Daily Tech Digest - May 05, 2022

Being a responsible CTO isn’t just about moving to the cloud

The reasons for needing to be a responsible CTO are just as strong as the need to be a tech-savvy one if a company wants to thrive in a digital economy. There are many facets to being a responsible CTO, such as making sure that code is being written in a diverse way, and that citizen data is being used appropriately. In a BCS webinar, IBM fellow and vice-president for technology in EMEA, Rashik Parmar, summarised that the three biggest forces driving unprecedented change today included post-pandemic work; digitalisation; and the climate emergency. With many organisations turning to technology to help solve some of the biggest challenges they’re facing today, it’s clear that there will need to be answers about how this tech-heavy economy will impact the environment. It makes sense that this is often the first place that a CTO will start when deciding how to drive a more responsible future. ... If we focus on the environmental considerations, it’s becoming more commonly known that whilst a move to the cloud may be better for reducing an organisation’s carbon emissions than running multiple on-premises systems, the initiative alone isn’t going to spell good news for climate change.

Frozen Neon Invention Jolts Quantum Computer Race

The group's experiments reveal that within optimization, the new qubit can already stay in superposition for 220 nanoseconds and change state in only a few nanoseconds, which outperform qubits based on electric charge that scientists have worked on for 20 years. "This is a completely new qubit platform," Jin says. "It adds itself to the existing qubit family and has big potential to be improved and to compete with currently well-known qubits." The researchers suggest that by developing qubits based on an electron's spin instead of its charge, they could develop qubits with coherence times exceeding one second. They add the relative simplicity of the device may lend itself to easy manufacture at low cost. The new qubit resembles previous work creating qubits from electrons on liquid helium. However, the researchers note frozen neon is far more rigid than liquid helium, which suppresses surface vibrations that can disrupt the qubits. It remains uncertain how scalable this new system is—whether it can incorporate hundreds, thousands or millions of qubits.

AI for Cybersecurity Shimmers With Promise, but Challenges Abound

There are definitely differences in opinions between business executives, who largely consider AI to be a perfect solution, and security analysts on the ground, who have to deal with the day-to-day reality, says Devo's Ollmann. "In the trenches, the AI part is not fulfilling the expectations and the hopes of better triaging, and in the meantime, the AI that is being used to detect threats is working almost too well," he says. "We see the net volume of alerts and incidents that are making it into the SOC analysts hands is continuing to increase, while the capacity to investigate and close those cases has remained static." The continuing challenges that come with AI features mean that companies still do not trust the technology. A majority of companies (57%) are relying on AI features more or much more than they should, compared with only 14% who do not use AI enough, according to respondents to the survey. In addition, few security teams have turned on automated response, partly because of this lack of trust, but also because automated response requires a tighter integration between products that just is not there yet, says Ollman.

Concerned about cloud costs? Have you tried using newer virtual machines?

“Customers are willing to pay more for newer GPU instances if they deliver value in being able to solve complex problems quicker,” he wrote. Some of this can be chalked up to the fact that, until recently, customers looking to deploy workloads on these instances have had to do so on dedicated GPUs, as opposed to renting smaller virtual processing units. And while Rogers notes that customers, in large part, prefer to run their workloads this way, that may be changing. Over the past few years, Nvidia — which dominates the cloud GPU market — has, for one, introduced features that allow customers to split GPUs into multiple independent virtual processing units using a technology called Multi-instance GPU or MIG for short. Debuted alongside Nvidia’s Ampere architecture in early 2020, the technology enables customers to split each physical GPU into up to seven individually addressable instances. And with the chipmaker’s Hopper architecture and H100 GPUs, announced at GTC this spring, MIG gained per-instance isolation, I/O virtualization, and multi-tenancy, which open the door to their use in confidential computing environments.

Attackers Use Event Logs to Hide Fileless Malware

The ability to inject malware into system’s memory classifies it as fileless. As the name suggests, fileless malware infects targeted computers leaving behind no artifacts on the local hard drive, making it easy to sidestep traditional signature-based security and forensics tools. The technique, where attackers hide their activities in a computer’s random-access memory and use a native Windows tools such as PowerShell and Windows Management Instrumentation (WMI), isn’t new. What is new is new, however, is how the encrypted shellcode containing the malicious payload is embedded into Windows event logs. To avoid detection, the code “is divided into 8 KB blocks and saved in the binary part of event logs.” Legezo said, “The dropper not only puts the launcher on disk for side-loading, but also writes information messages with shellcode into existing Windows KMS event log.” “The dropped wer.dll is a loader and wouldn’t do any harm without the shellcode hidden in Windows event logs,” he continues. “The dropper searches the event logs for records with category 0x4142 (“AB” in ASCII) and having the Key Management Service as a source.

