Showing posts with label cross platform. Show all posts
Showing posts with label cross platform. Show all posts

Daily Tech Digest - January 02, 2025

7 Practices to Bolster Cloud Security and Keep Attackers at Bay

AI tools can facilitate quicker threat detection, investigation, and response. All healthy cloud security postures should utilize ML-based user and entity behavior analytics (UEBA) tools. Such tools effectively identify anomalous behavior across the network, while facilitating rapid investigation of potential threats and automating responses to mitigate and remediate attacks. Ideally, security professionals want to find vulnerabilities before an attack occurs, and such AI tools can help to do just that. ... When a threat occurs in the cloud, it can sometimes be difficult to assess the potential impact across a distributed or multitenant surface. By utilizing a centralized platform, security personnel have access to a response center that can automate workflows by orchestrating with different cloud applications, which in turn reduces the mean time to resolve (MTTR) incidents and threats. ... By correlating access and security logs from cloud applications, security personnel can identify attempts at data exfiltration from the cloud. As a quick example, if a SOC professional is investigating potential customer data exfiltration from a cloud-based CRM tool, he or she would want to correlate the logs of that CRM tool with the logs of other cloud applications, such as email or team communication tools. 


6 AI-Related Security Trends to Watch in 2025

As more organizations work to embed AI capabilities into their software, expect to see DevSecOps, DataOps, and ModelOps — or the practice of managing and monitoring AI models in production — converge into a broader, all-encompassing xOps management approach, Holt says. The push to AI-enabled software is increasingly blurring the lines between traditional declarative apps that follow predefined rules to achieve specific outcomes, and LLMs and GenAI apps that dynamically generate responses based on patterns learned from training data sets, Holt says. ... The easy availability of a wide and rapidly growing range of GenAI tools has fueled unauthorized use of the technologies at many organizations and spawned a new set of challenges for already overburdened security teams. ... The easy availability of a wide and rapidly growing range of GenAI tools has fueled unauthorized use of the technologies at many organizations and spawned a new set of challenges for already overburdened security teams. ... "If unchecked, this raises serious questions and concerns about data loss prevention as well as compliance concerns as new regulations like the EU AI Act start to take effect," she says. 


Working in Cyber Threat Intelligence (CTI)

“The analysis of an adversary’s intent, opportunity, and capability to do harm is known as cyber threat intelligence.” It’s not just about finding some IOCs and sending them to the SOC. It’s about providing context about adversary activity for other security teams to help prioritize cyber defense efforts. While there are more steps than this, in short we collect intrusion data and analyze it, looking for correlations and trends to observed malicious activity. With that analyzed activity and trends, we can provide actionable insights into malicious activity to keep defenders focused only on the most relevant. ... Aside from everything in the “What CTI Isn’t” section, the biggest challenge in CTI is that it’s next to impossible to get decent intel requirements. “Just get us intel” isn’t a thing. We need information to give relevant information. What strategic initiatives, products, technologies, partnerships, etc. are of particular interest to the leadership? What are all of your countries of operation? What are considered the most critical assets? How would a threat actor achieving their objectives impede the organization’s mission? It unfortunately is an ongoing problem that many CTI analysts and CTI management struggle with. This often leads to intel analysts winging it.


What’s Ahead in Generative AI in 2025?

In the coming year, prompt engineering will continue its rapid maturation into a substantial body of proven practices for eliciting the correct output from LLMs and other foundation models. Within generative AI development tool sets, embedding libraries will become an essential component for developers to build increasingly sophisticated similarity searches that span a diverse range of data modalities. The recent TDWI survey on enterprise AI readiness shows that 28% of organizations already use or are deploying vector databases to store vector embeddings for use with AI models, while 32% plan to adopt those databases in the next few years. In addition, generative AI developers in 2025 will have access to a growing range of tools for no-code development of “agentic” applications that provide autonomous LLM-driven copilot, chatbot, and other functionality and that can be orchestrated over more complex process environments. ... Developers will have access in 2025 to a growing range of sophisticated models and data for building, training, and optimizing generative AI applications—including both commercial and open-source models. The recent TDWI survey on data and analytics trends showed that around 25% of enterprises are experimenting with private or public generative AI models, while 17% are building generative AI apps that use company data with pretrained models. 


