Daily Tech Digest - July 08, 2023

10 ways SecOps can strengthen cybersecurity with ChatGPT

ChatGPT is proving effective at predicting potential threat and intrusion scenarios based on real-time analysis of monitoring data across enterprise networks, combined with the knowledge base the LLMs supporting them are constantly creating. One CISO running a ChatGPT pilot says the goal is to test whether the system can differentiate between false positives and actual threats. The most valuable aspect of the pilot so far is the LLMs’ potential in analyzing the massive amount of threat intelligence data the organization is capturing and then providing contextualized, real-time and relevant insights to SOC analysts. ... Knowing that manual misconfigurations of cybersecurity and threat detection systems are one of the leading causes of breaches, CISOs are interested in how ChatGPT can help identify and recommend configuration improvements by interpreting the data indicators of compromise (IoCs) provided. The goal is to find out how best to fine-tune configurations to minimize the false positives sometimes caused by IoC-based alerts triggered by a less-than-optimal configuration.

The Interplay of IGA, IAM and GRC for Comprehensive Protection in Cloud Transitions

Managing user access in separate applications that each have their own security rules can be tricky. Consider an example of an employee who has had different roles in the same organization over time. With each new role, this person might have gained more security permissions in systems such as JD Edwards or SAP. The more permissions they have, the higher the chance of fraud or breaking a segregation of duties (SoD) rule, which says that no one person should have control over 2 conflicting business tasks. To make this example even clearer, imagine that this employee also has access to a different system, such as PeopleSoft, because of work on a project. Now they have access across multiple systems, and keeping track of what they can do becomes more challenging. ... There are tools that can help lower this risk by displaying details about user access and what the users are doing with their access, but often, these tools only show part of the picture, especially when it comes to complex security models and multiple applications, or are siloed into addressing only a singular application.

Applying the MACH Architecture: Lessons Learned

By designing APIs first, they were able to ensure a smoother, more cohesive development process. This approach has enabled them to take advantage of the robust capabilities of their API gateway, streamlining their processes and fostering efficient communication between various teams. The shift to a cloud-native approach, leveraging SAP-managed cloud, private and public clouds, has enhanced their scalability and flexibility while reducing operational overhead. The combination of these approaches has resulted in a highly efficient, reliable, and scalable e-commerce platform. Embracing headless architecture has led to a transformation in their front-end development. By decoupling the front end from the backend, they have made it easier to make changes and updates to their Angular-based frontend applications, leading to a better user experience. ... Furthermore, the ability of MACH architecture to handle peak loads effectively is particularly relevant in the e-commerce industry. 

How to cultivate a culture of continuous cybersecurity improvement

The interplay between real-time and periodic security practices is central to effective vulnerability management. Since each has its own unique value proposition, a robust cyber defense strategy must blend both types of practices into a unified approach. Real-time security practices are indispensable in a world where threats emerge and evolve in a blink of an eye. For instance, endpoint detection and vulnerability detection must be ongoing processes. They offer a pulse on the network, alerting organizations to threats as they surface. A lapse in real-time activities can spell disaster: recent ransomware attacks have demonstrated that vulnerabilities can be exploited in mere hours, and sometimes less. An effective real-time security system provides the crucial window needed to detect and rectify vulnerabilities before they’re exploited. On the other hand, periodic security practices, such as penetration testing, provide an opportunity to stress-test the system and uncover potential weaknesses. Still, their value should not be overstated. 

Data is not a Microservice

The purpose of a microservice is to power an aspect of some customer experience. Its primary function is operational. The purpose of data is decision-making. Its primary function is TRUTH. How that truth is used can be operational (like an ML model) or analytical (answering some interesting question). Businesses already collect large volumes of data at tremendous speed and dump raw logs into lakes for data engineers to sort through later. Data developers struggle because the data they have taken dependencies on has no ownership, the underlying meaning is not clear, and when something changes from a source system very few people know why and what they should expect the new 'truth' to be as a result. In data, our largest problems are rooted in a lack of trust. In my opinion, a source of truth is an explicitly owned, well-managed, semantically valid data asset that represents an accurate representation of real-world entities or events reflected in code. In the traditional on-premise Data Warehouse, an experienced data architect was responsible for defining the source of truth in a monolithic environment.

