Daily Tech Digest - March 23, 2017

Data Science Vs. Data Analytics - Why Does It Matter?

Well, you would ideally want to know what you’re getting yourself into when you apply to that dream position or need to make that crucial hire. But besides that, data science plays a huge role in machine learning and artificial intelligence. Being able to sift through and connect huge quantities of data, followed by forming algorithms and functions that allows virtual entities to learn from that data is hugely in demand in today’s marketplace. Machine learning is one of the most exciting developments in the tech world as the innovation continually impress. Take IBM’s Watson and its victory on Jeopardy!, or Google’s DeepMind beating the best human players in the world at the board game, Go. Both examples of our future mechanical overlords bringing us to heel under their cold metal boots . . . I mean, of the advances in machine learning.


Nail an IT project proposal

A good IT project proposal isn't a technical inventory. Business executives don't care that the stack will use hyper-converged systems with NVMe memory connected to the public cloud via pixie dust. Couch all messages in terms that make sense for the company (see Figure 2): What will the project do to better manage costs and risks within the business's operations? Does the change enable greater overall business value without changing the functionality of the company's existing products or services? Is output or margin increased, or both? Does the change enable a new product or service at a suitable margin? ... Consider what's important to your company when developing the IT project proposal. The proposed change doesn't have to better manage risk and cost, improve existing business and also bring a new offering to customers. Some organizations take on more risky initiatives if they can lower costs appreciably.


IRS makes tax refund scams harder but W-2 phishing attacks continue unabated

IRS anti-fraud measures, such as the recent introduction of a new 16-digit alphanumeric authentication code on W-2 forms, have made it harder for scammers to file fraudulent tax returns using only stolen W-2 data, says Adam Meyer, chief security strategist at SurfWatch Labs. So information such as the Adjusted Gross Income (AGI) number from previous year tax returns, for instance, has become a valuable commodity to criminals, Meyer says. Many tax-related forms have begun asking for that information and other data such as birth dates and driver’s license numbers as secondary authentication measures. “I think you are going to see a shift in cybercriminal tactics,” as a result of these changes, Meyer predicts.


How Google is riding the multi-cloud wave to win over the enterprise

Underpinning the Waze platform is more than 100 microservices, and each one is hosted across multiple availability zones and datacentre regions for resiliency purposes. “The most mission-critical ones are spread across multiple providers, Amazon and Google, so we can provide the best redundancy possible for our users,” he said. Waze’s desire to source cloud services from more than one provider was hastened by an eight-hour outage AWS suffered in 2015. “Our engineers made sure Waze did not crash on that day, and I’m happy to say it didn’t, but it came very close,” he said. “It was one of the triggers for us to realise we actually needed a multi-cloud solution, and can’t just rely on one provider. “This was before our GCP migration. We wanted to spin up our GCP cluster sooner, but we couldn’t do it because weren’t ready.”


How Banks are Leveraging Fintech Disruption

One of the biggest challenges in banking is meeting the needs of compliance, best exemplified by the arduous task of filling out forms and applications when applying for anything from a new account to a loan. These tedious processes often result in customers frequently returning to the bank due to missing information. Certain fintech start-ups such as QumRam make it possible to meet the extensive regulatory needs of the banking industry, while helping reduce fraud and streamlining the entire process for customers. Bank branch networks could leverage similar types of technology by providing customers the option to complete their forms in the branch within the waiting area or allow them to start the process at home and then complete the final stages at the branch level.


Defining a Data Risk Strategy for an Organization

The goals of the function need to be prioritized once cascaded from the organization. It is better to include the board and executive leadership to endorse them and it is suggested to take them along the journey. The function provides risk governance services that can be considered horizontal in the organization. The same will be pushed to business units, they like it or not. But, early collaboration across the organizational units in strategy analysis provides future buy-in to risk management activities. This would enable the units to participate in eliciting risks and decisioning on solutions related to data, in a council discussion, once the services are pushed to a division. The next step would be to come up with capabilities that would achieve the objectives of the data risk management function.


How companies can stay ahead of the cybersecurity curve

Forward-thinking companies are beginning to apply concepts like active defense and corporate social responsibility to cyberspace. As cybersecurity regulations take shape, companies can choose to stay in the vanguard of progress – or simply react, following the rules as they develop. Managers must think in new ways about data, communications, business law and even the ethics of trading off potential corporate benefits against risks to consumers’ privacy. At stake is not only a firm’s reputation but also, potentially, legal liability for failing to follow emerging industry standards. For example, Consumer Reports recently announced that it will be rating companies’ cybersecurity and privacy practices. Businesses of all types, not just tech-centered ones, can help keep themselves in the clear by putting cybersecurity at the forefront of their risk management efforts.


Data Leakage And The IIoT

In the past, the complexity and size of an operation generally provided safeguards against data theft or leakage. But with commonly used data mining tools, it’s now possible to separate out meaningless shop floor data and hone in on the important events, which roughly adhere the 80/20 rule. Add in multiple companies and begin correlating bottlenecks and other noteworthy industrial events, and that data suddenly becomes much more valuable to a lot of people—makers of equipment, government or industry policies, marketing groups, as well as the highest bidders within a particular industry or those looking to invest in an industry. “It used to be that an employee would take out data they downloaded onto a USB,” said Ford.


Look Before You Leap: 4 Hard Truths About IoT

Harsh environments raise the odds that a sensor will generate bad information: Weather, vandalism and pests are among the many dangers. For better results, enterprise IoT users may need to calibrate their sensors, install redundant nodes or use one type of sensing device, like a camera, to monitor another. Artificial intelligence can help solve the problem by weighing inputs from multiple sensors to reach accurate conclusions. For example, doctors can monitor a patient with wearables that measure different vital signs and can be checked against each other. Also, filtering out readings that aren't needed -- like 1,000 consecutive reports that a pipeline hasn't cracked in the last five minutes -- is a big part of what edge computing is designed to do.


Hackers threaten to wipe millions of Apple devices, demand ransom

The group said via email that it has had a database of about 519 million iCloud credentials for some time, but did not attempt to sell it until now. The interest for such accounts on the black market has been low due to security measures Apple has put in place in recent years, it said. Since announcing its plan to wipe devices associated with iCloud accounts, the group claimed that other hackers have stepped forward and shared additional account credentials with them, putting the current number it holds at over 627 million. According to the hackers, over 220 million of these credentials have been verified to work and provide access to iCloud accounts that don't have security measures like two-factor authentication turned on.


Quote for the day:


"In order to be irreplaceable one must always be different." -- Coco Chanel

Posted by at No comments:
Labels: , , , , , , , , , , ,

Daily Tech Digest - March 22, 2017

Our future mobile device screens might be made of silver

The team says that the silver coating was able to guide light roughly 10 times as quickly as other metal waveguides, which could make the silver film useful for boosting computer power and reducing energy usage, as well as serve as a base for reflective displays, flexible screens, and touch screen panels. The silver film was also used in experiments to conduct visible and infrared light across its surface and created dense patterns a fraction of the size of today's usual methods to transport light through transparent screens for analysis on the other side. The light waves shrink and travel as what is called "plasmon polaritons," which allows information to travel in a way far more like optic cables than copper wiring. This, in turn, means that the silver film may one day have applications in increasing computer chip processing power.


