Explaining security automation and its evolving definitions

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.There’s been a lot of talk about security automation, but it’s increasingly unclear what is what. For example, a Network World article on security automation last year focused mostly on threat detection, a Gartner report on Intelligent and Automated Security Controls focused on the threat intelligence component, and another recent piece referenced security automation simply as “the automation of cybersecurity controls.”To read this article in full or to leave a comment, please click here

Explaining security automation and its evolving definitions

Explaining security automation and its evolving definitions

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.There’s been a lot of talk about security automation, but it’s increasingly unclear what is what. For example, a Network World article on security automation last year focused mostly on threat detection, a Gartner report on Intelligent and Automated Security Controls focused on the threat intelligence component, and another recent piece referenced security automation simply as “the automation of cybersecurity controls.”To read this article in full or to leave a comment, please click here

Oracle is also getting in on the chatbot revolution

Oracle CTO Larry Ellison ordered himself some new business cards on stage at the company's OpenWorld conference in San Francisco on Sunday, just by having a conversation. As part of his keynote address to attendees, Ellison took the time to show off a new set of tools for creating intelligent chatbots that integrate with Oracle's software. It's aimed at making it easier for businesses to build bots that let users connect with their enterprise software, and help businesses connect with consumers. Chatbots are a hot topic in the tech industry, with companies like Facebook, Microsoft and Slack all building tools that companies can use to create intelligent, automated conversation partners. Their growing popularity comes down to a few factors, including the proliferation of smartphones, fast internet connections and messaging apps.To read this article in full or to leave a comment, please click here

Changes in HPE Networking: Gillai Leaving, Arista Scaling

Saar Gillai plans to leave HPE at year's end.

Worth Reading: Your comfort zone may destroy the world

Journalism has been on life support since the advent of social media, but this past year we have witnessed the quick, painful death of truth, and it may be gone forever. Put a comfortable lie in an echo chamber, and nobody will challenge it. It will reverberate until it is accepted as actually true. Then, the willfully ignorant will shout it as loudly as they can. It may be their truth, but that does not make it true. —Shelly Palmer

The post Worth Reading: Your comfort zone may destroy the world appeared first on 'net work.

Cisco discloses PIX firewall, IOS software security holes

Cisco has warned of a high priority security hole in its IOS software that could have let attackers snatch memory contents from a variety of products that could lead to the disclosure of confidential information. +More on Network World: Cisco buys into containers with Container X acquisition+ Specifically Cisco said the vulnerability is due to “insufficient condition checks in the part of the code that handles [Internet Key Exchange] IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests.”To read this article in full or to leave a comment, please click here

IDG Contributor Network: Desktop use off 11% in past year. Winner: smartphones

Co-workers peering at their smartphones more than ever isn’t an optical illusion, and you’re not imagining seeing a bunch of shiny bald pates or lustrous weaves of hair where there were once friendly faces. Smartphone use increased more over the past year compared to tablets and PCs.That’s among the tidbits in a new comScore study on application use.Other revelations from the report corroborate why audible alerts from smartphones are less common and it's become unusual to hear the beeps of text messages in some places—such as commuter railway cars: Large numbers of people are rejecting notifications, comScore suggests in research it published this month. “Push notification fatigue” is to blame, it says.To read this article in full or to leave a comment, please click here

Cisco discloses PIX firewall, IOS software security holes

Cisco has warned of a high priority security hole in its IOS software that could have let attackers snatch memory contents from a variety of products that could lead to the disclosure of confidential information. +More on Network World: Cisco buys into containers with Container X acquisition+ Specifically Cisco said the vulnerability is due to “insufficient condition checks in the part of the code that handles [Internet Key Exchange] IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests.”To read this article in full or to leave a comment, please click here

Teenager claims to have accessed FTPs, downloaded data from every state with .us domain

