Do You Want CybSec With Your Cookies?
Mar08

Do You Want CybSec With Your Cookies?

This week’s cybersecurity threat report from SonicWall doesn’t hold any real surprises from every other cybsec alert that frequents my inbox — i.e. the Cisco 2018 Annual Cybersecurity Report — but it does reinforce the key themes: cybsec threats are bad, and growing worse (it was called the ‘greatest concern’ at last month’s Senate threats hearing). “We tend to view the world as a cybersecurity arms race… the good guys make advances and the bad guys make advances,” John Gordineer, Director of Product Marketing, SonicWall, tells IT Trends & Analysis. The cybsec vendor said cyber attacks are becoming the number one risk to business, brands, operations and financials, and it identifies almost 500 new previously unknown malicious files each day, which makes this one of the hottest IT — and business — markets. MarketsandMarkets states the data protection market is expected to grow from $57.22 billion in 2017 to $119.95 billion by 2022, at a Compound Annual Growth Rate of 16%, while the total cybsec market will grow almost as quickly, from last year’s $137.85 billion to $231.94 billion by 2022, at a CAGR of 11%. While the SonicWall survey found that the number of attacks was down, the variety of attacks is increasing, which he attributed to several factors, especially in ransomware attacks, he said. First, companies that paid their ransoms did not get their data back; more effective protection is being deployed; and data backup and recovery solutions make companies less likely to become a victim or need to pay ransoms. As a result, the bad actors are scrambling to retool their ransomware to be more profitable, since they are catching fewer victims, said Gordineer. “We’re curious to see where that goes in 2018. One of the things we’re seeing is ransomware as a service.” Key findings of the SonicWall survey included: -9.32 billion total malware attacks in 2017, an 18.4% year-over-year increase; -ransomware attacks dropped from 638 million to 184 million between 2016 and 2017; -ransomware variants increased 101.2%; -the company collected 56 million unique malware samples in 2017, a 6.7% decrease from 2016, but the total volume of unique malware samples in 2017 was 51.4% higher than 2014; and -the average organization will see almost 900 file-based attacks per year hidden by SSL/TLS encryption. Cisco’s results offered similar dire news: -32% of breaches affected more than half of respondents’ systems, compared with 15% in 2016; -more than half of all attacks resulted in financial damages of more than $500,000, including, but not limited to, lost revenue, customers, opportunities, and out-of-pocket costs; -complexity is growing: in 2017, 25% of security professionals said they used products from...

Read More

…Security Operations Automation before Orchestration

Based upon numerous conversations with CISOs, there is widespread interest in automating and orchestrating security operations. In fact, lots of enterprises are already doing so. According to ESG research, 19% of enterprise organizations have already deployed security operations automation/orchestration technologies “extensively,” while another 39% of enterprises have done so on a limited basis. Now we tend to lump automation and orchestration together, but there are vast differences between the two. In a recent survey on security operations, ESG defined these term as follows: To read the complete article, CLICK...

Read More
Talent-Gap Cure Or Just Cur-AI-ting IT?
Oct19

Talent-Gap Cure Or Just Cur-AI-ting IT?

