10 ways SecOps can strengthen cybersecurity with ChatGPT
ChatGPT is proving effective at predicting potential threat and intrusion
scenarios based on real-time analysis of monitoring data across enterprise
networks, combined with the knowledge base the LLMs supporting them are
constantly creating. One CISO running a ChatGPT pilot says the goal is to
test whether the system can differentiate between false positives and actual
threats. The most valuable aspect of the pilot so far is the LLMs’ potential
in analyzing the massive amount of threat intelligence data the organization
is capturing and then providing contextualized, real-time and relevant
insights to SOC analysts. ... Knowing that manual misconfigurations of
cybersecurity and threat detection systems are one of the leading causes of
breaches, CISOs are interested in how ChatGPT can help identify and
recommend configuration improvements by interpreting the data indicators of
compromise (IoCs) provided. The goal is to find out how best to fine-tune
configurations to minimize the false positives sometimes caused by IoC-based
alerts triggered by a less-than-optimal configuration.
The Interplay of IGA, IAM and GRC for Comprehensive Protection in Cloud Transitions
Managing user access in separate applications that each have their own
security rules can be tricky. Consider an example of an employee who has had
different roles in the same organization over time. With each new role, this
person might have gained more security permissions in systems such as JD
Edwards or SAP. The more permissions they have, the higher the chance of
fraud or breaking a segregation of duties (SoD) rule, which says that no one
person should have control over 2 conflicting business tasks. To make this
example even clearer, imagine that this employee also has access to a
different system, such as PeopleSoft, because of work on a project. Now they
have access across multiple systems, and keeping track of what they can do
becomes more challenging. ... There are tools that can help lower this risk
by displaying details about user access and what the users are doing with
their access, but often, these tools only show part of the picture,
especially when it comes to complex security models and multiple
applications, or are siloed into addressing only a singular application.
Applying the MACH Architecture: Lessons Learned
By designing APIs first, they were able to ensure a smoother, more cohesive
development process. This approach has enabled them to take advantage of the
robust capabilities of their API gateway, streamlining their processes and
fostering efficient communication between various teams. The shift to a
cloud-native approach, leveraging SAP-managed cloud, private and public
clouds, has enhanced their scalability and flexibility while reducing
operational overhead. The combination of these approaches has resulted in a
highly efficient, reliable, and scalable e-commerce platform. Embracing
headless architecture has led to a transformation in their front-end
development. By decoupling the front end from the backend, they have made it
easier to make changes and updates to their Angular-based frontend
applications, leading to a better user experience. ... Furthermore, the
ability of MACH architecture to handle peak loads effectively is
particularly relevant in the e-commerce industry.
How to cultivate a culture of continuous cybersecurity improvement
The interplay between real-time and periodic security practices is central
to effective vulnerability management. Since each has its own unique value
proposition, a robust cyber defense strategy must blend both types of
practices into a unified approach. Real-time security practices are
indispensable in a world where threats emerge and evolve in a blink of an
eye. For instance, endpoint detection and vulnerability detection must be
ongoing processes. They offer a pulse on the network, alerting organizations
to threats as they surface. A lapse in real-time activities can spell
disaster: recent ransomware attacks have demonstrated that vulnerabilities
can be exploited in mere hours, and sometimes less. An effective real-time
security system provides the crucial window needed to detect and rectify
vulnerabilities before they’re exploited. On the other hand, periodic
security practices, such as penetration testing, provide an opportunity to
stress-test the system and uncover potential weaknesses. Still, their value
should not be overstated.
Data is not a Microservice
The purpose of a microservice is to power an aspect of some customer
experience. Its primary function is operational. The purpose of data is
decision-making. Its primary function is TRUTH. How that truth is used can
be operational (like an ML model) or analytical (answering some interesting
question). Businesses already collect large volumes of data at tremendous
speed and dump raw logs into lakes for data engineers to sort through later.
Data developers struggle because the data they have taken dependencies on
has no ownership, the underlying meaning is not clear, and when something
changes from a source system very few people know why and what they should
expect the new 'truth' to be as a result. In data, our largest problems are
rooted in a lack of trust. In my opinion, a source of truth is an explicitly
owned, well-managed, semantically valid data asset that represents an
accurate representation of real-world entities or events reflected in code.
In the traditional on-premise Data Warehouse, an experienced data architect
was responsible for defining the source of truth in a monolithic
environment.
