Daily Tech Digest - February 15, 2019

Bettering Threat Intelligence And Cyber Security A New Role For Blockchain?

Already there should be blockchain alarm bells ringing by looking at the above explanation. Specialists are correlating data on potential threats to protect a vast network against said cyber crimes before they happen. It sounds a lot like a distributed ledger of information, openly available. However, while Threat Intelligence is a noble pursuit, there are issues with it. Applying the data, determining the right data, the actual collection of the data, and the distribution, all needs to be addressed as the current model stands. But this is where blockchain could find a niche, it has the potential to help sure up the Threat Intelligence model that is still growing in its own right. The blockchain security itself can also help beef up cybersecurity to a point where threats are being identified and dealt with even before they hit. Threat Intelligence is an essential and applicable way to counter cyber threats, which are getting more devastating and sophisticated. The function of Threat Intelligence is to spread the word on new threats and make sure that an extensive network is prepared for the danger before infection takes place.

Skeptical of AI's future? You can blame the media

Researchers at the Reuters Institute for the Study of Journalism examined 760 articles representing eight months of reporting on AI by six mainstream U.K. news outlets, including the BBC, the Daily Mail, the Telegraph and the Guardian. They found that these discussions habitually presented AI technology in a positive light — as solutions to problems in providing health care, cheaper and more efficient transport, or better business management. They rarely discussed alternatives to the AI-based solutions or examined how effective AI approaches might be in comparison with others. This dominant framing isn’t surprising given that nearly 60 percent of the articles were pegged to industry events: a CEO’s speech, the launch of some new product or research initiative, or news about startups, buyouts or conferences. They were much less likely to quote academics and government sources, who might offer more independent points of view.

How the technology can work beyond crypto

While blockchain’s improved transparency poses a huge advantage to many businesses, it also highlights a major challenge, as many businesses lack the sufficient infrastructure to fully adopt DLT technology. As a result, only through a major overhaul of its legacy systems can a company make full use of blockchain. Even beyond the technological challenges, there is also the added factor of personal emotions getting in the way of innovative technology. The volatile market of cryptocurrency has led many to become sceptical over blockchain technology. Yet despite this mentality in some organisations, there are some prime examples of how DLT has been used effectively outside the cryptocurrency sector. While cryptocurrency may be struggling in a bear market, there is a growing list of real-world examples where the technology is being used in industries outside of digital assets. Kodak leapt into the blockchain world in January 2018, with the proposal to use the technology to manage image copyright.

Treading the path to a successful digital transformation

Treading the path to a successful digital transformation image
According to Pat Geary, chief evangelist at Blue Prism a successful digital transformation is as much about deployment and support as it is about selecting the right solution. “The barriers standing in the way are often more cultural than technical,” he explained. “When rolling out new technology, organisations don’t just need to get the C-Suite on board but the entire workforce. Management must focus on communicating to employees the clear benefits of the solution and demonstrate how it will augment their capabilities, rather than adding a piece of technology or software for its own sake. “This is about using technology to unleash the creativity and innovation of an organization’s digital savvy employees. This will be the real criteria driving success. Digital transformation can only succeed if human workers support the change. The value and support of employees should never be underestimated.”

Why Enterprise Data Requires a Hybrid Cloud Strategy

Unfortunately, many organizations don’t learn that their cloud providers aren’t responsible for their company’s data until it’s too late. Understanding the importance of data availability, however, today’s leading organizations are increasingly moving to hyrbid and multi-cloud environments. This enables them to build redundancy into their infrastructure to protect their data—and really take full ownership of it. As a result, employees can access the data they need regardless of whether AWS or any other cloud provider is available at any particular moment. These organizations, then, are able to bring products to market faster and continue to deliver superior customer experiences, while competitors that operate in single-cloud environments need to wait for that environment to be restored once an outage occurs. Before the cloud, enterprises could get away with copying their data once a day—let’s say each day at 5 p.m. But in today’s age of big data—where 2.5 quintillion bytes of data are created every day—a much more frequent backup plan is needed.

