0

FCC should produce logs to prove ‘multiple DDoS attacks’ stopped net neutrality comments

After John Oliver urged viewers of HBO’s Last Week Tonight to fight for net neutrality (again), even simplified the process for leaving comments by having a new URL, gofccyourself.com, redirect to the point where a person needs only to click “Express” to leave a comment, people were not able to submit comments because the site turned to molasses.The FCC blamed (pdf) the problem on “multiple” DDoS attacks. “These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC.”To read this article in full or to leave a comment, please click here

0

The Future of Hybrid Cloud

2017 will be the year that yields a new, better definition of hybrid.

0

Docker Enterprise Edition Brings New Life Back to Legacy Apps at Northern Trust

Many organizations understand the value of building modern 12-factor applications with microservices. However, 90+% of applications running today are still traditional, monolithic apps. That is also the case for Northern Trust – a 128-year old financial services company headquartered in Chicago, Illinois. At DockerCon 2017, Rob Tanner, Division Manager for Enterprise Middleware at Northern Trust, shared how they are using Docker Enterprise Edition (EE) to modernize their traditional applications to make them faster, safer, and more performant.

Bringing Agility and Security to Traditional Apps

Founded in 1889, Northern Trust is a global leader in asset servicing, asset management, and banking for personal and institutional clients. Their clients expect best-of-breed services and experiences from Northern Trust and Rob’s team plays a large role in delivering that. While their development teams are focused on microservices apps for greenfield projects, Rob is responsible for over 400 existing WebLogic, Tomcat, and .NET applications. Docker EE became the obvious choice to modernize these traditional apps and manage their incredibly diverse environment with a single solution.

Containerizing traditional applications with Docker EE gives Northern Trust a better way to manage them and some immediate benefits:

• Improved security: As a financial institution, security is a top priority. Continue reading

0

IDG Contributor Network: Settling scores with risk scoring

Risk scores seem all the rage right now. Executives want to know what their risk is. The constant stream over the past few years of high profile breaches and the resulting class action lawsuits, negative PR, loss in share price, cybersecurity insurance pay-out refusals, and even termination of liable executives has made this an urgent priority. The problem is we haven’t really developed a good way to measure risk.Most risk score approaches are restricted by a very simple limitation: They are not vendor agnostic or universal. The solution used to calculate risk is limited by the data it collects, which can vary widely.  What is the risk score composed of? More important, what doesn’t it capture? One vendor will include only network and system vulnerabilities, another bundles application vulnerabilities into the mix, and yet another adds user behaviour. Agreeing on the “right” mix still eludes us with no real authoritative standards that define what should be included. Every scoring methodology is subjective, which is surely a sign of how inherently unscientific the entire approach is.To read this article in full or to leave a comment, please click here

0

IDG Contributor Network: Settling scores with risk scoring

Risk scores seem all the rage right now. Executives want to know what their risk is. The constant stream over the past few years of high profile breaches and the resulting class action lawsuits, negative PR, loss in share price, cybersecurity insurance pay-out refusals, and even termination of liable executives has made this an urgent priority. The problem is we haven’t really developed a good way to measure risk.Most risk score approaches are restricted by a very simple limitation: They are not vendor agnostic or universal. The solution used to calculate risk is limited by the data it collects, which can vary widely.  What is the risk score composed of? More important, what doesn’t it capture? One vendor will include only network and system vulnerabilities, another bundles application vulnerabilities into the mix, and yet another adds user behaviour. Agreeing on the “right” mix still eludes us with no real authoritative standards that define what should be included. Every scoring methodology is subjective, which is surely a sign of how inherently unscientific the entire approach is.To read this article in full or to leave a comment, please click here

0

Microsoft fixes remote hacking flaw in Windows Malware Protection Engine

Microsoft has released an update for the malware scanning engine bundled with most of its Windows security products in order to fix a highly critical vulnerability that could allow attackers to hack computers.The vulnerability was discovered by Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich on Saturday and was serious enough for Microsoft to create and release a patch by Monday. This was an unusually fast response for the company, which typically releases security updates on the second Tuesday of every month and rarely breaks out of that cycle.Ormandy announced Saturday on Twitter that he and his colleague found a "crazy bad" vulnerability in Windows and described it as "the worst Windows remote code execution in recent memory."To read this article in full or to leave a comment, please click here

