Toward Enterprise Security Technology Integration

Last week, I posted a blog about the move toward cybersecurity vendor and technology consolidation along with a growing emphasis on technology integration in the enterprise. Here’s some additional data that reinforces these conclusions.  As part of a recent ESG research project, 176 cybersecurity and It professionals were presented with several statements and asked whether they agreed or disagreed with each one (note: I am an ESG employee).  Here are the results:  82% of survey respondents “strongly agree” or “agree” with the statement: ‘My organization is actively building a security architecture that integrates multiple individual product.’  This is likely part of a SOAPA (i.e. security operations and analytics platform architecture) project. 81% of survey respondents “strongly agree” or “agree” with the statement: ‘Cybersecurity product integration has become an important consideration of our security procurement criteria.’  In other words, stand-alone point tools don’t make the purchasing cut in most cases. 78% of survey respondents “strongly agree” or “agree” with the statement: ‘The security products my organization buys are regularly qualified on their integration capabilities.  This aligns with the previous point.  73% of survey respondents “strongly agree” or “agree” with the statement: ‘My organization Continue reading

Toward Enterprise Security Technology Integration

Last week, I posted a blog about the move toward cybersecurity vendor and technology consolidation along with a growing emphasis on technology integration in the enterprise. Here’s some additional data that reinforces these conclusions.  As part of a recent ESG research project, 176 cybersecurity and It professionals were presented with several statements and asked whether they agreed or disagreed with each one (note: I am an ESG employee).  Here are the results:  82% of survey respondents “strongly agree” or “agree” with the statement: ‘My organization is actively building a security architecture that integrates multiple individual product.’  This is likely part of a SOAPA (i.e. security operations and analytics platform architecture) project. 81% of survey respondents “strongly agree” or “agree” with the statement: ‘Cybersecurity product integration has become an important consideration of our security procurement criteria.’  In other words, stand-alone point tools don’t make the purchasing cut in most cases. 78% of survey respondents “strongly agree” or “agree” with the statement: ‘The security products my organization buys are regularly qualified on their integration capabilities.  This aligns with the previous point.  73% of survey respondents “strongly agree” or “agree” with the statement: ‘My organization Continue reading

Fitbit Offers Up To 50% off and Free Shipping For Mom’s Day – Deal Alert

Fitbit wants you to motivate the women who motivate you, and they're offering 50% off select gifts, plus free 2-day shipping when you spend $50 or more on Alta, Flex 2, Charge 2, or others. Jump over to Fitbit's site and browse their gift guide and exclusive discounts in honor of Mother's Day.  To read this article in full or to leave a comment, please click here

Tracking NFV Performance in the Data Center

Virtualizing the data center may make it more efficient and agile but additional processing power may be needed.

IDG Contributor Network: NetOps: Are you ready? How can you start?

NetOps focuses on the philosophies, practices and tools in building and operating the network to deliver and respond quickly to application and user service needs. In my previous post, I described NetOps and why you should care. Ties from NetOps to agile software development and DevOps are essential, as these practices are now the source of many of the requests for network changes.The methods of NetOps can help you to create a network that is not only available with high levels of reliability, performance and security, but is also agile in configuration, capacity and operations. In short, NetOps enables the network to be both available and agile.To read this article in full or to leave a comment, please click here

IDG Contributor Network: NetOps: Are you ready? How can you start?

NetOps focuses on the philosophies, practices and tools in building and operating the network to deliver and respond quickly to application and user service needs. In my previous post, I described NetOps and why you should care. Ties from NetOps to agile software development and DevOps are essential, as these practices are now the source of many of the requests for network changes.The methods of NetOps can help you to create a network that is not only available with high levels of reliability, performance and security, but is also agile in configuration, capacity and operations. In short, NetOps enables the network to be both available and agile.To read this article in full or to leave a comment, please click here

The Datacenter Does Not Revolve Around AWS, Despite Its Gravity

If the public cloud computing market were our solar system, then Amazon Web Services would be Jupiter and Saturn together and the remaining five fast-growing big clouds would be like the inner planets like Mercury, Venus, Earth, Mars,  and that pile of rocks that used to be a planet mixed up with those clouds that are finding growth a bit more challenging  – think Uranus and Neptune and maybe even Pluto if you still want to count it a planet.

This analogy came to us in the wake of Amazon’s reporting of its financial results for the first quarter of …

The Datacenter Does Not Revolve Around AWS, Despite Its Gravity was written by Timothy Prickett Morgan at The Next Platform.

