'Tis the season to be jolly, they say, which is true unless you’re involved with enterprise security. For those individuals, tis the season to be wary as the number of highly publicized breaches continues to grow, as does the complexity of trying adequately secure the business. One of the biggest challenges is the vendor landscape has exploded with hundreds of point products. In fact, the 2016 ZK Research Security Survey found that large enterprises have an average of 32 security vendors deployed. + Also on Network World: What to expect from Cisco in 2017 +
More security vendors doesn’t make companies more secure. It just makes things more complex. Despite the number of point products, finding a breach still takes well over 100 days. Think of the damage that can happen in over three months. A persistent threat can make its way around the company network, map out the whole environment and provide a blueprint for hackers to take whatever data they want. To read this article in full or to leave a comment, please click here
It may be a brave new world in 2017 but it’s also a darn scary one for IT security professionals.READ MORE ON NETWORK WORLD: 5 enterprise technologies that will shake things up in 2017+Just take a look at some recent Gartner assessments of the security situation:
By 2020, 60% of digital businesses will suffer major service failures, due to the inability of IT security teams to manage digital risk.
By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches, which is an increase from less than 30% in 2016.
By 2018, 25% of corporate data traffic will flow directly from mobile devices to the cloud, bypassing enterprise security controls.
Through 2018, over 50% of IoT device manufacturers will not be able to address threats from weak authentication practices.
So what technologies are going to change this scenario back in favor of IT? The new security AAA: Automation, analytics and artificial intelligence say proponents.To read this article in full or to leave a comment, please click here
When it comes to enterprises successfully transitioning to the DevOps and the cloud, the key isn’t just technological agility, but also organizational agility, also known as “culture.” At least, that was the contention of Constantin Gonzalez, principal solutions architect at Amazon Web Services (AWS), in a session at the recent Amazon Web Services re:Invent conference in Las Vegas. Titled The Enterprise Fast Lane—What Your Competition Doesn’t Want You To Know, the session paired Gonzalez with Christian Dager, chief architect for European car-market site AutoScout24, to discuss the ongoing journey from monolithic apps running .Net/Windows in on-premise data centers to microservices architectures running in JVM/Linux in the AWS cloud. You can see the video of the entire talk below[FP1] , but I wanted to highlight some of the most interesting takeaways. To read this article in full or to leave a comment, please click here
New products of the weekImage by Cybereason.Our roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Cloud Foundry Training PlatformImage by altorosTo read this article in full or to leave a comment, please click here
Analysts who track the IaaS public cloud computing market tend to agree that 2016 was a year that solidified the positioning of three vendors: Amazon Web Services, Microsoft Azure and Google Cloud Platform, and marked a major transition point in enterprises using them.These companies gave customers more choices of where to host their data around the globe, more virtual machine instance sizes to optimize their workloads and new ways to manage and analyze data that’s already in the cloud.And enterprises became more and more comfortable using them. More companies committed to shutting down data centers and moving their most important applications to IaaS.To read this article in full or to leave a comment, please click here
No one likes performance reviews at work -- managers don't like conducting them and employees don't enjoy receiving them. And it's nothing new. As The New Yorker points out, dissatisfaction with performance reviews can be traced as far back as the third century in China. Yet employers have been unsuccessful in moving past this outdated tradition."Many of the HR executives and CEOs I've met with dislike performance reviews with a passion, but they aren't sure how to remove them when they are so intertwined with other processes such as compensation increases. However, in the last two years there has been a wave of companies moving away from performance reviews," says Rajeev Behera, CEO of Reflektive, a company that develops real-time employee performance management software.To read this article in full or to leave a comment, please click here
Glassdoor, the employer review site, has released its annual "Best Places to Work" list for 2017, and while there are some familiar names -- Facebook, Google, LinkedIn -- companies like fast-food restaurant In-N-Out and household brands like Clorox and Nestle Purina Pet Care are making a strong showing in the top 20.What makes a company a "Best Place to Work"? Though there's a diverse group of organizations represented on the list, there are a few common themes, says Allison Berry, public relations specialist at Glassdoor.To read this article in full or to leave a comment, please click here
Without automation, there would be no devops. How organizations implement automation—from continuous delivery to automated testing to release pipelines—differs wildly, but the fundamental divergence in approaches begins at the operating system. When it comes to Windows vs. Linux, devops is a bit different.To read this article in full or to leave a comment, please click here(Insider Story)
2016: A year to remember... maybe?Image by Microsoft2016 was a busy year for Microsoft wins and fails. From Windows phones to the Surface Studio, and Windows 10 to Minecraft, the company and its products dominated headlines in both hardware and software.To read this article in full or to leave a comment, please click here
RaaSImage by ThinkstockRansomware is on track to net organized cybercrime more than $1 billion in 2016, not taking downtime and other costs associated with it into account. And according to KnowBe4’s 2016 Ransomware Report, 93 percent of IT professionals surveyed are worried ransomware will continue to grow. To read this article in full or to leave a comment, please click here
