Monthly Archives: December 2016

  • 0

Top 10 Cloud and Security Predictions for 2017

Category : Gigamon

In the coming year, I think we’ll see a number of significant changes with respect to both the public cloud and information security and, thus, would like to offer five predictions for each space.

Top Five Public Cloud Predictions

1. SaaS will be first choice.

People have been talking “cloud” for years. Moving forward, however, I think the conversation is set to become more structured, more specific. As organizations increasingly begin to differentiate Software as a Service (SaaS) from Infrastructure as a Service (IaaS), I foresee SaaS picking up the most steam in 2017. In fact, I think the SaaS space is going to explode with more and more providers offering a larger variety of applications. Enterprises will first look to “SaaS-ify” their on-premise applications and, if unable to do so, will then turn to IaaS, failing which they will fall back to the private cloud.

2. Network visibility to aid the shift.

Traditionally, the move to the public cloud—and IaaS, specifically—was hampered by security considerations and perhaps a lack of equivalent security and monitoring solutions as in the on-premise world. That’s changing today—catalyzed in large part, I believe, by a new generation of visibility tools coming online that enable greater transparency into and security of data-in-motion. This will push organizations to accelerate their plans to take advantage of the elasticity and agility that IaaS offers.

3. “Crown jewels” in the cloud.

Enterprises will also increasingly move beyond using the public cloud solely for test/dev or burst capacity purposes. And again, because they want to benefit from the elasticity and the capacity on demand the cloud has to offer, they will now be looking to leverage IaaS for hosting always-on, mission-critical, Tier-1 applications—aka the crown jewels.

4. Even more data breaches.

Moving the crown jewels into the cloud is a big shift. Unfortunately, it follows that as the data value increases so, too, will attackers’ efforts to gain access to that more lucrative, mission-critical or client-specific information. Enterprises will become subject to more targeted attacks and the number of breaches will rise. On the plus side, I think 2017 will see organizations making security a higher priority, migrating their security platform and tools in parallel with their critical applications.

5. Amazon and Azure to stay on top.

I see an oligopoly in the near future—with Amazon and Azure cementing their roles as the leading IaaS solution providers; IBM and Google becoming secondary IaaS players; and Oracle emerging as a key player in the Platform as a Service (PaaS) space. The remaining players . . . will fade away.

Top Five Information Security Predictions

Security of IoT will become a life-threatening issue.

The IoT devices coming online today range from heart-rate monitors to insulin pumps to automobiles. Think about the potentially life-threatening challenges that can arise—especially when device security has most often been an afterthought. The whole model needs reversing—with security as the top priority.

Increased regulation.

There will be a massive push for increased industry regulation around the security of IoT devices—a problem that will not be solved by asking software vendors to write more secure code. And while I do not believe regulation will come about in 2017, I think the call to regulate will rise significantly.

Shift in security responsibility.

Service providers have historically taken a relatively agnostic view towards security. But as part of the push toward regulation, they will be forced to take a more active role—especially as they are in the best position to do something about security in the world of IoT, and will likely soon be regulated to do so.

Security workflow automation.

In the coming year, the volume of online attacks will outpace the human capacity to address them. As a result, “security workflow automation” will become a new mantra, with organizations clamoring for the ability to eliminate the need for manual intervention to secure systems.

The role of nation states in cyber warfare will change and grow.

In a world that’s been dominated by traditional military might, cyber may become a great equalizing force. Smaller nation states, in particular, will take a more active role, investing in building cyber warfare and intelligence capabilities. No longer does it require a huge army to knock out a national power grid or inflict significant physical damage.

See more at: https://www.gigamon.com/blog/2016/12/14/top-10-cloud-security-predictions-2017/#sthash.B1FjPcey.dpuf


  • 0

Botnets, Insider Threats, and Russian Hackers: Our 2016 Cyber Security Predictions in Review

Category : Imperva

At the end of 2015 we offered several predictions regarding the evolving cyber security landscape for 2016. We’ll be releasing our 2017 predictions soon, but before we do, we thought we’d see how accurate our crystal ball was for cybersecurity in 2016. How did we do? Read on to find out.

