Daily Tech Digest - June 17, 2020

We Need the Security Benefits of AI and Machine Learning Now More Than Ever

“AI and machine learning tools can absolutely help people do their jobs more effectively now more than ever,” said Lonas. “Security professionals are always in short supply, and now possibly unavailable or distracted with other pressing concerns. Businesses are facing unprecedented demands on their networks and people, so any automation is welcome and beneficial.” In machine learning, a subset of AI, algorithms self-learn and improve their findings and results without being explicitly programmed to do so. This means a business deploying AI/ML is improving its threat-fighting capabilities without allocating additional resources to the task– something that should excite cash-strapped businesses navigating tough economic realities. Our AI/ML report backs up Lonas’s assertion that these technologies make a welcome addition to most business security stacks. In fact, 94 percent of respondents in our survey reported believing that AI/ML tools make them feel more comfortable in their role. “People who use good AI/ML tools should feel more comfortable in their role and job,” he asserts. “Automation takes care of the easy problems, giving them time to think strategically and look out for problems that only humans can solve.

Licensing and roadmap update for Power BI Report Server

Since Power BI Report Server launched in June 2017, it’s been adopted by thousands of customers in a variety of industries, giving them a way to use and share Power BI reports on-premises. As the BI industry has evolved over the last three years, we continue to see more and more customers choosing to make the switch to the cloud. The availability of paginated reports in the Power BI service enables organizations to centralize and manage their BI workloads in one single global location – Power BI. This is why we’ve always positioned Power BI Report Server as an on-premises solution for reporting today, with the flexibility to move to the cloud tomorrow. As more customers than ever take that next step in their cloud journey, we’re taking steps to help these customers make the transition successfully.  We’ve recently updated our licensing terms to allow SQL Server Enterprise customers with software assurance to deploy Power BI Report Server on Azure VM’s for production use by leveraging their Azure Hybrid Benefit. For many customers, moving their internal servers to Infrastructure as a Service (IaaS) offerings in the cloud represent the first step in their digital transformation.

Shadow IT: Why It’s Still a Major Risk in Today’s Environments

Many organizations weren’t expecting the transition to remote work and have found themselves needing to improvise. As a result, numerous employees are working from home on devices that had never left the corporate environment before this time—even laptops that were always stored in the office when they weren’t in use. Others are being challenged to adapt their personal devices for professional purposes for which they were never configured or intended. For security teams seeking visibility into cloud applications across employee-owned devices (BYOD), a full Cloud Access Security Broker (CASB) solution is needed. This allows for real-time auditing and control of your cloud app usage on both managed and unmanaged devices. A CASB solution will also enable you to monitor for and restrict usage of non-corporate instances of cloud applications, as well as to apply individual security policies on a per-device basis. Just like water flows downhill, employees tend to gravitate toward technologies that allow them to work in the most frictionless ways. If there’s widespread interest in using a particular tool, it may make the most sense to sanction—and then monitor—its usage.

Hosting Provider Hit With Largest-Ever DDoS Attack

The sheer variety of data types used in the attack, along with signs of significant coordination, suggests a knowledgeable attacker, he says. "What was really different is that the absolute kitchen sink was thrown in for this attack," Barranco says. More than nine different types of traffic were used in the attack - far more than the two or three types used in a typical attack - and the traffic surge lasted about an hour. Most attacks are measured in minutes, so this was notable. "It's has been a long time that we've seen the duration that long and an attack of that size." A typical year of denial-of-service attacks includes a massive number of smaller attacks targeting gaming sites, often to give one player an edge over the competition, and a few massive bandwidth attacks. Over the past 24 months, the median denial-of-service attack has peaked at less than 250,000 packets-per-second, according to Akamai's State of the Internet (SOTI) report. Very few attacks have surged far beyond that average. Security firm Imperva recorded a 500 million packet-per-second attack in early 2019, for example. The attack weathered by Akamai and its customer came close to that packet rate, but surpassed the bandwith of that previous attack because the average packet seen by Akamai consisted of more data.

To lead in a changed world, make yourself essential

As a leader, your new — and perhaps only — mission is to change your company with the times. It’s clear that businesses that are essential to people’s lives will recover faster, and those that are perceived as extraneous will have a short runway to adapt to the new normal. But this is a moment for leaders of all businesses to grapple with what is essential about their own operations, processes, and products or services. Everything you do now will be scrutinized: Is it essential or not? Companies holding out for a post–COVID-19 bounce back to things as they were will be sorely disappointed. Instead, consider this just the beginning of shifting behavior from consumers. That reality calls for a new kind of thinking and action from companies: Double down on digital transformation, know what to hold, manage in shorter increments, and plan for operational resilience. The time to stop dabbling in digital transformation was pre–COVID-19. The difficulties of ramping up online stores and systems for suddenly remote employees — including implementing virtual digital tools for collaboration and product management in scattered living rooms and on dining tables — are evident.