Why AI will rule all UIs

"AI is the new UI" may be a cliché now, but back in 2011 when Apple first released Siri the capability to control a mobile device by talking to it through an intelligent assistant was revolutionary. Granted, Siri wasn't as smart as HAL in the movie 2001: A Space Odyssey or Eddy, the shipboard computer in The Hitchhiker's Guide to the Galaxy, but it made enough of an impact on consumer technology to spawn a stream of similar intelligent assistants. Siri was soon followed by Amazon's Alexa, Microsoft's Cortana, and Google's Assistant. And these will likely be joined soon by many others, including Samsung's Bixby, which is based on technology Samsung acquired when it bought Viv, a company founded by the people behind Siri.


FinTech - How New Technologies Are Transforming The Banking Sector

Big Data is becoming a cornerstone of the financial industry, both for startups and established financial service firms. This technology helps to curate, consolidate and analyze financial data from markets, social media, and other sources. Advances in machine learning provide greater insights and better customer experiences and enables predictions of future behaviour. Social networks help to create references and communities that reduce customer acquisition costs, enable lower account value marketplaces and facilitate the growth of the sharing economy. All these developments are leading to more innovations in the fintech industry. Blockchains, the underlying technology of cryptocurrencies like Bitcoin, may even disrupt the very way the financial services industry works.


Alleged CIA hacking documents reinforce need for SSL traffic inspection

WikiLeaks alleges that the CIA has a dedicated project, called HIVE, which is a multi-platform malware suite that provides command and control (C2) over “customisable implants for Windows, Solaris, MikroTik (used in Internet routers) and Linux platforms and a listening post (LP)/command and control (C2) infrastructure to communicate with these implants.” HIVE specifically uses SSL (HTTPS) to cover its tracks, according to WikiLeaks. While the use of SSL for Command and Control of malware is increasingly common, HIVE went a step further and introduced the use of client-certificate authentication, a technique that allows them to mitigate the risk of SSL interception, WikiLeaks alleges.


Phishing Your Employees for Schooling & Security

Most security awareness training I've seen ends with a basic multiple choice test. These tests are only a partial measurement of whether or not the pupil can put that knowledge to use in the real world. Take a driving test, for instance. Sure, there's a written test, but you wouldn't allow a teenager on the road until after he passed the practical one, too. ... By sending fake phishing emails, you can learn which ones your users fell for most often. Was there a certain type of email that contained a certain "lure" that tricked your employees? Perhaps that might be a missing piece you can add to your next phishing training, or a concept you haven't covered in enough detail. ... Your fake phishing emails should immediately inform the user when they clicked on a bad link. The goal isn't to shame the user — that's detrimental to education.


Embedded security a high priority for IoT designers

The idea of embedded operating systems is not a new one. For years, we have had devices that contain microprocessors to carry out specific functions. Because, for the most part, these devices were not connected to the internet, security wasn’t a major concern. The simple fact that devices were standalone – and the obscurity of the operating system itself — made them relatively secure. Introducing a connection to the internet, though, removes some of that inherent security. Embedded security, then, is the overall term for protecting the software, hardware, and hardware systems in these devices. Essentially, since every point of communication is a potential path for hackers, engineers must consider the entire device and identify all of the attack surfaces in order to keep it secure.


How CIOs can apply IT supplier management skills to digitisation

In The Digital Matrix, Venkatraman describes how the company that pioneered moisture-wicking sportswear fabrics acquired MapMyFitness, Endomondo and MyFitnessPal, giving the company 300 developers and 150 million active members. Customer data is now driving the company’s strategy. Beyond selling products, Venkatraman says Under Armour has branched out to create vibrant communities, such as those in LinkedIn and PatientsLikeMe. Under Armour has been collecting the data community members have been actively uploading about their lifestyles, such as the food they eat and the gear they use for fitness, Venkatraman says. “Under Armour is taking a [lifestyle] solutions view: I want to know what you eat, how you sleep, how many steps you’ve taken, then I will benchmark you against other people and give you incentives to improve your lifestyle,” he says.


ARM Unveils New Chip Design Targeted at Self-Driving Cars, AI

The new design can handle up to eight processor cores of varying size on a single chip in almost any configuration. That will give customers more flexibility than ARM’s existing designs, Nandan Nayampally, general manager of the company’s Compute Products Group, said. This is especially true in cases where a device has to switch rapidly between different tasks, for instance, using neural networks for facial recognition one moment and then handling a voice call. He said DynamIQ would be more efficient than existing architectures because the processors can share memory and switch rapidly between tasks with different power requirements. The technology will also work well in devices like industrial robots and self-driving cars that require high levels of safety and redundancy and have to process most computing tasks locally, Nayampally said.


How the internet of things is disrupting tech staffing: Part 2

Many businesses are eager to capitalize on the many benefits of the fast-growing internet of things (IoT). But as IoT continues to develop, tech labor and skills supply-and-demand constraints will interfere with businesses' efforts to make the most of the digitally driven business opportunities associated with IoT. To help companies prepare for the opportunities IoT will present, Part 1 of this series looked at key jobs and skills in two areas: the "things" side of IoT and the connective tissue between the "I" and the "T." In Part 2 we focus on three more hot labor segments which will put businesses in a position to make the most of IoT: big data, IoT cross-skilling (of hardware and software professionals), and an assortment of skill specialties with big IoT payoffs.


Automation generates high profile jobs – and they’re up for grabs

Since automation methods are ever evolving, we usually design the solution based on an agile approach for a quicker and more reliable implementation. In the current set up, it is estimated that there are around 40% to 80% manual activities that will be automated in the next year or two, which is a huge undertaking and will require a large number of automation engineers. But they won’t be working alone; agile project managers, analysts and automation development engineers will also play a big role. The following table shows a summary of other high profile jobs created by automation. ... Automation engineers and others who aspire to get involved with artificial intelligence based automation must understand artificial intelligence, predictive analytics and machine learning.


Quote for the day:


"Successful people make the most of the best and the best of the worst." -- Steve Keating

Posted by at No comments:
Labels: , , , , , , , , , , , ,

Daily Tech Digest - March 21, 2017

12 Challenges Facing IT Professionals (and some ways to deal with them)

Technology advances rapidly and shows up in media on all sides. This means users, managers at all levels and even competitors pressure IT staff to implement this new technology just because it is new. The real challenge is deciding which of these new technologies will work to the best interest of advancing the organization and which is better to avoid for now. Organizational priorities and long-term goals tend to remain relatively static. Technology has become much more fluid and changes more rapidly. IT management must evaluate the organizational value each technology offers to determine when and if it is a good fit. New technologies such as cloud, big data, virtualization and mobility all become tools for experienced IT managers who understand their organization's priorities.


