Daily Tech Digest - May 12, 2022

SD-WAN and Cybersecurity: Two Sides of the Same Coin

SD-WAN is a natural extension of NGFWs that can leverage these devices’ content/context awareness and deep packet inspection. The same classification engines used by NGFWs to drive security decisions can also determine the best links to send traffic over. These engines can also guide queueing priorities, which in turn enables fine-grained quality-of-service (QoS) controls. ... Centralized cloud management is key to enabling incremental updates of these new features. Further, flexible policy-driven routing enables service chaining of new security features in the cloud rather than building these features into the SD-WAN customer premises equipment (CPE). For example, cloud-based services for advanced malware detection, secure web gateways, cloud-access security brokers, and other security features can be enabled via the SD-WAN platform, seamlessly bringing these and other next-gen security functions across the enterprise. The coordination between the cloud-based SD-WAN service and the on-premises SD-WAN CPE allows new security applications to benefit from both the convenience and proximity of an on-site device and the near-infinitely scalable computing power of the cloud.

Introducing AlloyDB for PostgreSQL: Free yourself from expensive, legacy databases

As organizations modernize their database estates in the cloud, many struggle to eliminate their dependency on legacy database engines. In particular, enterprise customers are looking to standardize on open systems such as PostgreSQL to eliminate expensive, unfriendly licensing and the vendor lock-in that comes with legacy products. However, running and replatforming business-critical workloads onto an open source database can be daunting: teams often struggle with performance tuning, disruptions caused by vacuuming, and managing application availability. AlloyDB combines the best of Google’s scale-out compute and storage, industry-leading availability, security, and AI/ML-powered management with full PostgreSQL compatibility, paired with the performance, scalability, manageability, and reliability benefits that enterprises expect to run their mission-critical applications. As noted by Carl Olofson, Research Vice President, Data Management Software, IDC, “databases are increasingly shifting into the cloud and we expect this trend to continue as more companies digitally transform their businesses. ...”

Visualizing the 5 Pillars of Cloud Architecture

If you understand your cloud infrastructure, you can more confidently ensure your customers can rely on your organization. With the ability to constantly meet your workload demands and quickly recover from any failures, your customers can count on you to consistently meet their service needs with little interruption to their experience. A great way to increase reliability in your cloud infrastructure is to set key performance indicators (KPIs) that allow you to both monitor your cloud and alert the proper team members when something within the architecture fails. Using a cloud visualization platform to filter your cloud diagrams and create different visuals of current, optimal and potential cloud infrastructure allows you to compare what is currently happening in the cloud to what should be happening. ... Many factors can impact cloud performance, such as the location of cloud components, latency, load, instance size and monitoring. If any of these factors become a problem, it’s essential to have procedures in place that result in minimal deficiencies in performance. 

Zero Trust Does Not Imply Zero Perimeter

Don’t get me wrong, the concept of trusting the perimeter is fairly old-school/outdated and does come into conflict with more modern “cloud native” approaches. Remote users will also have issues with latency, especially if you require the users to VPN to your on-premises network and finally establish connectivity with the cloud. The theoretical modern approach is to not trust that perimeter. This doesn’t mean you have to get rid of it, but rather it’s not the default, since increasingly the perimeter is becoming more porous and ill-defined. This is as opposed to when moving to a “zero-trust” model, where everything needs to be proven for both the user identity and device prior to any data, application, assets and/or services (DAAS) being permitted to communicate to any services. Going further down memory lane, back in the day the perimeter used to mean that everything was located within your “castle” and perimeter-based system access was “all or nothing” by default. Once users were in, they were in, which also applies to any other type of actor, including malicious actors. Once the perimeter was breached, the malicious actor effectively had unlimited access to everything within the perimeter.

As Inflation Skyrockets, Is Now the Time to Pull Back on New IT Initiatives?

There are two big risks associated with pulling back, says Ken Englund, technology sector leader at business advisory firm EY Americas. Pulling back on projects may increase the risk of IT talent turnover, he warns. “Pausing or changing priorities for tactical, short-term reasons may encourage talent to depart for opportunities on other companies' transformational programs.” Also, given current inflationary pressure, “the cost to restart a project may be materially more expensive in the future than it is to complete today.” There's no doubt that pulling back on IT spend saves money over the short term, but short-sighted savings could come at the cost of long-term success. “If an organization must look to cut budgets, start with a strategic review of all projects, identifying which have the greatest possible impact and least amount of risk,” Lewis-Pinnell advises. Examine each project's total cost of ownership and rank them by cost and impact. Strategic selection of IT initiatives can help IT leaders manage through inflationary challenges. “Don’t be afraid to cut projects that aren’t bringing you enough benefit,” she adds.

Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers

CrowdStrike's analysis shows the modules are designed to run only in-memory to reduce the malware's footprint on an infected system — a tactic that adversaries often employ in long-running campaigns. The framework also has several other detection-evasion techniques that suggest the adversary has deep knowledge of Internet Information Services (IIS) Web applications. For instance, CrowdStrike observed one of the modules leveraging undocumented fields in IIS software that are not intended to be used by third-party developers. Over the course of their investigation of the threat, CrowdStrike researchers saw evidence of the adversaries repeatedly returning to compromised systems and using IceApple to execute post-exploitation activities. Param Singh, vice president of CrowdStrike's Falcon OverWatch threat-hunting services, says IceApple is different from other post-exploitation toolkits in that it is under constant ongoing development even as it is being actively deployed and used. 

Zero Trust, Cloud Adoption Drive Demand for Authorization

Hutchinson advises enterprises to leverage a model that combines traditional coarse-grained role-based access rules, or RBAC, with a collection of finer-grained attributes-based access rules, or ABAC, that can describe not only the consumer of a service but also the data, system, environment and function. "While traditional RBAC models are easier for developers and auditors to understand, they usually result in role explosion as the system struggles to provide finer-grained authorization. ABAC addresses that fine-grained need but sacrifices both management and understanding as the vast array of elements necessary for such a system makes organizing the data extremely complex," says Hutchinson. He adds: "A complex policy rule might say: 'A customer's transactional data can only be viewed via a secure device at a bank branch by an accredited teller who is from the same country of origin as the customer.' Instead of creating a plethora of new roles to cover all of the different possible combinations, I can use the teller role while also checking attributes that will provide device profile, location, accreditation status and country of origin.

The Cloud Native Community Needs to Talk about Testing

After getting feedback from the community, including DevOps and QA engineers, the general consensus I received was that it’s easy to tell that cloud native is a developing field that is still establishing its best practices. We can look into different examples of areas that are still maturing. Not that long ago, we started to hear about DevOps, which brought the concept of shorter and more efficient release cycles, which today feels like a normal standard. More recently, we saw GitOps following the same tracks, and we are seeing that more teams are using Git to manage their infrastructure. It’s my belief that cloud native testing will soon follow suit, where teams will not see testing as a burden or an extra amount of work that is only “nice to have” but something that is part of the process that will save them a lot of development time. I’m sure all of you reading this are tech enthusiasts like me and probably have been building and shipping products for quite some time, and I’m also sure many of you noticed that there are major challenges with integration testing on Kubernetes, especially when it comes to configuring tests in your continuous integration/continuous delivery (CI/CD) pipelines to follow a GitOps approach.

Hybrid work: Best practices in times of uncertainty

Humans are social creatures who require some contact with others, but determining the right balance between proximity and contact in the virtual workplace is difficult – too much contact can be exhausting, and too little can lead to isolation. Work to find a balance that can help support your staff as they navigate the nuanced world of remote work. It’s also important to adopt a blended approach to technology and physical space. A combination of co-working spaces and telepresence tools can be just what you need to facilitate contact and collaboration among employees. This allows for an open environment where people can both collaborate and decompress in their own way while also bringing a sense of connection that may be impossible to achieve in a virtual environment. ... It’s not easy to develop policies that address both business and human needs in remote and hybrid work environments, but one thing remains certain: flexibility paired with autonomy is essential for success. CIOs play a critical role in creating an environment of flexibility and autonomy for staff members – one that can help support their professional development while also fostering increased satisfaction and success.

10 best practices to reduce the probability of a material breach

Cybersecurity is as much about humans as it is about technology. Organizations see fewer breaches and faster times to respond when they build a “human layer” of security, create a culture sensitive to cybersecurity risks, build more effective training programs, and develop clear processes for recruiting and retaining cyber staff. ... Organizations with no breaches invest in a mix of solutions, from the fundamentals such as email security and identity management, to more specialized tools such as security information and event management systems (SIEMs). These organizations are also more likely to take a multi-layered, multi-vendor security approach to monitor and manage risks better through a strong infrastructure. ... With digital and physical worlds converging, the attack surfaces for respondents are widening. Organizations that prioritize protection of interconnected IT and OT assets experience fewer material breaches and faster times to detect and respond.

Quote for the day:

"Good leaders make people feel that they're at the very heart of things, not at the periphery." -- Warren G. Bennis

No comments:

Post a Comment