0

Facebook’s Threat Intelligence Sharing Potential

Enterprise organizations are actively consuming external threat intelligence, purchasing additional threat intelligence feeds, and sharing internally-derived threat intelligence with small circles of trusted third-parties.  Based upon these trends, it certainly seems like the threat intelligence market is well- established but in this case, appearances are far from reality.In my humble opinion, threat intelligence consumption and sharing is extremely immature today with the market divided by a few haves (i.e. large banks, defense contractors, large IT vendors, intelligence agencies) and a large majority of have-nots – everyone else.This immaturity is illustrated by some recent ESG research (note: I am an ESG employee).  A panel of cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees) were asked to identify weaknesses associated with their firm’s threat intelligence consumption and sharing programs.  The data indicates:To read this article in full or to leave a comment, please click here

0

Securing the enterprise digital footprint

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

In late 2007, AOL security researcher William Salusky and his team discovered one of the first reported instances of malvertising -- a digital ad running on aol.com had been configured to serve up malware to unsuspecting visitors. This turned out to be the beginning of a new era where attackers use a company’s digital footprint (web infrastructures and mobile apps) to distribute malware and commit fraud.

For security teams, protecting the digital footprint, which resides outside the firewall, poses three distinct challenges. Namely, securing assets you know about, securing assets you don’t know about (like those created by someone within the organization or by an authorized third-party), and identifying rogue assets that are impersonating the organization’s brand or sub-brands.

To read this article in full or to leave a comment, please click here

0

Securing the enterprise digital footprint

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.In late 2007, AOL security researcher William Salusky and his team discovered one of the first reported instances of malvertising -- a digital ad running on aol.com had been configured to serve up malware to unsuspecting visitors. This turned out to be the beginning of a new era where attackers use a company’s digital footprint (web infrastructures and mobile apps) to distribute malware and commit fraud.For security teams, protecting the digital footprint, which resides outside the firewall, poses three distinct challenges. Namely, securing assets you know about, securing assets you don’t know about (like those created by someone within the organization or by an authorized third-party), and identifying rogue assets that are impersonating the organization’s brand or sub-brands.To read this article in full or to leave a comment, please click here

0

Tips for protecting your business against cyber extortion

CrytoLocker is malware cyber criminals use to encrypt the contents of a computer until users pay up.But that's only one type of cyber extortion, according to Tim Francis, enterprise cyber lead at Hartford, Conn.-based insurance company Travelers.Criminals can also threaten to shut down computer systems or erase data, to infect a company with a virus, to publish proprietary information or personally identifiable information of customers or employees, launch a denial-of-service attack, or hold social media accounts hostage.Criminals can also start the attack first, and refuse to stop until the money is paid.MORE ON CSO:Lost in the clouds: Your private data has been indexed by Google It's no longer just a lone disgruntled employee targeting a single company, Francis said. CryptoLocker is just one example of how cyber extortion technology has been commodified, making it accessible to a wider variety of criminals.To read this article in full or to leave a comment, please click here

0

Skipping the Hype Cycle

Sipping from the firehose is a big problem in the tech industries. Every time I turn around there’s yet another new technology to make everything better. If you can’t quote rule 11, you need to learn it by heart. Now. I’ll wait right here while you do the memorization thing.

So — why the hype cycle? Essentially, it comes down to this: we’re emotionally driven creatures. Advertisers have known this for years; to wit —

On average, consumers are exposed to more than 5000 advertisements per day. Among those 5000-plus advertisements, only about 12 will make an impression on the average consumer. How can your business stand out among the clutter? Whether you are a Fortune 500 company or a recently funded startup, the best way for your business to stand out is by building emotional connections with your audience. Your business needs to acknowledge that selling a product is no longer enough. Now it’s all about the experience you provide with it. This experience is dependent on your ability to trigger the right emotions, from the right audience, at the right time. via entrepreneur

Mark the last words in that quote: it’s about selling an experience, rather than a Continue reading

0

Response: Snappy for Whitebox Switches | Ubuntu Insights

Ubuntu announces a version for devices, Penguin Computing uses it for network operating systems

The post Response: Snappy for Whitebox Switches | Ubuntu Insights appeared first on EtherealMind.

0

6 Things You (Maybe) Don’t Know About Ansible

Ansible is a very flexible and extensible automation tool, and it can be used in a lot of different environments that may not fit your preconceived notions of Ansible as an SSH-based tool to configure Linux and Unix systems. Here are a few other things you can do with Ansible, and a few ways to further customize and configure how your automation works. I hope these tips are useful! If you have any of your own to share, feel free to send us a tweet @ansible!

1. Ansible can be used to manage more than just servers

Most Ansible playbooks are used to configure and manage servers. Web servers, database servers, and so on. But anything with an SSH interface or an API can be managed with Ansible, too. For example we have modules to talk to cloud platforms, Citrix NetScaler and F5 load balancers, and other networking equipment. These modules are really helpful for tasks like multi-server rolling upgrades or other complicated orchestration tasks that need coordination with your broader networking environment.

You can also implement custom connection plugins for those really weird or legacy devices. There are a number of lesser-known ones shipped with Ansible, including Continue reading

0

Dell’s DSS Unit Bets on the Not-Quite-Hyperscale Data Center

Beyond Google and Facebook, Dell sees an important 'second wave' of hyperscale demand.

