High-demand cybersecurity skill sets

Back to one of my pet issues, the global cybersecurity skills shortage.According to ESG research, 46 percent of organizations say they have a “problematic shortage” of cybersecurity skills in 2016 (note: I am an ESG employee). By comparison, 28 percent of organizations claimed to have a “problematic shortage” of cybersecurity skills in 2015. That means we’ve seen an 18 percent year-over-year increase.So, there is a universal shortage of infused talent, but where are these deficiencies most acute? According to a survey of 299 IT and cybersecurity professionals: 33% of organizations say they have a shortage of cloud security specialists.  This makes sense, as it combines the shortage of cybersecurity skills with evolution of cloud computing. Other ESG research also indicates that large organizations are creating jobs for cloud security architects, so demand is especially high. Cybersecurity professionals should think about pursuing a cloud security certification from CSA or SANS as part of their career development plan.  There are more jobs than people, and enterprise organizations are tripping over each other to hire talent as quickly as they can.  28% of organizations say they have a shortage of network security specialists. To me, this really reinforces Continue reading

H3C/Tsinghua Completes

A new IT behemoth has bellied its way up onto the beach. IDC has issued a press release: One year after the announcement of the subsidiary of Tsinghua Holdings, Unisplendour Corporation Limited’s plans to acquire 51% share of H3C Technologies and Hewlett Packard Enterprise’s China-based server, storage and technology services business, the company finally completed […]

The post H3C/Tsinghua Completes appeared first on EtherealMind.

IIX Reinvents Itself as Console

Console will help companies bypass the public Internet.

18 most powerful wireless networking companies

Wireless big shotsIt’s a wireless world, of course, and one only likely to get less dependent on physical connectivity in the future – but what that future looks like will depend a lot on the companies exerting the strongest influence on the industry. We checked in with analysts and tapped our own institutional expertise to create this list of the companies that, in our opinion, are the biggest influencers in enterprise wireless networking and beyond.To read this article in full or to leave a comment, please click here

Long Live Infrastructure

Getting Traffic to a Virtual Firepower Sensor

I wanted to jot down some quick notes relating to running a virtual Firepower sensor on ESXi and how to validate that all the settings are correct for getting traffic from the physical network down into the sensor.

Firepower is the name of Cisco’s (formerly Sourcefire’s) so-called Next-Gen IPS. The IPS comes in many form-factors, including beefy physical appliances, integrated into the ASA firewall, and as a discrete virtual machine.

Since the virtual machine (likely) does not sit in-line of the traffic that needs to be monitored, traffic needs to be fed into the VM via some method such as a SPAN port or a tap of some sort.

1 – Validate vSwitch Settings

This is probably not a very real-world example since most environments will be running some form of distributed vSwitch (dvSwitch) and not the regular vSwitch, but all I’ve got in my lab is the vSwitch, so work with me. The same considerations apply when running a dvSwitch.

Ensure that the port-group where you’re attaching the NGIPSv allows promiscuous mode. The NGIPSv acts as sniffer and will attempt to put its NICs into promisc mode.

Set this either at Continue reading

IDG Contributor Network: 3 ways to protect data and control access to it

Earlier we delved into disaster recovery and network security. Now it’s time to take a look at Critical Security Controls 13, 14 and 15, which cover data protection and access control. The Critical Security Controls are best practices devised by the Center for Internet Security (CIS), a nonprofit dedicated to improving cybersecurity in the public and private sectors.A company’s data is its crown jewels, and because it’s valuable, there will always be people looking to get their hands on it. Threats include corporate espionage, cybercriminals, disgruntled employees and plain old human error. Fortunately it’s relatively easy to reduce your potential exposure. It calls for protecting your data, using encryption and authentication, and carefully restricting access.To read this article in full or to leave a comment, please click here

IDG Contributor Network: 3 ways to protect data and control access to it

Earlier we delved into disaster recovery and network security. Now it’s time to take a look at Critical Security Controls 13, 14 and 15, which cover data protection and access control. The Critical Security Controls are best practices devised by the Center for Internet Security (CIS), a nonprofit dedicated to improving cybersecurity in the public and private sectors.A company’s data is its crown jewels, and because it’s valuable, there will always be people looking to get their hands on it. Threats include corporate espionage, cybercriminals, disgruntled employees and plain old human error. Fortunately it’s relatively easy to reduce your potential exposure. It calls for protecting your data, using encryption and authentication, and carefully restricting access.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Skull-produced sounds could replace existing biometric authentication

