How flexible should your infosec model be?

Security is a top priority at the Bank of Labor, but the financial institution updates its formal information security policy only once a year, maybe twice, regardless of what's happening in the ever-changing threat landscape.That's not to say that the union bank ignores emerging threats such as new malware variants or phishing schemes, says Shaun Miller, the bank's information security officer. On the contrary, the organization, which has seven branches in the Kansas City, Kan., area plus an office in Washington, routinely tweaks its firewalls and intrusion-protection systems in response to new and active threats. To avoid fatiguing its 120 users, however, it refrains from formalizing new policies more frequently.To read this article in full or to leave a comment, please click here

Download our report: IT Security’s Looming Tipping Point

Given the rash of high-profile data breaches that have exposed customers' personal information, created PR nightmares and cost C-level executives their jobs, IT and business leaders should have security at the top of their priority list. But while businesses are saying the right things about giving IT security more attention and budget, is that talk being put into useful action?To read this article in full or to leave a comment, please click here(Insider Story)

Five social engineering scams employees still fall for

You’ve trained them. You’ve deployed simulated phishing tests. You’ve reminded your employees countless times with posters and games and emails about avoiding phishing scams. Still, they keep falling for the same ploys they’ve been warned about for years. It’s enough to drive security teams to madness.According to Verizon’s 2016 Data Breach Investigation Report, 30 percent of phishing messages were opened by their intended target, and about 12 percent of recipients went on to click the malicious attachment or link that enabled the attack to succeed. A year earlier, only 23 percent of users opened the email, which suggests that employees are getting worse at identifying phishing emails -- or the bad guys are finding more creative ways to outsmart users.To read this article in full or to leave a comment, please click here

Why (and when) outsourcing security makes sense

Phenix Energy Group, an oil pipeline operator and construction company, is preparing to take its IT infrastructure from zero to 60 in a matter of months. To get a years-in-the-making pipeline project off the ground, the company is preparing to grow from a relatively small office environment to a data center setting of 75 servers and 250TB of storage. As a result, security, which hasn’t been a top priority, is suddenly a big deal, according to CIO and COO Bruce Perrin.Given the high stakes — a downed system could cost about $1 million an hour — Perrin has spent the past five years researching options. While he’d prefer to run security in-house as part of an on-premises data center, Perrin is leaning toward outsourcing the function, at least initially, because he doesn’t have time to staff up a dedicated information security department in the few scant months before the pipeline goes online.To read this article in full or to leave a comment, please click here

4 tips for tough conversations with your employees

No one likes when difficult situations at work, but when these issues do arise, it's important that your focus remains on establishing a productive conversation where everyone feels heard."When difficult conversations do arise -- such as discussions about low performance, inconsistent results, frustrated clients -- a leader can confidently assess the current situation against previously defined expectations and a focus on identifying and closing the gap," says Anthony Abbatiello, global lead, Deloitte Leadership business.When you approach tough conversations with professionalism and leadership, they can ultimately help guide the employee in their career by helping them figure out what their strengths and weaknesses are. However, it can still be just as difficult to deliver bad news at work as it is to receive it, but there are a few steps you can take to help make those tough moments at work easier on everyone.To read this article in full or to leave a comment, please click here

Apple commits to run off 100% renewable energy

Apple announced that it has committed to running all of its data centers and corporate offices on renewable energy, joining a group of other corporations committed to the same clean energy goal.Apple said it has joined RE100, a global initiative by influential businesses committed to using 100% renewable electricity. To date, RE100 has amassed membership from 77 corporations.Other RE100 members include Hewlett Packard Enterprise, VMware, Rackspace and Wells Fargo.To read this article in full or to leave a comment, please click here

Apple commits to run off 100% renewable energy

Apple announced that it has committed to running all of its data centers and corporate offices on renewable energy, joining a group of other corporations committed to the same clean energy goal.Apple said it has joined RE100, a global initiative by influential businesses committed to using 100% renewable electricity. To date, RE100 has amassed membership from 77 corporations.Other RE100 members include Hewlett Packard Enterprise, VMware, Rackspace and Wells Fargo.To read this article in full or to leave a comment, please click here

Google’s Pixel phones: 7 essential technical upgrades we want to see

Google will, if the persistent rumors are true, forego releasing “Nexus” phones this year in favor of a pair of phones under the “Pixel” banner. Is this just a re-branding, or are there material differences between the two product lineages?Well, the Nexus heritage is based on affordable hardware that runs stock Android—phones that have always been aimed at developers and enthusiasts. The Pixel brand, whether it’s the Chromebook Pixel or the Pixel C Android tablet, is more aspirational. The Pixel hardware is higher-priced and higher-quality, and brings unique features to bear. Beyond that, the Pixel devices not only compete with high-end hardware from other manufacturers, but also point the way forward for those companies. They show “what can be done” if you pull out all the stops.To read this article in full or to leave a comment, please click here

How blind skills challenges can close the skills gap

Jessica Janiuk didn't set out to have a career in IT. After earning a degree in communications with a minor in web development, Janiuk started working as a video producer, but quickly found that wasn't the right fit. When offered the opportunity to work on software, Janiuk jumped at the chance, found a professional calling and has thrived in the IT industry for the last few years. But as a trans-woman, Janiuk has experienced more than the usual biases women in tech are subjected to on the journey to her current position as a front-end software engineer for global data protection firm Datto.Though Silicon Valley firms and more progressive, organizations globally are employing a number of methods to increase diversity in their talent pipelines and remove biases in their recruiting and hiring processes, it's still an uphill battle for women, the LGBTQ community and other underrepresented minorities trying to break into the IT field. One way to ensure bias isn't impacting the hiring process is through blind coding challenges to screen and qualify technical talent.To read this article in full or to leave a comment, please click here

Cisco moves on from Intercloud, will focus on cloud management instead

Cisco this week released new software and services for helping organizations migrate to cloud-based infrastructure, whether it be infrastructure they run themselves or resources from public cloud providers.+More on Network World: Cisco CEO: Spin-in technologies aren’t dead at Cisco+But as part of this effort Cisco is not pointing customers to one of its own public cloud platforms as it has wound down and pivoted away from its multi-year effort to develop its once-heralded Intercloud.To read this article in full or to leave a comment, please click here

SoftWatch Releases SaaS to Help Enterprises Migrate to Cloud

Determine which apps are most suitable to run on the cloud.

