Three key challenges in vulnerability risk management

1 asses risk

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Vulnerability risk management has re-introduced itself as a top challenge – and priority – for even the most savvy IT organizations. Despite the best detection technologies, organizations continue to get compromised on a daily basis. Vulnerability scanning provides visibility into potential land mines across the network, but often just results in data tracked in spreadsheets and independent remediation teams scrambling in different directions.

To read this article in full or to leave a comment, please click here

PlexxiPulse—Happy Labor Day!

Wishing you a safe and happy Labor Day from the entire team here at Plexxi. Enjoy the celebrations this weekend!

Below please find a few of our top picks for our favorite news articles of the week. Enjoy!

Enterprise Networking Planet: With SDN, Programmability is the Point
By Arthur Cole
Software Defined Networking (SDN) is the moniker that the enterprise has accepted for the new breed of virtual network architectures abstracted from underlying hardware. But since software involves code, what we are really talking about is programmable networking. That raises a number of questions regarding the ultimate goal of this investment: programmed how? And programmed to do what, exactly? For specialty chip developers like Xilinx, a key function will be workload acceleration. As the enterprise tries to satisfy the twin masters of increased data volumes and demand for real-time data services, the need to quickly navigate through an ever-shifting set of network resources will become paramount.

Data Center Knowledge: Latency, Bandwidth, Disaster Recovery: Selecting the Right Data Center
By Bill Kleyman
In selecting the right type of data center colocation, administrators must thoroughly plan out their deployment and strategies. This means involving more than just facilities teams in the planning Continue reading

Microsoft will release its hackathon help tool to the world

Microsoft is planning to bring its internal tool for running hackathons to the public next year, starting by allowing a few select colleges to test drive it at their own events. It's part of a plan by the company's Garage division to help other organizations get better at handling the administrative side of organizing marathon hack sessions like the three-day-long bonanza Microsoft held in July as part of its Oneweek employee team-building session. Known inside Microsoft as the "Hackathon interactive project site," it was built to help 13,000 employees and interns work on 1,700 projects during the Oneweek hackathon.To read this article in full or to leave a comment, please click here

Ashley Madison still a top lure for scammers and crooks

The Ashley Madison breach has been a Christmas-in-August present for spammers and scammers of all kinds, and your company could be the next target. Here are some scams to watch out for. Phishing There is a significant amount of spam related to the Ashley Madison attack. According to Trend Micro, the most recent Ashley Madison-related phishing campaign offers a link to the "Ashley Madison Client List" but instead infects the user's computer with banking malware, or locks up files until the user pays one Bitcoin, or approximately $235. "Companies should block all Ashley Madison related emails at the email gateway and use URL filtering for all inbound emails for those bulletproof hosts which are disseminating this crimewave," said Tom Kellermann, chief cybersecurity officer at Irving, Tex.-based Trend Micro Inc.To read this article in full or to leave a comment, please click here

New Jobs movie: A quieter, more authentic portrait

This October, Michael Fassbender will join Ashton Kutcher among the actors to have played Steve Jobs. Aaron Sorkin's movie adaptation of Walter Isaacson's biography is one of many dramatizations of the life of Apple's co-founder, who died in 2011.This week sees a quieter yet more authentic release in Steve Jobs: The Man in the Machine, available Sept. 4 in theaters and on iTunes from Magnolia Pictures. Rather than offering a straight biography, Academy Award-winning documentarian Alex Gibney sets out to answer a question: Why were so many people so moved by the death of someone who he describes as "ruthless, deceitful, and cruel"? If we loved products that came from someone also described as incapable of love, what does that say about the man?To read this article in full or to leave a comment, please click here

Use nProbe and ELK Stack to Build a Netflow Solution on Software Gone Wild

How do you capture all the flows entering or exiting a data center if your core Nexus 7000 switch cannot do it in hardware? You take an x86 server, load nProbe on it, and connect the nProbe to an analysis system built with ELK stack… at least that’s what Clay Curtis did (and documented in a blog post).

Obviously I wanted to know more about his solution and invited him to the Software Gone Wild podcast. In Episode 39 we discussed:

Read more ...

Even encrypted medical record databases leak information

A new study from Microsoft researchers warns that many types of databases used for electronic medical records are vulnerable to leaking information despite the use of encryption.The paper, due to be presented at the ACM Conference on Computer and Communications Security next month, shows how sensitive medical information on patients could be pilfered using four different attacks.Researchers discovered the sex, race, age and admission information, among other data, using real patient records from 200 U.S. hospitals.In the light of increasing cyberattacks against the health care industry, the researchers recommended that the systems they studied "should not be used in the context of" electronic medical records.To read this article in full or to leave a comment, please click here

Networking Field Day 10 – Intel

Let me start this out by saying that I was thrilled to see Intel present at a NFD event!  While Intel is well known in the network space for their NICs, they are most well known for their powerful line of processors, boards, and controllers.  Most would argue that this doesn’t make them a ‘traditional’ network vendor but, as we all know, things are rapidly changing in the network space.  As more and more network processing moves from hardware to software the Intel’s of the world will have an increasingly large role to play in the network market.

