Goodbye SIEM, Hello SOAPA

Security Information and Event Management (SIEM) systems have been around for a dozen years or so.  During that timeframe, SIEMs evolved from perimeter security event correlation tools, to GRC platforms, to security analytics systems.  Early vendors like eSecurity, GuardedNet, Intellitactics, and NetForensics, are distant memories, today’s SIEM market is now dominated by a few leaders: LogRhythm, McAfee (aka: Nitro Security), HP (aka: ArcSight), IBM (aka: QRadar), and Splunk.Of course, there is a community of innovative upstarts that believe that SIEM is a legacy technology.  They proclaim that log management and event correlation can’t keep up with the pace of cybersecurity today, thus you need new technologies like artificial intelligence, machine learning algorithms, and neural networks to consume, process, and analyze security data in real-time. To read this article in full or to leave a comment, please click here

Goodbye SIEM, hello SOAPA

Security Information and Event Management (SIEM) systems have been around for a dozen years or so. During that timeframe, SIEMs evolved from perimeter security event correlation tools to GRC platforms to security analytics systems. Early vendors such as eSecurity, GuardedNet, Intellitactics and NetForensics are distant memories. Today’s SIEM market is now dominated by a few leaders: LogRhythm, McAfee (aka: Nitro Security), HP (aka: ArcSight), IBM (aka: QRadar) and Splunk.Of course, there is a community of innovative upstarts that believe SIEM is a legacy technology. They proclaim that log management and event correlation can’t keep up with the pace of cybersecurity today, thus you need new technologies such as artificial intelligence, machine learning algorithms and neural networks to consume, process, and analyze security data in real time. To read this article in full or to leave a comment, please click here

Coming to SD-WAN: The Build vs. Buy Decision

Earlier this month, I attended Networking Field Day 13, where we heard from VeloCloud on their SD-WAN solution. Their presentation and case study got me thinking about how most businesses will consume SD-WAN and where business customers may fall on the “Buy” vs. “Build” spectrum.

At the outset of the NFD13 presentation, VeloCloud CEO Sanjay Uppal recapped some stats: VeloCloud has been around for just about 4 years, and at this point has around 600 enterprise customers and is deployed to about 50,000 sites. If VeloCloud was a product line from an encumbent networking vendor with stats like that, they would be declaring it as a very successful mainstream product. I point this out as I think it demonstrates that SD-WAN solutions and vendors are moving out of “startup” mode and into a mainstream solution.

One of the things that has set VeloCloud apart from many of their competitors since their inception has been their focus on building a true multi-tenant solution from the beginning, as well as their choice to partner with service providers to provide a solution for managed SD-WAN. Strong API capabilties and flexible zero-touch provisioning features support this as well. This is what really caught my attention Continue reading

Actionable network intelligence from DDI fuels digital transformation

Success in the digital era requires a significant rethink of IT strategy. Technology approaches have historically focused on the compute platforms, but in today’s digital world where billions of devices are being connected and the cloud and mobility have become the norm, IT strategies must become network-centric.In a digital organization, the network will evolve from being a tactical resource into a high-value, strategic asset that will have a direct impact on the success of new business initiatives.However, if the network is to become the foundation for the digital enterprise, it must evolve to do the following: Ensure the availability, flexibility and scalability of digital services. Provide security that cuts across silos and eases operations. Automate compliance tasks. Unlock meaningful insights to transform the organization. Provide full visibility and operational efficiency to make the network a competitive differentiator. Accomplishing the above requires IT to find a way to control and automate processes. This can be achieved through the use of actionable network intelligence (ANI) that ensures network and service availability, improves risk management and operational efficiencies, and transforms the network into a competitive advantage.To read this article in full or to leave a comment, please click here

Actionable network intelligence from DDI fuels digital transformation

Success in the digital era requires a significant rethink of IT strategy. Technology approaches have historically focused on the compute platforms, but in today’s digital world where billions of devices are being connected and the cloud and mobility have become the norm, IT strategies must become network-centric.In a digital organization, the network will evolve from being a tactical resource into a high-value, strategic asset that will have a direct impact on the success of new business initiatives.However, if the network is to become the foundation for the digital enterprise, it must evolve to do the following: Ensure the availability, flexibility and scalability of digital services. Provide security that cuts across silos and eases operations. Automate compliance tasks. Unlock meaningful insights to transform the organization. Provide full visibility and operational efficiency to make the network a competitive differentiator. Accomplishing the above requires IT to find a way to control and automate processes. This can be achieved through the use of actionable network intelligence (ANI) that ensures network and service availability, improves risk management and operational efficiencies, and transforms the network into a competitive advantage.To read this article in full or to leave a comment, please click here