After Guilty Plea, DDoS Attacker Gets 5-Year Prison Term

A federal judge has sentenced an Iranian-born, U.S. naturalized citizen to five years in prison for one in a series of distributed denial-of-service attacks over the course of at least five years, according to the Department of Justice. Andrew Rakhshan, 40, formerly known as Kamyar Jahanrakhshan, pleaded guilty to one count of conspiracy to commit computer fraud in February. In addition to the jail sentence, he was fined $520,000. Starting in 2015, Rakhshan conducted a series of DDoS attacks against websites that had posted legal information about his prior conviction for fraud in Canada, according to the Justice Department. One of the sites that Rakhshan targeted with a DDoS attack, called Leagle.com, is based in Canada but it's servers are housed in Texas. Rahshan's guilty plea in February was in connection with the attack on this website, prosecutors say. Rakhshan was originally arrested near Seattle in July 2017, and the case was transferred the U.S. Attorney's Office for the Northern District of Texas. Since his arrest, Rakhshan has remained in federal custody, according to the Justice Department.

Robots will take 50 million jobs in the next decade.

Equally, some new opportunities might emerge to enable a smoother transition for workers. Robotics company Universal Robots, for example, is already deploying "cobots" (or collaborative robots) to businesses, which are designed to simplify the use of automation for human employees. The company has developed online courses, which it claims enable workers with no engineering background to program a "cobot" in only 87 minutes. The method, according to Universal Robots, reverses the idea that automation is taking jobs away from humans, and instead gives tools to employees to better control their day-to-day activities. Lund, for her part, is confident that the workforce will easily acquire the new skills that it will need – in part, because it already has. "Work skills have been evolving over the past years for many professions," she says. "With the advent of digital technologies, this has accelerated." "In Europe, subway train drivers have switched to becoming route optimizers, as trains have become automated," she continued. To succeed alongside robots in new types of work, employees will need skills that they don't currently have. The concept of "lifelong learning" will gather pace, therefore, as workers acquire new knowledge throughout their careers.

Cisco Brings SecureX into Full Security Lineup to Cut Complexity

The platform debuted alongside Cisco's "2020 CISO Benchmark Report," which found many security leaders struggle with alert fatigue and other challenges when managing a multivendor environment. Eighty-six percent use up to 20 vendors. Of those who report alert fatigue, 93% receive at least 5,000 alerts per day and 17% report 100,000 or more alerts. Businesses with more vendors report longer downtime, higher costs, and more breached records after a cyberattack. It's not only security leaders who are feeling the effects. Cisco's recently released "CIO Perspectives 2020" study found security and complexity are the top two challenges CIOs face. More than two-thirds surveyed feel they are being stretched too thin, Cisco researchers found. "The challenge in the security industry is [that] we're not necessarily always helping," says Bret Hartman, CTO of Cisco's Security Business Group. Vendors are always creating new tools to buy and assemble, he adds, complicating the jobs of people who manage and protect them all. SecureX, which will be included in all Cisco Security products on June 30, is meant to simplify IT management and reduce the complexity that CIOs and CISOs often struggle to handle.

6 new rules of engagement for CIOs in 2020

Under these new circumstances, CIOs must be working to deliver value to customers as fast as possible, both internally and externally. Platform companies are always reviewing customer utilization of their products and enhancing the experience, adding enhancements by chipping away at a backlog of features. In this day and age, CIOs must be adopting that same mindset for their customers. We must be reviewing and utilizing data to determine how we can drive more change that leads to better outcomes for our customers faster. .... The rules around work are being rewritten. As CIOs, we have the opportunity to encourage behavior change that will ultimately help our teams stay engaged. It can be as small as loosening up your own wardrobe choices to signify to your teams that getting work done is more important than donning a collared shirt, or as big as encouraging your teams to end work early on a Friday to enjoy some recharge time. As different parts of the country and world re-open, remember that it doesn’t necessarily mean your colleagues are sending their children back to school or summer camp.

5 Major Software Architecture Patterns

The microkernel architecture pattern is a natural pattern for implementing product-based applications. And a product-based application is one that is packaged and made available for download in versions as a typical third-party product. However, many companies also develop and release their internal business applications like software products, complete with versions, release notes, and pluggable features. The microkernel architecture pattern allows you to add additional application features as plug-ins to the core application, providing extensibility as well as feature separation and isolation. The microkernel architecture pattern consists of two types of architecture components: a core system and plug-in modules. Application logic is divided between independent plug-in modules and the basic core system, providing extensibility, flexibility, and isolation of application features and custom processing logic. And the core system of the microkernel architecture pattern traditionally contains only the minimal functionality required to make the system operational.

Quote for the day:

"Leaders are the ones who keep faith with the past, keep step with the present, and keep the promise to posterity." -- Harold J. Seymour

No comments:

Post a Comment