Ziften joins Microsoft Community in Contributing to Windows Defender ATP Advanced Hunting Project – Targeting Growth in Fileless Attacks

0

Ziften contributes macOS and Linux visibility, behavioral analytics, and threat hunting queries speeding the identification and tracking of suspicious behaviors and risks

Ziften has announced it has joined the Microsoft community in contributing to the Windows Defender Advanced Threat Protection (ATP) advanced hunting project. Even the best defenses can be breached, and security teams must find and investigate threats and breaches more quickly and aggressively. Ziften’s contributions include analytics and queries so customers can easily conduct threat hunting to identify suspicious activities that indicate the presence of threat actors using advanced fileless attack techniques across Windows, macOS, Linux, and cross-platform systems environments.

The Windows Defender ATP advanced hunting capability gives customers the tools to instantly hunt for threats and breaches across 6 months of endpoint behavioral and configuration data, and the advanced hunting community contributes threat hunting queries available directly within the Windows Defender ATP advanced hunting console and in the Github repository.

The announcement builds on the news that Ziften’s Zenith security platform is integrated with Windows Defender ATP delivering a cloud-based, “single pane of glass” to detect, view, investigate, and respond to advanced cyber-attacks and breaches on Windows, macOS and Linux endpoints.

Advanced Hunting Project

Fileless attacks, also known as zero-footprint attacks, or non-malware attacks are on the rise – 77 percent of compromised attacks in 2017 were fileless.[1] The Microsoft advanced hunting project simplifies cyber threat hunting, or the process of proactively and iteratively searching through networks to detect and isolate these advanced threats. Ziften’s participation in the advanced hunting community provides mutual customers:

  • Visibility and Behavioral Analytics for macOS and Linux Systems: Ziften’s integration with Windows Defender ATP provides real-time and 6-months of historical visibility and behavioral analytics for macOS and Linux system
  • Advanced Hunting Queries: Threat hunting can be a tedious manual process. Ziften’s advanced hunting developments and contributions simplify this manual hunting process and enable automations where practicable.
  • Cross-Platform Advanced Hunting: Ziften developments include cross-platform queries to identify potential threats such as lateral movement by threat actors across mixed endpoint enterprise environments.

“As a member of the Microsoft Intelligent Security Association, Ziften is excited to contribute our macOS, Linux, and cross-platform hunting expertise with the Microsoft advanced hunting community,” said Josh Harriman, Vice President of Cyber Security Intelligence, Ziften. “Bringing together our deep macOS and Linux know-how, with Microsoft’s Windows intelligence, and our customers’ familiarity with their systems environments creates the best of all worlds for our mutual customers’ security teams tasked with conducting threat hunting exercises. The easier and more automated we can make the hunting process, the more successful customers will be in finding and eliminating potential threats and risks.”

[1] “The 2017 State of Endpoint Security Risk Report”, Ponemon Institute, November 20, 2017

About Ziften:
Ziften delivers all-the-time visibility and control for any asset, anywhere – client devices, servers, and cloud VMs – whether on-network or remote; connected or not. Our unified systems and security operations (SysSecOps) platform empowers IT and security operations teams to quickly repair user impacting endpoint issues, reduce their overall risk posture, speed security threat response, and increase operations productivity. Ziften’s secure architecture delivers continuous, streaming endpoint monitoring and historical data collection for large and mid- sized enterprises, governments, and managed security service providers (MSSP). https:/ziften.com

Share.

Comments are closed.