1. BoT: The Botnet of Things

Nailed it. One of the biggest cyber security events of 2016 occurred in October, when Dyn, a major DNS infrastructure service, suffered a massive distributed denial of service (DDoS) event affecting Twitter, SoundCloud, Spotify, Shopify, and many other websites. All evidence suggests IoT devices were used to carry it out. Approximately 150,000 devices, infected by freely available Mirai code, were herded by botnet operatives who used multiple attack vectors. Mirai malware infects IoT devices, such as IP cameras and DVRs, using them as a DDoS launch platform.

And the Dyn assault occurred only weeks after a IoT/Mirai event plagued the KrebsOnSecurity website.

2. Rise of the Insider Threat

Nailed it. Internal users—and their compromised credentials—can wreak havoc on an organization’s data security as proven by Verizon’s 2016 Data Breach Investigations Report (DBIR). The report shares that 63% of confirmed data breaches involved leveraging weak, default or stolen passwords—and 70% of breaches involving insider misuse took months or years to discover. Users reusing the same password for many sites and apps, whether personal or business (the “bring your password to work” trend), has only amplified the compromised credentials issue as we head into 2017.

3. Cyberattack on Major Infrastructure

Nailed it. Again the large scale Dyn attack (above) falls into this category, DNS services playing a critical role in the operation of the internet.

Another involves the San Francisco Municipal Transportation Authority ransomware attack. We believe that it was likely collateral damage of a (probably random) ransomware campaign that got out of hand.

There’s also the alleged interference with the US electoral system. In terms of strategic influence, hacks against election results and processes would rank among the biggest, most far-reaching and history-changing attacks of all time.

And although it doesn’t comprise “major” infrastructure, hackers used a DDoS attack to disable the heating in apartment buildings in a town in Finland. Of course, if you’ve ever experienced a Finnish winter, then you know it definitely qualified as major for those apartment dwellers!

4. Contractors Get a Cyber Pat Down

To be determined. Considering some significant breaches from the past happened because of a compromised contractor (Target) and third party firm gaining unauthorized access (JP Morgan), corporations are still taking a look at security in this area. We know of numerous organizations that are helping enterprises qualify the risk posed by contractors and third parties, and many CRO’s in particular who find this to be a pressing issue.

On the cyber insurance front, one firm in the UK says insurance claims for data breaches were made at a rate of more than one a day in 2016. But will an increase in liability/indemnity result in the maturity of the cyber insurance market? That is still to be determined.

5. Subversion of Free SSL Certificates for Malware

Nailed it. Here we were precognizant, in that this prediction came true as our forecast was being issued. As reported in early January by The Hacker News, free Let’s Encrypt HTTPS certificates let cyber criminals infect malware on innocent users’ computers. Trend Micro discovered that, in one example of malware pushed through a phony subdomain using a free certificate, Japanese users were being infected by a Trojan coded to raid their bank accounts.

Percya.com reported another story where WoSign, a large Chinese root certificate authority, had issued bogus certificates on account of a vulnerability. The service let anyone get a certificate for a base domain if they were able to prove authority over a subdomain.
Four (maybe four and a half) out of five. Not bad. What do you think…any examples we missed?


  • 0

Leaked Confidential Memos from Santa Claus re: Riverbed Integration

Category : Riverbed

Recently obtained confidential memos from the North Pole seem to indicate Santa Claus (aka Ol’ Saint Nick, Kris Kringle, Father Christmas, etc.) and Santa’s Workshop Enterprises recently have been experiencing slowdowns in the processing and handling of global requests of gifts, the transmission of Naughty or Nice lists, and deployments of Helper infrastructure. It has been learned, however, that rapid and robust solutions were implemented, designed to eliminate network performance issues, simplify cloud integration, optimize application performance, and the scaling out of branch office infrastructure to reduce bandwidth congestion.

The Santa Memos - leaked memo

Following are several of the obtained CONFIDENTIAL memos between CEO, Santa Claus, and two Elves, Bushy Everygreen and Alabaster Snowball, who were tasked with resolving the crisis in the North Pole and its associated organization and branches.

Editor’s Note: due to the magical nature Santa and his Workshop, forward-looking statements that seem to contradict the space-time equilibrium have resulted in future memos being delivered in the past. We have included past, present, and future writings in order to preserve the storyline.

