Daily Tech Digest - August 30, 2018

Companies are not focusing enough on machine identities, says study image
We spend billions of dollars protecting usernames and passwords but almost nothing protecting the keys and certificates that machines use to identify and authenticate themselves. The number of machines on enterprise networks is skyrocketing and most organisations haven’t invested in the intelligence or automation necessary to protect these critical security assets. The bad guys know this, and they are targeting them because they are incredibly valuable assets across a wide range of cyber-attacks. According to the study, Securing The Enterprise With Machine Identity Protection: Newer technologies, such as cloud and containerisation, have expanded the definition of a machine to include a wide range of software that emulates physical machines. Furthermore, these technologies are spawning a tidal wave of new, rapidly changing machines on enterprise networks.



The Evolution of IoT Attacks


In addition to the evolution of IoT devices, there has been an evolution in the way attacker’s think and operate. The evolution of network capabilities and large-scale data tools in the cloud has helped foster the expansion of the IoT revolution. The growth of cloud and always-on availability to process IoT data has been largely adopted among manufacturing facilities, power plants, energy companies, smart buildings and other automated technologies such as those found in the automotive industry. But this has increased the attack surfaces for those that have adopted and implemented an army of possible vulnerable or already exploitable devices. The attackers are beginning to notice the growing field of vulnerabilities that contain valuable data. In a way, the evolution of IoT attacks continues to catch many off guard, particularly the explosive campaigns of IoT based attacks. For years, experts have warned about the pending problems of a connected future, with IoT botnets as a key indicator, but very little was done to prepare for it. Now, organizations are rushing to identify good traffic vs malicious traffic and are having trouble blocking these attacks since they are coming from legitimate sources.


Microservices development will fail with monolithic mindset


Effective microservices development requires organizational change that goes beyond simple, single-team DevOps, said Brian Kirsch, an IT architect and instructor at Milwaukee Area Technical College. Without an overarching DevOps infrastructure across all projects, too many enterprises have created siloed DevOps mini-teams, each producing hundreds of microservices. It's not possible to create a cohesive product when each team works independently and doesn't know what others are doing, Kirsch said. An important practice for organizations moving to microservices is to standardize development tools, frameworks and platforms. Standardization prevents overspending on tools and training and discourages expertise silos and competition for resources. In siloed development, each team in a company often uses its own preferred technology. This reduces engineering resources, because developers may lack skill sets needed to switch teams or substitute on a team using another technology, Kirsch said.


Top 9 Data Science Use Cases in Banking


Banks are obliged to collect, analyze, and store massive amounts of data. ... Nowadays, digital banking is becoming more popular and widely used. This creates terabytes of customer data, thus the first step of data scientists team is to isolate truly relevant data. After that, being armed with information about customer behaviors, interactions, and preferences, data specialists with the help of accurate machine learning models can unlock new revenue opportunities for banks by isolating and processing only this most relevant clients’ information to improve business decision-making. Risk modeling is a high priority for investment banks, as it helps to regulate financial activities and plays the most important role when pricing financial instruments. Investment banking evaluates the worth of companies to create capital in corporate financing, facilitate mergers and acquisitions, conduct corporate restructuring or reorganizations, and for investment purposes.


Improving security is top driver for ISO 27001


“Unfortunately, as long as cyber crime remains a lucrative trade, risks will continue to escalate and attackers will continue to proliferate,” said Alan Calder, founder and executive chairman of IT Governance. “To counter this, organisations need to be fully prepared. ISO 27001, an information security standard designed to minimise risks and mitigate damage, offers the preparedness that organisations need.”  Other top reasons for implementing ISO 27001 include gaining a competitive advantage (57%), ensuring legal and regulatory compliance (52%) and achieving compliance with the EU’s General Data Protection Regulation (GDPR), which was cited by 48% of respondents. According to IT Governance, ISO 27001 provides an excellent starting point for achieving the technical and operational measures required by the GDPR to help mitigate data breaches. Closely in line with the drivers for implementing ISO 27001, improved information security was by far the greatest advantage afforded by achieving certification, according to 89% of respondents.


