Daily Tech Digest - September 12, 2021

How to develop a two-tiered security model for the hybrid work paradigm

Providing organizations and their stakeholders complete digital security is a part of the holistic security culture that enterprises must inculcate. This is how they can ensure that the work paradigm of the future is anchored by safety and technological progression on the back of a top-down security culture. Organizations must promote the belief that upholding digital security requirements isn’t the responsibility of the security department alone. A sustainable security culture requires a collective investment from all stakeholders in the organization. A vision that treats security as a non-negotiable asset, complemented by employee sensitization and training practices, is necessary for the safekeeping of valuable data and prevention against exploitation of vulnerabilities by threat actors. To drive optimal results, administrators must make sure that the mechanics used to deliver security training to employees account for different departments, learning styles, and abilities. Employees are the bedrock of any organization. Employee errors are common when they are unsupervised, anxious, or uneducated in matters pertaining to organizational security. 

5 Habits I Learned From Successful Data Scientists at Microsoft

Continuous learning and improvement are paramount for Data Scientists looking to stand out from the crowd of other qualified data professionals. As many already know Data Science is not a static field. Look at job descriptions, find out what skills most employers are looking for in a data scientist, and compare with your resume. Are you lacking these skills? Identify your weak points and work towards improvement. ... It’s not just about models and programming languages; it is paramount that you understand the inner workings of your profession. The truth is if you are depending on the tricks and experience you’ve gathered from your previous or current job, there are massive tendencies that you will remain professionally stagnant. ... There are hundreds of quality research papers, books, articles, and magazines exhibiting valuable Data Science resources to educate yourself and expand your knowledge about certain concepts in your field. Before I moved on to get my Data Science certification, I learned most of the programming languages and analysis tricks from blog posts.

Yandex Pummeled by Potent Meris DDoS Botnet

“Yandex’ security team members managed to establish a clear view of the botnet’s internal structure. L2TP [Layer 2 Tunneling Protocol] tunnels are used for internetwork communications. The number of infected devices, according to the botnet internals we’ve seen, reaches 250,000,” wrote Qrator in a Thursday blog post. L2TP is a protocol used to manage virtual private networks and deliver internet services. Tunneling facilitates the transfer of data between two private networks across the public internet. Yandex and Qrato launched an investigation into the attack and believe the Mēris to be highly sophisticated. “Moreover, all those [compromised MikroTik hosts are] highly capable devices, not your typical IoT blinker connected to Wi-Fi – here we speak of a botnet consisting of, with the highest probability, devices connected through the Ethernet connection – network devices, primarily,” researchers wrote. ... While patching MikroTik devices is the most ideal mitigation to combat future Mēris attacks, researchers also recommended blacklisting.

Consistency, Coupling, and Complexity at the Edge

Although RESTful APIs are easy for backend services to call, they are not so easy for frontend applications to call. That is because an emotionally satisfying user experience is not very RESTful. Users don’t want a GUI where entities are nicely segmented. They want to see everything all at once unless progressive disclosure is called for. For example, I don’t want to navigate through multiple screens to review my travel itinerary; I want to see the summary (including flights, car rental, and hotel reservation) all on one screen before I commit to making the purchase. When a user navigates to a page on a web app or deep links into a Single Page Application (SPA) or a particular view in a mobile app, the frontend application needs to call the backend service to fetch the data needed to render the view. With RESTful APIs, it is unlikely that a single call will be able to get all the data. Typically, one call is made, then the frontend code iterates through the results of that call and makes more API calls per result item to get all the data needed.

Facebook Researcher’s New Algorithm Ushers New Paradigm Of Image Recognition

Humans have an innate capability to identify objects in the wild, even from a blurred glimpse of the thing. We do this efficiently by remembering only high-level features that get the job done (identification) and ignoring the details unless required. In the context of deep learning algorithms that do object detection, contrastive learning explored the premise of representation learning to obtain a large picture instead of doing the heavy lifting by devouring pixel-level details. But, contrastive learning has its own limitations. According to Andrew Ng, pre-training methods can suffer from three common failings: generating an identical representation for different input examples, generating dissimilar representations for examples that humans find similar (for instance, the same object viewed from two angles), and generating redundant parts of a representation. The problems of representation learning, wrote Andrew Ng, boil down to variance, invariance, and covariance issues.