Microsoft reportedly will separate Edge from OS updates

It’s no secret that Microsoft’s Edge browser, the revamped browser that shipped with Windows 10 as a replacement for Internet Explorer, is struggling to gain any sort of traction. As IE fades rapidly, Google Chrome has been picking up share, while Edge remains stubbornly at 5 percent share.As I illustrated last week, Edge doesn’t really have one. It’s painfully slow. I should not be able to watch a website load piece by piece in 2017 on a broadband connection.To read this article in full or to leave a comment, please click here

Red Hat kicks off annual Summit by leaning dev-wards

Red Hat’s annual summit opened today with the announcement of three new products aimed with uncharacteristic directness at developers, rather than the company’s usual target of IT operations staff.Openshift.io is the company’s free SaaS development environment, specifically designed for cloud-native apps, that lets geographically far-flung teams work together and automatically containerizes code for easy deployment. The environment builds on open source projects like Kubernetes-focused development platform fabric8, IDE Eclipse Che, and automation server Jenkins.+ALSO ON NETWORK WORLD: Red Hat CEO: Open-source innovation is always user-led + Which Linux distros should newbies use?To read this article in full or to leave a comment, please click here

Red Hat kicks off annual Summit by leaning dev-wards

Red Hat’s annual summit opened today with the announcement of three new products aimed with uncharacteristic directness at developers, rather than the company’s usual target of IT operations staff.Openshift.io is the company’s free SaaS development environment, specifically designed for cloud-native apps, that lets geographically far-flung teams work together and automatically containerizes code for easy deployment. The environment builds on open source projects like Kubernetes-focused development platform fabric8, IDE Eclipse Che, and automation server Jenkins.+ALSO ON NETWORK WORLD: Red Hat CEO: Open-source innovation is always user-led + Which Linux distros should newbies use?To read this article in full or to leave a comment, please click here

StackStorm: Ghost2logger Pack

Coinciding (roughly) with the version 2.2 release of StackStorm, the Ghost2logger pack has been released.

This pack provides in essence a “Syslog sensor” that provides the user a tuple match on a Syslog entry, tuples in this case being:

• Syslog Message (Actual syslog message)
  MANDATORY AND
• Syslog Source (IPv4 address)

The actions can then be anything you so desire, either triggering a sinlge action or full blown workflow with Mistral or Cloudslang.

Getting Started

In terms of using the pack, all that is required from the user is the creation of rules and pointing your syslog source to the Ghost2logger location. Most of the time Ghost2logger will live on the same install as StackStorm, so point it at the IP address StackStorm resides. Worried abut StackStorm load? Don’t be. Syslogs aren’t actually processed by StackStorm, but are processed by the Ghost2logger binary. Only matched entries dispatch triggers. There is some inception going on here. Prepare yourself for this: “Rules will only match what the rules have created the match conditions for”. If you understand this hypothesis correctly, you will understand that this is simple feedback from the rules base back to Ghost2logger.

The pack itself consists of a number Continue reading

Review: More sleep-related devices to help you get more ZZZs

The month of May has been dedicated “Better Sleep Month” by the Better Sleep Council. If you don’t like that group and you prefer to follow the guidelines of the National Sleep Foundation, you just celebrated Sleep Awareness Week (April 23-29, 2017). Either way, there’s no better time to look at some new products that want to help you get a better night’s sleep.I’ve previously written about two other devices – the ASTI Sound+Sleep SE sound machine, which provides 64 different sounds to help provide a white-noise-like effect; and the LIVE sensor by EarlySense, which tracks your heartbeat, breathing, stress levels and sleep stages to give you data about how much (or how little) you’re sleeping.To read this article in full or to leave a comment, please click here

Introducing Docker’s new CEO

Docker has celebrated a number of important milestones lately. March 20th was the fourth anniversary of the launch of the Docker project at PyCon in 2013. April 10th was the fourth anniversary of the day that I joined Solomon and a team of 14 other believers to help build this remarkable company. And, on April 18th, we brought the community, customers, and partners together in Austin for the fourth US-based DockerCon.

March 20th, 2013

Docker Team in 2013

DockerCon was a great opportunity to reflect on the progress we’ve seen in the past four years. Docker the company has grown from 15 to over 330 talented individuals. The number of contributors to Docker has grown from 10 to over 3300. Docker is used by millions of developers and is running on millions of servers. There are now over 900k dockerized apps that have been downloaded over 13 billion times. Docker is being used to cure diseases, keep planes in the air, to keep soldiers safe from landmines, to power the world’s largest financial networks and institutions, to process billions in transactions, to help create new companies, and to help revitalize existing companies. Docker has rapidly scaled revenues, building a sustainable Continue reading

IoT Security Anti-Patterns

From security cameras to traffic lights, an increasing amount of appliances we interact with on a daily basis are internet connected. A device can be considered IoT-enabled when the functionality offered by its Embedded System is exposed through an internet connected API.

