Daily Tech Digest - September 08, 2018

Why the cloud is the data, and the data is the cloud?

First, we have the use of easy-to-provision and auto-scaling virtual machines that provide a platform for widely distributed “share nothing” database operations. This provides a divide-and-conquer approach to gathering data from both structured and unstructured sources. It’s the ‘secret sauce’ behind the newfound “Hadoop-y” speed that was really not there in the world of traditional relational databases. Second, we have the ability to deliver data using data services that combine behavior and information. This places the database operations behind a well-defined API or service. For the most part, these are simple services that act very much like a traditional database query, or just produce data as requested from a single data source. However, these cloud-based data services, or, cloud APIs, are becoming complex. They can mash up data from multiple sources and externalize that data using a single interface. Thus, you may be able to ask a single question about the existing state of the company and have a service that considers data in hundreds, perhaps thousands of databases, using up-to-date operational data, to come back with a single meaningful answer.

Proactive approach to defending computer systems

"The concept of MTD has been introduced with the aim of increasing the adversary's confusion or uncertainty by dynamically changing the attack surface, which consists of the reachable and exploitable vulnerabilities," Cho said. "MTD can lead to making the adversary's intelligence gained from previous monitoring no longer useful and accordingly results in poor attack decisions." The basic idea as it applies to IP addresses on computer networks is this: Change the IP address of the computer frequently enough so the attacker loses sight of where his victim is; however, this can be expensive, so the approach taken by the researchers in the collaboration here uses something known as software-defined networking. This lets computers keep their real IP addresses fixed, but masks them from the rest of the internet with virtual IP addresses that are frequently changing. Moore added that as the adage suggests, it is harder to hit a moving target. "MTD increases uncertainty and confuses the adversary, as time is no longer an advantage," Moore said.

Key Algorithms and Statistical Models for Aspiring Data Scientists

Algorithm Design Topics
As a data scientist who has been in the profession for several years now, I am often approached for career advice or guidance in course selection related to machine learning by students and career switchers on LinkedIn and Quora. Some questions revolve around educational paths and program selection, but many questions focus on what sort of algorithms or models are common in data science today. With a glut of algorithms from which to choose, it’s hard to know where to start. Courses may include algorithms that aren’t typically used in industry today, and courses may exclude very useful methods that aren’t trending at the moment. Software-based programs may exclude important statistical concepts, and mathematically-based programs may skip over some of the key topics in algorithm design. ... Because machine learning is a branch of statistics, machine learning algorithms technically fall under statistical knowledge, as well as data mining and more computer-science-based methods.

Windows 10 Enterprise customers will now get Linux-like support

Effective this month, for enterprise customers willing to pay the Enterprise edition premium, Microsoft is granting an extra year's support. The new changes are designed to encourage slow-moving enterprises to pick up the upgrade tempo for hundreds of millions of Windows 7 PCs, before that older OS reaches its retirement date in less than 500 days. Today's announcements are the latest twist in a series of changes and extensions in the three years since Windows 10's initial release in 2015. In November 2017, Microsoft extended support for version 1511 by six months, to April 2018. (The blog post announcing that change is no longer online.) Then, in February 2018, Microsoft announced similar six-month "servicing extensions for Windows 10," but this time with a noteworthy gotcha: The new, 24-month support lifecycle applied only to Enterprise and Education editions. If your organization has devices running Windows 10 Pro, they need to be updated every 18 months or sooner.

AWS vs. Azure: Users Share Their Experiences

Image: Shutterstock
What makes a user switch to AWS or Azure from their previous approach to handling a workload? The answers reveal what’s working well with these two cloud solutions. For example, it_user396519, another Amazon Redshift user, had been using an on-premise MySQL data warehouse. He switched to AWS “to reduce the cost and improve scalability.” Or, consider itmanage402807 a SQL Azure user who moved to the Microsoft cloud after evaluating databases like PostgreSQL. He explained, “We decided to switch because our .NET application works well with Microsoft solutions.” Adi L., an AWS Dynamo DB User at a healthcare company, chose AWS when he was also faced with the option of continuing with PostgreSQL. He noted, “We switched to DynamoDB for the scalability and ease of deployment and operation.” Wagner S. , an Amazon EC2 user, switched from the Google Cloud Platform “because Amazon AWS offers more services and a lot more settings.”