************************* CONFIDENTIAL *************************
Subject:  Not going to meet our SLA!!!
Priority: Candy Cane RED
Date:     12/2/16
From:     Santa Claus
To:       Bushy Everygreen, Alabaster Snowball
****************************************************************

Guys,

We have a serious issue on our hands! I’m talking bigger-than-the-melting-polar-ice-caps BIG. Children around the world are affected. This is worse than when that storm prevented us from seeing our way and we had to pay double-extra-overtime for Rudolf! And if we can’t get it resolved, Mrs. Claus is going to make me sleep with the reindeer!

Here’s the problem. And…ho, ho, ho…guess what? It’s not just one!

  • Branch Santas—You know all of those mall Santas and their pop-up shops we deploy across the organization to provide good cheer and joy, and who regularly send us updates on required inventory levels? There are so many “wishes” and “I want a…” memos that the requests are being backlogged, lost, corrupted, and simply just not being delivered to us due to network congestionThe Santa Memos - Santa Crest.
  • “Naughty or Nice” data synchronization—Our master data list of all the naughty or nice inputs is overloaded. Parents, teachers, adults, and kids have been sending and updating the lists, but our data repository in the North Pole is not being synchronized well and our failover site in the South Pole has an incredible lag.
  • Package/Packet delivery—We need to have a deeper analysis of package/packet delivery to ensure we are using the most optimized routes for transport of inventory.
  • Cloud scalability—Obviously to support our Branch Santas and Helper workshops, we have relied on the cloud for the past few years to scale up and out during the holiday season and down and in once the 26th rolls around. But this is becoming so complicated now that we have multiple clouds (AWS, Azure, etc.) that our main elf tasked with cloud management has elected to go into early retirement, and much of his team has decided to take early vacations in the Bahamas. We need these cloud integrations nailed down!
  • Transition to SaaS-based “Naughty or Nice” video—As you know, this project was kicked off earlier this year but it’s turning my gray whiskers even grayer! While the initial proof-of-concept seems to work, the videos at the mall kiosks are choppier than Frosty waltzing down a Death Valley road in the summer! We need to get this optimized and fast! 100s of 1000s of parents have tried to watch these videos, but they are getting so frustrated with sub-par performance—with all the lag and latency—the user experience is Grinch-like!

Listen, if we can’t resolve this in the next few weeks, I’m going to turn the whole operation over to Jack Skellington and the Nightmare Before Christmas team.

Not so jolly right now,

SC

************************* CONFIDENTIAL *************************
Subject:  FWD >> Not going to meet our SLA!!!
Priority: Candy Cane RED
Date:     12/2/16
From:     Bushy Everygreen
To:       Alabaster Snowball
****************************************************************

Hey Alabaster!

Holy broken ornaments! Did you see this note from Santa? I knew it was bad, but not THIS bad. We’ve gotta find a solution for all of these items fast! I’m sure our Christmas bonuses (or lack thereof) completely depend on these items getting resolved.

I’ve got some ideas, but it may take weeks or months to get all of this stuff done. And we’d probably have to contract it out to E. Bunny, T. Fairy, Cupid, and those other vendors. Good luck lining them up at this late hour.

Any thoughts?

– Bushy

************************* CONFIDENTIAL *************************
Subject:  RE: FWD >> Not going to meet our SLA!!!
Priority: Candy Cane RED
Date:     12/2/16
From:     Alabaster Snowball
To:       Bushy Everygreen
****************************************************************

Bushy,

Wow! I haven’t seen Santa this upset since that time the sleigh’s engine broke off and there wasn’t enough Christmas spirit going around to fly it without the engine (thank goodness Buddy the Elf was able to save THAT Christmas!).

But don’t get your stockings in a bunch. I have a company in mind with a bunch of solutions that will help us with all of these! Ever heard of Riverbed? Let’s have a quick stand-up meeting to discuss and get their solutions into action!

-Al

************************* CONFIDENTIAL *************************
Subject:  As Discussed – Riverbed Implementation
Priority: Candy Cane RED
Date:     12/3/16
From:     Alabaster Snowball
To:       Bushy Everygreen
****************************************************************

Yo Ho Ho Bushy,

Grab your parka and chill, we’ll totally be able to enjoy the eggnog when we are watching football on the 26th! Those bonuses are as guaranteed as Rudolph’s nose is red, and we’ll make this Christmas Holiday one for the ages. Riverbed has the solutions that are going to be the best presents Santa has ever received. From the best-in-class WAN optimization with SteelHead; the unbelievably detailed application, networking, and end-user visibility with SteelCentral; LUN projections from the North and South Poles to locations throughout the globe with SteelFusion; and the one-stop-shopping and one console complete SD-WAN management with SteelConnect. Like a snowstorm on Christmas Eve that blankets the neighborhood with snow, Riverbed has got us covered.