Internet-of-Things technologies inherit many attack vectors that appear in other internet connected devices, however low-powered hardware-centric nature of embedded systems presents them with unique security threats. Engineers building Internet-of-Things devices must take additional precautions to ensure they do not implement security anti-patterns when addressing new problems, this blog post will investigate four such anti-patterns that have been used by real Internet-of-Things devices.

Atmel ATMEGA8 Microcontroller Wikimedia Commons - CC BY-SA 3.0

HTTP Pub/Sub

Every time your IoT-enabled alarm clock sounds, you may want it to tell your coffee machine to brew some coffee. In order to do this, your coffee machine may subscribe to messages published by your alarm clock. One such way of doing this is to implement the Publish/Subscribe Pattern within the API of the IoT devices, for this example let's assume our alarm clock and coffee machine communicate through HTTP.

In order to subscribe to messages from the alarm clock, the coffee machine sends Continue reading

Using the Collaborative Security Approach to Address Internet of Things Security Challenges

US bill aims to quash Open Internet Order, prevent its return

A bill introduced Monday by some U.S. senators aims to repeal net neutrality rules under the Federal Communications Commission’s 2015 Open Internet Order, and ban the agency from issuing similar regulations in the future.The legislation aims to give some permanence to recent moves by the Republican-dominated FCC to repeal provisions of the 2015 order. There are concerns that if the FCC at some point comes under the control of Democrats, it will promptly restore the rules under the 2015 Open Internet Order.The Restoring Internet Freedom Act was introduced by Senator Mike Lee, a Republican from Utah, and is cosponsored by eight other Republicans including Ted Cruz, senator for Texas, and Rand Paul, senator for Kentucky.To read this article in full or to leave a comment, please click here

Infosys to hire 10,000 in the US as Trump focuses on local hires

Indian outsourcer Infosys is hiring 10,000 American workers over the next two years, in the wake of a review of U.S. visa rules and an emphasis on local hires by the administration of President Donald Trump.Infosys said Monday it will open four new “Technology and Innovation Hubs” in the U.S., focusing on cutting-edge technologies such as artificial intelligence, machine learning, user experience, emerging digital technologies, cloud, and big data.The first such center is coming up in Indiana in August and is expected to create 2,000 jobs by 2021 for American workers, besides boosting the state economy.The company plans to hire both experienced technology professionals and recent graduates from major universities, and local and community colleges, besides setting up training programs in areas such as user experience, cloud, artificial intelligence, big data and digital offerings, and core technology and computer science skills.To read this article in full or to leave a comment, please click here

Is IT having an identity crisis?

In 2007, Michael Spears became CIO of the National Council on Compensation Insurance. It wasn't the usual promotion. Spears had spent two years as the NCCI's chief data officer, and he kept that role when be became CIO. In his dual capacity, he oversees both the IT department and the data resources division, though they operate as separate entities. Over the years, he says, the CIO and CDO roles have sometimes been held by different people and sometimes by the same person.Spears has taken some ribbing for his CIO role from his colleagues in the data analytics world. "I was just at a data conference where people were making fun of me for being in both roles. They said, 'You can't get lumped in with IT — it's just bits and bytes. You won't be respected for the knowledge you have about data.' But it doesn't have to be that way. It depends where the value is coming from, the skill sets of the leaders, and what's important to the company at that time."To read this article in full or to leave a comment, please click here

SMBs continue to be a target of cybercriminals

Because they don’t see themselves as targets, small-to-midsize businesses (SMB) have for a long time believed that their security programs are good enough. They have a firewall, antivirus, maybe they even use two-factor authentication.The mistake is believing that this is enough because they have nothing of value to an attacker. While they may have a smaller attack surface, they are no less vulnerable than a major enterprise.Not only are small businesses growing as the favored targets for ransomware attacks, they are also the most impacted, with 60 percent shutting down within six months of a breach, according to the US National Cyber Security Alliance.To read this article in full or to leave a comment, please click here

SMBs continue to be a target of cybercriminals

Because they don’t see themselves as targets, small-to-midsize businesses (SMB) have for a long time believed that their security programs are good enough. They have a firewall, antivirus, maybe they even use two-factor authentication.The mistake is believing that this is enough because they have nothing of value to an attacker. While they may have a smaller attack surface, they are no less vulnerable than a major enterprise.Not only are small businesses growing as the favored targets for ransomware attacks, they are also the most impacted, with 60 percent shutting down within six months of a breach, according to the US National Cyber Security Alliance.To read this article in full or to leave a comment, please click here