New research reveals cybersecurity skills shortage impact

When it comes to the cybersecurity skills shortage, I am somewhat of a “Chicken Little,” as I’ve been screaming about this issue for the last five years or so. As an example, ESG research conducted in early 2016 indicated that 46% of organizations indicate that they have a problematic shortage of cybersecurity skills today (note: I am an ESG employee). So, ESG and other researchers have indicated that there aren’t enough infosec bodies to go around but what about those that have jobs? How is the cybersecurity skills shortage affecting them and the organizations they work for? Earlier this week, ESG and the Information Systems Security Association (ISSA) published the second report in a two-part research report series investigating these issues. This new report, titled "Through the Eyes of Cyber Security Professionals," uncovers a lot more about just how deep the cybersecurity skills shortage cuts. For example:To read this article in full or to leave a comment, please click here

New Research Reveals Cybersecurity Skills Shortage Impact

When it comes to the cybersecurity skills shortage, I am somewhat of a “Chicken Little” as I’ve been screaming about this issue for the last 5 years or so.  As an example, ESG research conducted in early 2016 indicated that 46% of organizations indicate that they have a problematic shortage of cybersecurity skills today (note: I am an ESG employee).So, ESG and other researchers have indicated that there aren’t enough infosec bodies to go around but what about those that have jobs?  How is the cybersecurity skills shortage affecting them and the organizations they work for?Earlier this week, ESG and the Information Systems Security Association (ISSA) published the second report in a two-part research report series investigating these issues.  This new report titled, Through the Eyes of Cyber Security Professionals, uncovers a lot more about just how deep the cybersecurity skills shortage cuts.  For example:To read this article in full or to leave a comment, please click here

New Research Reveals Cybersecurity Skills Shortage Impact

When it comes to the cybersecurity skills shortage, I am somewhat of a “Chicken Little” as I’ve been screaming about this issue for the last 5 years or so.  As an example, ESG research conducted in early 2016 indicated that 46% of organizations indicate that they have a problematic shortage of cybersecurity skills today (note: I am an ESG employee).So, ESG and other researchers have indicated that there aren’t enough infosec bodies to go around but what about those that have jobs?  How is the cybersecurity skills shortage affecting them and the organizations they work for?Earlier this week, ESG and the Information Systems Security Association (ISSA) published the second report in a two-part research report series investigating these issues.  This new report titled, Through the Eyes of Cyber Security Professionals, uncovers a lot more about just how deep the cybersecurity skills shortage cuts.  For example:To read this article in full or to leave a comment, please click here

Corero says its always-on DDoS defense system automatically safeguards service providers  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.   The massive DDoS attack that was aimed in stages at DNS provider Dyn in October 2016 did more than grab headlines. It also served as a wake-up call to companies that provide the global Internet infrastructure, as well as downstream operators and service providers. Many experts fear this attack could prove to be a tipping point in the battle to maintain stability and availability across the Internet. Research shows the attack originated from an Internet of Things (IoT) botnet that involved an estimated 100,000 devices. Dyn experienced packet flow bursts 40 to 50 times higher than normal, and unverified reports put the magnitude of the attack in the 1.2Tbps range. The attack used multiple vectors and required a variety of techniques to fight off.To read this article in full or to leave a comment, please click here

Corero says its always-on DDoS defense system automatically safeguards service providers  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.   The massive DDoS attack that was aimed in stages at DNS provider Dyn in October 2016 did more than grab headlines. It also served as a wake-up call to companies that provide the global Internet infrastructure, as well as downstream operators and service providers. Many experts fear this attack could prove to be a tipping point in the battle to maintain stability and availability across the Internet. Research shows the attack originated from an Internet of Things (IoT) botnet that involved an estimated 100,000 devices. Dyn experienced packet flow bursts 40 to 50 times higher than normal, and unverified reports put the magnitude of the attack in the 1.2Tbps range. The attack used multiple vectors and required a variety of techniques to fight off.To read this article in full or to leave a comment, please click here

Worm on the sensor: What happens when IoT data is bad?

Enterprises trying to use the internet of things already face a deluge of data and a dizzying array of ways to analyze it. But what happens if the information is wrong?Bad data is common in IoT, and though it’s hard to get an estimate of how much information streaming in from connected devices can’t be used, a lot of people are thinking about the problem.About 40 percent of all data from the edges of IoT networks is “spurious,” says Harel Kodesh, vice president of GE’s Predix software business and CTO of GE Digital. Much of that data isn’t wrong, just useless: duplicate information that employees accidently uploaded twice, or repetitive messages that idle machines send automatically. To read this article in full or to leave a comment, please click here

Worm on the sensor: What happens when IoT data is bad?

Enterprises trying to use the internet of things already face a deluge of data and a dizzying array of ways to analyze it. But what happens if the information is wrong?Bad data is common in IoT, and though it’s hard to get an estimate of how much information streaming in from connected devices can’t be used, a lot of people are thinking about the problem.About 40 percent of all data from the edges of IoT networks is “spurious,” says Harel Kodesh, vice president of GE’s Predix software business and CTO of GE Digital. Much of that data isn’t wrong, just useless: duplicate information that employees accidently uploaded twice, or repetitive messages that idle machines send automatically. To read this article in full or to leave a comment, please click here

Stuff The Internet Says On Scalability For December 16th, 2016

Hey, it's HighScalability time:

 

This is the entire internet. In 1973! David Newbury found the map going through his dad's old papers.

If you like this sort of Stuff then please support me on Patreon.

