Enterprise security technology consolidation

Look around the cybersecurity infrastructure at any enterprise organization, and here’s what you’ll see—dozens and dozens of cybersecurity tools from just as many vendors. Now this situation wasn’t planned; it just happened. Over the past 15 years, bad guys developed new cyber weapons to exploit IT vulnerabilities. And large organizations reacted to these new threats by purchasing and deploying new security controls and monitoring systems. This pattern continued over time, leading to today’s patchwork of security point tools. + Also on Network World: Is your company spending on the right security technologies? + So, what’s the problem? Point tools aren’t really designed to talk with one another, leaving human beings to bridge the communications, intelligence and technology gaps between them. Furthermore, each individual tool requires training, deployment, configuration and ongoing operational support. More tools, more needs.To read this article in full or to leave a comment, please click here

Enterprise security technology consolidation

Look around the cybersecurity infrastructure at any enterprise organization, and here’s what you’ll see—dozens and dozens of cybersecurity tools from just as many vendors. Now this situation wasn’t planned; it just happened. Over the past 15 years, bad guys developed new cyber weapons to exploit IT vulnerabilities. And large organizations reacted to these new threats by purchasing and deploying new security controls and monitoring systems. This pattern continued over time, leading to today’s patchwork of security point tools. + Also on Network World: Is your company spending on the right security technologies? + So, what’s the problem? Point tools aren’t really designed to talk with one another, leaving human beings to bridge the communications, intelligence and technology gaps between them. Furthermore, each individual tool requires training, deployment, configuration and ongoing operational support. More tools, more needs.To read this article in full or to leave a comment, please click here

IBM: Financial services industry bombarded by malware, security threats

The financial services industry is the target of a whopping 65% more targeted cyber-attacks than the average business, according to security watchers at IBM’s X Force.The number of financial services records breached skyrocketed 937% in 2016 to more than 200 million. Financial institutions were forced to defend against a 29 percent increase in the number of attacks from 2015, IBM stated.+More on Network World:  IBM: Tax-related spam up 6,000% since Dec.; Darkweb tactics net billions+To read this article in full or to leave a comment, please click here

IBM: Financial services industry bombarded by malware, security threats

The financial services industry is the target of a whopping 65% more targeted cyber-attacks than the average business, according to security watchers at IBM’s X Force.The number of financial services records breached skyrocketed 937% in 2016 to more than 200 million. Financial institutions were forced to defend against a 29 percent increase in the number of attacks from 2015, IBM stated.+More on Network World:  IBM: Tax-related spam up 6,000% since Dec.; Darkweb tactics net billions+To read this article in full or to leave a comment, please click here

5 ways to get a better price on your next RFP

It’s an all-too-familiar story: Naïve but well-intentioned people get taken advantage of by an OEM that over-engineers and/or over-charges for equipment during a Request for Proposal (RFP).Remember the cautionary tale about the West Virginia officials accused of wasting $5 million of federal money on enterprise-class Cisco routers that weren’t needed? While that story is 4 years old now, the significance isn’t lost because it remains top of mind when IT staffers kibitz about how the RFP process can go wrong—awfully wrong.To read this article in full or to leave a comment, please click here

5 ways to get a better price on your next RFP

It’s an all-too-familiar story: Naïve but well-intentioned people get taken advantage of by an OEM that over-engineers and/or over-charges for equipment during a Request for Proposal (RFP).Remember the cautionary tale about the West Virginia officials accused of wasting $5 million of federal money on enterprise-class Cisco routers that weren’t needed? While that story is 4 years old now, the significance isn’t lost because it remains top of mind when IT staffers kibitz about how the RFP process can go wrong—awfully wrong.To read this article in full or to leave a comment, please click here

5 ways to get a better price on your next RFP

It’s an all-too-familiar story: Naïve but well-intentioned people get taken advantage of by an OEM that over-engineers and/or over-charges for equipment during a Request for Proposal (RFP).Remember the cautionary tale about the West Virginia officials accused of wasting $5 million of federal money on enterprise-class Cisco routers that weren’t needed? While that story is 4 years old now, the significance isn’t lost because it remains top of mind when IT staffers kibitz about how the RFP process can go wrong—awfully wrong.To read this article in full or to leave a comment, please click here