This Is The Phrase That Instantly Damages Your Leadership Integrity

There are few phrases that have the ability to instantly cause hesitation like the phrase “to be honest with you.” Here are a few other honorable mentions that cause the same damage for the same reasons. In all honesty… Frankly… To tell you the truth… Truthfully or truthfully speaking… When you casually use a statement like “to be honest with you,” in an effort to ensure that you’re more likely to be believed, the exact opposite happens. Instead of trusting you more, listeners trust you less. ... Without leadership integrity, you’d have a very heavy lift trying to get people to believe in you, to listen to you, to count on you and to give you the benefit of the doubt that leaders so desperately need during times of uncertainty, ambiguity and crisis. This is why you don’t want to damage your leadership integrity or cause people to question your credibility by throwing out unthoughtful words or phrases that could give them pause. ... Instead of saying something like “mistakes were made,” which shows a complete lack of leadership integrity and sends the signal that someone somewhere made a mistake but you take no ownership for it. Go ahead and accept responsibility and show that you are accountable for the mistake and for the resolution as well.


Generative AI is not going to build your engineering team for you

Generative AI is like a junior engineer in that you can’t roll their code off into production. You are responsible for it—legally, ethically, and practically. You still have to take the time to understand it, test it, instrument it, retrofit it stylistically and thematically to fit the rest of your code base, and ensure your teammates can understand and maintain it as well. The analogy is a decent one, actually, but only if your code is disposable and self-contained, i.e. not meant to be integrated into a larger body of work, or to survive and be read or modified by others. And hey—there are corners of the industry like this, where most of the code is write-only, throwaway code. ... To state the supremely obvious: giving code review feedback to a junior engineer is not like editing generated code. Your effort is worth more when it is invested into someone else’s apprenticeship. It’s an opportunity to pass on the lessons you’ve learned in your own career. Even just the act of framing your feedback to explain and convey your message forces you to think through the problem in a more rigorous way, and has a way of helping you understand the material more deeply. And adding a junior engineer to your team will immediately change team dynamics. It creates an environment where asking questions is normalized and encouraged, where teaching as well as learning is a constant. 


Architectural Decision-Making: AI Tools as Consensus Builders

In an environment with lots of smart, quick-thinking people it can be a challenge to ensure everyone is heard, especially when the primary mode of interaction is videoconferencing. The online format (a Microsoft Teams group chat) gave people time to contribute their thoughts over a period of days rather than minutes. At various points in the online conversation, participants extracted content from the online discussion board and fed it to a large language model to compare ideas that were present in the dialogue, or to recast the dialogue in a particular person’s voice. ... The benefits of using AI tools are not cost free. It’s important to verify the results of an AI’s synthesis of text because sometimes the AI misinterprets what was written. For example, during our discussion of capabilities and domains, an AI tool interpreted some of my text as stating that the boundaries of a domain are context dependent when in fact, I was making the opposite argument – that a domain must have a consistent definition that is valid across any contexts in which it participates. Another consideration is the ethics of intellectual property ownership and citation of participants’ contributions. 


Perhaps the biggest challenge of IaC operations is drifts — a scenario where runtime environments deviate from their IaC-defined states, creating a festering issue that could have serious long-term implications. These discrepancies undermine the consistency of cloud environments, leading to potential issues with infrastructure reliability and maintainability and even significant security and compliance risks. ... But having additional context for drift, as important as it may be, is only one piece of a much bigger puzzle. Managing large cloud fleets with codified resources introduces more than just drift challenges, especially at scale. Current-gen IaC management tools are effective at addressing resource management, but the demand for greater visibility and control in enterprise-scale environments is introducing new requirements and driving their inevitable evolution. ... The combination of IaC management and CAM empowers teams to manage complexity with clarity and control. As the end of the year approaches, it's 'prediction season' — so here’s mine. Having spent the better part of the last decade building and refining one of the more popular IaC management platforms, I see this as the natural progression of our industry: combining IaC management, automation, and governance with enhanced visibility into non-codified assets.