  • 2.5 billion+: smartphones on earth; $36,000: loss making a VR game; $1 million: spent playing Game of War; 2000 terabytes: saved downloading Font Awesome's fonts per day; 14TB: new hard drives; 19: Systems We Love talks; 4,600Mbps: new 802.11ad Wi-Fi standard; 

  • Quotable Quotes:
    • Thomas Friedman: [John] Doerr immediately volunteered to start a fund that would support creation of applications for this device by third-party developers, but Jobs wasn’t interested at the time. He didn’t want outsiders messing with his elegant phone.
    • Fastly: For every problem in computer networking there is a closed-box solution that offers the correct abstraction at the wrong cost. 
    • ben stopford: The Data Dichotomy. Data systems are about exposing data. Services are about hiding it.
    • Ernie: just as Amazon invaded the CDN ecosystem with CloudFront and S3, CDNs are going to invade the cloud compute space of AWS.
    • The Attention Merchants: When not chronicling death in its many forms, Continue reading

Using Ganglia to monitor Linux services

The screen capture from the Ganglia monitoring tool shows metrics for services running on a Linux host. Monitoring Linux services describes how the open source Host sFlow agent has been extended to export standard Virtual Node metrics from services running under systemd. Ganglia already supports these standard metrics and the article Using Ganglia to monitor virtual machine pools describes the configuration steps needed to enable this feature.

ARM tackles server compatibility issues with Allinea acquisition

ARM has a big problem -- it rules in smartphones and tablets but hasn't broken into servers and supercomputers. ARM servers are devalued partly because many applications don't work with the chips.But ARM has acquired Allinea Software with the hope of partially resolving the compatibility issue. Allinea provides software development, debugging, and porting tools, which should make it easier for people to write applications for ARM-based servers and supercomputers.The acquisition will "provide a channel to thousands of developers using supercomputers and give us better first-hand knowledge of the issues being addressed as software is ported to new ARM-based systems," Javier Orensanz, general manager of the development solutions group at ARM, said in a blog entry.To read this article in full or to leave a comment, please click here

Worth Reading: Broadcom’s two ASIC lines

Just like every kind of compute job cannot be handled by a single type of microprocessor, the diversity of networking tasks in the datacenters of the world require a variety of different switch and router ASICs to best manage those tasks. As the volume leader in the switching arena, Broadcom comes under intense competitive pressure and has to keep on its toes to provide enough variety in its switch chips to keep its rivals at bay. One way that Broadcom does this is by having two distinct switch ASIC lines. —The Next Platform

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Broadcom’s two ASIC lines appeared first on 'net work.

IDG Contributor Network: Red Hat OpenStack Platform 10 targets private cloud

Red Hat just announced that it is making Red Hat OpenStack Platform 10 available. This release is based upon the OpenStack ‘Newton’ release and is designed to increase system-wide scalability, simplify management and improve workload orchestration. It will also enhance both network performance and security. Additionally, Red Hat OpenStack Platform 10 introduces a new software life cycle, with optional support up to 5 years.New features New enhancements and updates to Red Hat OpenStack Platform 10 include: A more streamlined user experience driven by an easier-to-use graphical user interface (GUI) that reduces the complexities of installation and management. Designed for production use, the Red Hat OpenStack Platform director GUI provides several newly integrated functions, such as automatic upgrades and updates (including Ceph), advanced networking configuration, high availability, and the option to deploy file sharing via the Manila service, using the integrated drivers available from NetApp and Red Hat Ceph Storage. Improved flexibility for greater scalability through the introduction of customizable services and administration roles using Red Hat OpenStack Platform director. Cloud operators are now able to control their OpenStack environment at a more granular level by customizing OpenStack services to run and scale independently of each other. This offers greater Continue reading

Apple’s macOS file encryption easily bypassed without the latest fixes

Without the macOS update released this week, Apple's disk encryption can be easily defeated by connecting a specially crafted device to a locked Macbook.The attack is possible because devices connected over Thunderbolt can access the computer's RAM directly before the OS is started through the direct memory access (DMA) feature. The DMA mechanism is typically used by disk drive controllers, graphics cards, network cards, and sound cards because accessing the memory through the CPU would otherwise keep the processor busy and unavailable for other tasks.Apple's macOS has DMA protections, but they only kick in when the OS is running. However, the EFI (Extensible Firmware Interface) -- the modern BIOS -- initializes Thunderbolt devices at an early stage in the boot process and this enables them to use DMA before the OS is started, security researcher Ulf Frisk said in a blog post.To read this article in full or to leave a comment, please click here

Apple’s macOS file encryption easily bypassed without the latest fixes

Without the macOS update released this week, Apple's disk encryption can be easily defeated by connecting a specially crafted device to a locked Macbook.The attack is possible because devices connected over Thunderbolt can access the computer's RAM directly before the OS is started through the direct memory access (DMA) feature. The DMA mechanism is typically used by disk drive controllers, graphics cards, network cards, and sound cards because accessing the memory through the CPU would otherwise keep the processor busy and unavailable for other tasks.Apple's macOS has DMA protections, but they only kick in when the OS is running. However, the EFI (Extensible Firmware Interface) -- the modern BIOS -- initializes Thunderbolt devices at an early stage in the boot process and this enables them to use DMA before the OS is started, security researcher Ulf Frisk said in a blog post.To read this article in full or to leave a comment, please click here

Evernote CEO: ‘We let our users down’ with privacy policy change

Evernote CEO Chris O'Neill has had a long couple of days. The company he runs recently ignited a firestorm among its users when it announced a privacy policy change that would have required users to open up all their notes for analysis in order to take advantage of forthcoming machine learning features. "We let our users down," he said in an interview. "We really tactically communicated in about as poor a way as we could."Evernote is going back to the drawing board and reversing course on the proposed policy. Users won't have their data shared with employees to help with machine learning unless they explicitly opt in. To read this article in full or to leave a comment, please click here

1 2,412 2,413 2,414 2,415 2,416 3,808