A security researcher going by Minxomat scanned IPv4 addresses and then released a list of nearly 800,000 open FTP servers, meaning no authentication is required to access them. His scan revealed that 4.32% of all FTP servers in the IPv4 address space allowed “anonymous” users to login with no password.“This is a list of all (796,578) FTP servers directly connected to port 21 in the IPv4 address space that allow anonymous logins,” Minxomat wrote on GitHub. “The login must be completed in less than five seconds to qualify for this list.”If an FTP server was meant to be public, he did not include it in the list. In his post describing “mass-analyzing a chunk of the internet,” Minxomat said he set up filters to exclude other results such as “POS system firmware update servers and printers (firmware|printer).”To read this article in full or to leave a comment, please click here

Teenager claims he accessed FTPs, downloaded data from every state with .us domain

A security researcher going by Minxomat scanned IPv4 addresses and then released a list of nearly 800,000 open FTP servers, meaning no authentication is required to access them. His scan revealed that 4.32 percent of all FTP servers in the IPv4 address space allowed “anonymous” users to log in with no password.“This is a list of all (796,578) FTP servers directly connected to port 21 in the IPv4 address space that allow anonymous logins,” Minxomat wrote on GitHub. “The login must be completed in less than five seconds to qualify for this list.”If an FTP server was meant to be public, he did not include it in the list. In his post describing “mass-analyzing a chunk of the internet,” Minxomat said he set up filters to exclude other results such as “POS system firmware update servers and printers (firmware|printer).”To read this article in full or to leave a comment, please click here

Teenager claims he accessed FTPs, downloaded data from every state with .us domain

A security researcher going by Minxomat scanned IPv4 addresses and then released a list of nearly 800,000 open FTP servers, meaning no authentication is required to access them. His scan revealed that 4.32 percent of all FTP servers in the IPv4 address space allowed “anonymous” users to log in with no password.“This is a list of all (796,578) FTP servers directly connected to port 21 in the IPv4 address space that allow anonymous logins,” Minxomat wrote on GitHub. “The login must be completed in less than five seconds to qualify for this list.”If an FTP server was meant to be public, he did not include it in the list. In his post describing “mass-analyzing a chunk of the internet,” Minxomat said he set up filters to exclude other results such as “POS system firmware update servers and printers (firmware|printer).”To read this article in full or to leave a comment, please click here

Google Allo AI-powered messenging app expected this week

Google this week is expected to release Allo, an AI-powered app previewed in May at the Google I/O confab that's aimed at adding more pizzazz to text messaging. Google said back then that it planned to release the app by the end of summer, and that would be this Wednesday, Sept. 21. Reliable mobile news blogger Evan Blass has tweeted "Hello, Allo (launches this week)," and Google watchers have been quick to rehash this.To read this article in full or to leave a comment, please click here

Cisco patches Equation group exploit in IOS, IOS XE and IOS XR devices

Cisco Systems has patched a vulnerability similar to one exploited by a cyberespionage group believed to be linked to the U.S. National Security Agency.The vulnerability affects networking devices running Cisco's IOS, IOS XE and IOS XR operating systems that process IKEv1 (Internet Key Exchange version 1) packets. When exploited, it allows remote unauthenticated attackers to extract contents from a device's memory, potentially leading to the exposure of sensitive and confidential information.IKE is a key exchange protocol used by several popular features including LAN-to-LAN VPN (Virtual Private Network), remote access VPN, Dynamic Multipoint VPN (DMVPN) and Group Domain of Interpretation (GDOI). It is likely to be enabled on many Cisco devices in enterprise environments.To read this article in full or to leave a comment, please click here

Cisco patches Equation group exploit in IOS, IOS XE and IOS XR devices

Cisco Systems has patched a vulnerability similar to one exploited by a cyberespionage group believed to be linked to the U.S. National Security Agency.The vulnerability affects networking devices running Cisco's IOS, IOS XE and IOS XR operating systems that process IKEv1 (Internet Key Exchange version 1) packets. When exploited, it allows remote unauthenticated attackers to extract contents from a device's memory, potentially leading to the exposure of sensitive and confidential information.IKE is a key exchange protocol used by several popular features including LAN-to-LAN VPN (Virtual Private Network), remote access VPN, Dynamic Multipoint VPN (DMVPN) and Group Domain of Interpretation (GDOI). It is likely to be enabled on many Cisco devices in enterprise environments.To read this article in full or to leave a comment, please click here