Senators plan last-ditch push to curb US law-enforcement hacking power

Unless Congress takes 11th-hour action, the FBI and other law enforcement agencies will gain new authority this week to hack into remote computers during criminal investigations.Proposed changes to Rule 41, the search and seizure provision in the Federal Rules of Criminal Procedure, would give U.S. law enforcement agencies the authority to cross jurisdictional lines and hack computers anywhere in the world during criminal investigations.The rules, in most cases, now prohibit federal judges from issuing a search warrant outside their jurisdictions. The changes, approved by the U.S. Supreme Court in April at the request of the Department of Justice, go into effect on Thursday unless Congress moves to reverse them.To read this article in full or to leave a comment, please click here

Senators plan last-ditch push to curb US law-enforcement hacking power

Unless Congress takes 11th-hour action, the FBI and other law enforcement agencies will gain new authority this week to hack into remote computers during criminal investigations.Proposed changes to Rule 41, the search and seizure provision in the Federal Rules of Criminal Procedure, would give U.S. law enforcement agencies the authority to cross jurisdictional lines and hack computers anywhere in the world during criminal investigations.The rules, in most cases, now prohibit federal judges from issuing a search warrant outside their jurisdictions. The changes, approved by the U.S. Supreme Court in April at the request of the Department of Justice, go into effect on Thursday unless Congress moves to reverse them.To read this article in full or to leave a comment, please click here

How Google Pixel and Daydream VR saved Thanksgiving

On Thanksgiving, families tried to ignore the elephant in the parlor: the presidential election. Thousands of how-to listicles were published about how a clash between loved ones’ political beliefs could be avoided. None mentioned virtual reality (VR), though they should have because it is a powerful and distracting form of entertainment.I brought the Google Pixel and Daydream View headset to Thanksgiving dinner. When the conversation was at the crossroads between boring and political, I changed the subject to VR amidst non-tech family members and friends who may have heard about VR but have never tried it. They were a perfect group to test how ordinary people would respond to VR.To read this article in full or to leave a comment, please click here

40% off Garmin vívosmart HR+ Regular Fit Activity Tracker – Deal Alert

Turn your steps into strides with vívosmart HR+, the GPS activity tracker with Elevate wrist heart rate technology. Not only does it count steps, calories, floors climbed and intensity minutes, it uses GPS satellites to track how far and how fast you go during almost any activity — from running to rollerblading. Also includes a move bar that gives you a vibrating reminder to get up and move when you've been inactive for too long. Stay connected with smart notifications that include email, text, call, social media, calendar alerts and more, right on your wrist. Its typical list price is $199.99, but it's currently available on Amazon at the discounted price of $119.99.To read this article in full or to leave a comment, please click here

Amazon employee jumped from building after sending email to co-workers and CEO

An Amazon employee sent out an email to “hundreds” of his co-workers and even Amazon top dog CEO Jeff Bezos. Then he went to the roof of the building and jumped in what appears to be an attempted suicide.A spokesperson for the Seattle Fire Department told SeattlePI that a man did jump from the “rooftop at an Amazon building at Ninth Avenue North and Thomas Street.” Google Amazon Apollo Building as seen via Google Maps.To read this article in full or to leave a comment, please click here

Amazon employee jumped from building after sending email to co-workers and CEO

An Amazon employee sent out an email to “hundreds” of his co-workers and even Amazon top dog CEO Jeff Bezos. Then he went to the roof of the building and jumped in what appears to be an attempted suicide.A spokesperson for the Seattle Fire Department told SeattlePI that a man did jump from the “rooftop at an Amazon building at Ninth Avenue North and Thomas Street.” Google Amazon Apollo Building as seen via Google Maps.To read this article in full or to leave a comment, please click here

OpenFlow Is Dead. Long Live OpenFlow.

Remember OpenFlow? The hammer that was set to solve all of our vaguely nail-like problems? Remember how everything was going to be based on OpenFlow going forward and the world was going to be a better place? Or how heretics like Ivan Pepelnjak (@IOSHints) that dared to ask questions about scalability or value of application were derided and laughed at? Yeah, good times. Today, I stand here to eulogize OpenFlow, but not to bury it. And perhaps find out that OpenFlow has a much happier life after death.