Next-gen IoT botnet Hajime nearly 300K strong

The Hajime botnet is nearly 300,000 strong, making it a latent threat nearly as powerful as the notorious Mirai botnet that devastated high-profile websites last fall, leading some to think the internet had been broken.Researchers at Kaspersky Lab lured devices infected with the Hajime worm to announce themselves to a Kaspersky honeypot, checked out whether they were actually infected and added them up. They came up with the number 297,499, says Igor Soumenkov, principal researcher at Kaspersky Lab.An earlier estimate by Symantec put the size at tens of thousands. Estimates of the number of infected devices in Mirai botnets have put it about 400,000, but the number of devices that might be infected with the Hajime worm is 1.5 million, says Dale Drew, the CSO of Level 3, which has been building a profile of behavioral classifiers to identify it so it can be blocked.To read this article in full or to leave a comment, please click here

Next-gen IoT botnet Hajime nearly 300K strong

The Hajime botnet is nearly 300,000 strong, making it a latent threat nearly as powerful as the notorious Mirai botnet that devastated high-profile websites last fall, leading some to think the internet had been broken.Researchers at Kaspersky Lab lured devices infected with the Hajime worm to announce themselves to a Kaspersky honeypot, checked out whether they were actually infected and added them up. They came up with the number 297,499, says Igor Soumenkov, principal researcher at Kaspersky Lab.An earlier estimate by Symantec put the size at tens of thousands. Estimates of the number of infected devices in Mirai botnets have put it about 400,000, but the number of devices that might be infected with the Hajime worm is 1.5 million, says Dale Drew, the CSO of Level 3, which has been building a profile of behavioral classifiers to identify it so it can be blocked.To read this article in full or to leave a comment, please click here

Introducing Cloudflare Orbit: A Private Network for IoT Devices

In October, we wrote about a 1.75M rps DDoS attack we mitigated on our network, launched by 52,467 unique IP’s, mostly hacked CCTV cameras.

We continued to see more IoT devices in DDoS attacks, and so we started to put together a security solution to protect the devices from becoming part of the botnet in the first place. Today we’re announcing it: Cloudflare Orbit.

PC-era security doesn’t work in IoT-era computing

As we talked to IoT companies, over and over again we heard the same thing. In the consumer electronics space, IoT manufacturers were telling us that they were shipping patches to their devices, but their end users didn’t always download and install them. (Reserve your judgment, how many times have you pressed ignore when your phone asked you to update its operating system?) In the industrial control, medical and automotive spaces, where devices are used in life-critical functions, we heard a different story. Even if someone wanted to apply a patch, it just wasn’t that easy. For example, even if the manager of a nuclear power plant wants to update software on their thermostats, shutting down operations long enough to do that means the update has to Continue reading

Visa Inc. Gains Speed and Operational Efficiency with Docker Enterprise Edition

DockerCon 2017 was an opportunity to hear from customers across multiple industries and segments on how they are leveraging Docker technology to accelerate their business. In the keynote on Day 2 and also a breakout session that afternoon, Visa shared how Docker Enterprise Edition is empowering them on their mission is to make global economies safer by digitizing currency and making electronic payments available to everyone, everywhere.

Docker Enterprise Edition at Visa 

Visa is the world’s largest retail electronic payment network that handles 130 billion transactions a year, processing $5.8 trillion annually. Swamy Kocherlakota, Global Head of Infrastructure and Operations, shared that Visa got here by expanding their global footprint which has put pressure on his organization which has remained mostly flat in headcount during that time. Since going into production with their Docker Containers-as-a-Service architecture 6 months ago, Mr. Kocherlakota has seen a 10x increase in scalability, ensuring that his organization will be able to support their overall mission and growth objectives well into the future.

Global Growth Fuels Need for A New Operating Model

In aligning his organization to the company mission, Swamy decided to focus on two primary metrics: Speed and Efficiency.

Cyberespionage, ransomware big gainers in new Verizon breach report

Verizon released its tenth annual breach report this morning, and cyberespionage and ransomware were the big gainers in 2016.Cyberspionage accounted for 21 percent of cases analyzed, up from 13 percent last year, and was the most common type of attack in the manufacturing, public sector, and education.In fact, in the manufacturing sector, cyberespionage accounted for 94 percent of all breaches. External actors were responsible for 93 percent of breaches, and, 91 percent of the time, the target was trade secrets.Meanwhile, the number of ransomware attacks doubled compared to the previous year.To read this article in full or to leave a comment, please click here

Cyberespionage, ransomware big gainers in new Verizon breach report

Verizon released its tenth annual breach report this morning, and cyberespionage and ransomware were the big gainers in 2016.Cyberspionage accounted for 21 percent of cases analyzed, up from 13 percent last year, and was the most common type of attack in the manufacturing, public sector, and education.In fact, in the manufacturing sector, cyberespionage accounted for 94 percent of all breaches. External actors were responsible for 93 percent of breaches, and, 91 percent of the time, the target was trade secrets.Meanwhile, the number of ransomware attacks doubled compared to the previous year.To read this article in full or to leave a comment, please click here