Revolutionizing the Nine Pillars of SRE With AI-Engineered Tools

Applying AI to SRE is a complex process with certain challenges. Here are some potential pitfalls along with ways to address them: Lack of Quality Data: AI and machine learning models are only as good as the data they are trained on. Inadequate or poor quality data can lead to inaccurate predictions and insights; Prioritize data hygiene and governance. Collect comprehensive and diverse data from your systems; ensure that it is well-structured and free of errors and store it in a way that’s easily accessible for training AI models; Over-reliance on Automation: While AI can greatly enhance automation, relying on it too heavily without human oversight can lead to missed signals or overcorrections in response to false positives; Maintain a balance between automation and human oversight. Use AI to support decision-making, not replace it entirely. It’s important to have experienced SREs review AI outputs regularly to ensure they make sense and are beneficial; Underestimating the Need for AI Expertise: Implementing AI is not just about buying and deploying a tool. 

LockBit Hits TSMC for $70 Million Ransom: What CIOs Can Learn

TSMC has not given any public indication of how it plans to respond to LockBit’s demand. Bill Bernard, area vice president of cybersecurity company Deepwatch, believes it is unlikely the chipmaker will give in and pay the ransomware gang. “They’re claiming very publicly that the data gathered was not damaging to their ability to do business or to their customers. If true, there’s very little motivation for them to pay this extortion,” he tells InformationWeek. Refusal to pay would be a part of a larger trend observed over the past year or so, according to Bernard. He notes there have been “…more attempted ransomware events, but fewer payouts as businesses see the cost of recovery being significantly less than the cost of the ransom.” Even if refusal to pay is the less expensive option, companies still face consequences in the wake of an attack like this. “If TSMC opts not to pay, it could face short-term operational disruption, potential data loss, and the leak of sensitive information, damaging its reputation and breaching customer trust,” explains Ani Chaudhuri, CEO of data security company Dasera.

Why Are Team Topologies Essential for Software Architecture and Software Development 

Efficiency?"Team Topologies" suggests leveraging Conway's Law as a strategic advantage in software architecture. The book proposes that architects can encourage or discourage certain types of designs by shaping the organization and team structures. As Ruth Malan points out, "If we have managers deciding which services will be built, by which teams, we implicitly have managers deciding on the system architecture." This reinforces the critical role of architects and engineering professionals in actively structuring team topologies and their communications and responsibilities. Unfortunately, in many companies, team topologies are determined without adequately considering the expertise of architects and engineering professionals. This lack of involvement can lead to architectural misalignments and inefficiencies. To ensure successful architectural outcomes, it is crucial for organizations to actively involve architects and engineering professionals in decisions related to team topologies. Their knowledge and insights can help shape team structures that align with architectural goals and foster effective communication and collaboration.

4 tips to improve employee experiences while maintaining security and governance

IT security leaders recognize that cyberthreats and attack vectors continually evolve. However, staying ahead of cybercriminals is not Job 1 for employees who simply want to get their work done. Within that context, it’s important to maintain regular, ongoing education and training, said the experts: “Continuously educate and engage. Regularly communicate with employees about the importance of security and governance controls. Offer training sessions, workshops, and awareness programs to educate employees on best practices.” ... In this regard, the enterprise browser can serve as a point of dialog between IT and business users to better understand each other’s needs. “No one wants to be blocked from accessing a particular app or website,” said Lorena Crowley, Head of Chrome Enterprise Marketing at Google. “The browser becomes an educational opportunity for users to learn why an extension is blocked, and for admins to learn about why an extension or website is important for users to get their work done.”

Slimming Down .NET: The Unofficial Experiments of Michal Strehovský

This episode features an interview with Michal Strehovský, a developer on the .NET runtime team who has been experimenting with reducing the size of .NET applications. Strehovský’s experiments have led him to create BFlat and Flattened.NET, personal projects that allow .NET developers to play with the technology and non-.NET developers to get into .NET. One of his experiments involved creating a self-contained WinForms Snake game in C# that was under 8KB in size. By using unsupported territories like ahead-of-time compilation and trimming, and even writing his own core library to work around missing pieces of the runtime, Strehovský was able to achieve this impressive feat. The standard .NET publishing process includes the entire runtime and base class libraries, resulting in a large executable, but trimming can be used to remove unnecessary components. However, the runtime itself cannot be trimmed. Native AoT can be used to compile the entire app ahead of time, resulting in a smaller runtime and smaller app size.

Quote for the day:

"Learning is a lifetime process, but there comes a time when we must stop adding and start updating." -- Robert Brault

No comments:

Post a Comment