The Evolution Of Internet Of Things
The IoT ecosystem is more than mere connected devices, nor is IIoT merely a
matter of connecting plants and machinery to the edge or cloud storage. There
are a whole lot of technologies involved in the process ranging from chips and
sensors that capture data from physical assets to communication networks;
advanced analytics, including machine learning and artificial intelligence;
Simulation and collaborative tools, including digital twins; machine vision
and human-machine interfaces; and security systems and protocols. Among the
major players in the IoT/IIoT space are ABB, Amazon Web Services, Cisco
Systems, General Electric, IBM Corporation, Intel Corporation, Microsoft,
Oracle Corporation, Robert Bosch GmbH, Rockwell Automation and Siemens,
besides several others. Industrial automation, as exemplified best by the
progress made by the automobile industry over the last 100 years, increased
productivity dramatically and reduced the cost of production.
Why Founders Are Hiring These Two Coaches to Supercharge Their Business
What I want to encourage founders to do is invest in help, join a community or
hire a coach, or get an advisor who can really be there in a more effective
capacity, someone that you can bounce ideas off of, someone that you can be
extremely honest with when things are going wrong. You need that support. You
can't build the business alone. And it really takes a combination of mindset
and strategic work. So when we work with founders, we build a strategic
roadmap while we also work on this mindset and in their professional growth.
We believe that you cannot have a successful company without both pieces of
the puzzle. ... Here's what I say about juggling it all, is that, think about
it as if you're juggling balls, and some of the balls are glass and some are
rubber, and your clean house is a rubber ball and your health is a glass ball.
So make sure that the balls that you're dropping are rubber and not glass.
You'll always be dropping balls. And the other thing is everyone needs
help.
Difference Between Conversational AI and Generative AI
Conversational AI is the Artificial intelligence (AI) that can engage in
conversation and refers to tools that allow users to communicate with virtual
assistants or chatbots. They mimic human interactions by identifying speech
and text inputs and translating their contents into other languentreeeeeeages using
massive amounts of data, machine learning, and natural language processing.
While Generative AI often uses deep learning techniques, like generative
adversarial networks (GANs), to identify patterns and features in a given
dataset before creating new data from the input data. Now that we have a fair
idea of Conversational AI and Generative AI, let’s dive deeper into how they
work and differ. In conversational AI the two major components are, Natural
language processing (NLP) and machine learning are two major components to
keep the AI algorithms up-to-date, these NLP operations interact with machine
learning processes in a continual feedback loop. The fundamental elements of
conversational AI enable it to process, comprehend, and produce responses
naturally.
3 business application security risks businesses need to prepare for in 2023
As organizations ramp up their digital transformation efforts and transition
between on-premises and cloud instances, they’re also increasingly bringing
in web-facing applications. Applications that used to be kept behind
enterprise “walls” in the days of on-premises-only environments are now
fully exposed online, and cybercriminals have taken advantage. Given the
myriad sensitive information kept within these applications, enterprises
must ensure internet-facing vulnerabilities have the highest priority.
... While zero-day vulnerabilities are common entry points for threat
actors, they also tend to pay close attention to patch release dates, as
they know many enterprises fall behind in patching their
vulnerabilities. Many patch management processes fail because security
teams use manual methods to install security fixes, which takes up a
significant portion of their already-limited time. As the number of patches
piles up, it can be difficult to determine which patches must be applied
first and which can be left for later.
Uncertainty persists, but enterprises rush to adopt network as a service
“Although enterprises can see the operational value NaaS could bring, they
worry about the potentially higher total cost of ownership (TCO), day-to-day
management challenges and risk of significant fluctuations in monthly bills,”
Hayden added. “This leaves a massive challenge for communications service
providers (CSPs).” The report acknowledged that CSPs have made large strides
over the past few years as they look to leverage their underlying
infrastructure to climb the digital value chain by delivering cloud-enabled
integrated network services. It emphasises that accelerating NaaS adoption
should be a top priority for CSPs as it offers a clear avenue towards network
monetisation through over-the-top (OTT) service delivery. “CSPs must first
invest heavily in their NaaS solution looking to integrate automation and
drive platform openness,” Hayden recommended. “On top of this, they must look
to develop a partnership ecosystem comprised of systems integrators and
network service partners.”
