By David Shefter

From the Office of the CTO: Why a lightweight approach to the endpoint makes sense

So, you’re an enterprise company with 5,000 or more employees, your IT Security and Operations teams are overwhelmed with the amount of data they have to sift through just to get a small amount of visibility to what their user community is doing on a recurring basis.  They’ve tried anti-virus, shutting off USB ports and even tried to restrict all the user access, yet they’re still at risk for security breaches and malware issues.  So, what do you do?

Well, according to the most recent Verizon Data Breach Report, over 72% of all advanced malware and “bad guy” entry occurs through the overall endpoint environment.  The question a company needs to ask itself is “how valuable is my reputation”.  Well, if you look at Target, a malware attack cost them over $ 6 Billion in market cap loss.  We’re in a world where on a second by second basis we’re continually under attack by rogue employees, anarchists and state sponsored attacks – This will not get any easier anytime soon.

You’ve done a good job at the network (firewalls, etc) but you can’t truly see what’s happening beyond the network switch port. The only way to really address this risk is by implementing a solution that plays well with others and complements the network-based solutions you already have.  This is where Ziften (which means “To Sift” in Dutch) comes in, with a lightweight approach to “Open Visibility”.  Think of it this way, you need to manage all aspects of your environment, including servers, desktops, the network, etc.  What you do not need are solutions that cause additional stress on your infrastructure – A Ziften commitment is that it will not adversely affect any aspect of your environment, while enabling faster time to market for a deeply impactful security and visibility solution.

Ziften’s groundbreaking software comprehensively understands machine behavior and abnormalities, allowing analysts to hone in on advanced threats faster to minimize dwell time. By continuously monitoring endpoint activity, IP connections, user interactions, resource consumption etc., Ziften allows organizations to more quickly determine the root cause of a breach and take necessary corrective action.

Lightweight means NOT driver nor kernel based, little to no overhead at the system level, minimal memory usage and almost zero network traffic.

Kernel and Driver based solutions also require intense certification efforts, sometimes greater than 9 months – by the time the new image is built and baked, the next version of the OS could be released.  This is a non-supportable, cumbersome and time consuming process.

This is why I strongly believe that the Ziften approach is a differentiator in the marketplace.  By implementing an incredibly light weight, non-invasive agent and implementing as a system service, it bypasses the “pain and suffering” that most new software products introduce at the endpoint.  To me, it’s all about ease of implementation that results in fast time to market, scalability, easy support and straightforward solutions that do not impede the user environment.

In summary, with the current world we live in and the daily risks facing your infrastructure and reputation, you need continuous monitoring of all your endpoint devices 7 by 24 in order to have clear visibility and an understanding of any endpoint security gaps, risks or instability – Ziften delivers.

Get the General Here