That Naughty or Nice List will no longer be something to lose sleep over; the Wish List, well, let’s just say I hope the kids got a chance to talk with a Branch Santa, ‘cause we will get the info delivered back to HQ quicker than Santa can gobble down a cookie.

Starting to feel the Christmas joy. I’ll ping you later on the details.

-Al

************************* CONFIDENTIAL *************************
Subject:  Solutions for SLA Problems
Priority: Mistletoe GREEN
Date:     12/5/16
From:     Bushy Everygreen
To:       Santa
CC:       Alabaster Snowball
****************************************************************

Santa,

Before you can utter another “Son of a Blitzen,” we wanted to let you know we aren’t skating on thin ice any more with those SLA issues you discussed. Much like your jolly belly, we are currently implementing a well-rounded set of solutions from Riverbed. We know you’ve said your beard and whiskers can’t get any grayer, so have another mug of hot chocolate with extra marshmallows! The Naughty meter is trending positively toward the Nice threshold.

We have a full sweet…er…suite of Riverbed solutions being deployed. Alabaster will fill you in soon with all of the sugary details!

– Bushy

************************* CONFIDENTIAL *************************

Subject:  Progress Report on SLA Solution Implementation
Priority: Mistletoe GREEN
Date:     12/9/16
From:     Alabaster Snowball
To:       Santa
CC:       Bushy Everygreen
****************************************************************

Santa,

No polar ice-caps are going to melt this year!

We’ve got the Riverbed solutions rolling out across the globe right now. In a roasted chestnut shell, here’s what we are looking at:

Branch Santas—They are using SteelHead Mobile on their laptops and sending the inventory and wish list data to Office 365 via SteelHead SaaS. The Branch Santas are merry! We are saving money with less bandwidth usage, and no more network congestion. We are also rolling out SteelConnect to our entire WAN topology, including the Branch Santas. SteelConnect is the SD-WAN solution that will make it so easy to manage our WAN connections (even from the sleigh) and enable us to cancel those costly MPLS connections, which will also be a money saver.

“Naughty or Nice” data synchronization—We installed a SteelFusion Core in both the North and South Poles as well as our datacenter in the Midwest. SteelFusion Sync is keeping the Naughty or Nice List mirrored between the sites. If a blizzard knocks down the North Pole site, we’ll have the Naughty or Nice list ready to go in a flash. It truly is syncrolicious!

Package/Packet delivery—The SteelCentral solution has given us complete visibility into what is going across our global networks. Aternity lets us know what the end-user experience is like for the Branch Santas, the APM side of SteelCentral lets me know when our apps are naughty or nice, and the NPM alerts me if there are any issues with the networks (e.g., remember last year when Blitzen took out our Satellite office in Paris and we didn’t know about it until we got all those calls from the French team? Side note, what was he doing down there in July anyway?).

Cloud scalability—As much as the reindeer like to be up in the clouds, so does Riverbed. They have been spinning up their solutions in the AWS and Azure cloud portals as quick as you can say, “Ho-Ho-Ho, Merrrrrry Christmas.” There are cloud SteelHeads, cloud SteelFusion Edges, cloud SteelConnects and one of the newer cloud solutions we jumped right on was SteelCentral. Riverbed’s cloud solutions are making the transition to the cloud smooth and seamless. I was glad when you sent the reindeer team to fetch Pepper Minstix and his cloud management team back from the Bahamas last week.

Transition to SaaS-based “Naughty or Nice” Video—The Naughty or Nice Video at the mall kiosks, “How to Tell if Your Kids Have Been Good or Bad” are working splendidly. The video content before we implemented the Riverbed solution had all the common digital delays and jitter of unoptimized Internet video. We moved the movies to Office 365 Video and with SteelHead Web Proxy and a SteelHead Controller, we are now able to cache the entire ‘good or bad’ video locally, eliminating all the lag and latency common to video delivery. Veryyyyyy Nice!