OpenFlow Is The Viagra Of Networking

OpenFlow is not that much different than Sildenafil, the active ingredient in Vigara. Both were initially developed to do something that they didn’t end up actually solving. In the case of Sildenafil, it was high blood pressure. The “side effect” of raising blood pressure in a specific body part wasn’t even realized until after the trials of the drug. The side effect because the primary focus of the medication that was eventually developed into a billion dollar industry.

In the same way, OpenFlow failed at its stated mission of replacing the forwarding plane programming method of switches. As pointed out by folks like Ivan, Continue reading

HPE sees Synergy in hybrid cloud infrastructure

For Hewlett Packard Enterprise, turn-about is fair play in the cloud. HPE originally pitched its Synergy line of "composable" IT infrastructure as a way to bring the flexibility of cloud services to on-premises systems. Now it's turning that story around, putting those same Synergy components -- and some new ones -- into the public cloud with the goal of simplifying hybrid IT management. The new components of Synergy made their debut in London on Tuesday, at HPE Discover, an event for the company's customers and partners.To read this article in full or to leave a comment, please click here

Top 10 most popular companies for job seekers

Most popular companies for job seekersImage by Thinkstock/UnsplashIt's no surprise that IT jobs are some of the hottest, most lucrative and exciting careers around, but some companies are more alluring than others. Job search site Indeed.com searched through its more than 16 million job postings last month, filtered results to focus on only the IT industry jobs, and then ranked each company based on viewer impressions and click-through rate to gauge how appealing each company is to potential candidates. "With over 16 million job postings globally and more than 200 million unique visitors a month … We compiled a list of the most popular tech company job postings. We then ranked the companies by click through rates on job postings during the month of October. Each company had to have at least 100 job postings to be considered. To compile the list, Indeed looked at the number of job seeker clicks relative to impressions -- or click through rate," according to Indeed. There were some surprises, says Daniel Culbertson, Indeed.com's lead economist; many of the Silicon Valley heavyweights like Facebook, Google and Apple had received lower job seeker scores than anticipated, and two lesser-known companies, Concur Continue reading

Should InfoSec hire from other industries?

The InfoSec market is predicted to grow from $75 billion in 2015 to $170 billion by 2020, but – like any child star – it finds itself struggling with growing pains.To read this article in full or to leave a comment, please click here(Insider Story)

Should InfoSec hire from other industries?

The InfoSec market is predicted to grow from $75 billion in 2015 to $170 billion by 2020, but – like any child star – it finds itself struggling with growing pains.An evolving threat landscape, cyber-crime-as-a-service and cyber espionage are the biggest problems for CISOs and law enforcers today, not to mention the record number of data breaches, but there is a bigger, arguably more basic, problem that stunts the market.Information security has long been suffering from a well-advertised skills gap problem. It’s well cited that (ISC)² says that there will be a shortage of 2 million professionals by 2020, with Cisco putting the current global shortage at closer to 1 million. According to 2015 analysis from Bureau of Labor Statistics by Peninsula Press, more than 209,000 cybersecurity jobs in the U.S. are currently unfilled.To read this article in full or to leave a comment, please click here(Insider Story)

How to compare cloud costs between Amazon, Microsoft and Google

Comparing prices among the major IaaS cloud vendors is not as easy as simply checking the cost of one virtual machine versus another. Myriad factors influence price: Size of the virtual machine, type of VM and contract length, to name a few.So how are you supposed to know which vendor offers the best deal? The key is to understand the different offers from Amazon Web Services, Microsoft Azure and Google Cloud Platform and then determine which is best for your use case.“Comparing cloud pricing is complicated,” begins a blog post from RightScale that analyzes cloud prices among the major vendors. “It can be difficult to make apples-to-apples comparisons because cloud providers offer different pricing models, unique discounting options, and frequent price cuts.”To read this article in full or to leave a comment, please click here

A Guide To VPN Basics

Why You Can’t Avoid DevOps

2016: A systems security disaster

This will likely make you angry. It made me livid.  It’s a report, 34 pages long, from the Identity Theft Resource Center of the known systems breaches just this year. Read it and rage.  It does not include the San Francisco Metro Transit Authority (SFMTA) hack from Thanksgiving weekend, where the SFMTA had to let passengers go free through the gates. To read this article in full or to leave a comment, please click here