Apple will this week file its appeal of a European Commission decision that it owes Ireland billions in back taxes, while the country's Department of Finance has revealed details of its own appeal.European Commissioner for Competition Margrethe Vestager said on Aug. 30 that Apple must pay up to €13 billion ($13.6 billion) in back taxes, plus interest, because opinions given by the Irish tax authorities in 1991 and 2007 constituted illegal state aid. Her decision concluded a two-year investigation of the company's tax affairs stretching back to 2003.To read this article in full or to leave a comment, please click here
The biggest Apple stories of 2016Image by AppleApple experienced many ups and downs during 2016. While the company pushed out several new products—from the iPhone 7 to the recently released MacBook Pro—it has been over the past 12 months pigeonholed as a company that has lost its ability to innovate.To read this article in full or to leave a comment, please click here
You take great pains to come up with a strong password when registering for an account on a website -- only to see your efforts go for naught when that site gets hacked. Several sites had their databases of user accounts not only breached but stolen this year, which include the necessary information for logins (i.e. username, password). The following sites are ranked starting at the fewest number of user accounts with passwords that were taken.To read this article in full or to leave a comment, please click here(Insider Story)
Taking down the threatImage by ThinkstockAdvanced Persistent Threats (APT) are able to slip past even the most cutting-edge security defenses thanks to a diabolically clever strategy. Hackers may try to breach your defenses thousands of times until they finally get in. Once a network is breached, most APTs go into stealth mode. They move slowly, laterally compromising other systems and inching toward their goals. But what if you could hunt down these active, but hidden threats before they can do real damage? For this review, we tested threat hunting systems from Sqrrl, Endgame and Infocyte. Read the full review as well.To read this article in full or to leave a comment, please click here
Advanced Persistent Threats are able to slip past even the most cutting-edge security defenses thanks in large part to a diabolically clever strategy. The threat actors behind successful APTs research the employees, practices and defenses of the organizations they want to attack. They may try to breach the defenses hundreds or thousands of times, then learn from their mistakes, modify their behavior, and finally find a way to get in undetected.To read this article in full or to leave a comment, please click here(Insider Story)
You think you have your hands full as an IT pro now? Just wait until blockchain, IoT, augmented and virtual reality, and these other technologies really start to take hold in 2017. Thinkstock
The Internet of Things – for real
Yes, yes, we know – it’s one of those long-standing tech industry jokes, like “the year of the Linux desktop” and “Java security.” But 2017 really could be the year that all the hub-bub and hype around the Internet of Things comes home to roost.To read this article in full or to leave a comment, please click here
If you enjoy good security-related reads, then you might like to check out a couple different takes on the latest ShadowBrokers’ NSA-linked Equation Group auction files. One comes from “the grugq,” a security researcher who is well-respected for his infosec and counterintelligence knowledge, and the other is by the cybersecurity researchers at Hacker House out of the UK.The Grugq published a three-part commentary series on the great cyber game – part 1, part 2, part 3. His deep analysis is his contribution since not many are capable of it. He said that the latest by the ShadowBrokers, dropped on Dec. 14, is a “massive” and valuable drop in terms of revealing to the NSA what the Russians know and have obtained.To read this article in full or to leave a comment, please click here
When it comes to the cybersecurity skills shortage, I am somewhat of a “Chicken Little” as I’ve been screaming about this issue for the last 5 years or so. As an example, ESG research conducted in early 2016 indicated that 46% of organizations indicate that they have a problematic shortage of cybersecurity skills today (note: I am an ESG employee).So, ESG and other researchers have indicated that there aren’t enough infosec bodies to go around but what about those that have jobs? How is the cybersecurity skills shortage affecting them and the organizations they work for?Earlier this week, ESG and the Information Systems Security Association (ISSA) published the second report in a two-part research report series investigating these issues. This new report titled, Through the Eyes of Cyber Security Professionals, uncovers a lot more about just how deep the cybersecurity skills shortage cuts. For example:To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
The massive DDoS attack that was aimed in stages at DNS provider Dyn in October 2016 did more than grab headlines. It also served as a wake-up call to companies that provide the global Internet infrastructure, as well as downstream operators and service providers. Many experts fear this attack could prove to be a tipping point in the battle to maintain stability and availability across the Internet.
Research shows the attack originated from an Internet of Things (IoT) botnet that involved an estimated 100,000 devices. Dyn experienced packet flow bursts 40 to 50 times higher than normal, and unverified reports put the magnitude of the attack in the 1.2Tbps range. The attack used multiple vectors and required a variety of techniques to fight off.To read this article in full or to leave a comment, please click here
Enterprises trying to use the internet of things already face a deluge of data and a dizzying array of ways to analyze it. But what happens if the information is wrong?Bad data is common in IoT, and though it’s hard to get an estimate of how much information streaming in from connected devices can’t be used, a lot of people are thinking about the problem.About 40 percent of all data from the edges of IoT networks is “spurious,” says Harel Kodesh, vice president of GE’s Predix software business and CTO of GE Digital. Much of that data isn’t wrong, just useless: duplicate information that employees accidently uploaded twice, or repetitive messages that idle machines send automatically. To read this article in full or to leave a comment, please click here