-Al

************************* CONFIDENTIAL *************************

Subject:  12th Day of Christmas All Company Update
Priority: Mistletoe GREEN
Date:     12/12/16
From:     Santa
To:       All
****************************************************************

Team,

As many of you probably already know, this year’s Christmas ran the risk of being outsourced to our “friends” at The Nightmare Before Christmas Corp. With rosy cheeks, I’m jolly to announce that this will NOT be happening. Thanks to the diligence of Alabaster Snowball and Bushy Evergreen, we are in the process of implementing several Riverbed solutions to resolve our pressing Christmas infrastructure needs.

This reminds me of a song… “On the 12th Day of Christmas my elves gave to me—Riverbed Technology!”

Briefly, for those of you not familiar with Riverbed and the solutions it provides, let me give you all a summary. Riverbed makes applications, websites, networks, datacenters, the cloud, and remote offices work optimally. And it couldn’t be a better fit for our global organization. We are rolling out several of their solutions to prevent our current infrastructure issues from snowballing. In fact, as of right now, we are freezing all previous IT implementations in order to ensure the Riverbed integration has top priority.

As you contact the various branch Santa organizations, please inform them all IT will be centralized through the North Pole and they should expect current hardware to be integrated and connected through HQ in the coming days. All updates to policies will be managed centrally and deployed out to branches at once.

Also, please expect the Naughty & Nice SaaS to be reflecting a much faster performance and better usability as we optimize connectivity to that cloud service.

Lastly, we will be implementing a complete disaster recovery solution with the South Pole, including redundant failovers, with data replicated to our datacenter in the Midwest United States (see below).

Ho, Ho, Ho! I’m feeling quite a bit merrier with all of this underway! Remember to work hard and don’t worry about the technology! The solutions we are using are as solid as my footing on an icy rooftop! Have you ever seen me slip?

Jollyfully yours,

SC

************************* CONFIDENTIAL *************************
Subject:  Final Status update – All systems GO!
Priority: Mistletoe GREEN
Date:     12/23/16
From:     Alabaster Snowball
To:       Santa
CC:       Bushy Everygreen
****************************************************************

Santa,

Just wanted to let you know that you are in no danger of spending the evenings with the reindeer. We have rolled out the Riverbed solutions and have solved all the issues that almost caused a Christmas to be missed.

We now have SteelHead for optimization, SteelFusion for LUN projecting and data center syncing, SteelCentral for complete visibility into our applications, networks and end-user experiences and we are also rolling out the best SD-WAN solution in the market as well, SteelConnect. SteelConnect keeps us nimble, giving us the ability to set up auto VPNs and by having one intuitive and easy-to-use interface. Those elves that were stuck working on our old WAN hardware doing CLI commands all day can be trained to work on Artificial Intelligence (AI).

No Santa, we aren’t looking to replace you—think about the financial benefits of being able to more accurately predict inventory needs with AI.

I see some cost savings coming down the chimney!

-Al

************************* CONFIDENTIAL *************************
Subject:  Merry Christmas & Happy Holidays
Priority: Mistletoe GREEN
Date:     12/25/16
From:     Santa
To:       All
****************************************************************

Mission accomplished! It was an ever-magical day of presents and joy delivery! In fact, everything went as smooth as ice!

Thanks to the successful Riverbed implementation, we had full network performance for package/packet delivery, all Santa branches were running the same policies, the Naughty and Nice lists were quickly replicated and shared across the organization, our cloud connectivity scaled up and out to meet demand, and the overall user experience was joyous!

In fact, I have told Mrs. Claus to remind me to put an extra gift under the tree next year for all of those hard-working Riverbed elves. They made our work easy this year and in the years to come!

Enjoy your vacation, team! Don’t get sunburned!

Magically yours,

SC

************************* CONFIDENTIAL *************************

Subject:  Post Mortem
Priority: Mistletoe GREEN
Date:     12/26/16
From:     Alabaster Snowball
To:       Santa
CC:       Bushy Everygreen
****************************************************************

WOW! That was an awesome Christmas!