Fortinet CEO Ken Xie: OT Business Will Be Bigger Than SD-WAN

"We definitely see OT as a bigger market going forward, probably bigger than SD-WAN," Xie tells investors Wednesday. "The growth is very, very strong. We do see a lot of potential, and we also have invested a lot in this area to meet the demand." Despite its potential, Fortinet's OT practice today is considerably smaller than its SD-WAN business, which has been a company priority for years. SD-WAN accounted for 16% of Fortinet's total billings in the quarter ended Dec. 31 while OT accounted for just 8% of total billings over that same time period. Fortinet last summer had the second-largest SD-WAN market share in the world, trailing only Cisco. Fortinet's OT success coincides with growing demand from manufacturers, which CFO Keith Jensen says is the one vertical that continues to stand out for the company. ... "The strength in manufacturing really speaks to the threat environment, ransomware, OT, and things of that nature," Jensen says. "Manufacturing is trying desperately to break into the top five of our verticals and it's getting closer and closer every quarter."

Meta has built a massive new language AI—and it’s giving it away for free

Meta AI says it wants to change that. “Many of us have been university researchers,” says Pineau. “We know the gap that exists between universities and industry in terms of the ability to build these models. Making this one available to researchers was a no-brainer.” She hopes that others will pore over their work and pull it apart or build on it. Breakthroughs come faster when more people are involved, she says. Meta is making its model, called Open Pretrained Transformer (OPT), available for non-commercial use. It is also releasing its code and a logbook that documents the training process. The logbook contains daily updates from members of the team about the training data: how it was added to the model and when, what worked and what didn’t. In more than 100 pages of notes, the researchers log every bug, crash, and reboot in a three-month training process that ran nonstop from October 2021 to January 2022. With 175 billion parameters (the values in a neural network that get tweaked during training), OPT is the same size as GPT-3. This was by design, says Pineau. 

Tackling the threats posed by shadow IT

Shadow IT can be tough to mitigate, given the embedded culture of hybrid working in many organizations, in addition to a general lack of engagement from employees with their IT teams. For staff to continue accessing apps securely from anywhere, at any time, and from any device, businesses must evolve their approach to organizational security. Given the modern-day working environment moves at such a fast pace, employees have turned en masse to shadow IT when the experience isn’t quick or accurate enough. This leads to the bypassing of secure networks and best practices and can leave IT departments out of the process. A way of controlling this is by deploying corporate managed devices that provide remote access, giving IT teams most of the control and removing the temptation for employees to use unsanctioned hardware. Providing them with compelling apps, data, and services with a good user experience should see a reduced dependence on shadow IT, putting IT teams back in the driving seat and restoring security. 

5 AI adoption mistakes to avoid

Every AI-related business goal begins with data – it is the fuel that enables AI engines to run. One of the biggest mistakes companies make is not taking care of their data. This begins with the misconception that data is solely the responsibility of the IT department. Before data is captured and input into AI systems, business subject matter experts and data scientists should be looped in, and executives should provide oversight to ensure the right data is being captured and maintained appropriately. It’s important for non-IT personnel to realize they not only benefit from good data in yielding quality AI recommendations, but their expertise is a critical input to the AI system. Make sure that all teams have a shared sense of responsibility for curating, vetting, and maintaining data. Data management procedures are also a key component of data care. ... AI requires intervention to sustain it as an effective solution over time. For example, if AI is malfunctioning or if business objectives change, AI processes need to change. Doing nothing or not implementing adequate intervention could result in AI recommendations that hinder or act contrary to business objectives.

SEC Doubles Cyber Unit Staff to Protect Crypto Users

The SEC says that the newly named Crypto Assets and Cyber Unit, formerly known as the Cyber Unit, in the Division of Enforcement, will grow to 50 dedicated positions. "The U.S. has the greatest capital markets because investors have faith in them, and as more investors access the crypto markets, it is increasingly important to dedicate more resources to protecting them," says SEC Chair Gary Gensler. This dedicated unit has successfully brought dozens of cases against those seeking to take advantage of investors in crypto markets, he says. ... "This is great news! A lot of the cryptocurrency market is against any regulations, including those that would safeguard their own value, but that's not the vast majority of the rest of the world. The cryptocurrency world is full of outright scams, criminals and ne'er-do-well-ers," says Roger Grimes, data-driven defense evangelist at cybersecurity firm KnowBe4. Grimes adds that even legal and very sophisticated financiers and investors are taking advantage of the immaturity of the cryptocurrency market.

Quote for the day:

"The very essence of leadership is that you have to have vision. You can't blow an uncertain trumpet." -- Theodore M. Hesburgh

No comments:

Post a Comment