Ransomware has gone from "on the radar" to a
Code 5 level threat since May 2017 with the rise of "ransomworms"
snaking through global corporate networks in hundreds of countries. The
problem being that nobody knows how the next strain will take shape and
IT teams are rarely, if ever properly coordinated to tackle them.
Systems and Security Operations (SysSecOps)
Ziften today is focused on helping enterprise,
government, and managed security service providers with a concept
called SysSecOps- empowering both IT and Security Operations teams with
endpoint visibility and control, security hygiene monitoring, threat
detection, and incident response.
Ransomware specifically is an enterprise
management challenge that requires improved coordination in securing and
managing risk for all connected devices, from the cloud to data center
and edge. The size and viral spread of ransomware in the last 90 days
show that a new approach is needed.
With Ziften, once disparate teams can better
work together to make sure that deployed network assets, including
servers, and user devices are in fact, reliable, safe, and secure.
Ziften's security platform, Zenith supports every endpoint connected to
the network, from PCs, to virtual machines and servers, and even cloud
based VMs.
Futuriom, a leading research firm focused on
cyber security, issued a new report concluding that "SysSecOps (systems
and security operations) for endpoints is built on a foundation of
endpoint visibility, control and integration within a broader security
ecosystem." What does this mean in the context of the next ransomware
threat? It can put it down within minutes across the enterprise.
New Ziften Zenith Ransomware Capabilities
Ziften, today announced new ransomware
features on its Zenith security platform empowering security and IT
operations teams in the fight against ransomware attacks. The new
features include:
- Find Vulnerable Systems:
Identification of devices with unpatched application and operating
system vulnerabilities known to be the root of ransomware variants.
- Disable Vulnerable Services: Custom Extensions to automate
disabling known vulnerable services on unpatched systems (e.g. Windows
SMB service exploited by WannaCry).
- Patching Vulnerable Systems: Automated patching of systems with vulnerabilities known to be exploited by ransomware attacks.
- Ransomware Detection: New ransomware behavioral detection
techniques including monitoring for quiet volume shadow copy service
(VSS) deletions.
Ransomware is only a tiny example of threats
enterprises face; insider employees stealing data, applications in the
cloud, and mobile devices at home require continuous monitoring.
IT and security teams require technology and
process coordination to respond. Ziften brings it all together with a
foundational platform providing visibility and control across the entire
IT environment - for any asset, anywhere. Any asset means client
devices, servers, VMs, and cloud instances.
- Visibility for Any Asset: Ziften
deploys on client devices, data center servers, or in virtual machines
(VMs), or containers. Ziften is agnostic to the hypervisor in use. And
Ziften works in the enterprise cloud. No matter what cloud environment -
AWS, Azure, etc.
- Visibility Anywhere: Ziften provides visibility of endpoints
anywhere. On the network - absolutely. Working remote - definitely.
Offline altogether - yes again. In the cloud - no doubt. Ziften provides
visibility where your devices operate.
"Today, stovepipe cyber security tools and
limited endpoint management just don't work. They only provide partial,
point-in-time data that leaves gaps for IT and security teams to piece
together manually. And in the end, this doesn't happen due to
constraints on budget and time," said Roark Pollock, SVP of Marketing
for Ziften. "IT simply can't keep up with every connected device,
investigate all the alerts, or patch every machine, and thus are
exposing their organizations to unacceptable risks."