With all the Riverbed solutions in place, we not only saved Christmas, we streamlined it. The Naughty or Nice list did not suffer from lag or latency and is now continuously synchronized, the good or bad videos at the kiosks ran without a glitch, The Wish lists did not get bound up in the network, and we did not have any problems with delayed delivery. And to top it all off, we now have complete visibility into the network, an awesome SD-WAN solution in place, and we are ready to successfully embark on cloud projects in AWS and Azure.

Santa, with our Riverbed solutions in place, the future is so bright, I think I gotta wear shades!

After your nap, stop by for some eggnog. Bushy and I are watching some football and celebrating the best Christmas ever.

WISHING YOU ALL A HAPPY HOLIDAY & PROSPEROUS NEW YEAR FROM RIVERBED!


  • 0

Maximize your Team’s Time and Talent

Category : McAfee

Enterprises are realizing that fragmented and siloed security and IT infrastructure is not up to the task of detecting and correcting the complex and persistent threats that endanger their operations. Intel Security encourages an optimized security operations model that makes it easy to integrate security solutions and threat intelligence into day-to-day processes.
The Intel Security optimized security operations platform helps apply threat intelligence and bridge operational silos to reduce complexity and improve operational effectiveness.
As a platform it provides integrated, adaptive, and orchestrated intelligence and response capabilities.
Read this white paper to learn more about:
◾How to evaluate your security operations organizational maturity.
◾The importance of integration in accelerating time to results.
◾How to triage using behaviors, proven rules, and risk scores.
◾Increasing accuracy using behavioral analysis
◾Adopting a modular approach to platform optimization for best fit in your enterprise.

  • 0

Ransomware Attacks Spike Globally in November’s ‘Most Wanted’ Malware List

Category : Check Point

Ransomware attacks continued to rise worldwide during November, according to the latest monthly Global Threat Index from Check Point’s Threat Intelligence Research Team.   Ransomware attacks using the Locky and Cryptowall variants both increased by 10% in November from the previous month.

The research team found that both the number of active malware families and number of attacks remained close to an all-time high, as the number of attacks on business networks continued to be relentless.  For the first time, the Locky ransomware was the No.1 malware family in the largest amount of countries (34 worldwide) compared to Conficker, which was the top malware in 28 countries, and Cryptowall in 10 countries – highlighting the growing threat posed to corporate networks by ransomware.

Even so, Conficker retained its position as the world’s most prevalent malware, responsible for 15% of recognized attacks because of its wide distribution.  Second-placed Locky, which only started its distribution in February of this year, was responsible for 6% of all attacks and third-placed Sality was responsible for 5% of known attacks. Overall the top ten malware families were responsible for 45% of all known attacks.

The fastest-growing malware observed during November was the Ramnit banking trojan, which entered the top 10 ranking for the first time at No. 6.  It more than doubled its infections, and was mainly seen in Turkey, Brazil, India, Indonesia and the U.S.   Ramnit is used to steal banking credentials, FTP passwords, session cookies and personal data.

For the eighth consecutive month, HummingBad remained the most common malware used to attack mobile devices.


  • 0

IDC MarketScape: Worldwide Email Security 2016 Vendor Assessment

Category : Forcepoint

Forcepoint™ Named as a Leader in Worldwide Email Security

IDC MarketScape has identified Forcepoint as a Leader in its IDC MarketScape: Worldwide Email Security 2016 Vendor Assessment.1

Their assessment was clear: “Forcepoint is in the Leaders category due to their broad range of features and services options.”

IDC identifies integrated Forcepoint products that deliver extremely effective email security to our customers: “Forcepoint uses their ThreatSeeker™ Cloud, ACE threat detection and Spamhaus technologies to improve their messaging product so they can provide a guarantee 99% block rate.”

Put the power and innovation of Forcepoint’s industry-leading technology into your security posture.

Read an Excerpt of the Report Now!


  • 0

Top Reasons Why Big Data Analytics is the Heart of the Digital Transformation

Category : NetApp

Digital transformation is reshaping the way we do business across all industries. Already today, organizations are focussing on delivering new classes of applications, such as Internet of Things (IoT), Virtual Reality or Artificial Intelligence. All of these applications have one thing in common: they require big data analytics. By 2020, IDC is predicting that 50% of the G2000 companies will see the majority of their business depend on their ability to create digitally-enhanced products, services and experiences.

