Systemic cybersecurity crisis looms

The number of large-scale, highly damaging data breaches over the past few years has led some to believe the market is on its way to another systemic crisis, similar to the Great Recession.Corporate greed, lax risk management procedures and insufficient oversight by regulators contributed to the 2008 financial crisis. Likewise, the perception that cybersecurity is just another cost center coupled with organizations’ tendencies to implement bare minimum security measures could be paving the way for a systemic cybersecurity crisis. + Also on Network World: How CISOs should address their boards about security + There is a widespread notion that cybersecurity is one more hurdle for executives to deal with that drains company resources. Cisco surveyed more than 1,000 executives, and 74 percent of participants said the main purpose of cybersecurity is to reduce risk rather than enable growth. This ideology that cybersecurity is costly, hinders productivity and is maintained based on a company decision maker’s level of paranoia is not just inaccurate, it is harmful. As a result, many organizations underinvest in their cybersecurity programs, implementing minimal security measures that may be obsolete in a few short years as cyber threats evolve and new attack vectors emerge. Continue reading

Systemic cybersecurity crisis looms

The number of large-scale, highly damaging data breaches over the past few years has led some to believe the market is on its way to another systemic crisis, similar to the Great Recession.Corporate greed, lax risk management procedures and insufficient oversight by regulators contributed to the 2008 financial crisis. Likewise, the perception that cybersecurity is just another cost center coupled with organizations’ tendencies to implement bare minimum security measures could be paving the way for a systemic cybersecurity crisis. + Also on Network World: How CISOs should address their boards about security + There is a widespread notion that cybersecurity is one more hurdle for executives to deal with that drains company resources. Cisco surveyed more than 1,000 executives, and 74 percent of participants said the main purpose of cybersecurity is to reduce risk rather than enable growth. This ideology that cybersecurity is costly, hinders productivity and is maintained based on a company decision maker’s level of paranoia is not just inaccurate, it is harmful. As a result, many organizations underinvest in their cybersecurity programs, implementing minimal security measures that may be obsolete in a few short years as cyber threats evolve and new attack vectors emerge. Continue reading

16% off MOCACuff Bluetooth Wrist Blood Pressure Monitor, iOS/Android Compatible – Deal Alert

Place MOCACuff on your wrist and let it do all the work, measuring heart rate, systolic and diastolic blood pressure. Results are displayed on-screen with corresponding American Heart Association's blood pressure standards. A simple button press syncs results to your iOS/Android device. Receive expertly curated health recommendations via MOCACARE's app to improve or maintain your health, and visualize health trends and see how your health is improving over time. The device is FDA-cleared, CE certified and comes in a carrying case for convenience and portability. The typical list price of $77.74 has been reduced on Amazon 16% to $64.99, for now. See this deal now on Amazon.To read this article in full or to leave a comment, please click here

Twistlock Closes $17M Funding Round for Container Security

IBM security veteran Brendan Hannigan joined the Twistlock board.

IDG Contributor Network: Twistlock leverages the container opportunity to score big funding

The open source Docker initiative has been nothing if not entertaining. Epic levels of intrigue, dastardly deeds and positioning seems to be the order of the day.Of particular interest is what the Docker ecosystem is doing, particularly how the third-party solution players deftly promise loyalty to Docker Inc. but also position themselves for survival in the increasingly likely eventuality that Docker (the company) will, in Silicon Valley parlance, eat their lunch.+ Also on Network World: Finding and protecting the crown jewels + One interesting area is that of security as it relates to containerized applications. One vendor doing good work in the space is Twistlock. Twistlock describes itself as the industry’s first enterprise security suite for containers. Twistlock's technology addresses risks on the host and within the application of the container. In doing so, it gives enterprises the ability to consistently enforce security policies, monitor and audit activity, and identify and isolate threats in a container or cluster of containers. Twistlock's stated mission is to provide a full, enterprise-grade security stack for containers so organizations can confidently adopt and maximize the benefits of containers in their production environment.To read this article in full or to leave a Continue reading

IDG Contributor Network: Twistlock leverages the container opportunity to score big funding

