Daily Tech Digest - February 14, 2024

How AI is strengthening XDR to consolidate tech stacks

XDR platforms need AI/ML technologies to identify malware-free breach attempts while also looking for signals of attackers relying on legitimate system tools and living-off-the-land (LOTL) techniques to breach endpoints undetected. ... VentureBeat spoke with several CEOs at RSAC 2023 to learn how each perceives the value of AI in their product strategies today and in the future. Connie Stack, CEO of NextDLP, told VentureBeat, “AI and machine learning can significantly enhance data loss prevention by adding intelligence and automation to detecting and preventing data loss. AI and machine learning algorithms can analyze patterns in data and detect anomalies that may indicate a security breach or unauthorized access to sensitive information well before any policy violation occurs.” XDR providers tell VentureBeat that the challenge of parsing an exponential increase in telemetry data, performing telemetry enrichment and mapping data to schema are the immediate architectural requirements they have. There’s also the need for real-time cross-collaboration, analytics and alert prioritization. XDR’s current and future ecosystem is dependent on AI’s continued growth.

10 ways generative AI will transform software development

The ability to prompt for code adds risks if the code generated has security issues, defects, or introduces performance issues. The hope is that if coding is easier and faster, developers will have more time, responsibility, and better tools for validating the code before it gets embedded in applications. But will that happen? “As developers adopt AI for productivity benefits, there’s a required responsibility to gut-check what it produces,” says Peter McKee, head of developer relations at Sonar. “Clean as you code ensures that by performing checks and continuous monitoring during the delivery process, developers can spend more time on new tasks rather than remediating bugs in human-created or AI-generated code.” CIOs and CISOs will expect developers to perform more code validation, especially if AI-generated code introduces significant vulnerabilities. ... Another implication of code developed with genAI concerns how enterprise leaders develop policies and monitor the supply chain of what code is embedded in enterprise applications. Until now, organizations were most concerned about tracking open source and commercial software components, but genAI adds new dimensions.

Agile Methodologies In The Era Of Machine Learning Development

Both emphasize adaptability and continuous improvement, providing a solid foundation for building robust ML models. The iterative cycles of Agile resonate with the constant refinement required in ML algorithms, fostering an environment conducive to experimentation and learning. Bringing together Agile and Machine Learning (ML) is like mixing the best of teamwork and smart strategies for computer programs. Agile is like a way of working that’s flexible and can adapt quickly, and ML is all about smart machines learning from data. When they come together, it’s like using a super-smart and flexible approach to make really cool and smart computer programs ... Everyone has a special skill, like some friends are good at building, and others are good at deciding what the robot dog should do.This teamwork also helps if you discover something new, like a better way for the robot dog to move. Agile allows you to quickly change and improve, just like trying a new game. ... Unlike traditional software, ML projects grapple with inherent uncertainties in data and model outcomes, requiring a more adaptive approach. Navigating these uncertainties is paramount when incorporating Agile principles.

The AI data-poisoning cat-and-mouse game — this time, IT will win

The offensive technique works in one of two ways. One, it tries to target a specific company by making educated guesses about the kind of sites and material they would want to train their LLMs with. The attackers then target, not that specific company, but the many places where it is likely to go for training. If the target is, let’s say Nike or Adidas, the attackers might try and poison the databases at various university sports departments with high-profile sports teams. If the target were Citi or Chase, the bad guys might target databases at key Federal Reserve sites. The problem is that both ends of that attack plan could easily be thwarted. The university sites might detect and block the manipulation efforts. To make the attack work, the inserted data would likely have to include malware executables, which are relatively easy to detect. Even if the bad actors’ goal was to simply feed incorrect data into the target systems — which would, in theory, make their analysis flawed — most LLM training absorbs such a massively large number of datasets that the attack is unlikely to work well.

What Is API Sprawl and Why Is It Important?

Inconsistencies between APIs can stunt the developer experience around integration. For example, many different design paradigms are used in modern API development, including SOAP, REST, gRPC and more asynchronous formats like webhooks or Kafka streams. An organization might adopt various styles simultaneously. Using various API styles provides best-of-breed options for the task at hand. That said, style inconsistencies can make it challenging for a single developer to navigate disparate components without guidance. ... As cybersecurity experts often say, you can’t secure what you don’t know. Amid technology sprawl, you likely won’t be aware of the hundreds, if not thousands, of APIs being developed and consumed daily. Without inventory management, APIs can slip under the rug and rot. API sprawl can also lead to insecure coding practices. Security researchers at Escape recently found 18,000 high-risk API-related secrets and tokens after performing a scan of the web. ... Life cycle management can also suffer with sprawl. If API versioning and retirement schedules aren’t communicated effectively, it can easily lead to breaking changes on the client side. 