Big data analytics is the heart of the digital transformation. It provides the ability to analyse data quickly and to transform it into an action plan, in order to get better insights, to take faster and more accurate decisions, and ultimately have a valuable competitive advantage. Advanced analysis grants businesses more of an insight into any organization and production processes, customers and markets. For a successful digital transformation journey, companies need to establish new ways of leveraging and monetizing on data For that, data analytics need to be embedded in all new apps.

It is therefore not surprising that by 2019, 40% of IT projects will create new digital services and revenue streams that monetize on data. Data has indeed become the new currency of the digital economy.

The need for getting better insights into one’s data is happening across all industries and verticals:

  • Finance: Data analytics further improve customer experience and security to help protect and grow customers’ financial assets now and in the future.
  • Hospitality sector: Data analytics improves processes and increases customer intimacy, target promotions and conduct pricing experiments.
  • Manufacturing: Data insights improve security and increase product performance by streamlining the supply chain.
  • Insurance sector: Firms are using analytics to underwrite policies, enabling better pricing and reshaping the companies risk portfolios.

While data analytics is the heart of the digital transformation, storage is the heart of any data analytics solution and here is why: High-performance storage ensures that analysis tools can access data quickly. A solid storage foundation is necessary for the success of any data analytics project. If the foundation is shaky, the entire performance, security and, ultimately, the success of the project, will be affected. For this reason, it is worth paying special attention to storage – right from the start.

In order to exploit data fully, users need the ability to leverage data wherever it resides and apply analytics to it. Analytics tools such as Splunk provide an open platform that can access other data stores, including Hadoop. and make data in Splunk available for accessing and sharing across the organization. In order to realize top performance from Splunk—especially for ingesting and searching data fast—you require a corresponding fast, available, scalable storage platform. NetApp storage solutions for Splunk ensure that you can do faster Splunk searches while making Splunk deployment simpler, easier, and more scalable. Also Hadoop benefits from NetApp solutions by running jobs faster with higher throughput while using less capacity.

To learn more on how your organization can benefit more from your data analytics deployment by leveraging NetApp storage solution, I urge you to visit NetApp.com/BigData or read the white paper below, Data Analytics for a Successful Future.


  • 0

Infrastructure optimized for Docker & DevOps at HPE Discover London 2016

Category : HP Security

Kai Wai Leung, Solutions Product Management at HPE, and Dan DeFolo, HPE Senior Software Engineer, discuss how to optimize your infrastructure for Docker deployments and DevOps. This is the full session of Pick up the pace with infrastructure optimized with Docker and DevOps filmed at HPE Discover London 2016.

 


  • 0

Combat today’s threats with a single platform for app and data security

Category : Imperva

Read Combat Today’s Threats with a Single Platform for App and Data Security and learn how to protect web applications and sensitive data across the enterprise and in the cloud.

Employing a practical approach, this paper guides you through four simple steps to discover, assess, protect and monitor access to sensitive data.


  • 0

How the “12 Days of Christmas” Create Headaches for Cybersecurity Teams

Category : Forcepoint

On the first day of Christmas, our sales guy gave to me: A network-crushing phishing scam exploit.

On the second day of Christmas, the finance department gave to me: Two ransomware shutdowns, and another phishing scam exploit.

On the third day of Christmas, the CEO gave to me: Three botnets spamming, two more ransomware shutdowns and yet another phishing scam exploit …

OK, you get the picture by now: If it’s the holidays, your cybersecurity team members may be asking for lots of Advil in their stockings. This is the season, after all, when your executives, middle-level managers, staffers, contractors and other authorized users are often working remotely and multitasking to get everything done before the winter break. Many, of course, are also surreptitiously shopping online on company-owned computers: Two-thirds of employees said they holiday shop online while on lunch breaks, according to a recent survey from Robert Half Technology. Two of five do so on work-issued computers and, worse yet, 55 percent said their employer has never provided to them any information/training about the security risks of such activity.

In other words, it’s hardly a “holly, jolly” time of the year for beleaguered cybersecurity teams, thanks to the ever-present “accidental insider threat” – employees and additional users who harbor no malicious intent, yet invite network/data compromises through their own ill-conceived and frequently careless behaviors. In fact, accidental insiders account for more than one-half of internally caused breaches, according to Forrester.