The open source Docker initiative has been nothing if not entertaining. Epic levels of intrigue, dastardly deeds and positioning seems to be the order of the day.Of particular interest is what the Docker ecosystem is doing, particularly how the third-party solution players deftly promise loyalty to Docker Inc. but also position themselves for survival in the increasingly likely eventuality that Docker (the company) will, in Silicon Valley parlance, eat their lunch.+ Also on Network World: Finding and protecting the crown jewels + One interesting area is that of security as it relates to containerized applications. One vendor doing good work in the space is Twistlock. Twistlock describes itself as the industry’s first enterprise security suite for containers. Twistlock's technology addresses risks on the host and within the application of the container. In doing so, it gives enterprises the ability to consistently enforce security policies, monitor and audit activity, and identify and isolate threats in a container or cluster of containers. Twistlock's stated mission is to provide a full, enterprise-grade security stack for containers so organizations can confidently adopt and maximize the benefits of containers in their production environment.To read this article in full or to leave a Continue reading

DockerCon 2017 Day 1 Highlights

What an incredible DockerCon 2017 we had last week. Big thank you to all of the 150+ confirmed speakers, 100+ sponsors and over 5,500 attendees for contributing to the success of these amazing 3 days in Austin. You’ll find below the videos and slides from general session day 1.All the slides will soon be published on our slideshare account and all the breakout session video recordings available on our DockerCon 2017 youtube playlist.

Here’s what we covered during the day 1 general session:

• 17:00 Developer Workflow improvements and demo
• 37:00 Secure Orchestration and demo
• 59:00 Introducing LinuxKit: a toolkit for building secure, lean and portable linux subsystems
• 1:15 Introducing the Moby Project: a new open source project to advance the software containerization movement

Development workflow Improvements

Solomon’s keynote started by introducing new Docker features to improve the development workflows of Docker users: multi-stage builds and desktop-to-cloud integration. With multi-stage builds you can now easily separate your build-time and runtime container images, allowing development teams to ship minimal and efficient images. It’s time to say goodbye to those custom and non-portable build scripts! With desktop-to-cloud you can easily connect to a remote swarm cluster using your Docker ID for authentication, without having to worry Continue reading

You Don’t Change The World By Thinking like Everyone Else

IDG Contributor Network: How CISOs should address their boards about security

There are two times you might have to talk to your organization’s board of directors about security: before a breach and after. Be sure you’ve had the former before you need to have the latter.The board of directors, whose duty it is to run the company in the long-term interest of the owners, needs to know you’ve taken prudent steps to protect the organization’s digital assets. That should mean the board wants to talk with you, the CISO, to learn firsthand what your department is doing to mitigate information security threats.+ Also on Network World: How to survive in the CISO hot seat + Board members want a high-level picture of the threat landscape and a checklist of the measures you’ve taken and policies you’ve adopted to protect the organization. Your job is to provide the board with perspective and not necessarily details. A scorecard or checklist can be an effective visual and a good starting point for a discussion of the organization’s security measures. It lets you provide a high-level overview, and it gives you a road map for diving into details if the board asks for more information.To read this article in full or to Continue reading

IDG Contributor Network: How CISOs should address their boards about security

There are two times you might have to talk to your organization’s board of directors about security: before a breach and after. Be sure you’ve had the former before you need to have the latter.The board of directors, whose duty it is to run the company in the long-term interest of the owners, needs to know you’ve taken prudent steps to protect the organization’s digital assets. That should mean the board wants to talk with you, the CISO, to learn firsthand what your department is doing to mitigate information security threats.+ Also on Network World: How to survive in the CISO hot seat + Board members want a high-level picture of the threat landscape and a checklist of the measures you’ve taken and policies you’ve adopted to protect the organization. Your job is to provide the board with perspective and not necessarily details. A scorecard or checklist can be an effective visual and a good starting point for a discussion of the organization’s security measures. It lets you provide a high-level overview, and it gives you a road map for diving into details if the board asks for more information.To read this article in full or to Continue reading

Cisco Jasper Takes its IoT Expertise to the Enterprise

Canadian operator Telus is the first customer to use the new platform.