0

Microsoft fixes remote hacking flaw in Windows Malware Protection Engine

Microsoft has released an update for the malware scanning engine bundled with most of its Windows security products in order to fix a highly critical vulnerability that could allow attackers to hack computers.The vulnerability was discovered by Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich on Saturday and was serious enough for Microsoft to create and release a patch by Monday. This was an unusually fast response for the company, which typically releases security updates on the second Tuesday of every month and rarely breaks out of that cycle.Ormandy announced Saturday on Twitter that he and his colleague found a "crazy bad" vulnerability in Windows and described it as "the worst Windows remote code execution in recent memory."To read this article in full or to leave a comment, please click here

0

40% off Lexar microSD To Lightning Reader – Deal Alert

Lexar's microSD-to-Lightning reader makes it easy to move all your favorite content to & from your iOS device on the go. So whether you’re offloading stunning action photos from that sporting event, or dramatic video from your drone, or if you just want a simple solution to back up or move around your files while mobile -- it’s got you covered. With its small footprint, you can put it in your pocket and go. And the Lightning connector fits with most iOS cases, providing simple plug-and-play functionality. An optional app from the app store allows you to back up files when connected to your device for greater peace of mind. Lexar's microSD to Lightning reader averages 4 out of 5 stars on Amazon, where its typical list price of $24.99 has been reduced a generous 40%, for now, to just $14.99. See this deal on Amazon.To read this article in full or to leave a comment, please click here

0

Full Stack Journey 007: Ed Horley

On today's episode my guest is Ed Horley, who leads the cloud practice team for a Silicon Valley VAR. Ed may better be known as the “IPv6 dude” but today he’s talking about the business awareness and managerial aspects of the Full Stack Journey.

0

Full Stack Journey 007: Ed Horley

On today's episode my guest is Ed Horley, who leads the cloud practice team for a Silicon Valley VAR. Ed may better be known as the “IPv6 dude” but today he’s talking about the business awareness and managerial aspects of the Full Stack Journey.

The post Full Stack Journey 007: Ed Horley appeared first on Packet Pushers.

0

IDG Contributor Network: CIOs are totally stressed out: Here’s how to help

In the course of researching a marketing campaign aimed at IT professionals, I have interviewed dozens of such workers over the past year. Some are middle-aged; some are very young. I’ve talked to men and women in all parts of the country who worked at large and small firms.One thing that struck me is that I have not met a single one who was relaxed. They are all stressed and have no time. They are tortured souls who are constantly checking their phones. They live their lives on the edge of disaster.Perhaps this isn’t true across the board. A 2016 survey from TEKsystems showed that IT workers were less stressed than a few years ago. Yet even in that survey, the workers’ job satisfaction was low with less than one half agreeing that they were doing the most satisfying work of their careers.To read this article in full or to leave a comment, please click here

0

IDG Contributor Network: CIOs are totally stressed out: Here’s how to help

In the course of researching a marketing campaign aimed at IT professionals, I have interviewed dozens of such workers over the past year. Some are middle-aged; some are very young. I’ve talked to men and women in all parts of the country who worked at large and small firms.One thing that struck me is that I have not met a single one who was relaxed. They are all stressed and have no time. They are tortured souls who are constantly checking their phones. They live their lives on the edge of disaster.Perhaps this isn’t true across the board. A 2016 survey from TEKsystems showed that IT workers were less stressed than a few years ago. Yet even in that survey, the workers’ job satisfaction was low with less than one half agreeing that they were doing the most satisfying work of their careers.To read this article in full or to leave a comment, please click here

0

The rise of enterprise-class cybersecurity vendors

When I’m asked to explain what’s happening with enterprise cybersecurity technology, I often use an analogy from the business software market in the 1990s. Back then, application vendors tended to specialize in one area—PeopleSoft owned HR, Baan offered manufacturing apps, JD Edwards played in finance, etc. Around 1995, companies began replacing these departmental applications with enterprise-class ERP solutions from Oracle and SAP. The objective? Centralize all business data into a common repository that could anchor the business and be updated and used for various departmental functions and business processes in real time. + Also on Network World: Cybersecurity companies to watch + Yes, the ERP journey was a bit painful, but the transition resulted in a steady increase in business productivity, enhanced efficiency and better decision making.To read this article in full or to leave a comment, please click here

