Story image

Microsoft welcomes Ziften as its newest 'Windows Defender' for macOS and Linux

06 Jun 18

Leading network visibility and security provider Ziften has taken its partnership with Microsoft to new heights this week, after it revealed it is now contributing to the Windows Defender Advanced Threat Protection (ATP) advanced hunting project.

Ziften says that even the best cyber defences can be breached - security teams must now be quicker and more aggressive in the way they identify and investigate breaches

“As a member of the Microsoft Intelligent Security Association, Ziften is excited to contribute our macOS, Linux, and cross-platform hunting expertise with the Microsoft advanced hunting community,” comments Ziften vice president of Cyber Security Intelligence, Josh Harriman.

Ziften’s contributions to the Windows Defender ATP advanced hunting project include analytics and queries so teams can conduct threat hunts. Those threat hunts can sniff out suspicious activities, including fileless attacks across Windows, macOS, Linux, and cross-platform systems environments.

The Windows Defender ATP advanced hunting capability enables teams to look for threats and breaches across six months of endpoint behavioural and configuration data. It also draws on the user community by searching threat hunting queries across the Github repository and the ATP system.

Fileless attacks, also known as zero-footprint attacks, or non-malware attacks are on the rise – 77% of compromised attacks in 2017 were fileless, according to The Ponemon Institute’s 2017 State of Endpoint Security Risk Report.

 The Microsoft advanced hunting project simplifies cyber threat hunting, or the process of proactively and iteratively searching through networks to detect and isolate these advanced threats. Ziften’s participation in the advanced hunting community provides mutual customers:

  • Visibility and Behavioural Analytics for macOS and Linux Systems: Ziften’s integration with Windows Defender ATP provides real-time and 6-months of historical visibility and behavioural analytics for macOS and Linux systems.
  • Advanced Hunting Queries: Threat hunting can be a tedious manual process. Ziften’s advanced hunting developments and contributions simplify this manual hunting process and enable automations where practicable.
  • Cross-Platform Advanced Hunting: Ziften developments include cross-platform queries to identify potential threats such as lateral movement by threat actors across mixed endpoint enterprise environments.

“Bringing together our deep macOS and Linux know-how, with Microsoft’s Windows intelligence, and our customers’ familiarity with their systems environments creates the best of all worlds for our mutual customers’ security teams tasked with conducting threat hunting exercises. The easier and more automated we can make the hunting process, the more successful customers will be in finding and eliminating potential threats and risks,” Harriman continues.

Ziften has been working closely with Microsoft over the last several months. In April, Ziften announced its membership in Microsoft’s Intelligent Security Association.

Ziften has also integrated its Zenith platform into Windows Defender ATP, which allows customers to detect attacks and zero-day exploits.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.