Competing in the Age of Artificial Intelligence

In simpler times, a technology tool, such as Walmart’s logistics tracking system in the 1980s, could serve as a source of advantage. AI is different. The naked algorithms themselves are unlikely to provide an edge. Many of them are in the public domain, and businesses can access open-source software platforms, such as Google’s TensorFlow. OpenAI, a nonprofit organization started by Elon Musk and others, is making AI tools and research widely available. And many prominent AI researchers have insisted on retaining the right to publish their results when joining companies such as Baidu, Facebook, and Google. Rather than scrap traditional sources of competitive advantage, such as position and capability, AI reframes them. (See Exhibit 2.) Companies, then, need a fluid and dynamic view of their strengths.


New bug lets hackers temporarily kill your Google Nest Cam

The flaw, discovered by Jason Doyle and published on GitHub, can be exploited when the attacker is within Bluetooth range of the device. Doyle stated in his GitHub post that he initially reported the bug to Google on October 26, 2016, but that he has since made the information public. Google acknowledged the bug, but didn't let him know if it had been patched, he said in an interview with The Register. If an attacker was able to knock the cameras offline for the maximum amount of time, they would be able to slip past them undetected. The bug presents an even bigger issue for some small businesses, who may use the Nest Cam and Dropcam Pro as CCTV tools or security cameras. The issue, according to Doyle's post, is that Bluetooth connectivity is never disabled after the initial setup of the device. Using Bluetooth, the camera is supplied with a different SSID, which causes it to leave its current Wi-Fi network in an attempt to associate with it.


Self-Driving Cars’ Spinning-Laser Problem

One problem is apparent from a casual glance at a prototype car: lidar sensors are bulky. They are why vehicles being tested by Waymo, Alphabet’s self-driving-car unit, are topped by a giant black dome, and Toyota’s and Uber’s sport spinning gadgets the size of a coffee can. ... Better lidar is a core part of Waymo’s plan to make self-driving cars a mass market and a profitable proposition. The company has developed three different sensors that look for objects at different ranges. They would be an important and attractive part of the bundle of technology the company says it will license to established automakers. Waymo is not the only one spending millions to address lidar lag. Last year Ford and Baidu, the Chinese search company investing in self-driving cars, jointly invested $150 million in Velodyne, the world’s leading lidar supplier.


Blockchain and IoT: Automating machine transactions in the fourth industrial revolution

In the past, a common correlation technology (referred to as an Event Correlation Engine) handled event filtering, aggregation, and masking. The next approach, which has roots in statistical analysis and signal processing, compares different time series detecting when there is correlated activity using correlation, cross-correlation, and convolution. Recently, a new wave of machine learning algorithms based on clustering applies a kind of smart filtering that is able to identify event storms. While these techniques are useful and do make life easier by reducing the number of events entering investigation, they do not answer the key question at hand: “What is the root cause of a problem?” Understanding how two time series correlate does not imply which one caused the other to spike. Such analysis does not imply causation. To get beyond that, we need to understand the cause-effect relationship between data sources.


Robots won’t take your job—they’ll help make room for meaningful work instead

David Autor, professor of economics at MIT, adds that the remaining non-automated tasks “tend to become more valuable.” This is because automation is likely to take over mundane or repetitive tasks, leaving professionals more time to do the things that really require their skills. For instance, automation will help mortgage-loan officers spend less time scouring paperwork when processing loan applications and free them up to issue more mortgages. ... This trend is even true in the era of artificial intelligence (AI). In the legal sphere, a bot’s ability to sift through large volumes of legal documents using software during the “discovery” phase of a trial was thought to reduce the number of the legal clerks and paralegals who traditionally performed this role. Instead, by reducing the cost of discovery, automation increased demand for it. The number of paralegals has increased since the introduction of discovery software in 1990.


Storage fails the business as data balloons, survey finds

For a sizeable majority (71%), data volumes are increasing by 27% a year. This amounts to storage being seen as a brake on digital transformation projects. Those are some of the findings of a survey carried out for open source software supplier Suse, which questioned 1,202 senior IT decision makers in 11 countries. The survey found that while two-thirds of UK businesses (66%) say demands from the business for IT to be more agile have increased in the last two years, more than half of them (58%) struggle to make storage sufficiently responsive. Almost all UK respondents are concerned about data growth and storage slowing down digital transformation initiatives (91%). The main frustrations with existing storage solutions are overall cost (83%), performance concerns (77%) and an inability to support innovation (74%).


Bridging the gaps in data lineage: FIGI and the future

The lack of a standard framework to reconcile data sets across business functions or asset class allows the problem of poor data quality to persist by disrupting data lineage and hampering efforts to improve data management controls. To bridge the gap and address this problem, some financial and data professionals are considering how an instrument identification framework can support the data management process. Specific to this need, more than 76 percent of firms surveyed by Tabb called for an instrument identification framework that uses open and freely distributable identifiers. Almost a quarter of asset management firms surveyed said they were embracing the Financial Instrument Global Identifier (FIGI) expressly to address data quality and operational reconciliation issues.


IBM unveils Blockchain as a Service based on open source Hyperledger Fabric technology

Although the blockchain piece is based on the open source Hyperledger Fabric project of which IBM is a participating member, it has added a set of security services to make it more palatable for enterprise customers, while offering it as a cloud service helps simplify a complex set of technologies, making it more accessible than trying to do this alone in a private datacenter. “Some time ago, we and several other members of the industry came to view that there needs to be a group looking after, governing and shepherding technology around blockchain for serious business,” Cuomo told TechCrunch. The Hyperledger Fabric project was born around the end of 2015 to facilitate this, and includes other industry heavyweights such as State Street Bank, Accenture, Fujitsu, Intel and others as members.


How to stop your smart devices from spying on you

There aren’t many options, if the WikiLeaks dump is true (CIA officials have refused to confirm or deny the content of the documents, suggesting it’s probably true). This has been dubbed a “zero-day exploit” because there is zero warning, and no time to prepare for this hack. Because information is transferred through networks you could theoretically disconnect your devices from WiFi and cell service, but that would render them, in many cases, virtually useless for their purposes, particularly in a world of increasing hyper-connectivity. If you want to ensure privacy in a given moment, ensure that all devices around you are unplugged, with batteries removed when applicable. Other good steps to protect yourself include standard safe online practices: download updates immediately, don’t click suspicious links, run regular malware scans and turn your devices off when you don’t need them.