Rise in cyberwarfare tactics fueled by geopolitical tensions

There are a number of ways in which public-private partnerships can be effective in addressing cybersecurity threats. First, governments and private companies can share information about cyber threats and vulnerabilities. This can help to improve the overall security posture of both the public and private sectors. Second, governments and private companies can develop joint cybersecurity initiatives. These initiatives can focus on a variety of areas, such as developing new security technologies, improving incident response capabilities, or providing cybersecurity training to employees. Third, governments and private companies can collaborate on research and development efforts. This can help to identify new cybersecurity threats and develop new ways to protect against them. Caveat, when talking about public-private partnerships – what is needed is real operational and ongoing public-private collaboration is essential for sharing information, developing best practices, and mitigating risks and is essential for building a more secure and resilient cyber ecosystem. 

New media could bring fresh competition to tape archive market

Glass is becoming another alternative to tape. Microsoft's Project Silica uses femtosecond lasers to write data to quartz glass and "polarization-sensitive microscopy using regular light to read," according to Microsoft. Another company, Cerabyte, uses lasers to etch patterns into ceramic nanocoatings on glass. Ceramic is resistant to heat, moisture, corrosion, UV light, radiation and electromagnetic pulse blasts. Ceramic also has another advantage over tape: Its high durability leads to fewer refresh cycles, according to Martin Kunze, chief marketing officer and co-founder of Cerabyte, a startup headquartered in Munich. "Tape has limited durability and needs to be either refreshed or all migrated onto new formats," Kunze said. This undertaking is expensive and time-consuming, he said. Kunze added that tape is vulnerable to vertical market failure. Western Digital is the only company manufacturing the reading and writing heads for tape. "Assume there is a decision on the board: 'We don't [want to] run this company anymore because it doesn't bring in as much revenue,'" he said. The single point of failure could leave enterprises in the lurch. He sees another problem with tape -- it's stodgy.

Apache Pekko: Simplifying Concurrent Development With the Actor Model

In the actor model, actors communicate by sending messages to each other, without transferring the thread of execution. This non-blocking communication enables actors to accomplish more in the same amount of time compared to traditional method calls. Actors behave similarly to objects in that they react to messages and return execution when they finish processing the current message. Upon reception of a message an Actor can do the following three fundamental actions: send a finite number of messages to Actors it knows; create a finite number of new Actors; and designate the behavior to be applied to the next message. ... Pekko is designed as a modular application and encompasses different modules to provide extensibility. The main components are: Pekko Persistence enables actors to persist events for recovery on failure or during migration within a cluster that provides abstractions for developing event-sourced applications; Pekko Streams module provides a solution for stream processing, incorporating back-pressure handling seamlessly and ensuring interoperability with other Reactive Streams implementations...

How Can Synthetic Data Impact Data Privacy in the New World of AI

Data from the real world is often inherently biased. This is because the data used to train models is largely gathered from across the internet, reflecting biases present in society and the socio-economic groups prevalent in the social media spaces used to gather this data. Data scientists have turned to synthetic data and ‘Digital Humans’ to combat these biases. With Digital Humans, data scientists can vary elements of ‘Digital DNA,’ such as et,’ city, size, and clothing, and mix with real-world data to create more representative and diverse datasets. Of course, this also protects image rights and PII exposure that could come from using images and footage of people in the real world. Mindtech worked with a construction company that wanted to develop autonomous site vehicles. The company wanted to enhance these vehicles’ safety and accrue a broader range of data to train them. As a result, it used synthetic data to create diverse synthetic datasets to train these vehicles to identify various people on site, no matter size/shape/sex/ethnicity/clothing/ – the vehicles could stop their journey if someone were blocking their way.

The Great Superapp Dilemma: Business Ambitions vs User Privacy

If we put privacy aside for a moment, the benefits of a possible superapp cannot be denied. We could say goodbye to the hundreds of online accounts that operate as an isolated silo managed by unrelated services and domains and the chore of updating account details across them all, one by one. And, as well as promising a much simpler user experience through a single application, it would unlock new convenient services using a broader set of data, and allow for increased innovation that adds value for users – such as unified health metrics, consolidated banking services, cohesive government-related accounts, integrated social networks, or unified marketplaces. However, managing vast volumes of accessible data – which has grown excessively since the era of big data, and will no doubt continue with the advent of AI – is operationally challenging to say the least. ... With these concerns in mind, companies working on superapp development must address issues including managing and recovering from identity theft, securing data against breaches, and ensuring that data access aligns with the user’s consented sharing policy.

Quote for the day:

''Effective questioning brings insight, which fuels curiosity, which cultivates wisdom.'' -- Chip Bell

No comments:

Post a Comment