0

The rise of enterprise-class cybersecurity vendors

When I’m asked to explain what’s happening with enterprise cybersecurity technology, I often use an analogy from the business software market in the 1990s. Back then, application vendors tended to specialize in one area—PeopleSoft owned HR, Baan offered manufacturing apps, JD Edwards played in finance, etc. Around 1995, companies began replacing these departmental applications with enterprise-class ERP solutions from Oracle and SAP. The objective? Centralize all business data into a common repository that could anchor the business and be updated and used for various departmental functions and business processes in real time. + Also on Network World: Cybersecurity companies to watch + Yes, the ERP journey was a bit painful, but the transition resulted in a steady increase in business productivity, enhanced efficiency and better decision making.To read this article in full or to leave a comment, please click here

0

Cloud security startup RedLock automates public-cloud protection

Cloud security startup RedLock comes out of stealth mode today with a service that helps defend business resources that reside in pubic clouds, gives customers visibility into how these resources are being used and stores records of that activity for auditing and forensics.+More on Network World: FBI/IC3: Vile $5B business e-mail scam continues to breed+ RedLock Because virtual machines, application instances and workloads change rapidly it’s hard to get a good picture of what’s going on within cloud services such as Amazon Web Services and Microsoft Azure, says RedLock’s CEO Varun Badwhar. “It’s hard to manually monitor and control,” he says.To read this article in full or to leave a comment, please click here

0

IDG Contributor Network: Signal Sciences wants to protect ALL the web

The security space is one area where there are a massive number of vendors all offering to solve particular discrete problems. That is all well and good if you have a singular, discrete problem to solve, but what happens if you’re looking for a solution that covers the totality of your needs?Signal Science wants to be the answer to that question, the company offers a web protection product that covers cloud, physical and containerized infrastructure and provides security prioritization based on where applications are targeted. Signal Sciences claims Under Armour, Etsy, Yelp and Shutterstock as customers.+ Also on Network World: What to ask when selecting application security solutions + The company is making a dual announcement today. The first about its platform overall; the second is some fundraising news. Since fundraising is often seen as a validation of the product story, I’ll cover off the money side of things first. Signal Sciences has raised a $15 million Series B funding round led by Charles River Ventures.To read this article in full or to leave a comment, please click here

0

IDG Contributor Network: Signal Sciences wants to protect ALL the web

The security space is one area where there are a massive number of vendors all offering to solve particular discrete problems. That is all well and good if you have a singular, discrete problem to solve, but what happens if you’re looking for a solution that covers the totality of your needs?Signal Science wants to be the answer to that question, the company offers a web protection product that covers cloud, physical and containerized infrastructure and provides security prioritization based on where applications are targeted. Signal Sciences claims Under Armour, Etsy, Yelp and Shutterstock as customers.+ Also on Network World: What to ask when selecting application security solutions + The company is making a dual announcement today. The first about its platform overall; the second is some fundraising news. Since fundraising is often seen as a validation of the product story, I’ll cover off the money side of things first. Signal Sciences has raised a $15 million Series B funding round led by Charles River Ventures.To read this article in full or to leave a comment, please click here

0

Cloud security startup RedLock automates public-cloud protection

Cloud security startup RedLock comes out of stealth mode today with a service that helps defend business resources that reside in pubic clouds, gives customers visibility into how these resources are being used and stores records of that activity for auditing and forensics.+More on Network World: FBI/IC3: Vile $5B business e-mail scam continues to breed+ RedLock Because virtual machines, application instances and workloads change rapidly it’s hard to get a good picture of what’s going on within cloud services such as Amazon Web Services and Microsoft Azure, says RedLock’s CEO Varun Badwhar. “It’s hard to manually monitor and control,” he says.To read this article in full or to leave a comment, please click here

0

Staples hires its very first CISO

Staples has hired its first chief information security officer (CISO), a key new member of the office supply giant's team that combines traditional IT and digital transformation. Staples New Staples CISO  Brett Wahlin CISO Brett Wahlin, who will report to the company's CTO, will be responsible for enterprise-wide information, product and data security during a time in which Staples looks to expand its delivery business.  His responsibilities extend into areas such as connected devices (think Amazon Echo/Google Home digital assistant competition in the office), fraud and loss prevention. To read this article in full or to leave a comment, please click here

0

Staples hires its very first CISO

Staples has hired its first chief information security officer (CISO), a key new member of the office supply giant's team that combines traditional IT and digital transformation. Staples New Staples CISO  Brett Wahlin CISO Brett Wahlin, who will report to the company's CTO, will be responsible for enterprise-wide information, product and data security during a time in which Staples looks to expand its delivery business.  His responsibilities extend into areas such as connected devices (think Amazon Echo/Google Home digital assistant competition in the office), fraud and loss prevention. To read this article in full or to leave a comment, please click here