Story image

Microsoft welcomes Ziften as its newest 'Windows Defender' for macOS and Linux

06 Jun 18

Leading network visibility and security provider Ziften has taken its partnership with Microsoft to new heights this week, after it revealed it is now contributing to the Windows Defender Advanced Threat Protection (ATP) advanced hunting project.

Ziften says that even the best cyber defences can be breached - security teams must now be quicker and more aggressive in the way they identify and investigate breaches

“As a member of the Microsoft Intelligent Security Association, Ziften is excited to contribute our macOS, Linux, and cross-platform hunting expertise with the Microsoft advanced hunting community,” comments Ziften vice president of Cyber Security Intelligence, Josh Harriman.

Ziften’s contributions to the Windows Defender ATP advanced hunting project include analytics and queries so teams can conduct threat hunts. Those threat hunts can sniff out suspicious activities, including fileless attacks across Windows, macOS, Linux, and cross-platform systems environments.

The Windows Defender ATP advanced hunting capability enables teams to look for threats and breaches across six months of endpoint behavioural and configuration data. It also draws on the user community by searching threat hunting queries across the Github repository and the ATP system.

Fileless attacks, also known as zero-footprint attacks, or non-malware attacks are on the rise – 77% of compromised attacks in 2017 were fileless, according to The Ponemon Institute’s 2017 State of Endpoint Security Risk Report.

 The Microsoft advanced hunting project simplifies cyber threat hunting, or the process of proactively and iteratively searching through networks to detect and isolate these advanced threats. Ziften’s participation in the advanced hunting community provides mutual customers:

  • Visibility and Behavioural Analytics for macOS and Linux Systems: Ziften’s integration with Windows Defender ATP provides real-time and 6-months of historical visibility and behavioural analytics for macOS and Linux systems.
  • Advanced Hunting Queries: Threat hunting can be a tedious manual process. Ziften’s advanced hunting developments and contributions simplify this manual hunting process and enable automations where practicable.
  • Cross-Platform Advanced Hunting: Ziften developments include cross-platform queries to identify potential threats such as lateral movement by threat actors across mixed endpoint enterprise environments.

“Bringing together our deep macOS and Linux know-how, with Microsoft’s Windows intelligence, and our customers’ familiarity with their systems environments creates the best of all worlds for our mutual customers’ security teams tasked with conducting threat hunting exercises. The easier and more automated we can make the hunting process, the more successful customers will be in finding and eliminating potential threats and risks,” Harriman continues.

Ziften has been working closely with Microsoft over the last several months. In April, Ziften announced its membership in Microsoft’s Intelligent Security Association.

Ziften has also integrated its Zenith platform into Windows Defender ATP, which allows customers to detect attacks and zero-day exploits.

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.