Quote for the day:


"If you torture the data long enough, it will confess." -- Ronald Coase

Posted by at No comments:
Labels: , , , , , , , , , , , ,

Daily Tech Digest - March 20, 2017

It's time to face the ugly reality of face recognition

Face recognition does not require permission or knowledge. Any photograph will do. You have been photographed hundreds or thousands of times already. And with surveillance cameras, you're being photographed regularly. Every time you use an ATM, for example, you're having your picture taken, and that picture is associated in the bank's database with your name and bank account. Photographs can be taken from a distance without the knowledge or permission of the target. Other biometric data is private or more difficult to obtain without your knowledge or permission. For example, if you've been fingerprinted for a passport or by the police, you've agreed to it and those agencies will keep your data to themselves. If I provided you with somebody's fingerprints, you couldn't use that data unless you were a cop and had access to the database.


Supply chain technology: achieving next-gen visibility

Three primary forces drive this need to achieve greater supply chain visibility. The first is the emergence of the consumer-centric supply chain. People now have increased power and choice, allowing them to buy virtually anything, anytime, across a variety of methods. This has put tremendous pressure on supply chains that were originally designed for volume and scalability to become agile, responsive, and fluid. The second force is the transformation of previously linear supply chains devoted to shipping pallets and full truckloads to grid-based, or many-to-many, nodal value chains, therefore enabling greater consumer responsiveness. This, in turn, has led to smaller and more frequent shipments, an emphasis on achieving a smooth flow of data, and an increase in complexity in providing inventory visibility.


Business Model Transformation and What it Means to the Data Industry


Organizations have traditionally treated data as a legal or compliance requirement, supporting limited management reporting requirements. Consequently organizations have treated data as a cost to be minimized. The financial valuation of data technology companies has been based upon those perceptions and relationships. ... Data technology companies tend to sell to the part of the organization where data is a cost to be minimized and the sales processes focuses on negotiating with Procurement on price, margin, terms and conditions, instead of engaging with the part of the organization where data is a corporate asset to be exploited for business value, and discussions focus on time-to-value and de-risking projects.


Machine learning proves its worth to business

Machine learning couldn’t be hotter. A type of artificial intelligence that enables computers to learn to perform tasks and make predictions without explicit programming, machine learning has caught fire among the hip tech set, but remains a somewhat futuristic concept for most enterprises. But thanks to technological advances and emerging frameworks, machine learning may soon hit the mainstream. Consulting firm Deloitte expects to see a big increase in the use and adoption of machine learning in the coming year. This is in large part because the technology is becoming much more pervasive. The firm’s latest research shows that worldwide more than 300 million smartphones, or more than one-fifth of units sold in 2017, will have machine learning capabilities on board.


Meet Lorek, the Robot That Communicates in a Remarkable Way

It not only recognizes an object a human being is pointing at and talking about, but asks questions to clarify what they mean. Lorek is limited to trafficking in specific objects, sure, but the robot is a big deal for the budding field of human-robot interaction. The robot—from researchers at Brown University—works like so. A human wearing a headset stands in front of the machine, which sits on a table with six objects in front of it. The human points at, say, a bowl, and asks, “Can I have that bowl?” A Microsoft Kinect atop the robot’s head tracks the movement of the hand to determine which object the subject means and combines that data with the vocal command.


Coders And Librarians Team Up To Save Scientific Data

Some fear the data will be intentionally lost or altered. Others want to make sure the data is available in more than one location, especially more than one government website, since budget cuts could mean server space and upkeep of these data sets might no longer be a priority. "We're most concerned that data might be taken offline and public accessibility will be gone and it'll only be available as [Freedom of Information Act] requests," said Margaret Janz, a data curation librarian at the University of Pennsylvania. "Our goal is to make trustworthy copies of data so it will be available to the public and suitable for research. ... This data should never have been in just one place."


What Biosecurity and Cybersecurity Research Have in Common

More recently, biosecurity experts have begun to scrutinize not just pathogens and publications but also the activities and techniques that create them, identifying seven research categories that demand closer scrutiny. These include a subset of experiments that increase pathogens’ stability, transmissibility, or host range (the animals that could harbor the disease). This type of research gained notoriety in 2011 when two labs engineered a highly pathogenic form of bird flu to transmit more easily between mammals. These efforts, while still a work in progress, signal a way for regulators to begin to focus less on pathogens and code and more on the risks and intent of research projects themselves. For all of their similarities, key differences between biosecurity and cybersecurity risks and timelines will dictate varied regulatory strategies.


Intel claims storage speed record with its large-capacity Optane SSD

The first large-capacity Optane SSD drive is the DC P4800X, which has 375GB of storage and started shipping on Sunday. The $1,520 SSD is targeted at servers. (Intel didn't provide regional availability information.) Intel says an enterprise Optane SSD with 750GB will ship in the second quarter, and that a 1.5TB SSD will ship in the second half of this year. These SSDs will fit as add-in cards in the PCI-Express/NVMe and U.2 slots. That means they could work in some workstations and servers based on AMD's 32-core Naples processors. Optane will also ship in the form of DRAM modules next year. Intel did not share information on when it would ship consumer SSDs.  Optane has been hyped as a new class of superfast memory and storage that could replace today's SSDs and DRAM. Intel has claimed Optane is up to 10 times faster than conventional SSDs.


Online Denial of Service Attacks Are a Growing Concern

Describing that situation, Stephanie Weagle, vice president of Corero Network Security, told SC Media UK that DDoS attacks have become many things over the last decade: weapons of cyberwarfare, security breach diversions and service-impacting strategies. “The motivations for these attack campaigns are endless — financial, political, nation-state, extortion and everything in between,” she said. ... Weagle added: "Continuing to rely on traditional IT security solutions, and/or human intervention to deal with the growing DDoS epidemic will continue to prove devastating to businesses. As recent events have confirmed once again, proactive, automated protection is required to keep the Internet-connected business available in the face of DDoS attacks.”


ColumnStore: Storage Architecture Choices

To provide data redundancy, ColumnStore relies on external storage to provide resilient storage and enable a particular DBRoot volume to be remounted on another PM server. This generally implies a remote networked storage solution, although filesystems such as GlusterFS can allow deployment without additional servers.  When internal storage is utilized, journaling filesystems and RAID deployment provide for resilient storage. However, since the storage is only available within a given PM server, the storage cannot be remounted on another PM server should one fail. In this case, the failed server must be recovered before ColumnStore can support additional queries. With external storage, ColumnStore can provide automated failover and continuity in the event a PM server fails.