How Veritas is getting its cloud on

Bill Coleman, a 25-year veteran of the tech industry, became Veritas Technologies' CEO a little over a year ago. He's been leading the charge to help the software vendor transition from selling legacy point storage products to creating an integrated information-management platform. The goal is to provide something that's agnostic -- will work in the cloud or on-premises or both -- and that won't require customers to invest in a constant stream of upgrades to get there.I want to spend some more time talking about the cloud strategy and go into a little more depth on that. Before we do that, when you are finished rolling out this data management platform, how will that change the competitive landscape? Who will you view as your competitors at that point and how will it change the existing competitive relationships?To read this article in full or to leave a comment, please click here(Insider Story)

9 things your service provider wants you to know

The relationship between enterprise IT and service providers can be difficult. IT has frustrations in achieving optimal service levels. Service providers, as it turns out, have an equal number of bugaboos when it comes to their enterprise clients' readiness for and acceptance of provider intervention.We asked providers across a range of services what advice they can offer to smooth out some typical bumps in the road for their clients. Here's a look at what they had to say.1. Focus on the business users' needs, not the technology. One of the biggest mistakes that enterprise IT makes when engaging a service provider is focusing too much on finding technology to solve the problem instead of fully understanding the problem that needs to be solved.To read this article in full or to leave a comment, please click here

9 things your service provider wants you to know

The relationship between enterprise IT and service providers can be difficult. IT has frustrations in achieving optimal service levels. Service providers, as it turns out, have an equal number of bugaboos when it comes to their enterprise clients' readiness for and acceptance of provider intervention.We asked providers across a range of services what advice they can offer to smooth out some typical bumps in the road for their clients. Here's a look at what they had to say.1. Focus on the business users' needs, not the technology. One of the biggest mistakes that enterprise IT makes when engaging a service provider is focusing too much on finding technology to solve the problem instead of fully understanding the problem that needs to be solved.To read this article in full or to leave a comment, please click here

Foiled! 15 tricks to hold off the hackers

Malicious hackers have outsize reputations. They are über-geniuses who can guess any password in seconds, hack any system, and cause widespread havoc across multiple, unrelated networks with a single keystroke—or so Hollywood says. Those of us who fight hackers every day know the good guys are usually far smarter. Hackers simply have to be persistent.Each year, a few hackers do something truly new. But for the most part, hackers repeat the tried and true. It doesn’t take a supergenius to check for missing patches or craft a social engineering attack. Hacking by and large is tradework: Once you learn a few tricks and tools, the rest becomes routine. The truly inspired work is that of security defenders, those who successfully hack the hackers.To read this article in full or to leave a comment, please click here

Foiled! 15 tricks to hold off the hackers

Malicious hackers have outsize reputations. They are über-geniuses who can guess any password in seconds, hack any system, and cause widespread havoc across multiple, unrelated networks with a single keystroke—or so Hollywood says. Those of us who fight hackers every day know the good guys are usually far smarter. Hackers simply have to be persistent.Each year, a few hackers do something truly new. But for the most part, hackers repeat the tried and true. It doesn’t take a supergenius to check for missing patches or craft a social engineering attack. Hacking by and large is tradework: Once you learn a few tricks and tools, the rest becomes routine. The truly inspired work is that of security defenders, those who successfully hack the hackers.To read this article in full or to leave a comment, please click here

Federal CIOs tackle the next phase of cloud migration

The cloud has been the default setting in federal government IT for long enough now that most agencies have migrated over some basic operations like email, but that still leaves the hard work undone.After some quick wins -- moving relatively lightweight applications over to a cloud environment -- many federal CIOs are now trying to figure out what comes next. That requires a more challenging calculus and a nuanced evaluation of the agency's IT portfolio to determine what applications and systems really belong in the cloud."Agencies are struggling with that idea of how do they really in an affirmative sort of way adopt cloud technologies," Bill Zielinski, director of the Office of Strategic Programs at the General Services Administration, said during a recent panel discussion hosted by Federal News Radio. "It's one thing to find those kind of freestanding, low-hanging brand-new sorts of things to put in -- quote unquote -- the cloud, but when you really start talking about constituting your IT enterprise with a significant portion of it being cloud, they're struggling."To read this article in full or to leave a comment, please click here