Check out the following presentations they gave at the recent NFD10 event…

Intel Intro and Strategy

Intel Open Network Platform Solutions for NFV

Intel Software Defined Infrastructure: Tips, Tricks and Tools for Network Design and Optimization

Here are some of my thoughts on the presentations that I thought were worth highlighting…

The impact of software and NFV
Intel made some interesting observations comparing telco companies using big hardware to Google using SDN and NFV.  Most telco companies are still heavily reliant on big, high performance, hardware driven switches that can cost into the 10s of millions of dollars. Continue reading

Review: Rick and Morty

The best sci-fi on television right now is an animated series called Rick and Morty on the Cartoon Network.

You might dismiss it, as on the surface it appears to be yet another edgy, poorly-drawn cartoon like The Simpsons or South Park. And in many ways, it is. But at the same time, hard sci-fi concepts infuse each episode. Sometimes, it's a parody of well-known sci-fi, such as shrinking a ship to voyage through a body. In other cases, it's wholly original sci-fi, such as creating a parallel "micro" universe whose inhabitants power your car battery. At least I think it's original. It might be based on some obscure sci-fi story I haven't read. Also, the car battery episode is vaguely similar to William Gibson's latest cyberpunk book "The Peripheral".

My point is this. It's got that offensive South Park quality that I love, but mostly, what I really like about the series is its hard sci-fi stories, and the way it either parodies or laughs at them. I know that in next year's "Mad Kitties" slate, I'm definitely going to write in Rick and Morty for a Hugo Award.

Five steps to optimize your firewall configuration

Firewalls are an essential part of network security, yet Gartner says 95% of all firewall breaches are caused by misconfiguration. In my work I come across many firewall configuration mistakes, most of which are easily avoidable. Here are five simple steps that can help you optimize your settings:

* Set specific policy configurations with minimum privilege. Firewalls are often installed with broad filtering policies, allowing traffic from any source to any destination. This is because the Network Operations team doesn’t know exactly what is needed so start with this broad rule and then work backwards. However, the reality is that, due to time pressures or simply not regarding it as a priority, they never get round to defining the firewall policies, leaving your network in this perpetually exposed state.

To read this article in full or to leave a comment, please click here

Why licensing wouldn’t work

Would you allow an unlicensed doctor to operate on you? Many argue that cybersecurity professionals, and even software programmers, should be licensed by the government similar to doctors. The above question is the basis for their argument.

But this is bogus. The government isn't competent to judge doctors. It licenses a lot of bad doctors. It'll even give licenses to people who plainly aren't doctors. For example, in the state of Oregon, "naturopaths" (those practicing "natural", non-traditional medicine) can be licensed to be your primary care provider, prescribe medicines, and so on. Instead of guaranteeing "good" professionals, licensing gives an official seal of approval to "bad" practitioners. Naturopathy is, of course, complete nonsense, and Oregon politicians are a bunch of morons. (See the Portlandia series -- it's a documentary, not fiction).

Professions like licensing not because it improves the quality of the profession, but because it reduces competition. The steeper the licensing requirements, the more it keeps outsiders out. This allows the licensed to charge higher fees. This is why even bogus occupations like "hairdressers" seek licensing -- so they can charge more money.

Since different states license different occupations, we have nice experimental laboratory to measure Continue reading

Court: FTC can take action on corporate data breaches

The US Court of Appeals has ruled that the FTC mandate to protect consumers against fraudulent, deceptive and unfair business practices extends to oversight of corporate cybersecurity efforts -- and lapses. But security experts are split about whether the decision will help improve enterprise security. "It is not only appropriate, but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information," said Federal Trade Commission Chairwoman Edith Ramirez in a statement. Specifically, last week's decision allowed the FTC to take action against Wyndham Hotels and Resorts for failing to reasonably protect consumers' personal information between 2008 and 2010, when hackers broke in three times and stole more than 600,000 bank card numbers.To read this article in full or to leave a comment, please click here

Intel promises $50M for quantum computing research

A fully functioning quantum computer is still twelve years off, according to Intel, but the company is already plowing research funding into the field.On Thursday, Intel promised to fund QuTech, a research unit at the Technical University of Delft in the Netherlands, to the tune of US$50 million over 10 years, and to provide additional staff and equipment to support its work.QuTech hopes the partnership will allow it to combine its theoretical work on quantum computing with Intel's manufacturing expertise to produce quantum computing devices on a larger scale.Quantum computers are composed of qubits that can take on multiple values simultaneously, unlike the bits stored and processed in traditional computers, which are either 0s or 1s. This multiplicity of values makes quantum computing, at least in theory, highly useful for parallel computing problems such as financial analysis, molecular modelling or decryption.To read this article in full or to leave a comment, please click here

1 3,290 3,291 3,292 3,293 3,294 3,798