Phishing alert: North Korea's hacking attacks shows your email is still the weakest link

The North Korean group accused of some of the biggest cyber crimes ever conducted may have harnessed some highly sophisticated technologies, but their ability to break into computer networks worldwide often relied on nothing more than a bogus email. The US Department of Justice has formally charged a North Korean programmer for his part in some of the largest cyber-attacks in recent years, conducted by a group backed by the North Korean government. The 172-page criminal complaint published by the US Department of Justice provides an unprecedented insight into the workings of one of the most notorious hacking groups on the planet, but also shows how their most successful attacks were at least in part down to a blizzard of fake -- phishing -- emails. The group's activities allegedly include the devastating attack on Sony Pictures Entertainment in November 2014. The group launched their attack on the company in response to the movie The Interview, a comedy that depicted the assassination of North Korea's leader.

How the Equifax hack happened, and what still needs to be done

Equifax as a company hasn't faced many consequences. In January, Democratic senators proposed a law that would require credit-reporting agencies to protect the data they've amassed and pay a fine if they're hacked. The bill never went anywhere. "One year after they publicly revealed the massive 2017 breach, Equifax and other big credit reporting agencies keep profiting off a business model that rewards their failure to protect personal information -- and the Trump Administration and the Republican-controlled Congress have done nothing," Sen. Elizabeth Warren, a Democrat from Massachusetts, said in a statement. Warren isn't alone. At a House Energy and Commerce Committee hearing on Wednesday, where the focus was on Twitter and its CEO, Jack Dorsey, Rep. Ben Lujan pivoted his attention to Equifax. "We've not done anything as well for the 148 million people that were impacted by Equifax," said Lujan, a Democrat from New Mexico. "I think we should use this committee's time to make a difference in the lives of the American people and live up to the commitments that this committee has made: provide protections for our consumers."

Swaying the C-Suite: Proving the ROI of a sound security strategy

When you think about it, it does make sense that the C-suite and security or operations teams don’t speak the same language. Senior leaders are often tasked with cutting the fat. At the same time, organizations struggle to quantify the value of cybersecurity investments. It's important for IT and security leaders to note that true ROI comes from defending the organization against material impact, before it happens. Begin by proving your position with numbers. For example, cybercrime is estimated to cost approximately $6 trillion per year on average through 2021. As such, smart security spend pays for itself in cost savings, reputation protection and more, given the direct connection between loss prevention and a company's bottom line. We're facing a reality in which organizations understand they need to care about security, but to really get executive buy-in, the security team still needs to prove ROI — the right kind of ROI — and present a clear implementation plan. After providing facts and figures, a security roadmap can help highlight the tactical actions needed to sway the C-suite to commit and spend.

The simple fix so your cloud costs don’t spin out of control

The simple fix so your cloud costs don’t spin out of control
There is an easy fix, and it’s called cloud cost management or cloud usage management. It comprises the processes, approaches, and tools that let you keep cost in check—and, most important, keep those costs predictable. These are cloud cost governance tools to monitor usage and the associated costs. They do so by workload, by user, by department, or byany other way you want to slice it. These tools not only let you see who’s using what and when, and how much it costs, but do chargebacks and showbacks to make sure that the right budgets are funding the cloud usage. Perhaps the most important aspect of this technology is that you can set predetermined limits. This includes setting usage parameters such as not provisioning the most expensive instances of storage all the time and making sure that budget restrictions are adhered to. Ironically, even enterprises that are the most controlling when it comes to costs tend to think of cloud costs as something that’s unknown and so just accept whatever rolls in. No one knows what the bill will be, nor expects to.

Facebook, Twitter Defend Fight Against Influence Operations

Numerous technology firms have disputed the notion that there is any political bias in their algorithms. "These accusations are not borne out by data and facts, and they have been widely discredited by major news organizations and experts," a coalition of technology industry groups said in a letter to the committee. But some industry watchers have suggested that while they see no political bias, private social media firms should be more transparent about how their algorithms work as well as their content management policies. "Charges of left-leaning bias are not new, of course," says Tarleton Gillespie, a principal researcher at Microsoft Research and an affiliated associate professor at Cornell University, on TechDirt. "They come from a very old playbook conservatives have used against newspapers and broadcasters for decades. Unfortunately, Silicon Valley is partly to blame for why it is working so well today. Search engines and social media platforms have been too secretive about how their algorithms work and too secretive about how content moderation works."

Quote for the day:

"Leadership is particularly necessary to ensure ready acceptance of the unfamiliar and that which is contrary to tradition." -- Cyril Falls