Story image

Microsoft welcomes Ziften as its newest 'Windows Defender' for macOS and Linux

06 Jun 18

Leading network visibility and security provider Ziften has taken its partnership with Microsoft to new heights this week, after it revealed it is now contributing to the Windows Defender Advanced Threat Protection (ATP) advanced hunting project.

Ziften says that even the best cyber defences can be breached - security teams must now be quicker and more aggressive in the way they identify and investigate breaches

“As a member of the Microsoft Intelligent Security Association, Ziften is excited to contribute our macOS, Linux, and cross-platform hunting expertise with the Microsoft advanced hunting community,” comments Ziften vice president of Cyber Security Intelligence, Josh Harriman.

Ziften’s contributions to the Windows Defender ATP advanced hunting project include analytics and queries so teams can conduct threat hunts. Those threat hunts can sniff out suspicious activities, including fileless attacks across Windows, macOS, Linux, and cross-platform systems environments.

The Windows Defender ATP advanced hunting capability enables teams to look for threats and breaches across six months of endpoint behavioural and configuration data. It also draws on the user community by searching threat hunting queries across the Github repository and the ATP system.

Fileless attacks, also known as zero-footprint attacks, or non-malware attacks are on the rise – 77% of compromised attacks in 2017 were fileless, according to The Ponemon Institute’s 2017 State of Endpoint Security Risk Report.

 The Microsoft advanced hunting project simplifies cyber threat hunting, or the process of proactively and iteratively searching through networks to detect and isolate these advanced threats. Ziften’s participation in the advanced hunting community provides mutual customers:

  • Visibility and Behavioural Analytics for macOS and Linux Systems: Ziften’s integration with Windows Defender ATP provides real-time and 6-months of historical visibility and behavioural analytics for macOS and Linux systems.
  • Advanced Hunting Queries: Threat hunting can be a tedious manual process. Ziften’s advanced hunting developments and contributions simplify this manual hunting process and enable automations where practicable.
  • Cross-Platform Advanced Hunting: Ziften developments include cross-platform queries to identify potential threats such as lateral movement by threat actors across mixed endpoint enterprise environments.

“Bringing together our deep macOS and Linux know-how, with Microsoft’s Windows intelligence, and our customers’ familiarity with their systems environments creates the best of all worlds for our mutual customers’ security teams tasked with conducting threat hunting exercises. The easier and more automated we can make the hunting process, the more successful customers will be in finding and eliminating potential threats and risks,” Harriman continues.

Ziften has been working closely with Microsoft over the last several months. In April, Ziften announced its membership in Microsoft’s Intelligent Security Association.

Ziften has also integrated its Zenith platform into Windows Defender ATP, which allows customers to detect attacks and zero-day exploits.

Comms providers hit by most DDoS attacks in Q3 2018
New data indicates attackers preyed on the large attack surface of ASN-level communications service providers with a ‘bit-and-piece’ approach.
Check Point launches hyperscale network security solution
With Check Point Maestro, organisations can scale up their existing Check Point security gateways on demand.
Should AI technology determine the necessity for cyber attack responses?
Fujitsu has developed an AI that supposedly automatically determines whether action needs to be taken in response to a cyber attack.
Trend Micro’s telecom security solution certified as VMware-ready
Certification by VMware allows communications service providers who prefer or have already adopted VMware vCloud NFV to add network security services from Trend Micro.
Frost & Sullivan honours Honeywell's IIoT value creation
Frost & Sullivan has awarded Honeywell with the 2018 Global Customer Value Leadership Award for its work protecting industrial internet of things (IIoT) customers.
Top cybersecurity threats of 2019 – Carbon Black
Carbon Black chief cybersecurity officer Tom Kellermann combines his thoughts with those of Carbon Black's threat analysts and security strategists.
Google's €50m fine a wake up call for big data analytics
Data analytics are essential to company growth, competitive differentiation, and innovation. But there’s now a huge challenge.
UK security startup Barac sets sights on America
“Malware hidden in encrypted traffic is one of the biggest threats organisations are facing today,” says new EVP global sales.