Cisco originally pitched a story focused on its latest initiatives to address the ‘IT skills and knowledge gap’, which is a big and growing problem, and while the just-released AI-powered predictive services can be folded, spindled and mutilated into a ‘talent-gap cure’, it appears more to be just a really good set of business solutions. The costs and resources required to keep the datacenter lights on can account for 70-80% of IT budgets, said Bryan Palma, Senior Vice President and General Manager, Cisco Advanced Services, but while improving efficiencies and uptimes will pay a huge business dividend, that doesn’t mean those freed-up resources will translate into the IT skills and knowledge required to facilitate the new IT reality, digital transformation, which by one estimate will be worth $493.39 billion by 2022, and is speeding along at a CAGR of 19.1%. The new services, available immediately, fall into two categories — Business Critical Services and High-value Services — and are extensions of what the company has been providing for some time, said Palma. Services is the second largest business unit at Cisco, at $13 billion and 25% of revenues, with 90% of its services revenue recurring. A big part of the company’s competitive advantage is its installed base of 50 million networks, he told IT Trends & Analysis, and the telemetry data from that provides Cisco with a better picture of what’s going on in the IT environment than practically every other vendor. Professional services can leverage that data to help customers shift their focus from maintaining their datacenters and network infrastructures to finding new ways to improve customer services and generate revenues, he added. “At the same time we’re seeing that IT has been more defensive and they are looking to be more offensive, and that’s where we’re looking to take them.” Calling it a new portfolio of subscription services, Business Critical Services ‘deliver more capabilities including analytics, automation, compliance and security by Cisco Advanced Services’ technology experts’. “In the past it’s been called optimization,” said Palma, and as part of their ongoing focus on constant improvement, have made a number of improvements. “What we’re trying to do is give them the flexibility to move with their strategic options.” The new service benefits include helping minimize human error by: reducing complexity and cost through automation, orchestration, and technical expertise; accelerating business agility and transformation through advanced analytics and machine learning capabilities; and reducing risk with automated compliance and remediation services.The business outcome objectives are to help reduce downtime by 74%, resolve issues 41% percent faster and reduce operational costs by 21%. The other side of the services portfolio, Technical Services,...

Read More
HPE: DevOps Adoption Slower, Riskier
Oct26

HPE: DevOps Adoption Slower, Riskier

Cybersecurity is a constantly evolving — and growing — challenge that puts everybody and everything at risk in the increasingly all-digital world. As a result, it is a process, not a one-time solution, one in which applications play a critical role, and that means DevOps has to be part of the solution, and not the problem. Unfortunately, that’s not the case, according to Application Security and DevOps Report 2016, a new survey from Hewlett Packard Enterprise. The intent of the survey was to validate third-party research about the need for closer integration between security and DevOps teams, “to better understand with primary research what that looks like,” said Scott Johnson, Director of Product Management, HPE Security Fortify, Hewlett Packard Enterprise. The results were concerning, he told IT Trends & Analysis. It came as no surprise that almost 100% agreed that integrating DevOps can help security; surprisingly, only 20% were doing that, and “about 17% weren’t doing anything at all”. Some of the findings illustrated the issue: -organizational barriers between security professionals and developers: there’s a significant disconnect between developers and security teams, and 90% of security professionals stated that integrating application security has become more difficult since deploying DevOps; -lack of security awareness, emphasis, and training for developers: out of more than 100 job postings for software developers at Fortune 1000 companies, none specified security or secure coding experience or knowledge as part of the skills required; and, -shortage of application security talent: for every 80 developers in the organizations, there is only one application security professional. In addition to the fact that more organizations weren’t doing appsec Johnson noted “the speed with which customers are releasing their apps.” In 2010 organizations averaged 4 releases per app per year; that’s expected to explode to more than 100 releases per app by the end of the decade, he said. Another key finding was around automation; the adoption wasn’t the surprise, but the breadth of tools “that people are using was a really interesting takeaway for us.” Organizations are at different stages and “there is a broad set of tools in a number of different categories.” It’s no surprise that cybersecurity, appsec and DevOps is top of mind for HPE. Global annual cybercrime costs are expected to double from $3 trillion in 2015 to $6 trillion by 2021. That attracts a lot of attention, especially from the ‘Bad Guys’ — everyone from hacktivists, cybercriminals and rogue governments (not to be confused with the good governments, which only spy on us for our benefit) to careless or malicious employees. It also means the new and improved security measures are only as effective...

Read More

Cloud Dependency: Automated Upgrades

In my last cloud dependency article, I reviewed the need for ubiquitous networking. In this article, I look at the need for automated upgrades. I do not mean the need for automation in general, but specifically the need to automate any upgrade or update behavior. There are two sides to every cloud story: what the tenant does and what the cloud service provider does. In both of these stories, there is a need for well-planned, automated upgrades. Also needed is very good documentation on how to upgrade if the automation fails or if there is no easy way to automate. Upgrades should be bulletproof. We trust, but verify. To read the complete article, CLICK HERE NOTE: This column was originally published in The Virtualization Practice...

Read More