Story image

Microsoft welcomes Ziften as its newest 'Windows Defender' for macOS and Linux

06 Jun 2018

Leading network visibility and security provider Ziften has taken its partnership with Microsoft to new heights this week, after it revealed it is now contributing to the Windows Defender Advanced Threat Protection (ATP) advanced hunting project.

Ziften says that even the best cyber defences can be breached - security teams must now be quicker and more aggressive in the way they identify and investigate breaches

“As a member of the Microsoft Intelligent Security Association, Ziften is excited to contribute our macOS, Linux, and cross-platform hunting expertise with the Microsoft advanced hunting community,” comments Ziften vice president of Cyber Security Intelligence, Josh Harriman.

Ziften’s contributions to the Windows Defender ATP advanced hunting project include analytics and queries so teams can conduct threat hunts. Those threat hunts can sniff out suspicious activities, including fileless attacks across Windows, macOS, Linux, and cross-platform systems environments.

The Windows Defender ATP advanced hunting capability enables teams to look for threats and breaches across six months of endpoint behavioural and configuration data. It also draws on the user community by searching threat hunting queries across the Github repository and the ATP system.

Fileless attacks, also known as zero-footprint attacks, or non-malware attacks are on the rise – 77% of compromised attacks in 2017 were fileless, according to The Ponemon Institute’s 2017 State of Endpoint Security Risk Report.

 The Microsoft advanced hunting project simplifies cyber threat hunting, or the process of proactively and iteratively searching through networks to detect and isolate these advanced threats. Ziften’s participation in the advanced hunting community provides mutual customers:

  • Visibility and Behavioural Analytics for macOS and Linux Systems: Ziften’s integration with Windows Defender ATP provides real-time and 6-months of historical visibility and behavioural analytics for macOS and Linux systems.
  • Advanced Hunting Queries: Threat hunting can be a tedious manual process. Ziften’s advanced hunting developments and contributions simplify this manual hunting process and enable automations where practicable.
  • Cross-Platform Advanced Hunting: Ziften developments include cross-platform queries to identify potential threats such as lateral movement by threat actors across mixed endpoint enterprise environments.

“Bringing together our deep macOS and Linux know-how, with Microsoft’s Windows intelligence, and our customers’ familiarity with their systems environments creates the best of all worlds for our mutual customers’ security teams tasked with conducting threat hunting exercises. The easier and more automated we can make the hunting process, the more successful customers will be in finding and eliminating potential threats and risks,” Harriman continues.

Ziften has been working closely with Microsoft over the last several months. In April, Ziften announced its membership in Microsoft’s Intelligent Security Association.

Ziften has also integrated its Zenith platform into Windows Defender ATP, which allows customers to detect attacks and zero-day exploits.

GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
Why AI will be procurement’s greatest ally
"AI can help identify emerging suppliers, technologies and products in specific categories."
Are AI assistants teaching girls to be servants?
Have you ever interacted with a virtual assistant that has a female-based voice or look, and wondered whether there are implicitly harmful gender biases built into its code?
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
Data#3 to exclusively provide MS licences to WA Government
The technology services provider has won two contracts with the Western Australia Government, becoming its sole Microsoft licence provider.
Why cash is no longer king in Australia
Australia is leading the way in APAC for granting credit on B2B transactions.