4 keys for writing cross-platform apps

One big problem with cross-platform compiling is how asymmetrical it can be. If you’re a macOS user, it’s easy to set up and maintain Windows or Linux virtual machines on the Mac. If you use Linux or Windows, it’s harder to emulate macOS on those platforms. Not impossible, just more difficult—the biggest reason being the legal issues, as macOS’s EULA does not allow it to be used on non-Apple hardware. The easiest workaround is to simply buy a separate Macintosh system and use that. Another option is to use tools like osxcross to perform cross-compilation on a Linux, FreeBSD, or OpenBSD system. Another common option, one most in line with modern software delivery methods, is to use a system like GitHub Actions. The downside is paying for the use of the service, but if you’re already invested in either platform, it’s often the most economical and least messy approach. Plus, it keeps the burden of system maintenance out of your hands. ... The way we write and deploy apps is always in flux. Who would have anticipated the container revolution, for instance? Or predicted the dominant language for machine learning and AI would be Python? To that end, it’s always worth keeping an eye on the future, since cross-platform deployment is fast becoming a must-have feature.


The Connected Revolution: How Integrated Intelligence is Reshaping Drug Development

CI and end-to-end quality are dismantling traditional silos and fostering a seamless, data-driven ecosystem. The use of CI, potentially with data lakes as a way of consolidating vast amounts of data from disparate sources, removes silos that exist between independent systems sitting with siloed departments. The movement of data, for example clinical data that is needed in regulatory submissions, or safety data that is needed alongside regulatory data for regulatory reports, brings a level of fluidity to data management and helps companies optimize time and resources to generate product quality and safety insights. ... For clinical trials, CI and end-to-end quality can significantly enhance patient recruitment and retention. Advanced analytics can identify suitable candidates more efficiently, while real-time monitoring through connected devices can provide continuous data on patient responses and the identification of potential adverse events. This improves the quality of data collected, enhances patient safety and reduces trial time and cost. ... CI and AI-driven regulatory intelligence, in the context of quality-controlled procedures, can support the gathering of global submission requirements and the creation of global submission content, which will then be subject to human review as part of QC.


Quote for the day:

"A leader is best when people barely know he exists, when his work is done, his aim fulfilled, they will say: we did it ourselves." -- Laotzu
Posted by at No comments:
Labels: , , , , , , , , ,

Daily Tech Digest - May 19, 2020

CEOs, CISOs fear becoming the next big breach target


The global survey of 200 CEO and CISO respondents was conducted in industries including healthcare, finance, and retail, and uncovered prominent cybersecurity stressors and areas of disconnect for business and security leaders, Forcepoint said. They include a lack of an ongoing cybersecurity strategy for less than half of all CEO respondents. The research also identified disparities between geographic regions on data protection as well as a digital transformation dichotomy battle between increased risk and increased technology capability. The disparity is compounded by a belief that senior leadership is cyber-aware and data-literate (89%) and focused on cybersecurity as a top organizational priority (93%), according to the report. Meanwhile, cybersecurity strategies are seen by 85% of executives as a major driver for digital transformation, yet 66% recognize the increased organizational exposure to cyber threats because of digitization, the Forcepoint report said. Only 46% of leaders regularly review their cybersecurity strategies, according to the report.



Interview With Node.js Technical Steering Committee Chair

The major challenge was that Node.js already had a well established module system and that ESM was different in many important ways. Things like asynchronous loading versus synchronous loading leads to the potential for a lot of subtle interoperability problems. Unfortunately when the ESM spec was being put together the Node.js project was not very active in that process (or other standards either!). The result was some areas of conflict between the existing module system and long standing community expectations/usage and the spec as a reflection of what was a good fit for browsers. The modules team has done a good job of working through a large number of edge cases and finding approaches (and getting agreement for them which can be hard) that allow for reasonable interoperability while working to maintain compatibility with the spec. ... In terms of larger features, the Node.js project does not have a formal roadmap so “What’s” next is often “What’s ready” when the next release is being cut. We do however, have longer term plans and initiatives.


