For years we've been aiming at making our data centers more secure and rugged -- striving for high availability, reliability, and redundancy. Resiliency moves the goal of the truly secure data center one step further. Resilience -- the ability of a substance or system to spring back into shape -- is a measure of our ability to survive a serious threat and, in the case of EMP, to continue functioning in the face of a severe threat to just about every piece of equipment that we use. Setting up a data center to survive an EMP attack is not a simple thing, but some companies (e.g., see reference to Iron Mountian below) have done it. Pushing for needed upgrades to the grid is another matter. Making some assessment of your vulnerability -- business and personal -- is nearly unavoidable.
Prepare for the same thing to happen with virtual reality (VR) and augmented reality (AR)—with tablets and smartphones as the vehicle. According to IDC, 25% of enterprise IT organizations will be testing augmented reality business applications for use on smartphones by the end of 2017. “This may sound relatively aggressive, but the conversations I’m having with the industry and some surveys that we’ve run talking to IT decision makers show that there’s a really strong interest around augmented reality,” said Tom Mainelli, program vice president of the devices & AR/VR group at IDC, during a recent webinar, IDC Futurescape: Worldwide Wearables and AR/VR 2017 Predictions. The end game is head-worn AR hardware, such as the Microsoft HoloLens, he said.
Facial and eye tracking will be used to augment childrens’ school tests, says Hong Kong-based F.S. Artificial Intelligence Ltd., an organization I met with at a TechCrunch Disrupt startup fair earlier this month. The organization has developed a way to use an off-the-shelf tablet device with a standard camera to capture feelings expressed by the kids as they answer questions. Gaze tracking evaluates the emotion of the individual while capturing the test responses and lets teachers analyze how receptive the kids are to the questionnaire. The company says it helps with mental health alerts and the effectiveness of the test design. For example, it can see if the kids get distracted because the questions are too easy. I had a chance to try the technology at the show. They used arithmetic on me, and I reckon the results pretty accurately reflected how I felt: I registered surprise when I saw the first (slightly difficult) question and happiness when I got the second (easy) question correct.
When an app has been fully coded, there's a rush to get it out the door. That's hardly the best time to start thinking about security. At that point, it may be too late. "The best thing (for software developers) to do is accept that security is just as critical to building software as safety is to building airplanes, and make a conscious decision to build security into your software development process" stated Frank Zinghini, founder and CEO at Applied Visions, Inc. (AVI), a software development company focused on cyber security, business applications, and command and control systems to government and commercial customers worldwide. "Worry about software security before you even start writing code, incorporate vulnerability scanning tools into your continuous integration system, and integrate security testing with your quality assurance process" added Zinghini.
By default, the program suspends any activity it deems suspicious—even if it’s a legitimate encryption program that has some behavior in common with ransomware. It’s then up to the user to either enable the program, or allow RansomwareFree to permanently quarantine the malware. Using this approach, Eilat says that with RansomwareFree enabled about four files can end up encrypted before the security program detects the problem and stops it; however, he says, for most ransomware strains “RansomFree manages to stop the ransomware even before any file is encrypted.” ... It alerts you that the program placed some specially constructed files on your system that help RansomwareFree do its job. Eilat wouldn’t go into too much detail about what these files do. He would say they were there to be the “victims” of potential ransomware infections and to slow the malware down.
The first, from Amazon, was a fully self-checkout store, where items are logged as they are placed into a cart. It uses a network of cameras and motion sensors to guess when something is purchased. The flaw? There are no people to clean up the mess when the software guesses wrong. It's like the world's largest vending machine. The second move was revealed a few days ago in Osaka, Japan, courtesy of Panasonic and the Lawson convenience chain. According to a report from The Wall Street Journal, which attended the Osaka unveiling, the reduced-associate stores are powered by an unspecified kind of electronic tag. The article didn't say whether they were RFID tags or not, but that is a likely candidate. It's item-level tagging, which is more accurate — and more expensive — than Amazon's camera approach.
Right now, the dataset is free to download for people who plan to use it in a non-commercial manner. Microsoft is sharing it in the same way it shares other open data sets that are used for training artificial intelligence programs. One of those is ImageNet, a database of tagged pictures that’s used for training image recognition algorithms. Microsoft used that database in developing the image recognition technology that now underpins products like Microsoft's Computer Vision API. People who want to read more about MS MARCO can download a research paper written by the team at Microsoft that built it. The team is also putting together a challenge that will evaluate models trained using the MS MARCO data. Evaluation scripts for that challenge are still under development.
Security automation makes more efficient use of scarce resources, freeing them up for more proactive tasks. Existing threat defenses are already doing this, automatically and continuously watching for known attacks and blocking them before they get inside. Building on this, advanced threat defenses dynamically watch for anomalous behavior and act quickly to contain unknown threats from inflicting serious harm. Security information and event management (SIEM) software takes this a step further, applying new threat intelligence to historical events to see if any systems were previously affected, and applying appropriate countermeasures. The scale of these actions is beyond the capacity of even the largest, most experienced security team to complete manually in a reasonable timeframe.
“There’s definitely a challenge in the sector that’s born out of historical reputation and some of the legacy impact from the global financial crisis,” said Paul Aldrich, head of financial services technology at search firm Odgers Berndtson. It’s not just new tech firms that are looking to poach talent. New banking startups are also competing for young programmers. “We tend to find it easier to attract and retain people than the bigger banks,” said Tom Blomfield, a 31-year technologist who secured a license from the Bank of England for Monzo Bank Ltd. earlier this year. “People want to work on really hard problems from scratch with other talented people, rather than be small fish in a big pond, maintaining software that’s been there for 30 years.” Monzo also publishes its technical plans on the internet, which leads to developers seeking to join the firm, according to Blomfield.
The advent of SD-WAN means a recalibration of how enterprises deploy MPLS routing, which has been the most widely used WAN technology. It provides reliable performance, with QoS guarantees specifying throughput, delay and jitter. ... Internet access is much less expensive and can be put in place more quickly. Price per megabit can range between one-tenth to one-hundredth the cost of MPLS routing, but internet links do not offer throughput and QoS guarantees. To that end, enterprise traffic moving across the internet shares the same links as movie downloads, streaming video and vacation-picture uploads. Despite the lack of guarantees, SD-WAN customers have found that combining multiple internet or LTE connections alongside an MPLS link can achieve higher throughput and yield adequate QoS at a much lower cost than simply increasing MPLS capacity.
Quote for the day:
"If the doors of perception were cleansed everything would appear to us as it is: Infinite." -- William Blake