HPE Publishes Cybersecurity Business Primer

While largely shorthanded and underfunded, cybersecurity professionals defend against the escalating threat environment on a daily basis [http://wp.me/p2FWwi-1vF], but apparently there is a significant knowledge gap when it comes to business leaders, according to Chandra Rangan, Hewlett Packard Enterprise. This gap became apparent in ongoing discussions with business leaders, he told IT Trends & Analysis, as did a second cybersecurity truism: the attacker — i.e. organized crime, corporate espionage, hacktivism, cyber warfare/terrorism, and those just looking for pure monetary gain — only has to be right only once. The potential victim has to be right every time. “There’s a lot of truth to that… but business leaders ask is this a bottomless pit…?” To help address this, HPE has released “The Business of Hacking,” [http://finance.yahoo.com/news/hewlett-packard-enterprise-uncovers-inner-114500307.html], a cybersecurity primer for business leaders that analyzes ‘the motivations behind the attacks adversaries choose to pursue, and the ‘value chain’ illegal organizations have established to expand their reach and maximize profits.’ The report also offers a gameplan on how to mitigate risk through disruption of these adversary groups. The bad guys — adversaries — fall into multiple categories, but the biggest threat appears to be coming from criminal organizations, said Rangan. “Hackers are not criminals… but criminals are becoming hackers.” There are certain kinds of attack you can protect against and other kinds that you can’t. “But for the most part, businesses are being hacked by criminal organizations.” Although HPE says a broad response is required — from regulators and law enforcement, in addition to enterprise security leaders — the adversaries are frequently creating a formalized operating model and ‘value chain’ that is very similar to legitimate businesses in structure, and delivers greater ROI for the cybercriminal organization throughout the attack lifecycle. This evolution is much more understandable by business professionals, said Rangan. “This businesses can understand.” And it offers an opportunity to “take away the easy, low-hanging fruit” that criminals tend to prefer, he added. According to HPE, the critical elements to the attackers’ value chain models typically include: -Human Resources Management – includes recruiting, vetting and paying the supporting ‘staff’ needed to deliver on specific attack requirements; the skills-based training and education of attackers also falls within this category; -Operations – the ‘management team’ that ensures the smooth flow of information and funds throughout the attack lifecycle; this group will actively seek to reduce costs and maximize ROI at every step; -Technical Development – the front-line ‘workers’ providing the technical expertise required to perform any given attack, including research, vulnerability exploitation, automation, and more; -Marketing and Sales – these teams ensure that the attack group’s reputation in the underground marketplace is...

Read More

Don’t Be A Victim: Defending Against Ransomware

Ransomware should be scaring us more than it is. It is becoming increasingly invasive, increasingly common, and they aren’t just attacking individuals and small businesses anymore they are attacking hospitals and law enforcement agencies (who apparently don’t follow their own “don’t pay blackmail advice”). It won’t be long until we can measure these attacks in lives lost. One successful attack at a critical time during the normal operation of a hospital could deny patents timely medication or force mistakes that could easily cost lives. There, of course, is the common advice not to pay these financial terrorists (and likely not long before they are classified as such) but this is typically from folks that aren’t faced the choice of paying or being out of business. Read more at http://www.tgdaily.com/enterprise/154876-dont-be-a-victim-defending-against-ransomware NOTE: This column was originally published in the Pund-IT...

Read More

Lessons for IT: Learning from Others’ Mistakes

Learning from mistakes committed by other people is the foundation of observational intelligence. The concept is embedded in numerous religious texts, with examples commonly cited from the Bible (Old and new Testaments), Quran, Upanishads, Sutras and Bhagavad Gita, to name but a few. It’s also part of the core curriculum for traditional grandparenting, as in, “Just because your friends (insert moronic or self-destructive behavior), you don’t have to do it, too.” Given that rich history, it’s unsurprising that the concept continues to resonate and offer lessons, even for those in the most modern confines of business and information technology (IT). Here are four recent examples worth considering. To read the complete article, CLICK ON AUTHOR’S BYLINE NOTE: This column was originally published in the Pund-IT...

Read More

EMC World – a familiar new song (includes video)

Last week was EMC World, one of the big shows of the year. As many of you will know I prefer to let a little time pass before contributing my thoughts to the blogosphere, simply to let the Kool Aid evaporate somewhat! Of course, it was something of a strange installment of this event — it is presumptively the last one as the Dell spaceship loomed large and ready to take the EMCers back to the [integrated] future. And yet it was still EMC World; so, while it started a bit like a great band doing a cover of a song it had to do but didn’t really know, pretty soon it settled into a familiar rhythm — bold statements, touches of humor, extensive announcements and a bunch of busy-ness happening all around… Before I get to some specific takeaways, take a look at the ESG On Location video that some of my colleagues and I pulled together in Vegas to give a taste of the event: To read the complete article, CLICK ON AUTHOR’S...

Read More

Psycho query: qu’est-ce que c’est?

Any Talking Heads fans reading this blog? Take any French classes in high school? No? Nevermind then. I get asked a lot about SQL on Hadoop, and I know what you’re thinking: “this guy must have the coolest friends and the go to all best parties.” And you’re right, I do. Lenny Kravitz by a rooftop pool in Vegas. Fitz and the Tantrums. Duran Duran. The Astoria Middle School Marching Band on Loyalty Day. (10-year old daughter with a shiny new flute…) What were we talking about? Oh right — how do you find the important and relevant information you need in a very random data lake? You use SQL on Hadoop. Way easier for the average user than trying to code up the same functionality in MapReduce, at least if you are a DBA, analyst, or BI developer already familiar with SQL. Which according to our latest study, more than half of you are. If we take the respondents (shown below) as representative of the those engaged in big data and analytics initiatives, then you’re probably going down this road now. To read the complete article, CLICK ON AUTHOR’S...

Read More

IBM… Big Step Forward with Flash Storage for the Hybrid Cloud

Eddie Cantor once said, “It takes 20 years to make an overnight success.” That is certainly the case with flash storage which has been around for many years, but high cost limited its acceptability to a limited number of high-performance/high-value-added applications. Declining prices have led to broader acceptance of flash storage for a broader base of high performance (tier 0) applications. Then came a seemingly overnight (although it was actually a couple of years) transition where flash storage was seen as capable of replacing traditional primary disk storage (tier 1). That made the economics of flash quite justifiable to data center owners and the adoption of flash storage as primary storage is proceeding rapidly. Related to this, much of the exponential growth of storage comes from new and emerging trends that are related to the Internet of Things (IoT), social media and Web services. Big data and the emerging trend of cognitive analytics thrive on not only the humongous quantity of data that these trends produce, but also the need to process much of the data very rapidly in order to derive the benefits (such as actionable, near-real-time insights) that enterprises seek in trying to gain a competitive advantage. The “cloud” in some form is likely to be the recipient of that data as traditional IT infrastructures are neither cost effective or performant enough. With the introduction of IBM FlashSystem® A9000 and IBM FlashSystem A9000R, IBM delivers the necessary purpose-built flash storage infrastructure to meet the demands of the cloud both from a scale and performance basis. So IBM is taking the next step for flash storage beyond primary storage for traditional applications to meet the new and emerging needs of the cloud. But before we get to the new products, let’s examine IBM FlashCore™, the foundational IBM technology for all of its FlashSystem solutions and briefly review FlashSystem 900 for tier 0 application acceleration and FlashSystem V9000 as an all-flash array for tier 1 primary storage. To read the complete article, CLICK ON AUTHOR’S BYLINE NOTE: This column was originally published in the Pund-IT...

Read More