Google Cloud launches services to bolster open-source security, simplify zero-trust rollouts
On the zero-trust front, Google is introducing BeyondCorp Enterprise Essentials,
which is designed to help enterprise customers begin to deploy zero-trust
environments. The new solution brings context-aware access controls for SaaS
applications or any other apps connected via Security Assertions Markup Language
(SAML), which is an XML-based protocol that supports real-time authentication
and authorization across federated Web services environments. It also includes
threat and data protection capabilities, such as data loss prevention, malware
and phishing protection, and URL filtering, integrated in the Chrome browser,
according to Potti. “It’s a simple and effective way to protect your workforce,
particularly an extended workforce or users who leverage a ‘bring your own
device’ model,” Potti stated. “Admins can also use Chrome dashboards to get
visibility into unsafe user activity across unmanaged devices.” BeyondCorp
Enterprise includes an app and client connector that can simplify connections to
apps running on other clouds such as Azure or AWS without the need to open
firewalls or set up site-to-site VPN connections, Potti stated.Deployment of Low-Latency Solutions in the Cloud
Cloud-native environments offer a common platform and interfaces to ease definition and deployment of complex application architectures. This infrastructure enables the use of mature off-the-shelf components to solve common problems such as leader election, service discovery, observability, health-checks, self-healing, scaling, and configuration management. Typically the pattern has been to run containers atop of virtual machines in these environments; however, now all the main cloud providers offer bare-metal (or near bare-metal) solutions, so even latency-sensitive workloads can be hosted in the cloud. This is the first iteration of a demonstration of how Chronicle products can be used in these architectures and includes solutions to some of the challenges encountered by our clients in cloud and other environments. By leveraging common infrastructure solutions, we can marry the strengths of Chronicle products with the convenience of modern production environments to provide simple low-latency, operationally robust systems.FBI and NSA say: Stop doing these 10 things that let the hackers in
The joint alert recommends MFA is enforced for everyone, especially since RDP is
commonly used to deploy ransomware. "Do not exclude any user, particularly
administrators, from an MFA requirement," CISA notes. Incorrectly applied
privileges or permissions and errors in access control lists can prevent the
enforcement of access control rules and could give unauthorized users or system
processes access to objects. Of course, make sure software is up to date. But
also don't use vendor-supplied default configurations or default usernames and
passwords. These might be 'user friendly' and help the vendor deliver faster
troubleshooting, but they're often publicly available 'secrets'. The NSA
strongly urges admins to remove vendor-supplied defaults in its network
infrastructure security guidance. ... "These default credentials are not secure
– they may be physically labeled on the device or even readily available on the
internet. Leaving these credentials unchanged creates opportunities for
malicious activity, including gaining unauthorized access to information and
installing malicious software." The rise of servant leadership
Though the style originated in the 1970s, servant leadership has gained momentum today as the Great Resignation reveals the pandemic’s mental toll on workers and employees leave their jobs in droves in search of more meaningful work. The pressure to attract and retain talent has never been greater, and companies are moving away from command-and-control style leadership in favor of more purpose-driven management, says David Dotlich, president and senior client partner at Korn Ferry. “We’re seeing this as a big trend across all industries,” Dotlich says. More than half of Korn Ferry’s clients now view purpose as the center of their leadership, he says. “They’re signing up for help” to answer those questions of who do we serve, how do we help, how do we make a difference, how do we change the world, and they’re receiving individual training and tools. ... Servant leaders know how to build trust, provide the tools and support that employees need to grow, remove obstacles, listen more and talk less, and let employees create their own path for success. It can backfire though if employees aren’t dedicated to the team’s core mission.Four ways to combat the cybersecurity skills gap
Some businesses attempt to narrow the gap by retraining their IT
professionals. While there is a chance that some employees with technical
skills may be able and willing to take on cybersecurity positions, they still
need to have someone to teach them. Most cybersecurity experts today are
self-taught and there is very little that an organization can do to help
because the availability of security certifications is also limited. However,
the real problem is that organizations often perceive cybersecurity as
something that only the dedicated cybersecurity workforce should deal with.
This perception is the cause of several problems mentioned above, for example,
the high level of stress and burnout for cybersecurity staff. Security teams
often work alone and the rest of the organization is not aware, not educated,
and worst of all: does not feel responsible for security. ... The
cybersecurity industry is still a bit behind the trends and a lot of tools are
still created with dedicated security specialists in mind. Such tools are
difficult or even impossible to use in complex environments, Why You Should Care About Software Architecture
Broadly speaking, achieving “sustainability” is the focus on architectural
work in software products. A software product can be considered sustainable if
it is capable of meeting its current requirements, including QARs, without
jeopardizing its ability to meet future requirements. As we stated in the
previous section, quality attribute requirements drive the architecture, and
meeting key QARs is essential to create sustainable architectural designs.