Revolutionizing the Nine Pillars of SRE With AI-Engineered Tools
Applying AI to SRE is a complex process with certain challenges. Here are
some potential pitfalls along with ways to address them: Lack of Quality
Data: AI and machine learning models are only as good as the data they are
trained on. Inadequate or poor quality data can lead to inaccurate
predictions and insights; Prioritize data hygiene and governance. Collect
comprehensive and diverse data from your systems; ensure that it is
well-structured and free of errors and store it in a way that’s easily
accessible for training AI models; Over-reliance on Automation: While AI can
greatly enhance automation, relying on it too heavily without human
oversight can lead to missed signals or overcorrections in response to false
positives; Maintain a balance between automation and human oversight. Use AI
to support decision-making, not replace it entirely. It’s important to have
experienced SREs review AI outputs regularly to ensure they make sense and
are beneficial; Underestimating the Need for AI Expertise: Implementing AI
is not just about buying and deploying a tool.
LockBit Hits TSMC for $70 Million Ransom: What CIOs Can Learn
TSMC has not given any public indication of how it plans to respond to
LockBit’s demand. Bill Bernard, area vice president of cybersecurity company
Deepwatch, believes it is unlikely the chipmaker will give in and pay the
ransomware gang. “They’re claiming very publicly that the data gathered was
not damaging to their ability to do business or to their customers. If true,
there’s very little motivation for them to pay this extortion,” he tells
InformationWeek. Refusal to pay would be a part of a larger trend observed
over the past year or so, according to Bernard. He notes there have been
“…more attempted ransomware events, but fewer payouts as businesses see the
cost of recovery being significantly less than the cost of the ransom.” Even
if refusal to pay is the less expensive option, companies still face
consequences in the wake of an attack like this. “If TSMC opts not to pay,
it could face short-term operational disruption, potential data loss, and
the leak of sensitive information, damaging its reputation and breaching
customer trust,” explains Ani Chaudhuri, CEO of data security company
Dasera.
Why Are Team Topologies Essential for Software Architecture and Software Development
Efficiency?"Team Topologies" suggests leveraging Conway's Law as a strategic
advantage in software architecture. The book proposes that architects can
encourage or discourage certain types of designs by shaping the organization
and team structures. As Ruth Malan points out, "If we have managers deciding
which services will be built, by which teams, we implicitly have managers
deciding on the system architecture." This reinforces the critical role of
architects and engineering professionals in actively structuring team
topologies and their communications and responsibilities. Unfortunately, in
many companies, team topologies are determined without adequately
considering the expertise of architects and engineering professionals. This
lack of involvement can lead to architectural misalignments and
inefficiencies. To ensure successful architectural outcomes, it is crucial
for organizations to actively involve architects and engineering
professionals in decisions related to team topologies. Their knowledge and
insights can help shape team structures that align with architectural goals
and foster effective communication and collaboration.
4 tips to improve employee experiences while maintaining security and governance
IT security leaders recognize that cyberthreats and attack vectors
continually evolve. However, staying ahead of cybercriminals is not Job 1
for employees who simply want to get their work done. Within that context,
it’s important to maintain regular, ongoing education and training, said the
experts: “Continuously educate and engage. Regularly communicate with
employees about the importance of security and governance controls. Offer
training sessions, workshops, and awareness programs to educate employees on
best practices.” ... In this regard, the enterprise browser can serve as a
point of dialog between IT and business users to better understand each
other’s needs. “No one wants to be blocked from accessing a particular app
or website,” said Lorena Crowley, Head of Chrome Enterprise Marketing at
Google. “The browser becomes an educational opportunity for users to learn
why an extension is blocked, and for admins to learn about why an extension
or website is important for users to get their work done.”
Slimming Down .NET: The Unofficial Experiments of Michal Strehovský
This episode features an interview with Michal Strehovský, a developer on
the .NET runtime team who has been experimenting with reducing the size of
.NET applications. Strehovský’s experiments have led him to create BFlat and
Flattened.NET, personal projects that allow .NET developers to play with the
technology and non-.NET developers to get into .NET. One of his experiments
involved creating a self-contained WinForms Snake game in C# that was under
8KB in size. By using unsupported territories like ahead-of-time compilation
and trimming, and even writing his own core library to work around missing
pieces of the runtime, Strehovský was able to achieve this impressive feat.
The standard .NET publishing process includes the entire runtime and base
class libraries, resulting in a large executable, but trimming can be used
to remove unnecessary components. However, the runtime itself cannot be
trimmed. Native AoT can be used to compile the entire app ahead of time,
resulting in a smaller runtime and smaller app size.
Quote for the day:
No comments:
Post a Comment