Are you happy with your on-device biometric fingerprint scanner? I’m not. The scanner on my most recent tablet has failed to unlock the device. The cause then was probably dirty hands coming in from the garage. I disabled that biometric experiment—likely never to be used again.I'm not the only one who sometimes disregards security in favor of ease of use. Half of passwords are more than 5 years old, a report found last year. And three-fourths of those surveyed then said they use duplicate passwords. Clearly not secure. The more complicated and consequently secure one makes the password, though, the harder it is to remember.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Skull-produced sounds could replace existing biometric authentication

Are you happy with your on-device biometric fingerprint scanner? I’m not. The scanner on my most recent tablet has failed to unlock the device. The cause then was probably dirty hands coming in from the garage. I disabled that biometric experiment—likely never to be used again.I'm not the only one who sometimes disregards security in favor of ease of use. Half of passwords are more than 5 years old, a report found last year. And three-fourths of those surveyed then said they use duplicate passwords. Clearly not secure. The more complicated and consequently secure one makes the password, though, the harder it is to remember.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Hitachi forms unit to drive IoT opportunities

News today from Hitachi is that the company is forming a new, standalone Silicon Valley-based unit to explore and execute upon opportunities within the Internet of Things.This is interesting, since the parent group, Hitachi Limited, has a dizzying variety of business units, many (if not most) of which have their own IoT opportunities. Indeed, when attending a Hitachi Data Systems conference last year, I was amazed at the variety of businesses that fall under the Hitachi moniker. Many of those businesses were demonstrating in the expo hall, and a huge number had an IoT bent to what they were doing.To read this article in full or to leave a comment, please click here

The vendors that got you here may not get you there

IT departments eager to meet their goals for digital transformation should evaluate whether their traditional IT vendors are adapting to new technologies fast enough or whether to enlist a new crop of more innovative vendors, says research and advisory firm IDC.To read this article in full or to leave a comment, please click here(Insider Story)

7 ways to get the most from your vendors

Vendor management once meant squeezing service providers for the lowest costs. That approach won't fly today.To read this article in full or to leave a comment, please click here(Insider Story)

Where to cut corners when the security budget gets tight

Whenever creating a budget, there is always the rainy day fund or the contingency account in case of unexpected circumstances. But what if those circumstances are a data breach that is bigger than you could have ever imagined? And you don’t have cyberinsurance?Look to open sourceTo read this article in full or to leave a comment, please click here(Insider Story)

Where to cut corners when the security budget gets tight

Whenever creating a budget, there is always the rainy day fund or the contingency account in case of unexpected circumstances. But what if those circumstances are a data breach that is bigger than you could have ever imagined? And you don’t have cyberinsurance? Sure you might be up the proverbial creek without a paddle but fear not as some security pros are willing to throw out a lifeline to help you at least get your head above the water with some sage advice. The common theme when asked about where to cut corners was to make sure your policies and procedures are sewn up tight. There are really no corners to cut but more about having solid policies in place.To read this article in full or to leave a comment, please click here(Insider Story)

TFTP Vs. FTP: The Networking Perspective

Attackers are probing and exploiting the ImageTragick flaws

Over the past week security researchers have seen increasing attempts by hackers to find servers vulnerable to remote code execution vulnerabilities recently found in the ImageMagick Web server library.The flaws were publicly disclosed last Tuesday by researchers who had reason to believe that malicious attackers already had knowledge about them after an initial fix from the ImageMagick developers proved to be incomplete. The flaws were collectively dubbed ImageTragick and a website with more information was set up to attract attention to them.To read this article in full or to leave a comment, please click here

Attackers are probing and exploiting the ImageTragick flaws

Over the past week security researchers have seen increasing attempts by hackers to find servers vulnerable to remote code execution vulnerabilities recently found in the ImageMagick Web server library.The flaws were publicly disclosed last Tuesday by researchers who had reason to believe that malicious attackers already had knowledge about them after an initial fix from the ImageMagick developers proved to be incomplete. The flaws were collectively dubbed ImageTragick and a website with more information was set up to attract attention to them.To read this article in full or to leave a comment, please click here

Why IT Pros Should Learn Puppet

Bangladesh central bank hack may be an insider job, says FBI

The U.S. Federal Bureau of Investigation has found evidence that at least one employee of Bangladesh’s central bank was involved in the theft of US$81 million from the bank through a complex hack, according to a newspaper report.The number of employees involved could be higher, with people familiar with the matter suggesting that a handful of others may also have assisted hackers to negotiate Bangladesh Bank’s computer system, The Wall Street Journal reported on Tuesday.Bangladesh Bank officials could not be reached for comment.To read this article in full or to leave a comment, please click here