How AI Is Changing the IT and AV Industries

When AI can take visual, auditory, and human speech information and generate speech in return, it will need to be able to make decisions. As an example, AI-based systems may be able to process behavioral patterns on smartphone applications and then convert that information into a decision to tweak the user experience to enhance the effectiveness of the application. Another great way for AI to make decisions and change the IT industry is to participate in defect analysis and efficiency analysis. Some AI may be able to assess protocols or infrastructure and determine where defects may exist in the system and then determine the best solutions to increase efficiency. Another consideration is for AI to collect lots of data and generate solutions to improve efficiency over time, even without the presence of a defect. AI being able to create and offer solutions is quickly changing the IT industry for the better, making it more efficient and helpful in the long term. Obviously, the introduction of AI in machines allows for automation at multiple process stages. 

DeepMind aims to marry deep learning and classic algorithms

Algorithms are a really good example of something we all use every day, Blundell noted. In fact, he added, there aren’t many algorithms out there. If you look at standard computer science textbooks, there’s maybe 50 or 60 algorithms that you learn as an undergraduate. And everything people use to connect over the internet, for example, is using just a subset of those. “There’s this very nice basis for very rich computation that we already know about, but it’s completely different from the things we’re learning. So when Petar and I started talking about this, we saw clearly there’s a nice fusion that we can make here between these two fields that has actually been unexplored so far,” Blundell said. The key thesis of NAR research is that algorithms possess fundamentally different qualities to deep learning methods. And this suggests that if deep learning methods were better able to mimic algorithms, then generalization of the sort seen with algorithms would become possible with deep learning.

SolarWinds Attack Spurring Additional Federal Investigations

Right now, the SEC investigation appears fairly broad and could reveal other cyber incidents involving these companies, including past data breaches and ransomware attacks, says Austin Berglas, who formerly was an assistant special agent in charge of cyber investigations at the FBI's New York office. "This [inquiry] could potentially include forensic and investigative reports of past, unreported incidents and could bring the topic of attorney privilege into play," says Berglas, who is now global head of professional services at cybersecurity firm BlueVoyant. "If there is no evidence of [personally identifiable information] exposure, organizations are not mandated to disclose the incident. However, not all investigations are black-and-white. Sometimes evidence is destroyed, unavailable or corrupted, and confirmation of the exposure of sensitive information may not be obtainable upon forensic analysis." While some companies will err on the side of caution and publish data related to breaches, others might not, and Berglas says the SEC might be probing to see which companies are following federal or state laws when it comes to disclosures.

Implementing enterprise transformation using TOGAF

TOGAF includes the concept of "target first" and "baseline first." This can help us in our decision on where to start. If we know how we want the future state to look like, we could begin with the target first and work our way back to the baseline. If we are not sure what we want the future state to look like, we could begin with the baseline and work our way to the target state. Regardless of which path you choose; in the end you need to have both the baseline and target well defined. What we are looking for is the gap between what we have and what we need. And it is within that gap that the enterprise transformation is defined and takes place. The baseline provides us with information on our current state. The target provides us with information on what we would like to achieve at the end of the transformation. With this information, we can put together a transformation roadmap and the ability to measure our progress/success in achieving the target state. Enterprise architecture is a discipline to lead enterprise responses proactively and holistically to disruptive forces by identifying and analysing the execution of change toward desired business vision and outcomes. 

How new banking technology platforms will redefine the future of financial services

The evolution of fintech over the last five years has been quite dramatic in that they have devised new operating and business models that are changing the landscape. They are doing so by bringing in differentiated specialisation in a specific area, which traditional banks are unable to match. For example, there are a few who have created a business around becoming a ‘trusted advisor’ to consumers offering valuable guidance to them on their financial needs and enabling them to make the best choice on financial products and services. Banks which were hitherto aligned to an exclusive sourcing arrangement with a partner now have to contend with integrating seamlessly with these ‘advisors’ and participate in their competitive marketplace to acquire more customers. Not doing so is increasingly not an option, as consumer behaviour is steadily evolving to demand such experiences, and banks cannot provide these on their own. And this is truly open banking. While there are no regulatory obligations as of yet to participate in an open banking framework within India, it is a matter of time before this becomes essential in the backdrop of RBI’s account aggregator guidelines expected to come into effect soon.

Quote for the day:

"One man with courage makes a majority." -- Andrew Jackson

No comments:

Post a Comment