May 02, 2016

The expanding landscape of exploit kits

If you have systems and files being encrypted or file share becomes encrypted, that’s a huge impact. Dozens of hospitals have been attacked recently, and for some it has taken them days to recover. That means massive down time, rescheduling major surgeries. It’s literally putting lives at risk,” Williams said. Through their networks in the dark web, nefarious actors are informed that new exploits are seen in the wild, making them aware of even zero-day vulnerabilities before the general public. Leonard said, “Under responsible disclosure, a researcher will identify the use of a brand new exploit script to a vendor. The vendor then releases a patch that can be applied to the business.” Businesses, though, struggle to apply those patches expeditiously. The level of sophistication and the relative ease with which criminals can access exploit kits compromises business operations and has security teams on overdrive trying to expedite the patching process.


Ways to craft a better enterprise IT security roadmap

You need to be able to detect those threats and attacks. And detecting a threat, a vulnerability and an attack are three separate things, and that's important to understand. Lots of companies sell you vulnerability detection. Vulnerability detection is basically like telling you which doors you have unlocked. Attack detection is telling you when the burglar is coming through your door. And threat detection is, "Hey, the burglar has been seen on your street with a big bag of loot and he's heading for your house." So those are three separate things and, ideally, you want to know all three things. And that distinction is important because sometimes people say, "Well, I do vulnerability scanning so I'm covered." No, that just tells you which doors are unlocked. Maybe the burglars are getting smart enough to come in through the chimney.


Unified Storage That Can Sync and Share

Many siloed storage, data management, file sync and share and security solutions exist to provide for these individual requirements, but are typically cobbled together in costly, inefficient and unreliable ways. Nexsan UNITY addresses all of these requirements in a single unified solution which delivers high performance and multi-site collaboration at LAN speed to support business continuity and disaster recovery processes as well as mobile access to primary storage data. UNITY's patented technology is designed to support all devices – from mobile devices to tablets, laptops and desktops running Android, iOS, Mac and Windows– and provides a secure connection to data stored and managed within the enterprise totally eliminating the drudgery of using unpopular and aging VPN technologies.


Mobile Banking Trends Will Lead Change in Banking in 2016

Mobile banking offers many advantages: Users can authenticate their identity and open new accounts, sign up for direct deposit, pay bills, take out loans, and deposit checks by photographing them, all from their mobile devices. Mobile apps such as Venmo let users make and share payments instantly, and Quicken Loans’ Rocket Mortgage even offers a mortgage approval in eight minutes through a process that automatically collects pay and credit information and requires minimal typing by the user, letting them sign their name right from their mobile device. In the U.S., Simple and Moven are the leaders in developing banking apps that allow people to pay by mobile, track their expenditures, and save for future goals in electronic envelopes — whether it’s for large expenses such as vacations or a down payment on a house, or for smaller things like a tattoo or a bike tune up.


What's Wrong with Open Data Sites--and How We Can Fix Them

The second non-obvious design problem, which is probably the most important, is that most open data sites bury data in what is known as thedeep web. The deep web is the fraction of the Internet that is not accessible to search engines, or that cannot be indexed properly. The surface of the web is made of text, pictures, and video, which search engines know how to index. But search engines are not good at knowing that the number that you are searching for is hidden in row 17,354 of a comma separated file that is inside a zip file linked in a poorly described page of an open data site. In some cases, pressing a radio button and selecting options from a number of dropdown menus can get you the desired number, but this does not help search engines either, because crawlers cannot explore dropdown menus.


Here's why analytics is eating the supply chain

This is not to say that supply-chain professionals are newcomers to the world of analytics. On the contrary: Demand forecasting, for example, has "been around forever" and relied heavily on data, said Paul Myerson, an author and professor of practice in supply chain management at Lehigh University. What's new today are the tools. "Today we have very visual tools that are much quicker to run," Myerson explained. "What used to take overnight can now be done in minutes." New software is also enabling more collaboration among partners, including key customers and suppliers. Point-of-sale data provides better insight for everyone involved, leading to better forecasting decisions. "It's about agreeing on forecasts and collaborating on inventory throughout the supply chain," Myerson said. "It really improves efficiency, cost and quality, and not just for manufacturers."


Embracing Agile

When we ask executives what they know about agile, the response is usually an uneasy smile and a quip such as “Just enough to be dangerous.” They may throw around agile-related terms (“sprints,” “time boxes”) and claim that their companies are becoming more and more nimble. But because they haven’t gone through training, they don’t really understand the approach. Consequently, they unwittingly continue to manage in ways that run counter to agile principles and practices, undermining the effectiveness of agile teams in units that report to them. These executives launch countless initiatives with urgent deadlines rather than assign the highest priority to two or three. They spread themselves and their best people across too many projects.


Cloud Economics – Are You Getting the Bigger Picture?

Most enterprises have hardware utilization rates significantly below 20% because of the excess capacity required to handle peak demand. As such, many companies carry up to 5 times the required hardware, networking, and data center space during steady state business cycles. If their computing demand is spiky, utilization rates outside of peak cycles are commonly below 10%. As a result, enterprises are spending much more on compute and storage than is required. Figure 1 depicts the traditional model where cloud shifts fixed CapEx expenses to variable OpEx expenses. To understand the full value of cloud for your enterprise, you must look beyond the CapEx vs. OpEx benefits and assess the other value drivers at play.


Zen and the art of big data digital IoT transformation

Despite the obvious levels of machine automation in the Internet of Things — and the machine-learning capabilities that some of these machines will benefit from — we must also keep the human factor top of mind. The first beneficiaries of efficient data management and effective data analysis will often be the worker-stakeholders within the business. When we empower employees with intelligence to be able to perform their jobs better (with better machines and processes around them), we ultimately derive greater business value at the end of the day. For want of more tangible examples here, if big data digital IoT transformation is focused on plant machinery, then we could see turbine sensors reporting performance statistics to enable more efficient predictive maintenance. Our business model states: less downtime + better serviced machines = greater business value.


PCI's new rules focus on the chiefs

Troy Leach, the chief technology officer for the PCI Security Standards Council, said in an interview that he finds this lack of involvement problematic and that he fought for the new rule. The rule itself sounds innocuous and possibly even obvious, but there's a lot more to it. The rule, within Requirement 12, mandates that "executive management establish responsibilities for the protection of cardholder data and a PCI DSS compliance program." To Leach's mind, that means that they have to dig in and assume responsibilities for payments security and stopping the simple act of delegating it away. "The intent is that we at least push the visibility to the executive level," Troy said, referring to the full text of the new guidelines. "We need for there to be different C-levels aware of compliance responsibilities."



Quote for the day:


"An organization's ability to learn, and translate that learning into action rapidly, is the ultimate competitive advantage." -- Jack Welch