Ziften joins Microsoft Community in Contributing to Windows Defender ATP Advanced Hunting Project - Targeting Growth in Fileless Attacks

Ziften contributes macOS and Linux visibility, behavioral analytics, and threat hunting queries speeding the identification and tracking of suspicious behaviors and risks

News provided by

Ziften Technologies

05 Jun, 2018, 07:30 ET

AUSTIN, Texas, June 5, 2018 /PRNewswire/ -- Ziften, a leading provider of all-the-time visibility and control for client devices, servers, and cloud VMs, today announced it has joined the Microsoft community in contributing to the Windows Defender Advanced Threat Protection (ATP) advanced hunting project. Even the best defenses can be breached, and security teams must find and investigate threats and breaches more quickly and aggressively. Ziften's contributions include analytics and queries so customers can easily conduct threat hunting to identify suspicious activities that indicate the presence of threat actors using advanced fileless attack techniques across Windows, macOS, Linux, and cross-platform systems environments.

The Windows Defender ATP advanced hunting capability gives customers the tools to instantly hunt for threats and breaches across 6 months of endpoint behavioral and configuration data, and the advanced hunting community contributes threat hunting queries available directly within the Windows Defender ATP advanced hunting console and in the Github repository.

Today's announcement builds on the news that Ziften's Zenith security platform is integrated with Windows Defender ATP delivering a cloud-based "single pane of glass" to detect, view, investigate, and respond to advanced cyber-attacks and breaches on Windows, macOS and Linux endpoints.

Advanced Hunting Project

Fileless attacks, also known as zero-footprint attacks, or non-malware attacks are on the rise – 77 percent of compromised attacks in 2017 were fileless.[1] The Microsoft advanced hunting project simplifies cyber threat hunting, or the process of proactively and iteratively searching through networks to detect and isolate these advanced threats. Ziften's participation in the advanced hunting community provides mutual customers:

  • Visibility and Behavioral Analytics for macOS and Linux Systems: Ziften's integration with Windows Defender ATP provides real-time and 6-months of historical visibility and behavioral analytics for macOS and Linux systems.
  • Advanced Hunting Queries: Threat hunting can be a tedious manual process. Ziften's advanced hunting developments and contributions simplify this manual hunting process and enable automations where practicable.
  • Cross-Platform Advanced Hunting: Ziften developments include cross-platform queries to identify potential threats such as lateral movement by threat actors across mixed endpoint enterprise environments.

"As a member of the Microsoft Intelligent Security Association, Ziften is excited to contribute our macOS, Linux, and cross-platform hunting expertise with the Microsoft advanced hunting community," said Josh Harriman, Vice President of Cyber Security Intelligence, Ziften. "Bringing together our deep macOS and Linux know-how, with Microsoft's Windows intelligence, and our customers' familiarity with their systems environments creates the best of all worlds for our mutual customers' security teams tasked with conducting threat hunting exercises. The easier and more automated we can make the hunting process, the more successful customers will be in finding and eliminating potential threats and risks."

[1]  "The 2017 State of Endpoint Security Risk Report", Ponemon Institute, November 20, 2017

About Ziften:
Ziften delivers all-the-time visibility and control for any asset, anywhere - client devices, servers, and cloud VMs – whether on-network or remote; connected or not. Our unified systems and security operations (SysSecOps) platform empowers IT and security operations teams to quickly repair user impacting endpoint issues, reduce their overall risk posture, speed security threat response, and increase operations productivity. Ziften's secure architecture delivers continuous, streaming endpoint monitoring and historical data collection for large and mid-sized enterprises, governments, and managed security service providers (MSSP).

https:/ziften.com

Ziften Media Contact:
Zonic Group Public Relations
Gregory Cross
[email protected]

SOURCE Ziften Technologies

Related Links

http://www.ziften.com

PRN Top Stories Newsletters

Sign up to get PRN’s top stories and curated news delivered to your inbox weekly!

Thank you for subscribing!

By signing up you agree to receive content from us.
Our newsletters contain tracking pixels to help us deliver unique content based on each subscriber's engagement and interests. For more information on how we will use your data to ensure we send you relevant content please visit our PRN Consumer Newsletter Privacy Notice. You can withdraw your consent at any time in the footer of every email you'll receive. Mit Ihrer Anmeldung erklären Sie sich damit einverstanden, Inhalte von uns zu erhalten.
Unsere Newsletter enthalten Zählpixel, die die Lieferung einzigartiger Inhalte in Bezug auf das Abonnement und die Interessen der einzelnen Abonnenten ermöglichen. Weitere Informationen über die Verwendung Ihrer Daten im Hinblick auf die Zusendung von relevanten Inhalten, finden Sie in unserer PRN Consumer Newsletter Privacy Notice. Ihre Zustimmung können Sie jederzeit in der Fußzeile jeder erhaltenen E-Mail widerrufen. En vous inscrivant à la newsletter, vous consentez à la réception de contenus de notre part.
Notre newsletter contient des pixels espions nous permettant la fourniture à chaque abonné, d’un contenu unique en lien avec ses souscriptions et intérêts. Pour de plus amples informations sur l’utilisation faite de vos données en vue de l’envoi des contenus concernés, nous vous invitons à consulter la politique de confidentialité disponible à partir du lien suivant PRN Consumer Newsletter Privacy Notice. Vous pouvez à tout moment revenir sur votre consentement par le biais des informations situées au bas de chaque e-mail reçu. Регистрирайки се, Вие се съгласявате да получавате информационно съдържание от нас. Нашите бюлетини съдържат проследяващи пиксели, които ни помагат да предоставяме уникално съдържание въз основа на ангажираността и интересите на всеки абонат. За повече информация относно начина, по който ще използваме Вашите данни, за да гарантираме, че Ви изпращаме подходящо съдържание, моля, направете справка с нашето Уведомление за поверителност на потребителския бюлетин на PRN. Можете да оттеглите съгласието си по всяко време в долния колонтитул на всеки от имейлите, които ще получите.