0

Traditional IT And The Road To DevOps

An IT team at a telecom operator decided to shift away from its highly manual processes and move towards a DevOps model. Here's what happened.

0

Response: Arista EOS & Quality

This video from Ken Duda at Arista is, perhaps, the best explanation of Arista’s success with customers. As an engineer, I found this talk inspirational. No bonuses for hitting ship dates. This avoids “good enough” code getting shipped. Sure there are money problems associated with this but Arista believes quality is better. You write the […]

The post Response: Arista EOS & Quality appeared first on EtherealMind.

0

New products of the week 08.24.2015

Products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Cirba support for NetApp storage solutionsKey features: Through integration to NetApp OnCommand Insight (OCI), Cirba provides organizations with better visibility into storage utilization vs. actual VM requirements and can optimize VM placements in order to balance demand across storage resources. More info.To read this article in full or to leave a comment, please click here

0

Stretching the Container Metaphor

The Docker/shipping container metaphor is overdone. I don’t think people have fully thought through what it might mean if containers do the same thing to computing as they did to shipping. Are we prepared for hipsters taking over derelict data centers?

There is an unpublished rule that all Docker articles must be accompanied by a picture of shipping containers. Forbes is a particularly egregious offender. I don’t know if it’s the work of a serial offender sub-editor, or if it’s a company-wide policy. I suspect the latter.

Then there’s the DC2 Desktop Container Computer Kickstarter campaign:

(I must admit I do like this one)

But what happened when shipping converted to using containers? Consolidation of ports, dramatic reduction in required labour force, leading to waterfront dereliction. Years later cities re-discovered their waterfront spaces, leading to redevelopment & gentrification.

Wharfs went from this:

(Image from State Library of South Australia, CC license)

To this:

(Image by David Dixon, CC license)

To be re-born as this:

(Image from Wikimedia Commons, CC license)

So does that mean that our data centers will go from this:

(Image from Intel Free Press, CC license)

To this:

(Image from Wolfgang Stief, CC license)

To Continue reading

0

How Long Will that Webinar take?

One of my readers wondered how long my NFV webinar is supposed to take (and I forgot to add that information to my web site), so he sent me this question: “How long is this webinar? An hour? Two hours? If it says "webinar" does that imply a 60 minute duration, so I shouldn't ask?”

Short answer: live webinar sessions usually take between 90 minutes and 2 hours depending on the breadth of the topic, however…

0

Alcatel-Lucent BGP configuration tutorial. Part 1 – basic eBGP, iBGP

When we say Service Provider, we imply BGP and when we say BGP, we imply Service Provider. There is no way I would leave you without covering configuration steps for one of the most versatile, scalable and robust internet protocols also known as BGP. And here it is – BGP configuration guide for Alcatel-Lucent Service Routers. As

0

Intel and Mirantis Have a $100M Plan for OpenStack

Intel throws its weight behind OpenStack for the enterprise.

0

From CLI to API at Networking Field Day

The industry is in a shift from the CLI to the API, from manual to automated, and from closed to open. While some vendors just say they have an API, some provide libraries and tooling to make it easier to consume their APIs. This post specifically highlights open source code that is publicly available on GitHub by vendors that participated in Networking Field Day 10.

Please realize this is not an extensive list, but only what is relevant to the specific products covered in the sessions at Networking Field Day. In order of their presentations…

Cisco

The APIC-EM, used as part of the IWAN solution, has a full REST API. No SDK or libraries were mentioned, but it doesn’t seem like it’s officially shipping yet anyway — more details can be found here on the APIC-EM.

Big Switch

Both of Big Switch’s controller platforms have complete REST APIs. You can find some code examples here: https://github.com/bigswitch/sample-scripts/tree/master/bcf/webinar

Riverbed

Riverbed also talked quite a bit about their APIs across the SteelHead product suite. You can find plenty of Python libraries on their GitHub page. You can get started here: https://github.com/riverbed/steelscript

Gigamon

Gigamon also released REST APIs so that users can Continue reading

0

Torrent trackers bring down the ban hammer on Windows 10 users

Even before Microsoft’s updated Privacy Statement and Services Agreement kicked in on August 1, privacy advocates from the European Digital Rights group warned the new privacy policy was “bad news for privacy.” Then Windows 10 default settings proved to be skewed toward spying on users by default. The fact that users are opted in unless they take steps to opt out is so bad for privacy that people who do not normally bother to read Microsoft’s Services EULA (end-use license agreement) started doing so.To read this article in full or to leave a comment, please click here

0

Network latency and its effect on application performance

We’ve talked about network latency several times in previous blog posts. Today, let’s drill a bit deeper on that topic, and

0

iPhone 7 Rumor Rollup: Think fast, think pink and think small

Time’s a-ticking, and we’re getting closer and closer to what is almost certainly the launch of the iPhone 6S and 6S Plus, though not the iPhone 7. The latest leaks, reported by Chinese website Daliulian, say that the new models to be revealed on September 9 will be available in a metallic pink finish for the first time. Reese Witherspoon’s character from Legally Blond ought to be thrilled.Whether others will be so thrilled with the new color option, and the new devices themselves, is a point of surprising importance as Apple’s stock price took an uncharacteristic nosedive on news that the Chinese smartphone market – second-largest in the world - dropped substantially in the second quarter.To read this article in full or to leave a comment, please click here

0

Jumping into SDN

Intro Dr. Seuss said "The more that you read, the more things you will know. The more that you learn, the more places you'll go".