Daily Tech Digest - July 02, 2017

What makes identity-driven security the new age firewall

Using a proprietary algorithm, Microsoft Advanced Threat Analytics works round the clock, continually grasping behaviour of organizational entities, such as users, devices, and resources, and helps customers adapt to the changing nature of cybersecurity attacks. In addition to this, the technology enhances threat and anomaly detection with the Microsoft Intelligent Security Graph, which is propelled by enormous amounts of datasets and machine learning in the cloud. “Identity is the new firewall. If you are taking a traditional end point/device protection approach then you are short changing your organization goals. It is critical to understand that the perimeter of IT includes users, apps across cloud and on premise, and most importantly data. Identity is what can help secure this perimeter,” says Rajiv Sodhi


Enabling IoT Ecosystems through Platform Interoperability

To enable interoperability for IoT platforms on the cloud, fog, or device level, the BIG IoT API offers a well-defined set of functionalities. Seven functionalities are crucial. The first is identity management to enable resource registration. The second is discovery of resources according to user-defined search criteria. The third is access to metadata and data (data pull as well as publish-and-subscribe for datastreams). The fourth is tasking to forward commands to things. The fifth is vocabulary management for semantic descriptions of concepts. The sixth is security management, including authentication, authorization, and key management. The seventh is charging that allows the monetization of assets through billing and payment mechanisms.


Artificial Neural Networks (ANN) Introduction

We recognize images and objects instantly, even if these images are presented in a form that is different from what we have seen before. We do this with the 80 billion neurons in our brain working together to transmit information. This remarkable system of neurons is also the inspiration behind a widely-used machine learning technique called Artificial Neural Networks (ANN). Some computers using this technique have even out-performed humans in recognizing images. ... An ANN model is trained by giving it examples of 10,000 handwritten digits, together with the correct digits they represent. This allows the ANN model to understand how the handwriting translates into actual digits. After the ANN model is trained, we can test how well the model performs by giving it 1,000 new handwritten digits without the correct answer.


Alibaba: Building a retail ecosystem on data science, machine learning, and cloud

The war in retail has long ago gone technological. Amazon is the poster child of this transition, paving the way first by taking its business online, then embracing the cloud and offering ever more advanced services for compute and storage to thirrd parties via Amazon Web Services (AWS). Amazon may be the undisputed leader both in terms of its market share in retail and its cloud offering, but that does not mean the competition just sits around watching. Alibaba, which some see as a Chinese counterpart of Amazon, is inspired by Amazon's success. However, its strategy both in retail and in cloud is diversified, with the two converging on one focal point: data science and machine learning (ML).


The Future is Imminent: 9 Design Trends for 2018

For those uneducated graphic designers in the audience, the term synesthesia refers to the perceptual condition of mixed sensation; a stimulus in one sensory modality (like hearing) involuntarily elicits a sensation or experience in another sensory modality (like smell). A person with synesthesia might hear a bird chirping and all of a sudden smell the scent of popcorn, or taste the flavor of mint, or feel the sensation of floating. ... A progress spectrum is a far more natural way of measuring “progress.” Instead of breaking up the user experience into unnatural, linear, paginated steps, a progress spectrum reflects the true experience of the user, one in which progress is experienced along a broad and continuous spectrum, where one event seamlessly flows into the next.


The Cyber-frauds

A mobile wallet works like an electronic prepaid card and can be used to pay for things ranging from grocery to rail tickets without the need to swipe the debit/credit card. All you have to do is to key in the username and password for logging in. The app can be loaded with money either through debit/credit card or net banking. The flip side is that these wallets mostly rely on the phone's locking system for security and don't ask for any PIN or password while the payment is being made. ... Rahul Gochhwal, co-founder of Trupay, says, "The biggest security issue is lack of second factor of authentication (password) while transacting. This makes them vulnerable to system-level breaches as transactions can be system generated by a hacker without a password. Thus, technically, a hacker can make thousands of fraudulent transactions simultaneously."


What every CIO Needs to Know About Cyber Resilience

Bohmayr & Türk, from the Boston Consulting Group, write that “cyber-resilience in an organization must extend beyond the technical IT domain to the domains of people, culture and processes. A company’s protective strategies and practices should apply to everything the company does — to every process on every level, across departments, units and borders, in order to foster an appropriately security-conscious culture.” ... The issue of board responsibility and oversight of cyber risks isn’t new. In 2015, the Cybersecurity Disclosure Act of 2015 bill was introduced in the US Senate. The bill would have required “public companies to disclose whether any board member has experience or expertise in cybersecurity, and to describe the nature of that background” and should no board director have cybersecurity expertise, to justify why such expertise was unnecessary.


Security in a silo – breaking down the barrier between CISOs & C-Suite

If you’ve been in the security industry for any length of time, and as a CISO I assume you have been, you’ve probably already seen and read such articles… but if you are still reading this, it probably means that you don’t feel like this is yet a reality within your organisation. So, with the shared understanding that we are both in agreement that this shift is past due, we can start to talk about building your strategy to make it happen. Before doing so, however, we need to acknowledge a sobering truth: People don’t care about security for the sake of security alone. What they care about is the result that a sound security strategy can provide and the impacts/risks associated with the lack of a sound security strategy. We’ll use this understanding to inform the methods that we use to engage the organisation and our board.


The Hard-Dollar Benefits of GRC Consolidation

The intention of implementing a single platform architecture must come from an IT vision for rationalizing applications in use across the company. Instead of supporting potentially hundreds of applications that each do only one thing, the GRC infrastructure, in time, should comprise one cohesive platform that supports many functions. GRC applications tend to span activities and departments within organizations. Groups across the company often independently manage activities such as risk assessments, audits, controls testing and third-party assessments. To do this, they make use of many individual solutions – some of which do the same thing, just in different organizational silos. For secure business management, this colossal set of single-use applications has to be visible, managed, supported and maintained. This is something that is both costly and time inefficient.


The Computest Story: The Transformation to an Agile Enterprise

Inspired by Henrik Kniberg & Anders Ivarsson's famous article on how Spotify scaled their development organization we decided to put multidisciplinary teams in the center, supported by a group of people outside the teams focusing on coaching and fulfilling company-wide responsibilities. As Figure 2 indicates, the major difference in the first transformation step was to integrate as many central functions in interdisciplinary teams as possible, to structure them by industries and to differentiate the leadership group in 'captains' and 'coaches'. Whereas the captains took over social leadership for the teams as well as responsibility for resource and account management, the coaches formed a group of thought leaders with a broad variety of subject matter expertise, responsible for both policies and solutions.



Quote for the day:


"Thinking is the hardest work there is, which is probably the reason so few engage in it." -- Henry Ford