Industrial control systems face uphill security battles in 2019

The largest actionable takeaway from this report is for ICS security staff to work closely with hardware and software vendors. Only 18% of vendor advisories contained errors in their risk scoring, and error rates were also lower when security researchers reported errors to vendors instead of going through an external CERT process. Security professionals who find a vulnerability in their system should report it to their vendor immediately—that gives it a much better chance of being properly addressed and patched. ... Zero day threats, the report said, aren't a significant risk to ICSes, as there are plenty of ways for intruders to penetrate a network that rely on known risks and improper security of public facing ICS networks. The report also noted an increase in commercial penetration-testing tools being turned to nefarious use by hackers. Defending against these attacks requires a "kill chain" approach that targets potential threats at each level of an attack. "Defenders can use a mix of modern threat detection strategies including indicator- or behavior-based methods, or approaches relying on modeling and configuration.

Uber Introduces AresDB: GPU-Powered, Open-Source, Real-Time Analytics Engine

AresDB architecture.
AresDB's design has the following features: column-based storage, real-time upsert, and GPU-powered query processing. Column-based storage has been implemented to enable compression for storage and query efficiency. There are two categories of stores - a Live store for recently ingested data stored in an uncompressed, unsorted format and an Archive store for mature, sorted and compressed data. Real-time upsert with primary key deduplication has been implemented to increase data accuracy and provide "near real-time data freshness" within seconds. As part of real-time ingestion, AresDB classifies records as "late" or not. Records considered as "late" are put into the archive store whereas fresh records go into the live store. A scheduled archiving process also periodically takes records from the live store (after they can be considered to be mature) and merges them into the archived store. GPU-powered query processing uses highly parallelized data processing by GPUs to provide low query latencies.

Data breaches exposed 5 billion records in 2018

intro data breach circuit board technology security
The largest breach by far was one that involved people India's national ID database, known as the Aadhaar. That incident was reported in March 2018 and exposed the national ID numbers, addresses, phone numbers, email addresses, postal codes, and photographs of almost 1.2 billion Indian citizens. Other large breaches included hackers gaining access to 383 million loyalty program records stored in Marriott's Starwood guest reservation database and to 240 million guest records from Huazhu Hotel Group. Some breaches were not the result of hackers exploiting security vulnerabilities, but of security oversights that made data openly accessible on the web. This was the case with marketing firm Exactis, which exposed the personal details of 230 million adults and 110 million business contacts due to a misconfigured database. Another common cause for breaches is fraud or social engineering, where company insiders intentionally or accidentally share data with unauthorized third parties. 

Container security tools pitch service mesh integrations

Service meshes such as Linkerd, Istio and others offer granular security management and monitoring features, but only for areas of the infrastructure where service mesh sidecar container proxies are deployed. Meanwhile, defense in depth for container security environments is a hot topic, as vulnerabilities such as this week's disclosure of a runC flaw illustrate. Enter container security tools, which offer a comprehensive view into container environments inside and outside of the purview of service mesh, as well as security management for service mesh deployments themselves. "Third-party container security tools can provide coverage for things the mesh doesn't do," said Fernando Montenegro, analyst at 451 Research. The Istio service mesh, for example, is focused primarily on application security monitoring at Layer 7, while container security tools can offer in-depth Layer 2 and 3 monitoring.

IoT 2020: Trends and Challenges

One of the chief complaints about the IoT is its confusing nature, and it’s becoming clear that the term “Internet of Things” isn’t descriptive enough for most uses. In 2019, companies and the tech press will increasingly use terminology that better explains how specific implementations are being used, and those who use IoT technology will need to learn new terminology when making decisions. Although this trend will likely lead to some confusion during much of 2019, the better precision provided will lead to a clearer landscape. ... Voice recognition has been an ascendant technology for years now, and improvements in accuracy have been astounding. Even more importantly, people are becoming more accustomed to interacting with digital assistance and other voice recognition technologies, and companies are feeling more comfortable asking their customers to speak with digital assistants. Because processing voice data only requires an internet connection and microphone, more IoT devices are likely to offer voice assistance in 2019.

Quote for the day:

"After climbing a great hill, one only finds that there are many more hills to climb." -- Nelson Mandela

No comments:

Post a Comment