If Akamai, Cisco and Google’s post-platform security and privacy machine learning security systems protecting the web and mobile platforms are indicative of the future, IoT device makers will only be part of a larger security ecosystem. That’s because they will not have the data to train the AI machine learning models. As a result, IoT post-platform security and privacy will become a layer on top of IoT device security. These five factors are why that will happen.1. Product developers underestimated IoT security
In their race to market, product developers building for new platforms will underestimate the security and privacy features that should be built into their products. In some cases, this will be an act of commission, but most will be an act of omission because it is difficult to anticipate the vulnerabilities until the products reach the market at scale. Windows and mobile devices experienced something similar. They have been hardened, but earlier in their evolution they were an easy target for cyber criminals.To read this article in full or to leave a comment, please click here
Five years ago, IT was decentralized at the University of New Mexico. “Every school or college had their own IT, and in most cases they were completely under-resourced – a one-person shop having to do phones, apps, email, desktop, servers, storage, disaster recovery, all of that,” said Brian Pietrewicz, deputy CIO at University of New Mexico.The university transitioned to a self-service model that enables each of its more than 100 departments to deploy infrastructure and application services itself and have them managed by the now-centralized IT team.Adopting VMware’s vCloud Automation Center enabled departments to consume cloud resources, but also give the management team the ability to curtail that consumption if necessary.To read this article in full or to leave a comment, please click here
Overlooked in the hoopla around the VMworld conference was an announcement of the availability of AppDefense, a new product that lets companies restrict the types of operations applications are allowed to run on virtualized servers. AppDefense works with the VMware hypervisor and can also connect to third-party provisioning, configuration management and workflow automation platforms. It can send out alerts, quarantine apps, shut them down and even restore a VM from an image. All of this is based on AppDefense catching unusual behavior, such as trying to modify the kernel or communicate with an unrecognized remote server. VMware already has some security features built into its NSX and VSAN products, but those are around networking and storage. AppDefense secures the core virtual machines in vSphere itself. It does this by using behavior-based whitelisting, which is not easy to do on desktops because they run a lot of apps. But on a server, especially a virtual server, it’s a much easier proposition. In some cases, virtual servers run only one or two apps, so shutting out everything else is simple.To read this article in full or to leave a comment, please click here
Ensuring cybersecurity for computers and mobile phones is a huge, complex business. The ever-widening scope and unbelievable variety of threats makes keeping these devices safe from cyber criminals and malware a full-time challenge for companies, governments and individuals around the world.But at least the vast majority of those devices are easily accessible, safe in the pockets or sitting on the desktops of the very people who want to protect them. The Internet of Things (IoT) devices that need protection, on the other hand, could be almost anywhere: sitting in a remote desert, buried deep in coal mine, built into a giant truck. Or, even implanted inside the human body.To read this article in full or to leave a comment, please click here
Reporters Fahmida Rashid and Steve Ragan talk about antivirus vendor Kaspersky Lab, a Russian-based company that various U.S. agencies have flagged as untrustworthy. Should you use it?
Reporters Fahmida Rashid and Steve Ragan talk about hacks of Sony and more recently, HBO, and what lessons enterprises can learn from the entertainment industry's mistakes.
Reporters Steve Ragan and Fahmida Rashid unpack the hottest topics in the security realm: Kaspersky Lab's Russia connection, the new status for the U.S. Cyber Command, Hollywood's hacking woes and ransomware.
Reporters Steve Ragan and Fahmida Rashid discuss the implications of the U.S. Cyber Command's recent elevation in status, putting it on the same level as the military’s other functional combatant commands.
Our panel looks at whether smartwatch makers blew it by not focusing on the enterprise, why intent-based networking is the next big thing, whether GPS spoofing is real, and how high is too high when it comes to iPhone prices.
The panelists talk about GPS spoofing, and rumors about hacking as a factor in recent ship collisions. Plus, they sort out the difference between GPS spoofing and GPS jamming.
The panelists break down Cisco's intent-based networking strategy, which brings machine learning to the networking realm. Plus, they hash out the ramifications for the security industry.
