dynamic threat based monitoring controls can lead to a low collection overhead, and also respond to major hazards with more granular observations.



Ziften Technologies are based in Austin, Texas, and Charles Leaver is the CEO.

This video from the Commonwealth Club features Steve Blank and he discusses how it is possible to build a great business step by step.

There is no doubt that Steve is an intelligent guy and his funny bone is good. His business insights are highly valued and there are numerous points that he made that I agree with:

He stated in the video that “there is absolutely nothing that you can learn inside your own office so you need to leave it!” Steve claimed that this was a lesson that business in Silicon Valley had to learn the hard way. Now at Ziften we make certain that we visit our prospects and clients on a weekly basis. Our company is young however the crucial execs and I understand that we have to understand and be realistic about the market and reflect this in our business model. When we understand what the marketplace needs we can truly add value.

We constantly put our customers first and continue to listen to them. In the video Steve mentions how hard it is for business owners to pay attention to their clients instead of attempting to enforce their viewpoint on the marketplace. What we also do at Ziften is to motivate our people to listen before speaking. When we are talking with our potential customers and clients we have to comprehend that they care a lot more about how we can resolve their problems rather than pay attention to how clever we are.

Steve makes another good point in the video when he speaks about how innovation is perceived in America compared to the remainder of the world. The thinking in the USA is right when it comes to our mindsets to failing. Any person is motivated to gain from failure, and these will turn these individuals into skilled executives who can really affect and add a great deal of worth to a new business. It is very important that there need to be no fear of failure due to the fact that this will stifle innovation.

I always persuade the people that work for us to take risks with no fear of a reprisal. I totally believe that this is forging us closer to our goal of closing the gap between business client security and security innovation and we are arriving quickly. This is a substantial change and we are really near to our goal.


Charles Leaver