IT Spending Forecast: Unfortunately, It's Going to Hurt

Image: Maridav - stock.adobe.com
Businesses' response to the pandemic will continue to spur spending in technology areas that support working from home, such as public cloud services, now expected to grow by 19% in 2020. Cloud-based telephony and messaging and cloud-based conferencing is expected to grow by 8.9% and 24.3%, respectively. But longer-term transformational projects are likely to be put on hold as CEOs look to preserve cash, John-David Lovelock, Gartner chief forecaster and distinguished research VP told InformationWeek. If a project costs a lot to finish and won't return cash quickly without a fast time to value, it will probably be put on hold or cancelled. The Gartner forecast shows many segments experiencing a decline in 2020, with devices and data center systems hit hardest, down 9.7% and 15.5%, respectively. Enterprise software will decline by 6.9% and IT services will fall by 7.7%. That's pretty bleak. But the current economic situation is not like typical recessions where things slowed down and everyone felt those effects slowly until there was a recession.


Microsoft and Sony to create smart camera solutions for AI-enabled image sensor


Sony and Microsoft have joined together to create artificial intelligence-powered (AI) smart camera solutions to make it easier for enterprise customers to perform video analytics, the companies announced. The companies will embed Microsoft Azure AI capabilities onto Sony's AI-enabled image sensor IMX500. Announced last week, the IMX500 is the world's first image sensor to contain a pixel chip and logic chip. The logic chip, called Sony's digital signal processor, is dedicated to AI signal processing, along with memory for the AI model. "Video analytics and smart cameras can drive better business insights and outcomes across a wide range of scenarios for businesses," said Takeshi Numoto, corporate vice president and commercial chief marketing officer at Microsoft.  "Through this partnership, we're combining Microsoft's expertise in providing trusted, enterprise-grade AI and analytics solutions with Sony's established leadership in the imaging sensors market to help uncover new opportunities for our mutual customers and partners." According to Sony, the app will allow independent software vendors (ISVs) and smart camera original equipment manufacturers (OEMs) to develop AI models, thereby enabling them to create their own customer and industry-specific video analytics and computer vision solutions that use the IMX500 image sensor.


Verizon DBIR: Breaches doubled, but plenty of silver linings


Despite some alarming figures, the 2019 Verizon DBIR offered some good news as well. For example, detection time saw improvements over last year, as well as malware blocking. "Trojans have dropped in our data. In 2015 it was a top action, and now it's gone all the way to the bottom largely because the tools that are blocking it from getting into organizations have been successful," Widup said. Perhaps most importantly, 81% of breaches were "discovered in days or less," according to the report, compared to 2018 where 56% of breaches took months or longer to discover. "You see all these people who are saying 'prevention, prevention, prevention,' but if you can't detect it, it's really hard to prevent," Widup said. "We do see some improvements but it's not happening as fast as we'd like it to as researchers. It's also challenging because the threat is shifting, so being able to detect it is also always shifting and it makes it hard for people who make these tools to make it automated and reliable."


Wearable sensor integrates machine learning innovation

In collaboration with researchers at the University of Calgary Human Performance Lab (UCHPL), Protxx recently demonstrated the ability to integrate both diagnostic and therapeutic functions into Protxx wearable devices in order to enhance the management of neurodegenerative medical conditions. The newly announced collaborations and investments will drive product prototyping of the integrated device with Triple Ring Technologies (TRT), Newark CA, and pilot testing at UCHPL. TRT’s Venture Studio and Edmonton-based Brass Dome Ventures are both supporting the collaboration as new Protxx investors. Investment terms were not disclosed. In addition to the new investments, Protxx and the UCHPL-based Integrative Sensorimotor Neuroscience Laboratory directed by Dr. Ryan Peters have been awarded a Mitacs Accelerate grant to support graduate student researchers participating in the project in 2020-2021. 