What the FBI’s Hive takedown means for the ransomware economy
“Today’s disruption of the Russian Hive ransomware infrastructure underscores
the historic international cooperation between law enforcement agencies. The
International Ransomware Taskforce is having an impact,” said Tom Kellermann,
CISM, senior VP of cyberstrategy at Contrast Security. However, Kellermann
warns that there’s still more to be done to address the impunity of Russian
state-backed cybergangs, who are free to engage in criminal activity
internationally with little threat of prosecution. ... “Disrupting Hive is no
doubt a victory, but the war is far from over,” said Kev Breen, director of
cyber threat research at Immersive Labs. “While this action will have a
short-term effect on the proliferation of ransomware, Hive operates under a
ransomware-as-a-service (RaaS) model, meaning they use affiliates that are
responsible for gaining the initial foothold and then dropping the ransomware
payload. “With the proverbial head of this snake cut off, those affiliates
will turn to other ransomware operators and pick up where they left off,”
Breen said.
Data Lake Security: Dive into the Best Practices
The three key security risks facing data lakes are:Access control: With no
database tables and more fluid permissions, access control is more challenging
in a data lake. Moreover, permissions are difficult to set up and must be
based on specific objects or metadata definitions. Commonly, employees across
the company also have access to the lake, which contains personal data or data
that falls under compliance regulations. With 58% of security incidents caused
by insider threats, according to a commissioned Forrester Consulting study,
employee access to sensitive data is a security nightmare if left unchecked.
Data protection: Data lakes often serve as a singular repository for an
organization’s information, making them a valuable target to attack. Without
proper access controls in place, bad actors can gain access and obtain
sensitive data from across the company. Governance, privacy, and compliance:
Because employees from across the company can feed data into the data lake
without inspection, some data may contain privacy and regulatory requirements
that other data doesn’t.
Why Securing Software Should Go Far Beyond Trusting Your Vendors
Securing a software supply chain against attacks takes knowing what elements
in your system have the potential to be attacked. More than three-quarters
(77%) of those BlackBerry surveyed said that, in the last 12 months, they
discovered previously unknown participants within their software supply chain
— entities they had not been monitoring for adherence to critical security
standards. That’s even when these companies were already rigorously using
data-encryption, Identity Access Management (IAM), and Secure Privileged
Access Management (PAM) frameworks. As a result, malicious lines of code can
sit in blind spots for years, ready to be exploited when the attacker chooses.
The Cybersecurity and Infrastructure Security Agency (CISA), the National
Security Agency (NSA), and the Office of the Director of National Intelligence
(ODNI) recently issued a recommended practices guide for customers on securing
the software supply chain.
7 Insights From a Ransomware Negotiator
"We really like to focus on emphasizing communication when it comes to threat
intelligence — whether it's threat intelligence talking with the SOC or the
incident response team, or even vulnerability management," he says. "Getting
an idea of what these trends look like, what the threat actors are focusing
on, how much they pop up and go away, all of that is very valuable for the
defenders to know." Even though the underlying TTPs of fulltime groups makes a
lot of ransomware detection and response a little easier, there are still some
big variables out there. For example, as many groups have employed the
ransomware-as-a-service (RaaS) model, they employ a lot more affiliates, which
means negotiators are always dealing with different people. "In the early days
of ransomware, when you started negotiations, there was a good chance you were
dealing with the same person if you were dealing with the same ransomware,"
Schmitt says. "But in today's ecosystem, there are just so many different
groups, and so many different affiliates that are participating as part of
these groups, that a lot of times you're almost starting from scratch."
The downsides of cloud-native solutions
One of the main issues with cloud-native development and deployment is that it
can lead to vendor lock-in. When an application is built and deployed to a
specific cloud provider, you typically use the native capabilities of that
cloud provider. It can be difficult and costly to move to a different provider
or an on-premises platform. This can limit the flexibility of the organization
in terms of where they choose to run their applications. It flies in the face
of what many believe to be a core capability of cloud-native development:
portability. ... Another downside is that cloud-native development can be
complex and require a different set of skills and tools compared to
traditional on-premises and public cloud development. This can be a challenge
for organizations that are not familiar with cloud-native practices and may
require additional training and resources. I often see poorly designed
cloud-native deployments because of this issue. If you’re not skilled in
building and deploying these types of systems, the likely outcomes will be
poorly designed, overly complex applications.
Quote for the day:
"Who we are cannot be separated from
where we're from." -- Malcolm Gladwell
No comments:
Post a Comment