Leading network visibility and security provider Ziften has taken its partnership with Microsoft to new heights this week, after it revealed it is now contributing to the Windows Defender Advanced Threat Protection (ATP) advanced hunting project.
Ziften says that even the best cyber defences can be breached - security teams must now be quicker and more aggressive in the way they identify and investigate breaches
“As a member of the Microsoft Intelligent Security Association, Ziften is excited to contribute our macOS, Linux, and cross-platform hunting expertise with the Microsoft advanced hunting community,” comments Ziften vice president of Cyber Security Intelligence, Josh Harriman.
Ziften’s contributions to the Windows Defender ATP advanced hunting project include analytics and queries so teams can conduct threat hunts. Those threat hunts can sniff out suspicious activities, including fileless attacks across Windows, macOS, Linux, and cross-platform systems environments.
The Windows Defender ATP advanced hunting capability enables teams to look for threats and breaches across six months of endpoint behavioural and configuration data. It also draws on the user community by searching threat hunting queries across the Github repository and the ATP system.
Fileless attacks, also known as zero-footprint attacks, or non-malware attacks are on the rise – 77% of compromised attacks in 2017 were fileless, according to The Ponemon Institute’s 2017 State of Endpoint Security Risk Report.
The Microsoft advanced hunting project simplifies cyber threat hunting, or the process of proactively and iteratively searching through networks to detect and isolate these advanced threats. Ziften’s participation in the advanced hunting community provides mutual customers:
- Visibility and Behavioural Analytics for macOS and Linux Systems: Ziften’s integration with Windows Defender ATP provides real-time and 6-months of historical visibility and behavioural analytics for macOS and Linux systems.
- Advanced Hunting Queries: Threat hunting can be a tedious manual process. Ziften’s advanced hunting developments and contributions simplify this manual hunting process and enable automations where practicable.
- Cross-Platform Advanced Hunting: Ziften developments include cross-platform queries to identify potential threats such as lateral movement by threat actors across mixed endpoint enterprise environments.
“Bringing together our deep macOS and Linux know-how, with Microsoft’s Windows intelligence, and our customers’ familiarity with their systems environments creates the best of all worlds for our mutual customers’ security teams tasked with conducting threat hunting exercises. The easier and more automated we can make the hunting process, the more successful customers will be in finding and eliminating potential threats and risks,” Harriman continues.
Ziften has been working closely with Microsoft over the last several months. In April, Ziften announced its membership in Microsoft’s Intelligent Security Association.
Ziften has also integrated its Zenith platform into Windows Defender ATP, which allows customers to detect attacks and zero-day exploits.