From thinking about the next normal to making it work: What to stop, start, and accelerate

From thinking about the next normal to making it work: What to stop, start, and accelerate
Office life is well defined. The conference room is in use, or it isn’t. The boss sits here; the tech people have a burrow down the hall. And there are also useful informal actions. Networks can form spontaneously (albeit these can also comprise closed circuits, keeping people out), and there is on-the-spot accountability when supervisors can keep an eye from across the room. It’s worth trying to build similar informal interactions. TED Conferences, the conference organizer and webcaster, has established virtual spaces so that while people are separate, they aren’t alone. A software company, Zapier, sets up random video pairings so that people who can’t bump into each other in the hallway might nonetheless get to know each other. There is some evidence that data-based, at-a-distance personnel assessments bear a closer relation to employees’ contributions than do traditional ones, which tend to favor visibility. Transitioning toward such systems could contribute to building a more diverse, more capable, and happier workforce. Remote working, for example, means no commuting, which can make work more accessible for people with disabilities; the flexibility associated with the practice can be particularly helpful for single parents and caregivers.


Digital transformation: Why this is a smart time to speed up


Every organizational strategy must be re-thought in the current environment. Consider how an accelerated timetable will enable a strategy that must be extremely flexible and adaptive to an unclear future. Strategies must build on an infinitely adaptable platform: Think playdough, not concrete. Meetings become much more efficient when their time is cut in half. The same applies to plans. You likely have a transformation path already mapped out to introduce much-needed change. What happens if you shorten the timeline by half and push to achieve the same goals? Force yourself to eliminate the “nice-to-haves” to get it done. Sure, there are risks in moving faster. Make those apparent to stakeholders so they can be active risk mitigators. You might be surprised at what risks they will accept. ... Make it clear that deployments never assume perfection. Do your best to reduce risk, then set up a clear path to report issues rapidly – with your team ready to respond quickly. Agile balances the need for speed with the expectation of adjustment. Every organization grows stronger by learning from both hits and misses.


Smartphones, laptops, IoT devices vulnerable to new BIAS Bluetooth attack


"At the time of writing, we were able to test [Bluetooth] chips from Cypress, Qualcomm, Apple, Intel, Samsung and CSR. All devices that we tested were vulnerable to the BIAS attack," researchers said. "Because this attack affects basically all devices that 'speak Bluetooth,' we performed a responsible disclosure with the Bluetooth Special Interest Group (Bluetooth SIG) - the standards organisation that oversees the development of Bluetooth standards - in December 2019 to ensure that workarounds could be put in place," the team added. In a press release published today, the Bluetooth SIG said they have updated the Bluetooth Core Specification to prevent BIAS attackers from downgrading the Bluetooth Classic protocol from a "secure" authentication method to a "legacy" authentication mode, where the BIAS attack is successful. Vendors of Bluetooth devices are expected to roll out firmware updates in the coming months to fix the issue. The status and availability of these updates is currently unclear, even for the research team. The academic team behind the BIAS attack includes Daniele Antonioli from the Swiss Federal Institute of Technology in Lausanne (EPFL), Kasper Rasmussen from the CISPA Helmholtz Center for Information Security in Germany, and Nils Ole Tippenhauer from the University of Oxford, thh UK.


Fabulous Enables Building Declarative Cross-Platforms UIs

Fabulous makes a new approach to app programming possible by adopting a React-like MVU architecture, says Syme. This approach aims to simplify code and make it more testable and less repetitive. Fabulous adopts the Model-View-Update (MVU) paradigm to replace the ubiquitous Model-View-ViewModel (MVVM) and provides a functional way to describe UIs and the interaction between their components. Fabulous is not the first framework to adopt MVU, which was made popular by React and Redux, Flutter, Elm, and other projects. The basic idea behind MVU is managing a core, immutable model which represents the UI status. Each time a UI event takes place, a new model is calculated from the current one and then used to create the view anew. In Syme's view, the main tenets of MVU are it supports functional programming and the creation of dynamic UIs through simple declarative models which are expressed in the same high-level language as the rest of your application.


Quote for the day:


"Every great leader can take you back to a defining moment when they decided to lead" -- John Paul Warren

Posted by at No comments:
Labels: , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)