NSX technology shifts virtual administrator responsibilities


NSX technology, and network virtualization broadly, lives at the kernel on each of the hosts. It has to exist at this level to have access to the traffic it needs without affecting the performance of the VMs. This means it's a host extension, and it falls on the virtual admin to ensure installation and functionality. After that's complete, however, the responsibilities can shift to different people. The functions of firewall and router rules haven't changed just because the environment has moved from physical to virtual, which implies these functions remain the network engineers' responsibilities. The network engineers still have relevant, specialized knowledge, but these rules are often generated automatically based on the VM deployment. Network mapping software, such as vRealize Network Insight, can offer additional complexity. Network engineers and virtual admins can both use these tools to examine the virtual network, ensure functionality and minimize risk before establishing a software-defined network.


What is CUDA? Parallel programming for GPUs

What is CUDA? Parallel programming for GPUs
Without GPUs, those training runs would have taken months rather than a week to converge. For production deployment of those TensorFlow translation models, Google used a new custom processing chip, the TPU (tensor processing unit). In addition to TensorFlow, many other DL frameworks rely on CUDA for their GPU support, including Caffe2, CNTK, Databricks, H2O.ai, Keras, MXNet, PyTorch, Theano, and Torch. In most cases they use the cuDNN library for the deep neural network computations. That library is so important to the training of the deep learning frameworks that all of the frameworks using a given version of cuDNN have essentially the same performance numbers for equivalent use cases. When CUDA and cuDNN improve from version to version, all of the deep learning frameworks that update to the new version see the performance gains. Where the performance tends to differ from framework to framework is in how well they scale to multiple GPUs and multiple nodes.



NASA to use data lasers to beam data from space to Earth

NASA to use data lasers to beam data from space to Earth
Laser is not as easy as radio, though, NASA explains. That’s partly because the Earth’s rotation, coupled with the amount of time it takes data to reach the ground station from the spacecraft — albeit faster than radio — means tricky timing calculations are needed to determine where the narrower laser needs to hit. Traditional radio simply needs a data dump, from space, in the vicinity of the ground receiver, whereas laser needs to be continually connected during the transmission. The agency intends to employ a special locking, pointing mechanism. The idea is that a pre-scheduled passing craft’s telescope picks up a finder-signal sent from the ground station. That allows the transmitter to lock on. Mirrors in the spacecraft’s laser modulator are driven by sensors, and they send the beam. Using the LCRD, NASA is aiming for a 1.24 Gigabits per second, geosynchronous-to-ground optical link with two ground stations. The first flight, run by NASA's Goddard Space Flight Center in Greenbelt, Maryland, is expected to take place next year.


Want a CIO role? Here are the top skills you need and how to get there

While technical skills are more critical, that doesn't necessarily mean executive teams are looking for a former programmer or network engineer to fill their CIO role. A CIO must appreciate the balance between the hype/promise of new technologies and the reality of business, Inuganti said. Despite the need for technical skills, making a jump into leadership at the CIO level requires a deep understanding of the business. CIO candidates must understand the metrics that drive the business, what competitors are doing, and more, Inuganti said. The market previously went too far to the business side of things, but with the growth of cloud, big data, artificial intelligence (AI) and other technologies, it is requiring more technical skills. In terms of what skills are currently hot, data was always there, Inuganti said, but skills around data analysis are growing in desirability for CIOs. He said it's the hottest commodity in the market today, based on what he has seen with executive searches.


Inside the world's most prolific mobile banking malware

The malware's ability to read messages also means it can intercept text messages from the bank containing one-time passwords, helping the attackers to steal from accounts that use additional security. In addition, Asacub ensures the user can't check their mobile banking balance or change any settings because the permissions it has been given enables it to prevent the legitimate banking app from running on the phone. The attacks might seem basic, but they still work, and Kaspersky figures say Asacub currently accounts for 38 percent of mobile banking trojan attacks "The example of the Asacub Trojan shows us that mobile malware can function for several years with minimal changes in its distribution pattern," Shishkova told ZDNet. "One of the main reasons for this is that the human factor can be leveraged through social engineering: SMS-messages look like they are meant for a certain user, so victims unconsciously click on fraudulent links. In addition, with regular change of domains from which the Trojan is distributed, catching it requires heuristic methods of detection," she added.



Quote for the day:


"The People That Follow You Are A Reflection Of Your Leadership." -- Gordon TredGold