Quote for the day:


"Big data is at the foundation of all of the megatrends that are happening today, from social to mobile to the cloud to gaming" -- Chris Lynch

Posted by at No comments:
Labels: , , , , , , , , , ,

Daily Tech Digest - March 19, 2017

In Defence of the Monolith, Part 1

Of course, any architecture is a trade-off between competing forces, and context is all important. In my own case, the two main monoliths I've been involved with are enterprise web apps, which are accessed in-house. For the last 13 years, I've worked on a large government benefits administration application running on .NET, and for the last five years I've also worked on an invoicing system running on Java. Both systems are monoliths in the sense that most of the business logic is in a single deployable webapp. I'm sure that many other visitors to the InfoQ website work on similar systems. ... In breaking up the application into modules, we should also ensure that the dependencies between modules are in one direction only: the acyclic dependencies principle. We'll talk shortly about how to enforce such constraints; whatever the tooling used to enforce these rules


Artificial creativity (A.C.): Can a computer be creative? It’s scarily close

One of the favorite stories in Science Fiction is of a future where robots are so advanced that they have taken on human characteristics and act as advanced servants. Boston Dynamics currently make the most advanced robot displaying this, able to move freely and interact in many ways with people. But even SciFi have difficulty imagining a world where robots can come up with their own ideas. This world is closer than you may think. In the not too far future machines and robots will not only become more advanced, they will also begin to exhibit aspects of Creativity, and may soon exceed people in the ability to produce simple creative outputs. However, while I believe robots will be able to imitate a human’s ability for crafting creative work, I don’t believe this is the same as true creativity.


Finding Value In IoT Data

A challenge and a huge opportunity remains for those enterprise software and services companies that have the technology and tools available to help people and businesses make sense of, analyze, and harness the tsunami of data that we are about to be engulfed by. Here’s the real business potential to add value through IoT: Companies in almost every industry will transform into digital businesses which means oversight must be powered by real-time data – fed in large part by sensors. As Herzberg, says, the beauty of sensors that they bring real-time data to applications: “Customers run applications for business critical processes, which could run better with real-time awareness.” Big Data analytics and machine learning will deliver personal and business insights and will enable us to make immediate decisions based on that data – rather than relying as we have in the past, on guesswork or out-of-date forecasts.


Metadata Management and Data Governance: The Essentials of Enterprise Architecture

Bremeau says he expects any Metadata Management software today to be able to connect to live databases, data integration servers, and BI servers as well. “My advice, in general, is always to start from the end – from the business [intention] side – and that’s what people hate to do.” He says he prefers to start with the business users because, “That’s basically going to get them excited, if you can start from their Business Intelligence reports,” he said. “If you’re buried inside your ETL, and work for weeks, you will still have nothing to show” to your business users. “At the center of this, you’re going to go to your Data Warehouse and bring everything in,” which, Bremeau said, is not as simple as it sounds. When the data comes in – no matter what products or tools are used,


Digital Transformation Impact on Enterprise Architecture

Digital Transformation is not a new idea. It has now reached mainstream acceptance with with the maturity of technologies such as Social, Mobile, Analytics & Cloud. Success stories of Digital Transformation in the enterprise have always involved people, process, and technology. In this blog, we will focus on technology and more specifically on the evolution of enterprise application and infrastructure architecture in organizations embracing Digital Transformation. ... Transforming existing custom apps into Microservices involves disaggregating the application tier into a number of Microservices and hosting them on PaaS or CaaS. Another major consequence with this architectural change is that traffic between services, which in the past was contained within the application server, now occurs between microservices connected by the data center network.


Testing Enterprise Architecture at the Tactical Level

To test a service is to ascertain that the service meets its requirements. You may be tempted to apply a uniform testing approach to all the services. This is a bad idea. It is better to decide on the approach by service category or even case by case. For application services, testing is an integral part of the best practices of software engineering. The software requirements are most likely defined with Use Cases, which is a concept very closely aligned with application services. ... For technology services, the requirements are often just a technical specification of required resources such as the operating system, storage space and network connectivity. Building and maintaining such services are very different from application services. Infrastructure specialists often react negatively if you


A Security Approach for a Cloudy World: An Interview with Pete Cheslock

Providers such as Heroku, Google Cloud Functions and AWS Lambda really make the concept of securing your systems more interesting when you don’t have any servers to run your code on. These are often referred to as "serverless" - your code executes inside a provider on systems that you likely don’t have any control over. In many ways, this can help make you more secure as you are reducing the number of endpoints you need to secure. But in the end this pushes your security challenges over to the provider themselves. AWS uses their Identity and Access Management (IAM), meaning you are now in full control of providing access to your functions. You need to ensure the security is as least-privilege as possible. Additionally, your code needs to get to the provider somehow, which means you'll be running systems that do the continuous integration and deployment


Enterprise Architecture for the Internet of Things: Containerization and Microservices

Organizations are increasingly attempting to remedy these complexities with virtualization technologies, in which data is made available as an abstraction layer accessible to various parties from distinct locations. Containerization represents the next level of virtualization technologies and may be the most viable means of effecting the flexible agility required to provision, analyze, and reap the benefits of real-time application data in a post-IoT world. Meanwhile, running those applications as microservices could very well be the best means of creating and deploying them in time to account for the IoT’s extreme volumes and velocities of data, especially when they are leveraged within containers. “I think there’s a natural progression there and maybe some of the more forward thinking companies will say hey, this all fits together; I can do this right away,” MapR Senior Director of Industry Solutions Dale Kim said.


What if data privacy wasn’t an issue?

Where personal data is left identifiable, it’s remarkable what can be achieved, with China being the poster child for this sort of application. In some cities in Xinjiang Province, for example, drivers have been ordered to install satellite navigation equipment in their vehicles. And more everyday applications are starting to emerge. “With Transport for London, for example, you have an Oyster card, but when you go to China now they’re using facial recognition,” says Mr McGloin. “They can accept that over there.” Last year, the main railway station in Beijing started trialling facial recognition technology to verify the identity of travellers and check their tickets are valid for travel. In the city of Yinchuan, meanwhile, a passenger’s face is linked to their bank account, enabling bus passengers to pay automatically simply by having their faces scanned.


Bimodal IT: Business-IT alignment in the age of digital transformation

On the architectural level, bimodal IT takes advantage of emerging tools and platforms for agile customer-facing frontend systems while also running the traditional stable, mission-critical backend systems. This results in a duopoly of business-critical scale-up applications running on one stronger computer and scale-out applications distributed on several regular computers for reacting to changed or new business or technological conditions in the short term (Pfützner 2015). The required flexibility is enabled by virtualizing data and resources in a composable modular infrastructure for traditional IT and digital IT (Greiner 2015), partially with the aid of infrastructure respectively platform as a service cloud-based solutions. Companies often use private clouds for traditional IT


Quote for the day:



“The last 10% it takes to launch something takes as much energy as the first 90%.” -- Rob Kalin

Posted by at No comments:
Labels: , , , , , , , , , , , , , ,

Daily Tech Digest - March 18, 2017

So if Watson isn't a giant artificial brain that will be used to power our robot overlords, what is it then? IBM says it's all about cognitive computing. It's the ability to take completely "unstructured data" – i.e. data where there is currently no relevance or any reason to connect it to anything else – process all that data and detect new patterns so that humans don't have to figure it out all by themselves. Big data analytics, whereby humans look at statistics from different aspects of their business all at once and then use it to make decisions, is already commonplace. But let's say you throw in something completely unexpected, such as a power surge or a major political event. This changes the data, and suddenly the computer doesn't have great advice to give.