Data Deduplication: 7 Factors To Consider

This Is Why I’m Not Doing SD-WAN Webinars

One of my long-time regular readers sent me this question:

I was wondering if you have had any interest in putting together an SD-WAN overview/update similar to what you do with data center fabrics where you cover the different product offerings, differentiators, solution scorecard…

That would be a good idea. Unfortunately the SD-WAN vendors aren’t exactly helping.

Cisco CEO Robbins: Wait til you see what’s in our innovation pipeline

It’s been a little over a year since Chuck Robbins took the reins at Cisco from the venerated John Chambers. In that time, the face and pace of the IT realm has transformed -- from Dell buying EMC and HP splitting up to the swift rise of IoT and harsh impact of security challenges. Robbins has embraced this rapid change and, he says in this wide-ranging interview, moved the company forward with relentless speed to address everything from hyperconvergence to application-centric infrastructures. To read this article in full or to leave a comment, please click here(Insider Story)

IT security: 3 things you need to know now

Computerworld, CSO and CIO surveyed 287 business and IT leaders on the state of security in their organization. Here's what they had to say (it ain't always pretty...).

Cisco CEO Robbins: Wait til you see what’s in our innovation pipeline

It’s been a little over a year since Chuck Robbins took the reins at Cisco from the venerated John Chambers. In that time, the face and pace of the IT realm has transformed -- from Dell buying EMC and HP splitting up to the swift rise of IoT and harsh impact of security challenges. Robbins has embraced this rapid change and, he says in this wide-ranging interview, moved the company forward with relentless speed to address everything from hyperconvergence to application-centric infrastructures. To read this article in full or to leave a comment, please click here(Insider Story)

Industry First Micro-segmentation Cybersecurity Benchmark Released

The VMware NSX Micro-segmentation Cybersecurity Benchmark report has been released! As previewed in part six of the Micro-segmentation Defined – NSX Securing Anywhere blog series , independent cyber risk management advisor and assessor Coalfire was sponsored by VMware to create an industry first Micro-segmentation Cybersecurity Benchmark report. Coalfire conducted an audit of the VMware NSX micro-segmentation capabilities to develop this benchmark report detailing the efficacy of NSX as a security platform through a detailed “micro-audit” process, testing NSX against simulated zero-day threats.

Testing included five different network design patterns, and demonstrated how NSX micro-segmentation can provide stateful, distributed,  policy-based protection in environments regardless of network topology. Topologies included –

• Flat L2 network segments
• L2 and L3 networks with centralized virtual or physical routers, representative of typical data center rack implementations built on hybrid physical and network virtualization platform / distributed virtual switch (dVS)
• Networks with connection to other physical servers
• Overlay-based networks using the Distributed Firewalls (DFW) and Distributed Logical Routers (DLR)
• Physical VLAN and overlay-based networks using service insertion technologies running on dedicated VMs (in our case, Palo Alto Networks NextGen FW with Panorama)

Coalfire’s examination and testing of VMware NSX technology utilized simulated exploits that depict likely malware and Continue reading

Russia has previously tried to influence US elections, says spy chief

Russia has tried to influence U.S. elections since the 1960s during the Cold War, U.S. Director of National Intelligence James R. Clapper said Tuesday.It's not clear whether the interference, which has a long history, aims to influence the outcome of the election or tries to sow seeds of doubt about the sanctity of the process, Clapper said in an interview to The Washington Post.The remarks are the closest the U.S. spy chief has come to suggesting that Russia could be involved in recent hacks of Democratic party organizations.To read this article in full or to leave a comment, please click here

Russia has previously tried to influence US elections, says spy chief

Russia has tried to influence U.S. elections since the 1960s during the Cold War, U.S. Director of National Intelligence James R. Clapper said Tuesday. It's not clear whether the interference, which has a long history, aims to influence the outcome of the election or tries to sow seeds of doubt about the sanctity of the process, Clapper said in an interview to The Washington Post. The remarks are the closest the U.S. spy chief has come to suggesting that Russia could be involved in recent hacks of Democratic party organizations.To read this article in full or to leave a comment, please click here

WAN Impairment/WAN Emulator with WAN Bridge

Playing in the lab and want to impair a link with delay or loss?      I use WAN Bridge – its simple and free.

So say I’m testing an SD-WAN brownout/impairment avoidance solution in my lab.  For example, Cisco’s IWAN.  I’m going to need something to impair links with delay or loss.  I like WAN Bridge.  Why?  Because its simple, easy, and free.

There has been one thing I’ve struggled with in the past year about.  Every time I needed an impairment point this burned up 2 NICs on my UCS equipment.  Why? Cause I couldn’t seem to figure out how to load one NIC on a UCS as a trunk port with multiple VLANs on it and have multiple WAN bridges with just 1 trunk on a switch.

So that meant, for a recent CPOC that I was doing, if I really wanted 6 impairment points (red circles in diagram below) I was going to need to eat up 12 NICs on my UCS.

There had to be a better way…..

My friend, David Prall, was convinced it “should” work. I was equally convinced that I had tried it before and Continue reading