So who are these people and what sort of activity do you need to monitor? In keeping with the seasonal theme here, we’ll present the following “12 Accidental Insiders” of the holidays, as broken down into four classic categories:

1. Convenience Seekers

Description: They’re typically not “bad” employees. They’re just constantly in a rush, saddled with lots of responsibilities and tasks. Yet, in trying to be productive and accountable, they let their guard down. They include people like …

Sarah in R&D. She’s looking forward to a “Caribbean for Christmas” destination vacation. But she also wants to do work on the plane. So she copies a dozen docs onto her USB drive. Oh, and she bought the drive used from an unfamiliar online vendor to save a few bucks. And, yep, it’s infected.

Bob the senior salesman. Because he’s always on the road – especially as he looks to discount-sell a ton of inventory before the end of the calendar year – Bob can’t get enough of cloud-based storage services to share daily lead sheets with his team. Even services which aren’t authorized by IT.

Tom in auditing. Tom travels all the time, going to regional and international office locations to examine the books. He lives on public Wi-Fi at airports, hotel lounges, etc. And he never bothers to assess the trustworthiness of the source of his connectivity – he’s just happy to log-on!

2. Know-It-Alls

Description: They’re somewhat tech-savvy – to the point where they believe cyber mistakes are something “other people do.” Here are three of them …

Evan the HR director. He “reads up” on the latest threats, and thinks he can “see” them incoming before they strike. He considers himself a self-taught expert on the topic. Which is why he ignores recommended, baseline precautions from IT, such as activating device encryption or routinely changing his passwords.

Suzy the chief marketing officer. When ad campaigns kick up in December, there isn’t a “latest, greatest” gadget or app that Suzy doesn’t crave – regardless of the vulnerabilities they could bring to the network.

Corinne in customer relations. Corinne firmly believes that the best way to understand customers is to be one. So from Cyber Monday to Christmas Eve, she’s using her work-provided tablet to “shop ‘til she drops,” grabbing every online holiday coupon she can find – even its from an untrusted or unsecure source. If IT sends a company-wide email warning about these sites, she smirks and presses “delete” without calling up the message.

3. Entitled Ones

Description: These folks load up on “privileged user” accommodations. It makes them feel important. Cyber crooks agree that they are, and seek out Entitled Ones as highly valuable targets.

Ingrid in IT administration. There’s no “getting away” for Ingrid, particularly when she’s receiving help desk requests while traveling to see family members during the holidays. She’s so responsive to the requests that she doesn’t always check out the source – a perfect setup for hackers who social-engineer via bogus “emergency” SOSs.

Steve the social media guru. Steve essentially serves as the official “face” of the franchise, posting the latest company news on all of the social media sites – even the ones which are prime attack zones.

Christine the closer. When the deal needs to get done, Christine delivers like no one else. She’ll go anywhere, anytime to “bring that M&A home,” while keeping her laptop in open view for anyone to lurk (or swipe) when she’s in an airport terminal or coffee shop. This is quite risky at this time of year, given the annual spike in travel.

4. Untouchables

Description: These execs and board members are at the top of the corporate food chain. Because they “call the shots,” they’re not about to let IT tell them what to do. They may remind you of bigwigs like …

Caroline the COO. Caroline hops on the company plane and grabs the nearest smartphone to make decisions “on the fly.” She takes pride in making tough “gut calls,” so caution be damned. That goes for her devices too, which are rarely secured.

Henry the board chairman. For Henry, “work stuff” and “personal stuff” all blur into one, so he uses the same, suspect service for business and private emails. Crooks looking to steal proprietary corporate data appreciate this, because Henry makes their job so much easier.

Dan the CEO. The top sets the tone, doesn’t it? Unfortunately, Dan pushes the troops to “deliver big – whatever it takes” to meet end-of-year goals. Consequently, he dismisses the CISO’s timely warnings about heightened risks this month as baseless “Chicken Little panic attacks” which simply “get in the way of business.”

So deck the halls, make preparations for the office party and otherwise enjoy the celebrations. Our Accidental Insider summaries here aren’t intended to put a damper on festive spirits. They’re presented as hypothetical but very realistic “people scenarios” to watch out for, because there’s always a “cyber-Grinch sliding down the chimney” somewhere. By identifying, anticipating and preventing threat-inviting behaviors, you ensure that the holiday season is a memorable – and safe – one.


Support