By Charles Leaver

When It Comes to SysSecOps, Flexibility Is the Key

Endpoints are everywhere. Everywhere. The device you’re reading this on is an endpoint, whether it’s a desktop, notebook, tablet, or phone. The HVAC controller for your building is an endpoint, assuming it’s connected to a network, and the WiFi access points and the security cameras too. So is the connected car. So are the Web servers, storage servers, and Active Directory servers in the data center. So are your IaaS/PaaS services in the cloud, where you are in control of bare-metal servers, VMware virtual machines, or containers running on Windows and/or Linux.

They’re all endpoints, and each and every one is important to manage.

They have to be managed from the IT side (from IT administrators, who hopefully have appropriate IT-level visibility of each connected thing like those security cameras). That management means making sure they’re connected to the right network zones or VLANs, that their software and configurations are up to date, that they’re not flooding the network with bad packets due to electrical faults, and so-on.

Those endpoints also have to be managed from the security perspective by CISO teams. Every endpoint is a potential entryway into the enterprise network, which means the devices must be locked down – no default passwords, all security patches applied, no unauthorized software installed on the device’s embedded web server. (Kreb’s outlines how, in 2014, hackers broke into Target’s network via its HVAC system.)

Systems and Security Operations

Systems Security Operations, or SysSecOps, brings those two worlds together. With the right type of SysSecOps mindset, and tools that support the proper workflows, IT and security workers get the same data and can collaborate together. Sure, they each have different tasks, and respond differently to trouble alerts, but they’re all managing the same endpoints, whether in the pocket, on the desk, in the utility closet, in the data center, or in the cloud.

Ziften Zenith Test Report

We were delighted when the recently published Broadband-Testing report praised Zenith, Ziften’s flagship endpoint security and management platform, as being ideal for this type of scenario. To quote from the recent report, “With its Zenith platform, Ziften has a product that ticks all the SysSecOps boxes and more. Since its definition of ‘endpoints’ extends into the Data Centre (DC) and the world of virtualisation, it is true blanket coverage.”

Broadband-Testing is an independent testing facility and service based in Andorra. They describe themselves as, “Broadband-Testing interacts with vendors, media, investment groups and VCs, analysts and consultancies alike. Testing covers all aspects of networking hardware and software, from ease of use and performance, through to increasingly important elements such as device power consumption measurement.”

Back to flexibility. With endpoints everywhere (again, on the desk, in the utility closet, in the data center, or in the cloud), a SysSecOps-based endpoint security and management system must go everywhere and do anything, at scale. Broadband-Testing wrote:

“The configuration/deployment options and architecture of Ziften Zenith allow for a very flexible deployment, on or off-premise, or hybrid. Agent deployment is simplicity itself with zero user requirements and no endpoint intrusion. Agent footprint is also minimal, unlike many endpoint security solutions. Scalability also looks to be excellent – the biggest customer deployment to date is in excess of 110,000 endpoints.”

We can’t help but be proud of our product Zenith, and what Broadband-Testing concluded:

“The emergence of SysSecOps – combining systems and security operations – is a rare moment in IT; a hype-free, common sense approach to refocusing on how systems and security are managed inside a company.

Key to Ziften’s endpoint approach in this category is total visibility – after all, how can you secure what you can’t see or don’t know is there in the first place? With its Zenith platform, Ziften has a product that ticks all the SysSecOps boxes and more.

Deployment is simple, especially in a cloud-based scenario as tested. Scalability also looks to be excellent – the biggest customer deployment to date is in excess of 110,000 endpoints.

Data analysis options are extensive with a huge amount of information available from the Ziften console – a single view of the whole endpoint infrastructure. Any object can be analysed – e.g. Binaries, applications, systems – and, from a process, an action can be defined as an automated function, such as quarantining a system in the event of a potentially malicious binary being discovered. Multiple reports are pre-defined covering all areas of analysis. Alerts can be set for any incident. Additionally, Ziften provides the concept of extensions for custom data collection, beyond the reach of most vendors.

And with its External API functionality, Ziften-gathered endpoint data can be shared with most 3rd party applications, thereby adding further value to a customer’s existing security and analytics infrastructure investment.

Overall, Ziften has a very competitive offering in what is a very worthy and emerging IT category in the form of SysSecOps that is very worthy of evaluation.”

We hope you’ll consider an evaluation of Zenith, and will agree that when it comes to SysSecOps and endpoint security and management, we do tick all the boxes with the true blanket coverage that both your IT and CISO teams have been looking for. Talk to us!

Get the General Here