ONUG gets closer to making SD-WANs talk to each other

A group of networking engineers and vendors is making progress toward an API that would help enterprises merge SD-WANs from different vendors.The Open SD-WAN Exchange (OSE) initiative was launched last year by the Open Networking User Group (ONUG) to solve a shortcoming of software-defined wide-area networks: They often can't talk to each other. On Tuesday at the ONUG Spring 2017 conference in San Francisco, OSE will make public the work it's done so far.SD-WANs control links to branch offices and remote sites with software, which ultimately should eliminate proprietary hardware and dedicated routing schemes. They also allow companies to use regular broadband connections instead of more expensive MPLS (Multiprotocol Label Switching) services.To read this article in full or to leave a comment, please click here

ONUG gets closer to making SD-WANs talk to each other

A group of networking engineers and vendors is making progress toward an API that would help enterprises merge SD-WANs from different vendors.The Open SD-WAN Exchange (OSE) initiative was launched last year by the Open Networking User Group (ONUG) to solve a shortcoming of software-defined wide-area networks: They often can't talk to each other. On Tuesday at the ONUG Spring 2017 conference in San Francisco, OSE will make public the work it's done so far.SD-WANs control links to branch offices and remote sites with software, which ultimately should eliminate proprietary hardware and dedicated routing schemes. They also allow companies to use regular broadband connections instead of more expensive MPLS (Multiprotocol Label Switching) services.To read this article in full or to leave a comment, please click here

What to ask when selecting application security solutions

Buying decisionsImage by ThinkstockThere are many factors to consider when making an application security purchasing decision, and the pressure is on organizations now more than ever to improve their security risk management preparedness. In fact, more than 80 percent of security attacks target software applications, with application vulnerabilities as the No.1 cyber-attack target. Organizations need a comprehensive application security toolkit to stay secure throughout the product lifecycle, and need to address key questions that can help them determine the right tools to address security risks.To read this article in full or to leave a comment, please click here

What to ask when selecting application security solutions

Buying decisionsImage by ThinkstockThere are many factors to consider when making an application security purchasing decision, and the pressure is on organizations now more than ever to improve their security risk management preparedness. In fact, more than 80 percent of security attacks target software applications, with application vulnerabilities as the No.1 cyber-attack target. Organizations need a comprehensive application security toolkit to stay secure throughout the product lifecycle, and need to address key questions that can help them determine the right tools to address security risks.To read this article in full or to leave a comment, please click here

What to ask when selecting application security solutions

Buying decisionsImage by ThinkstockThere are many factors to consider when making an application security purchasing decision, and the pressure is on organizations now more than ever to improve their security risk management preparedness. In fact, more than 80 percent of security attacks target software applications, with application vulnerabilities as the No.1 cyber-attack target. Organizations need a comprehensive application security toolkit to stay secure throughout the product lifecycle, and need to address key questions that can help them determine the right tools to address security risks.To read this article in full or to leave a comment, please click here

How CISOs find their perfect job

It’s a good time to be a CISO. In a market where analysts say there are over 1 million unfilled job openings, and with demand expected to rise to 6 million globally by 2019 -- according to the Palo Alto Research Center, if you do a good job other opportunities are sure to follow.Indeed, such is the market, that - as we reported last year, even poor performing CISOs, dismissed from previous jobs, get handed new opportunities time and time again.To read this article in full or to leave a comment, please click here(Insider Story)

How CISOs find their perfect job

It’s a good time to be a CISO. In a market where analysts say there are over 1 million unfilled job openings, and with demand expected to rise to 6 million globally by 2019 -- according to the Palo Alto Research Center, if you do a good job other opportunities are sure to follow.To read this article in full or to leave a comment, please click here(Insider Story)

Cisco Identity Services Engine: Initial Configuration

IDG Contributor Network: Ecommerce giants look to dominate payment gateways

Ecommerce competition is heating up globally, with giants Amazon, Apple, Alibaba, Tencent and eBay all vying for bigger stakes in the market. Retail sales are expected to surpass $27 trillion by 2020, and ecommerce is expected to account for more than $4 trillion of that figure.One key area that is becoming the next battleground for these companies is payments. Payments may seem to be an inherent part of ecommerce platforms that facilitates the checkout process. However, the boom of financial technology (fintech) has made payments a major segment in financial services, creating major opportunities for these businesses to tap into wider markets.To read this article in full or to leave a comment, please click here