Daily Tech Digest - December 07, 2016

Macbook Pro vs Surface Book i7

The Surface Book is essentially a business user's dream. You get just enough ports to keep you connected to a desktop station without needing any dongles, adapters or converters. ... It's lightweight enough to tote around, at 1.21 pounds, but it's meant to just sit on your desk, keeping cords tucked away and waiting for you to connect. The Macbook Pro isn't as limited in ports as the Macbook, which made a statement at its release by only including one USB-Type C port on the entire device, but the Pro still doesn't offer the same flexibility as the Surface Book for business users. On the 2016 Macbook Pro, you'll find four Thunderbolt 3 ports that also act as a USB-Type C port -- they use different connection standards but the port is the same shape and size.


Data Virtualization and Sandboxes: Filling the DevOps Data Gap

The Data Gap is the fact that provisioning production-like data effectively for developers and testers is one of the most challenging aspects of standing up the environments that are so critical to enabling DevOps. Let's back up a bit to understand the context of this. DevOps is all about building, testing, and releasing software at speeds that are orders of magnitude faster than traditional methods. Enterprises used to release software (or products) on yearly or quarterly basis. Today's application based economy is forcing them to move to monthly, weekly, or daily releases. DevOps aims to transform companies' cultures, processes, and tools to enable high velocity, continuous deployments of software. In speaking about this goal, DevOps guru and Phoenix Project author Gene Kim says,


Skills to look for in a threat hunter

Security analysts need a solid understanding of networking devices and computer operating systems. Hunt analysts constantly review raw system & network logs as well as packet captures. Analysts should have a deep understanding of the technology and software producing the logs to provide context to abnormalities. ... Endpoint analysis provides greater context in security threats and activity. This type of analysis can include memory dumps, I/O activity, user activity, etc. This stage of the hunt can provide more conclusive evidence on what is happening at the host and user level. Hunt analysts should be able to navigate OS logs and explore local endpoints with relative ease.


Companies Are in Short Supply of Cybersecurity Talent

“The deficit of cyber security talent is a challenge for every industry sector. The lack of trained personnel exacerbates the already difficult task of managing cyber security risks,” according to the CSIS report. The current shortage of cyber security skills is concerning for companies in all industries. One in four of the IT professionals surveyed said their organizations had been victims of cyber theft because of their lack of qualified workers. It is estimated that by 2019, between one to two million cyber security positions will be left unfilled. In the United States alone, 209,000 cyber security positions in 2015 sat vacant because of the shortage of cyber security skills. Hackers are taking notice of this gap. Worryingly, 33% of respondents to the Intel Security-CSIS survey said their organization was a target for hackers who knew their cyber security was not strong enough.


FCC Looks To Increase Security Regulations On Internet Of Things

FCC Chairman Tom Wheeler acknowledged the governing body’s interest in beefing up the security protocols for connected devices in a letter to Virginia Senator Mark Warner. “We cannot rely solely on the market incentives of ISP to fully address the risk of malevolent cyber activities," Wheeler wrote, arguing that a combination of market-based incentives and regulatory oversight are necessary to establish basic cybersecurity protections for internet-connected consumer devices. The message from Wheeler, published on Monday, was prompted by a letter from Senator Warner dated Oct. 25 of this year. Warner’s initial correspondence was prompted by the Mirai botnet attack that managed to take down a number of major websites. The attackers primarily utilized unsecured IoT devices to perform massive distributed denial of service (DDoS) attack.


Automated phishing campaigns increase profits for hackers

This is alarming given that phishing is the starting point for most network and data breaches. With this in mind, Imperva researchers deconstructed a phishing campaign initiated in mid-June, 2016. Among the most surprising findings was the low cost of launching a phishing campaign and the high projected return on investment for cyber-criminals. Imperva researchers browsed the darknet marketplace to estimate the cost of phishing campaigns and to get a clear picture of the business model. They observed the ease of purchase and low cost of Phishing-as-a-Service (PhaaS) campaigns. In addition, they saw that hackers were easily able to hijack compromised web servers for their campaign, which further lowered the investment needed.


Navigating the Five Stages of Threat Hunting

Hunting for the unknown requires patience, persistence and more effort. This is because unknown threats often tend to be more sophisticated, well-hidden and harder to detect. However, these adversaries leave indicators of their movement around your network. They will try to mimic the normal activity of authorized users to stay under the radar. If you are vigilant, eventually they will reveal themselves as an outlier – primarily by taking actions that reveal their precise targeting and IT savvy ... There’s a wealth of information in your logs! You’d be surprised what can be revealed simply by correlating information. By baselining a particular activity within your environment, and noting how often it occurs, you will start to see things pop up that are worthy of closer scrutiny. Patterns of suspicious behavior will emerge over the course of 30 days or even a couple of weeks.


Building a Secure, Fast Microservices Architecture From NGINX

With the transition from having all of the functional components of your application running in memory and being managed by the VM, to working over a network and talking to each other, you’ve essentially introduced a series of problems that you need to address in order for the application to work efficiently. One, you need to do service discovery. Two, you need to do load balancing between all the different instances in your architecture. And three, you need to worry about performance and security. For better or worse, these issues go hand in hand and you have to balance them together. Hopefully, we’ll have a solution that addresses all of them.


Microsoft Office, Google Docs beware: This open-source startup is after your users

Bannov contrasts those points with OnlyOffice having cloud and server versions and desktop and mobile apps on the same code base. "Our editors also show the highest compatibility with Microsoft Office formats," he says. As of now, OnlyOffice has more than two million users worldwide, with most of them using the free products. However, it is being used by one Oracle department in UK, and also by Unisys. The office suite also has a foot in the door of many educational institutions. Clients include the University of Brunswick, Karlsruhe Institute of Technology, University of Paris-Sud, and the Luxembourg Institute of Science and Technology. Public organizations use OnlyOffice as well. For example, the French Red Cross and Germany's Social Democratic Party.


How to merge IT and product development into one department

Why bring product and technology together? "Take our device protection product: when your device is stolen or lost, we can replace it typically in less than 24 hours," Vandevier says. "That product involves consumer websites, agent tools, mobile apps, supply chain, and repair operations — a whole host of systems, applications and products. The product has to roll up to one team that supports device protection end-to-end rather than to a bunch of people in different departments.” If Vandevier and his colleagues hadn't pulled those teams together, the device protection product would have suffered from a lack of clarity and unhappy customers. "When you have product and technology in separate groups, you wind up leaving out critical requirements and scrambling to squeeze in features late in the delivery cycle," he says.



Quote for the day:


"You always believe in other people. But that's easy. Sooner or later you have to believe in yourself." -- Gary, The Muppets