Machine learning can also aid the cyber enemy

"The concern about this is that one might find that an adversary is able to control, in a big-data environment, enough of that data that they can feed you in misdirection," said Dr Deborah Frincke, head of the Research Directorate (RD) of the US National Security Agency/Central Security Service (NSA/CSS). Adversarial machine learning, as Frincke called it, is "a thing that we're starting to see emerge, a bit, in the wild". It's a path that we might reasonably believe will continue, she said. As one example, an organisation may decide to use machine learning to develop a so-called "sense of self" of its own networks, and build a self-healing capability on top of that. But what if an attacker gets inside the network or perhaps was even inside the network before the machine learning process started?


Server Storage I/O: Converged (CI) and Hyper-Converged (HCI)

"What is the best CI, CIB, or HCI solution, product, or vendor?" Of course, if you know me, my answer is, "It depends." It depends on what you are trying, need, or want to do. It also depends on your applications, along with their current and future growth needs — among other questions. I also turn the question around and ask people what they are looking for, or why they want CI, CIB, HCI, as well as what they want or need as their point of convergence? For example, are they looking to converge around hardware (e.g. servers, storage or networking), software (hypervisors, operating systems, data services), dashboards or other management tools, interfaces, data protection, some applications, or perhaps a particular product or vendor?


The New Age of Marketing

Today, SEO is still incredibly important. Companies spend tremendous time and resources trying to keep their search results in the top slots of a Google search. But times, they are a-changing. Desktop web searches are in decline, and Google is dominant. As Google stretches for revenue growth, they have slowly, but surely, annexed the natural search results and converted this valuable real estate to advertising. They are turning free-riders into taxpayers. Their paid advertising results are so good and relevant that it’s debatable whether they are poisoning the consumer well, which would leave the door open for companies whose search results are “natural.” Some of my smart colleagues hope so, but I’m not so sure. In the travel vertical, for example, Expedia is big enough to pay for those top search results


10 Principles of Strategy through Execution

Any company can follow the same path as these successful firms, and an increasing number of companies are doing just that. If you join them, you will need to cultivate the ability to translate the strategic into the everyday. This means linking strategy and execution closely together by creating distinctive, complex capabilities that set your company apart, and applying them to every product and service in your portfolio. These capabilities combine all the elements of execution — technology, human skills, processes, and organizational structures — to deliver your company’s chosen value proposition. How do you accomplish this on a day-to-day basis? How do you get the strategists and implementers in your company to work together effectively? These 10 principles, derived from our experience at Strategy&, can help you avoid common pitfalls and accelerate your progress.


11 DIY Projects to Turn Your House Into a Smart Home

The smart home revolution definitely isn’t happening overnight. Even with a flood of new devices and platforms available, most of us are still only inching toward fully automated homes. Still, you can take matters into your own hands and speed up the rate of progress with these DIY smart home systems. ... Not only is the Amazon Echo an incredibly handy device to have around the (smart) home, it’s also an easy way for developers to build voice commands into their projects. For that very reason, we have this DIY project for getting temperature and humidity readings from your Amazon smart home speaker. Some hardware hacking and software coding is required to get it finished. The aforementioned Particle Photon is the board doing most of the work in terms of collecting the data that the Echo (and Alexa) can then access with a little bit of coding. You’re also going to need a temperature sensor for the raw data, as well as an Alexa Skill Set that understands what you want


These are the fintech segments most likely to grow in 2017

Going forward, we are likely to see funding growth correspond with application share. The study's findings offer a reliable if narrow indicator of which segments will see growth this year. As such, we are likely to see the most investment deals emerge in the areas of cloud and other core technologies, AI and machine learning, and customer data analytics, as they continue to evolve rapidly and present untapped opportunities for investors to seize. We’ve entered the most profound era of change for financial services companies since the 1970s brought us index mutual funds, discount brokers and ATMs. No firm is immune from the coming disruption and every company must have a strategy to harness the powerful advantages of the new fintech revolution.


How AI will help us decipher millennials

Are they really such a complex generation that we must resort to artificial intelligence to figure out what they want and to keep them coming back for more? Turns out they are, and AI is indeed the ultimate weapon in the fight for the millennial generation’s ever-shortening attention span. Luckily, rapid strides in the field of machine learning will help unravel what this fickle “target market” really wants. Machine learning is a crystal ball in the world of AI. It analyzes existing data and — through complex algorithms — predicts what will happen in similar cases in the future. Machine learning service providers aim to help organizations understand how they can interact with millennials in a way that will drive sales. They say if you want to connect with millennials, make a chatbot.


A Growing Talent Shortfall Can Leave Apps Vulnerable

The traditional career trajectory of those currently in cybersecurity has placed very little emphasis on application security. With the direction things are headed, that’s a problem. According to Verizon’s Digital Breach Investigation Report, the number one source of data lost in cyber-attacks is the web application level, a vulnerability that is increasingly problematic as we move to a mobile-centric landscape. The issue that many companies face, specifically in application security, is that there are too many code vulnerabilities. This creates more work for the IT talent who need to deal with the flaws. ... With a worldwide shortage of skilled cyber-experts, the question remains; how can companies continue to gain ground on the malicious hackers? If the talent isn’t there, how can they defend their systems?


In Cyber, Who Do We Trust to Protect the Business?

As part of the effort to strengthen investor trust and public confidence in board-level cyber risk oversight practices, NACD has created the first credentialed course dedicated to board member cyber literacy. The NACD Cyber-Risk Oversight Program was launched in concert with Ridge Global —led by former Governor Tom Ridge, first US Secretary of Homeland Security — and the CERT Division of the SEI, a federally-funded research and development center sponsored by the Department of Defense, based at Carnegie Mellon University. The program is a first-of-its-kind online course that goes in-depth on issues such as cybersecurity leadership, effective security structure, and the role of the board. Leaders who complete the course and pass the exam earn the CERT Certificate in Cybersecurity Oversight, issued by Carnegie Mellon.


Quote for the day:


"Innovation comes from the producer - not from the customer." -- W. Edwards Deming

Posted by at No comments:
Labels: , , , , , , , , , , , ,

Daily Tech Digest - March 17, 2017

A Model Proposal for Organizational Prudence and Wisdom Within Governance of Business and Enterprise IT

An organization’s ability to respond to changing environments is a critical issue. Decision-making bodies at all levels need to adjust to meet fast-changing environments. Basically, an organization needs to change its information systems to fit the new requirements. In turn, appropriate computer techniques and technologies can be applied that best meet the requirements for the changed business conditions and stakeholder needs. The current failures of organizations indicate that their information systems are not reflective of current business conditions and ecosystems, even though the application of newer techniques and technologies may abound in the organization. The turbulence of current business conditions, then, necessitates the need for decision makers to use the latest in information system developments—that is, optimal knowledge management (KM)/wisdom management (WM) systems.