Cisco patches Equation group exploit in IOS, IOS XE and IOS XR devices

Cisco Systems has patched a vulnerability similar to one exploited by a cyberespionage group believed to be linked to the U.S. National Security Agency.The vulnerability affects networking devices running Cisco's IOS, IOS XE and IOS XR operating systems that process IKEv1 (Internet Key Exchange version 1) packets. When exploited, it allows remote unauthenticated attackers to extract contents from a device's memory, potentially leading to the exposure of sensitive and confidential information.IKE is a key exchange protocol used by several popular features including LAN-to-LAN VPN (Virtual Private Network), remote access VPN, Dynamic Multipoint VPN (DMVPN) and Group Domain of Interpretation (GDOI). It is likely to be enabled on many Cisco devices in enterprise environments.To read this article in full or to leave a comment, please click here

1 Free Amazon Echo Dot When You Buy 5 – Deal Alert

Echo Dot is a hands-free, voice-controlled device that uses Alexa to play & control music (either on its own, or through a connected speaker/receiver), control smart home devices, provide information, read the news, set alarms, and more. If you’re looking to buy them as gifts, or for different homes or rooms, Amazon will throw in a free one ($50 value) when you buy 5, or two free ones when you buy 10 (a $100 value). To take advantage of this limited time offer, select 6 or 12 in the quantity dropdown and add to your Shopping Cart. Enter promo code DOT6PACK or DOT12PACK at checkout where you will see the discount applied. The new Amazon Echo Dot comes in black, and now also white.  See the new Amazon Echo Dot now on Amazon.To read this article in full or to leave a comment, please click here

Bad migration experiences leave IT bosses gun-shy

Previous migration efforts are often so bad that the majority of IT pros drag their feet on doing another migration project, even if they need it. That's one of the results of a new study by a cloud migration specialist Vision Solutions.The migration survey -- see chart below -- was part of a larger study, the Vision Solutions' 8th Annual State of Resilience report.The problem, however, lies with many IT shops, according to Vision. They either lack expertise to do the job properly, don't plan well in advance, or both. Of the 935 professionals surveyed, 35 percent say that they lack the experience or the expertise to confidently perform a system migration.To read this article in full or to leave a comment, please click here

What’s the difference between project management and change management?

Project management involves the use of people, processes and methodologies to plan, initiate, execute, monitor and close activities. It is designed to meet an organization's project goals, and hopefully overall strategic objectives. Change management, similar to project management, involves people, processes, and tools to effectively help organizations manage all the changes that occur, whether as a result of project initiatives, or other factors that might impact the business. While project management and change management are two areas often work side-by-side -- and they should -- there are some similarities. However, these are different disciplines. Think about project management in the example of software development and implementation. A project manager works with a project team to plan, communicate and execute the actual development and implementation itself. A change manager will work with the same project management team to identify, communicate, and effectively manage all aspects relating to how any changes will ultimately impact all stakeholders.To read this article in full or to leave a comment, please click here

When it comes to IT certifications, trust but verify

Trust, but verify, the old adage goes. But in a tight IT talent market, it seems hiring companies are doing a heck of a lot of the former and not enough of the latter. New research shows that organizations are trusting employees when they say they've attained certifications, but aren't investing the time or energy to verify whether or not those credentials have actually been earned."We'd heard this anecdotally, but to see it in the hard data was very concerning, and it made us cringe. The value in the certifications themselves isn't in question, but the lack of action by hiring managers and the fact that some candidates are fudging the truth makes everyone look bad. This has the potential to seriously impede the credibility of certifications to qualify and benchmark candidates," says Jason Hayman, market research manager at TEKSystems, which conducted the research.To read this article in full or to leave a comment, please click here