Ziften Unveils New Modular Extension Platform for On-Demand Detection and Response
Ziften Open Visibility™ Evolves To Further Endpoint Controls
AUSTIN, Texas – November 17, 2015 – Ziften today unveiled its industry-changing Modular Extension Platform, enabling users to develop fully customized mitigation and collection modules within the Ziften Open Visibility framework. Extension modules allow users to take customized actions to block and contain security incidents, mitigate IOC’s, manage risk and compliance, and collect new information on demand.
With no additional cost to customers, Ziften delivers a first-of-its-kind seamless modularity to the endpoint, placing the power of detection and response directly in the hands of users responsible for protecting the integrity and security of their businesses. Users can define, develop, and deploy mitigation, detection and collection capabilities that are specific to their business environment within hours, rather than having to wait months for legacy endpoint vendors to schedule features into their roadmaps.
Examples of customized capabilities include:
- Automated discovery of unmanaged/rogue devices
- Terminating a malicious process
- Blacklisting or whitelisting an application
- Network quarantine/isolation
- File deletion
- Registry key modification/deletion
Additionally, the Ziften Modular Extension Platform allows users to create their own customized and automated policies. When Ziften detects an Indicator of Compromise (IoC), the Modular Extension Platform can invoke application blocking or quarantine a system from the rest of the network, manually or automatically. The Modular Extension Platform is now generally available as part of Ziften 4.6.
“The addition of the Modular Extension Platform into Ziften’s solution delivers a significant added layer of security by giving users more control over their security strategy and incident response than ever before,” said Mike Hamilton, senior vice president of product, Ziften. “The ability to customize mitigation actions is a necessity for organizations looking to maximize their security efforts and represents Ziften’s commitment to deliver the tools our customers need to combat today’s cybersecurity threats.”
Features of Ziften’s Modular Extension Platform include:
- Push Down Custom Extensions: With the Ziften Modular Extension Platform, customers are able to push down custom extensions for blocking and containing a threat before it spreads to other systems. This can be something that gets pushed down to all systems, only systems in a certain group, or only systems that meet a certain criteria.
- Unmanaged Asset Discovery: Customers are able to discover devices connected to the network that were previously unknown to system administrators and unmanaged – providing an ideal attack vector for adversaries.
- Automated Remediation: Customers can set policies for observed behaviors/activities and choose custom actions when they are observed.
- Query and Report: The Ziften Modular Extension Platform allows customers to query and report on the policies or settings for deployed enterprise applications (i.e. Word, Excel, etc.) for whether they allow execution of scripts and macros. Using this information and comparing to company/user policy allows customers to be proactive in preventing certain scripting attacks from occurring in the first place.
- Data Configuration: Customers can specifically configure the amount of data they want Ziften to collect based on their desire to detect rogue Wi-Fi access points, inventory the root certificates installed across the enterprise, or look for specific pieces of information on systems.
“Security incidents are not all alike so security solutions that aim to defeat them can’t be rigid,” said David Monahan, research director, EMA. “Ziften gives organizations the ability to customize the solution to address their key concerns, thus allowing customers the individual controls they need to better protect themselves.”
Ziften’s continuous endpoint visibility solution reduces threat detection and response time by 70 percent – on average from 14 hours to 4 hours – with the ability to stop the attack from spreading, potentially eliminating millions in costs, and saving a company’s reputation with their customers, employees, partners, and investors.
Ziften provides continuous real time endpoint visibility to the enterprise. Combining real-time user, device and threat behavior monitoring, analytics, and reporting, Ziften takes the complexity, time, and cost out of endpoint detection and response with an easy-to-use solution that deploys in minutes, not days. Security teams throughout the world use Ziften’s solution to augment their existing infrastructure and amplify their resources to more easily and automatically pinpoint and respond to threats, vulnerabilities, and abnormalities. Keep your business on point and protect to the end with Ziften at www.ziften.com