Unfortunately, software systems “wear out” over time, as functional
enhancements are being implemented, and new design decisions are made, which
may stretch or even break the original architectural design. ... How do you
know when your software system is wearing out, the same way you know when your
car tires are wearing out and need to be replaced? Just as a physician may use
many different kinds of tools to assess the health of an individual, different
tools help a team assess software architecture fitness. Older systems may be
difficult to understand because, as we mentioned earlier, their design
decisions and assumptions are often not documented, and documentation, when it
exists, is likely to be outdated.
Open-source standard aims to unify incompatible cloud identity systems
In a press release, Strata Identity stated that current popular cloud
platforms use proprietary identity systems with individual policy languages,
all of which are incompatible with each other. What’s more, each application
must be hard-coded to work with a specific identity system, it added. Hexa has
been designed to use IDQL to enable any number of identity systems to work
together as a unified whole, without making changes to them or to
applications, Strata Identity said. It works by abstracting identity and
access policies from cloud platforms, authorization systems, data resources,
and zero trust networks to discover what policies exist, then translates them
from their native syntax into the generic, IDQL declarative policy, the vendor
continued. It then orchestrates identity and access instructions across cloud
systems and throughout apps, data resources, platforms, and networks by
translating back into native, imperative policies of target systems via a
cloud-based architecture.Vulnerabilities found in Bluetooth Low Energy gives hackers access to numerous devices
This issue is believed to be something that can’t be easily patched over or
just an error in Bluetooth specification. This exploit could affect millions
of people, as BLE-based proximity authentication was not originally designed
for use in critical systems such as locking mechanisms in smart locks,
according to NCC Group. “What makes this powerful is not only that we can
convince a Bluetooth device that we are near it—even from hundreds of miles
away—but that we can do it even when the vendor has taken defensive
mitigations like encryption and latency bounding to theoretically protect
these communications from attackers at a distance,” said Sultan Qasim Khan,
Principal Security Consultant and Researcher at NCC Group. “All it takes is 10
seconds—and these exploits can be repeated endlessly.” To start, the
cybersecurity company points out that any product relying on a trusted BLE
connection is vulnerable to attacks from anywhere in the world at any given
time.Augmented reality will give us superpowers
Over the next ten years, augmented reality will replace the mobile phone as
our primary interface for digital content. Early adopters will embrace the
lure of new, magical capabilities. Everyone else, skeptics included, will
quickly find themselves at a disadvantage without omniscience, x-ray vision,
superhuman recall, and dozens of other capabilities that are not even on the
drawing board yet. This will drive adoption as quickly as the transition from
flip phones to smartphones. After all, not upgrading your hardware will mean
missing out on layers of useful information that everyone else can see. An
augmented world is coming — one with the potential to be magical, embellished
with artistic content and infused with superhuman abilities. At the same time,
there are risks we must avoid, as augmented reality will give tech platforms
unprecedented ability to track our activities and mediate our experiences. For
these reasons, we need to push for a safe and regulated metaverse, especially
the augmented metaverse. It will impact all of our lives in the very near
future.
What’s new with ML.NET Automated ML (AutoML) and tooling
Training machine learning models is a time-consuming and iterative task. Automated Machine Learning (AutoML) automates that process by making it easier to find the best algorithm for your scenario and dataset. AutoML is the backend that powers the training experiences in Model Builder and the ML.NET CLI. Last year we announced updates to the AutoML implementation in our Model Builder and ML.NET CLI tools based Neural Network Intelligence (NNI) and Fast and Lightweight AutoML (FLAML) technologies from Microsoft Research. These updates provided a few benefits and improvements over the previous solution which include:Increase in the number of models explored. ... Until recently, you could only take advantage of these AutoML improvements inside of our tools. We’re excited to announce that we’ve integrated the NNI / FLAML implementations of AutoML into the ML.NET framework so you can use them from a code-first experience. To get started today with the AutoML API install the latest pre-release version of the Microsoft.ML and Microsoft.ML.Auto NuGet packages using the ML.NET daily feed.Quote for the day:
"Most people live with pleasant illusions, but leaders must deal with hard realities." -- Orrin Woodward
No comments:
Post a Comment