Intel pursuing new chips as it plots a wearables future

The company's approach to wearables is being replicated in other areas like the Intel Sports Group, which is developing technology so users can watch 3D sports broadcasts as if they were in the stadium. One way to achieve that is by putting more cameras across the field, including helmets worn by players. Using algorithms, Intel servers slice and dice the images from the cameras to provide the customized footage. This will translate well to wearables like VR headsets, as users will be able to get a bird's eye view of a touchdown in a football game or a goal in soccer. Chips like Curie are already instrumental in improving the sports viewing experience from events like last year's Winter X Games. In real time, viewers were able to view key athlete performance data like the height of a snowboarder jump and how far they rotated.


How A.I. technology is causing major ripples in the travel industry

“Flight fares and hotel prices are ever-changing and vary greatly depending on the provider,” software company AltexSoft admits. “No one has time to track all those changes manually. Thus, smart tools which monitor and send out timely alerts with hot deals are currently in high demand in the travel industry.” Dynamic pricing and fare forecasting tools are all the rage right now. People know there are better deals out there and want access to information that helps them save as much money as possible on flights, hotels, and other accommodations. Hopper is one of the leading startups in this area. They’ve raised more than $37 million to date and have built an advanced application that uses applied predictive analytics to tell users exactly when to pull the trigger on a travel deal.


Augmented and virtual reality to see aggressive growth by 2021

IDC includes in its count of commercial VR and AR the numerous arcades in China's cities where customers play online VR games. "A lot of VR gaming is taking place that way," he said. Those headsets are purchased by the arcade or movie theater operators, and are counted as commercial sales, he explained. Even with those kinds of early successes, VR still suffers from limited content. "There's not a lot of VR content out there and what is out there is very targeted" to younger users and gamers, Ubrani said. Facebook, which purchased Oculus in 2014, allows users to create VR avatars to use in a virtual world, for example. Strategy Analytics on Thursday said VR is "poised for tremendous growth over the next several years," but tempered its optimism with a survey that indicates VR experiences are still wanting.


Why Google's smart jacket could be a boon for commuters

Google and Levi's first announced plans to create the interactive jacket last year. It will mark the first widely available product using technology from Google's Project Jacquard, announced in 2015, which aims to make it possible to "weave touch and gesture interactivity into any textile using standard, industrial looms," according to the project's website. Basically, Google has made conductive yarn, which will allow the company to create smart clothes and smart furniture by adding in interactive surfaces to the fabric. "Project Jacquard will allow designers and developers to build connected, touch-sensitive textiles into their own products," the website stated. The Levi's Commuter Trucker Jacket was designed specifically for urban bike commuters. The jacket is dark denim, very similar in terms of looks to other Levi's commuter coats.


Online cybersecurity course targets business professionals

Because new technologies will require new policies and incentives, and emerging policies must adapt to future technologies, "We have brought together a pool of world-renowned faculty cybersecurity experts from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) and the Sloan School of Management to teach this online course," Shrobe said. The six-week course offers a holistic, comprehensive view of key technologies, techniques and systems. The goal, said Shrobe, is for participants to walk away with a broad understanding of hardware, software, cryptography, and policy to make better, safer long-term security decisions. "Some of the research we focus on is about creating systems that are harder to hack. We’ve demonstrated that it is possible to design a modern computer system that attackers can’t break into and that can protect our information," Shrobe said.


3 Important New Cyber Security Trends

If 2016 was the year of cyber attacks, 2017 is the year of prevention. Twelve months ago, experts were predicting an increase in the innovation and sophistication of cyber attacks and a greater breakdown in security measures on a global scale. With the Internet of Things (IoT) making the world more connected than ever and companies continuing to back-burner security issues, forecasters pointed to a perfect storm. Organizations and individuals would be more vulnerable than ever. They were right. But from the wreckage of hacks and privacy violations of 2016, some important lessons were learned and they will set the trend for the next wave of technology innovations. Managing Director of the Information Security Forum (ISF) Steve Durbin, a risk management expert, said, “I think we are seeing a raised level awareness about the fact that operating in cyber brings about its own peculiarities…I see an increasing maturity and development of the cyber crime gangs.


Standards and Security: The Great DDoS Challenge

DDoS attacks are becoming far more sophisticated so it’s essential that hardware and software manufacturers start to seriously consider standards to address the potential security risks in the growing Internet of Things. One key standard is the Open Trusted Technology Provider Standard, or O-TTPS, which addresses these issues around supply chain security and product integrity. Recently approved as ISO/IEC 20243, this set of best practices can be applied from design to disposal, throughout the supply chain and the entire product life cycle. Standards like the O-TTPS aim to reduce the risk of tainted (e.g., malware-enabled and malware-capable) and counterfeit hardware and software components from entering the supply chains and making their way into products that connect to the internet. This specific standard also has a conformance program that identifies Open Trusted Technology Providers who conform.


Cybersecurity not a one-time effort for small businesses; requires constant vigilance

Invasions that render a computer’s files unusable unless the user pays a ransom have also surged. Cybercriminals who use this method are aggressive — one variation of ransomware attacked an estimated 100,000 computers a day within weeks of its release last year, according to the FBI. The costs of an invasion can be steep. Heath estimates he lost $10,000 in business because the site was down. He didn’t have to pay to have the website rebuilt, because his business was part of an incubator where tech help was available for free. But recreating a website could run a business well into the thousands of dollars. Many owners believe they don’t have the resources — human or financial — to keep their companies safe, which takes keeping up with frequent security updates for software and equipment.


India ID plan wins World Bank praise amid Big Brother fears

An ambitious government-run project -- just like the Internet at the time of its creation decades ago -- Aadhaar began in 2009 to target payments to the poor across India’s vast hinterland. Other governments are already interested in its potential. Countries such as Tanzania, Afghanistan and Bangladesh have visited India to talk about the system, said Nandan Nilekani, billionaire co-founder of the technology company Infosys Ltd. and former chairman of the Unique Identification Authority of India, who created Aadhaar. Russia, Morocco, Algeria and Tunisia have also indicated their interest in Aadhaar, R.S. Sharma, chairman of the telecom regulatory authority of India, told the Mint newspaper in July 2016. "They’re all keen to see how they can replicate this in their countries," Nilekani said by phone. "This is a great example of how governments can build the most modern digital public infrastructure, and make it available as a public good to everybody."


Quote for the day:


"Nothing is so painful to the human mind as a great and sudden change." -- Mary Shelley

Posted by at No comments:
Labels: , , , , , , , ,

Daily Tech Digest - March 16, 2017

Ethical Hacking: The Most Important Job No One Talks About

Ethical hacking is used to build real-world potential attacks on an application or the organization as a whole, as opposed to the more analytical and risk-based analysis achieved through security audits. As an ethical hacker, the goal is to find as many vulnerabilities as possible, no matter the risk level, and report them back to the organization. Another advantage is that once hackers detect a risk, vendors can add the detection capability to their products, thus enhancing detection quality in the long run. For example, David Sopas, security research team leader for Checkmarx, discovered a potentially malicious hack within a LinkedIn reflected filename download. This hack could have had a number of potential outcomes, including a full-blown hijacking of a victims' computers if they had run the file. It's probably safe to say that just the audit wouldn't have identified this hidden flaw.


