Ziften ZFlow™ Enables A Dramatic Fusion Of Network Visibility With Endpoint Context
San Francisco, California – April 21, 2015– From the RSA conference today, Ziften, a leading provider of endpoint detection and response solutions, announced major extensions to traditional network security instrumentation that marks a dramatic fusion of network visibility with endpoint context. Branded Ziften ZFlow, this new standards-based technology greatly enhances the visibility available to enterprise cyber defenders by extending network visibility down to the endpoint.
Conventional network security only has visibility into what can be observed on the wire – endpoints appear as largely opaque hosts. While deep packet inspection provides deeper insight into application network activity, it is still only an educated guess as to what endpoint activity may be associated with observed network data flows. Clever malware techniques can deceive and evade even the best network security, relying on its cloak of invisibility within the endpoint. Traditional endpoint security suites, while monitoring endpoint network operations, provide no assistance in either reporting or correlating endpoint observation context with network observation context. Cyber attackers abuse this blind spot to conceal their activities, evade detection, exploit the network, and victimize the targeted enterprise.
Ziften’s ZFlow produces network flow intelligence in the IETF-defined Internet Protocol Flow Information Export (IPFIX) protocol, combining standard IANA-defined fields with custom extended fields formatted as IPFIX Information Elements. These extended fields illuminate the endpoint activity associated with the observed network traffic, thus extending network visibility down to the endpoint. ZFlow data can be exported to industry standard flow analyzers and visualization tools for analysis and correlation with traditional network flow data already being collected within the network. Ziften is actively working to support these extensions with network security partners eager to utilize the vastly enhanced visibility ZFlow provides to enterprise security teams.
“We are excited to be pioneering the fusion of endpoint and network security with networking providers,” says Charles Leaver CEO of Ziften. “The old model of non-cooperating endpoint and network security has left enterprise Security Operations Centers groping in the dark against advanced stealth attacks – ZFlow fixes that. It casts a bright light onto endpoint activities tied to network data flows.”
Ziften’s groundbreaking solution provides continuous real-time visibility and intelligence, enabling incident Prevention, Detection, and Response. Ziften continuously assesses user and device behaviors and highlights anomalies in real-time, allowing security analysts to hone in on advanced threats faster and minimize Time To Resolution (TTR). Ziften’s Endpoint Detection and Response solution allows organizations to more rapidly determine the root cause of a breach and decide on the necessary corrective actions. Ziften Open Visibility™ integrates with and extends existing Security, Network, and Management solutions. Ziften delivers continuous visibility and intelligence of any endpoint, enabling you to run your business in a more efficient, intelligent, and secure manner.