Ahead of the latest Apple smartwatch rollout, the panelists debate whether vendors made a mistake introducing smartwatches to consumers first, rather than pursuing the enterprise market.
Juniper today announced intentions to acquire Cyphort, a Santa Clara-based startup that offers an advanced threat detection, analytics and mitigation platform. Juniper says it will integrate Cyphort’s technology with its Sky Advanced Threat Protection (ATP) product line.+MORE AT NETWORK WORLD: DEEP-DIVE REVIEW: How Cyphort makes advanced threat protection easier than ever +Cyphort’s software platform detects advanced threats, evasion techniques and zero-day vulnerabilities using a combination of behavioral analytics, machine-learning and long-data security analysis, the company says. The platform can work across virtual infrastructure, cloud environments and edge devices. In addition to identifying threats, Cyphort creates real-time timelines of incidents and can integrate with network tools to update security postures.To read this article in full or to leave a comment, please click here
Much work still must be done before the industrial and municipal Internet of Things (IoT) becomes widely adopted outside of the circle of innovators. One field, privacy, well understood by the public and private sector in the context of the cloud, PCs and mobile, is in the early stage of adaptation for the IoT.The sheer volume of data that will be collected and the new more granular architecture of the IoT present new privacy concerns that need to be resolved on an equal scale as the platform’s forecasted growth.A demonstration of this new aspect of privacy and compliance is the Privacy Guidelines for Internet of Things: Cheat Sheet, Technical Report (pdf) by Charith Perera, researcher at the Newcastle University in the U.K. The nine-page report details 30 points about implementing strong privacy protections. This report is summarized below.To read this article in full or to leave a comment, please click here
Much work still must be done before the industrial and municipal Internet of Things (IoT) becomes widely adopted outside of the circle of innovators. One field, privacy, well understood by the public and private sector in the context of the cloud, PCs and mobile, is in the early stage of adaptation for the IoT.The sheer volume of data that will be collected and the new more granular architecture of the IoT present new privacy concerns that need to be resolved on an equal scale as the platform’s forecasted growth.A demonstration of this new aspect of privacy and compliance is the Privacy Guidelines for Internet of Things: Cheat Sheet, Technical Report (pdf) by Charith Perera, researcher at the Newcastle University in the U.K. The nine-page report details 30 points about implementing strong privacy protections. This report is summarized below.To read this article in full, please click here
Much work still must be done before the industrial and municipal Internet of Things (IoT) becomes widely adopted outside of the circle of innovators. One field, privacy, well understood by the public and private sector in the context of the cloud, PCs and mobile, is in the early stage of adaptation for the IoT.The sheer volume of data that will be collected and the new more granular architecture of the IoT present new privacy concerns that need to be resolved on an equal scale as the platform’s forecasted growth.A demonstration of this new aspect of privacy and compliance is the Privacy Guidelines for Internet of Things: Cheat Sheet, Technical Report (pdf) by Charith Perera, researcher at the Newcastle University in the U.K. The nine-page report details 30 points about implementing strong privacy protections. This report is summarized below.To read this article in full, please click here
VMworld 2017Image by Thinkstock/VMwareVMworld 2017 is underway in Las Vegas, where IT pros are converging to learn about the latest in enterprise cloud, virtualization, security, and software-defined data center technologies. Here are some of the product highlights on display at the show.To read this article in full or to leave a comment, please click here
The hazard of unsophisticated and poorly secured Internet of Things (IoT) devices came to the front last year with the Mirai DDoS attack that involved nearly a million bots. Many of these devices remain a threat.Researchers have posed an original solution to the problem: Use the vulnerability of these devices to inject a white worm that secures the devices. It is an epidemiological approach that creates immunity with a vaccine by exposing the immune system to a weakened form of the disease.+ Also on Network World: How to improve IoT security +
These devices are still a threat because some cannot be fixed because they have hard-coded back doors. Other insecure devices have software or firmware vulnerabilities that cannot be fixed because product designers did not include a software updates mechanism.To read this article in full or to leave a comment, please click here