Unicef uses data science to track refugees

Unicef is working with Scottish data startup Brainnwave in a collaborative for one of its projects in Somalia, locating and tracking population movement in the country to enable Unicef to allocate resources and efforts to the areas in greatest need. The UK Disasters Emergency Committee is currently putting a spotlight on Somalia and neighbouring countries, and has estimated that 16 million people urgently need food, water and medical treatment. Some 60% of internally displaced people in Somalia are children, said Adler. When the Kenyan government threatened to close the Dadaab refugee camp last year – the biggest in the world, containing some 350,000 people – the need arose to understand where those people would move, to predict where goods and services should be sent.


Artificial Intelligence should not be seen as a threat, it will create more jobs

Human intelligence was still needed in a lot of jobs. It is still needed. But some level of automation in some sectors is bound to happen. “With the progress in technology, now with AI and machine learning, along with IoT, we are getting the ability to play around with more and more data. So definitely there has to be some skill-related training to help people analyse that data. So there will be emphasis on productivity. New jobs will be created eventually, and they will be different from what we have currently,” said Viswanathan. According to Viswanathan, IT companies are leveraging capacity to increase productivity for the customer. He dismisses doomsday talk when it comes to AI and machine learning giving an analogy of how it was predicted many decades ago that automation in the agricultural sector would wipe out the jobs of farmers.


Why hybrid cloud is not just a transitional environment

Hybrid cloud helps you in the same way. You can create amazing new capabilities that leverage the investments you have already made in your backend applications and the data you store. Leveraging cloud services with on-premises backends can add value even when there is no new cloud-native app. A common example is leveraging cloud analytics for new insight to on-premises data. How do you figure out how cloud can drive the most value for your company? For one, you need advisors who have driven success for other businesses. If you look at this purely from a speeds-and-feeds, cost-saving view, you may have missed the immediate value that hybrid cloud can provide. ...  A key aspect of driving this innovation is leveraging capabilities instead of building them. Cloud services are one of the fastest methods of driving value more quickly. So where are businesses creating impact?


Security Operations Center (SOC) Is Not New, But More Necessary Than Ever!

By definition, a SOC is an organized and highly skilled team whose mission is to continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing, and responding to cyber security incidents with the aid of both technology and well-defined processes and procedures. The finer points of SOC deployment are very much network and organization-specific, however; following three are major components that every organization must include: People, Process, and Technology. The three exist in all elements of security and should be considered equally critical components while building a SOC. Through people, processes and technology, a SOC is dedicated to detection, investigation, and response of log events triggered through security related correlation logic.


The power of knowledge in the fight against cyber security

Currently, businesses face a real challenge in the search for the cyber security skills they need to succeed. Networkers’ recent Voice of the Workforce research confirmed this lack of skills, with more than half of the 1,656 technology professionals who were surveyed saying they believe there is a skills shortage in the sector they work in. In addition, we found that cyber security is seen as the greatest potential disruptor to the industry over the next five years. Essentially, these findings demonstrate that cyber security will live up to the hype over the coming years, but there aren’t enough people with the level of digital skills needed to deal with its impact. In addition, a 2016 Digital Skills Crisis report by the Science and Technology Committee indicated the full extent of the UK’s lack of digital capability, highlighting that 12.6 million adults lack basic digital skills - a skills gap which costs the economy more than £60 billion a year in lost income.


What Businesses Can Learn From the CIA Data Breach

Among the many CIA exploits that were leaked was one named Weeping Angel, which essentially turns a Samsung smart TV into a silent audio-recording device capable of listening in to conversations even after the device had supposedly been switched off. The exploit garnered attention not because it was particularly sophisticated, but because it demonstrated how trivially easy it is to hack many of the so-called smart "things" that are being connected to the Internet these days. For enterprises, the exploit should serve as a warning of the potential for attackers to increasingly target vulnerabilities in industrial and commercial IoT products in order to then gain entry into the enterprise. Many IoT vulnerabilities stem from Web and Web-based interfaces that are riddled with issues like remote code execution bugs and hardcoded passwords, Kolochenko says.


Is Your Connected Car at Risk? Previous Owners May Still Have Access

The most obvious problem is that, if someone sold the car but was still connected to it, in some cases it would be relatively easy for them to steal it, using the mobile phone as a key fob to unlock and start the vehicle. Many vehicles, however, still require the actual key fob to be present before the car or truck can be driven away. But the fact that prior owners could still be tracking the vehicle’s whereabouts would be enough to give most people pause. In terms of making car buyers aware of the vehicle’s potential connectivity, Hyundai’s Johnson said the automaker also slaps a sticker with an 800 number on its Blue Link–equipped vehicles letting the new owners know it’s equipped and how to get it serviced. These remote services also can cost money—in the case of Blue Link, it’s $198 per year—so most owners call and disconnect when they no longer have the car or truck, Johnson said.


Twitter Counter hacked: Hundreds of high-profile Twitter accounts hijacked

After the Twitter Counter hack, Michael Patterson, CEO of Plixer International said, “Given the political nature of the tweets, it’s not unreasonable to assume this was a state sponsored hack. The message delivered through this hack has received global attention that would likely not have been possible through any other method. This massive exposure becomes an incentive for others to use cyber-attacks as a means of gaining global attention to their cause.” “This highlights the expanded threat surface created when third party applications are granted access to social media platforms and the applications we use every day,” Patterson added. “It is common for consumer applications to request access to social media platforms, and most people will allow that access. Every time you link another application to your social media platforms, you are providing hackers with another possible point of entry.”


Want Good Cyber Insurance? Read The Fine Print

“The major threat to the insurability of cyber is that a systemic attack, such as a cyber attack on the power grid, could cause a catastrophic loss, with many insureds hit by the same event,” Coburn said. With that kind of uncertainty, erring on the side of caution tends to lead to higher prices, more exclusions that limit coverage – or both. “Cyber insurance is a nascent industry,” said Robin Gottschalk, insurance producer on Insureon's technology desk. “So, while complex models are forecasting costs, realized costs can be much different. They can vary widely because there are more incidents than insurance companies are forecasting or because the incidents are more expensive than anticipated.” Steve Durbin, managing director at the Information Security Forum, called risk measurement, “hugely complex,” and said many insurers are still struggling with cyber risks because of a lack of “significant data and trend analysis.”


Quote for the day:


"A man always has two reasons for doing anything: a good reason and the real reason." -- J.P. Morgan

Posted by at No comments:
Labels: , , , , , , , , ,
Subscribe to: Posts (Atom)