For this week’s In the News, research an article how an organization has improved their productivity, efficiency, or quality of their key business services by adopting one of the New Trends in Information Security.
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Kelly Sharadin says
One of the largest technology companies in the world, Samsung, has become its journery into creating metaverse (web3) products. Samsung 837x allows customers to virtually visit the Samsung Headquarters in NYC and collect NFT collectibles. Users can access Samsung 837x through third-party cryptocurrency wallets like Metamask. Web3 relies heavily on cloud computing resources and emerging frameworks like solidity, ether.js and blockchain. While the metaverse focuses on VR experiences the integration of wallets and NFTs brings web3 into Samsung’s portfolio. Third-party risks is uncharted terrority when it comes to products like Metamask and NFTs. It will be interesting to see how Samsung balances its corporate security with the unregulated nature of web3.
https://www.samsung.com/us/explore/metaverse-837x/
Shubham Patil says
IBM brings artificial intelligence to the heart of cybersecurity strategies
IBM hopes to bring AI, data, and cybersecurity vendors together to tackle ongoing and new threats through the launch of a new open platform. IBM Security Connect makes use of both cloud technology and AI. Users of the platform will be able to apply machine learning and AI, including Watson for Cyber Security, to cybersecurity products to increase their effectiveness. “IBM Security Connect will help tackle some of the biggest security challenges today via open standards, which can help pave the way toward collaborative innovation,” the tech giant says. “As it is built on open standards, it can help companies build unique microservices, develop new security applications, integrate existing security solutions, and leverage data from open shared services.” Artificial intelligence, which includes neural networking, machine learning, analytics, and the use of algorithms to complete tasks, allows machines to learn from experience.
Link: https://www.zdnet.com/article/why-artificial-intelligence-is-at-the-core-of-ibm-cybersecurity-strategies/
Kelly Sharadin says
Hi Shubham,
IBM certainly isn’t afraid to explore new technologies. Similarly, IBM has partnered with blockchain vendor, Certihash, to use the blockchain to provide resilient logging. The premise is that the blockchain will provide an immutable, auditable logging trail that will help defenders detect cyber attacks. I am skeptical as I believe this would be untenable to permanently preserve the level of logging enterprises would generate.
https://bitcoinsv.com/certihash-and-ibm-to-deploy-sentinel-node-cybersecurity-tool-on-bsv/
Anthony Wong says
A newer trend within cloud computing is serverless computing. Serverless computing is another service offered by CSPs that can increase efficiency by removing the need to manage all the infrastructure servers to run code and host applications. Furthermore, serverless computing can support automatic scalability with high availability and redundant infrastructure. With any cloud computing the ability for rapid elasticity can provide better quality service to the end user by allocating the necessary amount of resources. Dynamic optimization is a strategy utilized by Netflix to increase their resources to meet resource demands at peak times, after work and at bed time. At non-peak hours, resources are deprovisioned while still meeting resource demands, but saves costs.
https://aws.amazon.com/serverless/
Kelly Sharadin says
Hi Anthony,
Serverless offering is an interesting new product. On one hand it reduces the human interaction within the environment but these environments are still subject to the same attacks listed by the OWASP top ten (Injection, Security Misconfiguration, etc). Security in serverless architecture will place signficant emphasis on SecDevOps as adoption grows.
Kelly
Mohammed Syed says
https://www.mckinsey.com/business-functions/risk-and-resilience/our-insights/cybersecurity/cybersecurity-trends-looking-over-the-horizon
To achieve new challenges in Information Security Threats organization should be ready to always adopt new trends in Information Security, cause to face a new type of threats organization need to change their hardware, network, and security devices up-gradation play an important role.
Business continuity and growth organizations need to improve attack surface expansion, identity system defense, digital supply chain risk, cyber security mesh, distributed decision, and employee awareness training periodically to face any type of upcoming threat without affecting business stability.
Hackers nowadays are using AI, Machine Learning, automation, and other advanced technologies to launch sophisticated attacks on the target. Organizations need to set up on-demand access to ubiquitous data and information platforms as per the growth of internet connectivity usage. Day by day it increasing challenge for the organization to manage and maintain customer data. To face new threats in upcoming days organizations should have to increase defensive capabilities to mitigate the risk and impact of future cyber threats.
Mitigating new types of cyber security threats organizations can extend capabilities in Zero trust capabilities, behavioral analytics, elastic log monitoring, and homomorphic encryption technology. Organizations use automation to combat increasingly sophisticated cyber-attacks, and use of defensive AI and machine learning to stop cyber attacks.
Vraj Patel says
A new vulnerability has been found in the Nooie baby monitoring camera. The flaw enables an attacker to see the camera feed or run malicious code on the camera itself. According to the article, between 50,000 and 100,000 people have downloaded the Nooie app from Google Play, demonstrating that the Nooie production is frequently utilized by end consumers. The attacker can either perform a buffer overflow on the device which could lead to where attacker can perform an remote code execution or the attacker an leverage an attack through the MQTT protocol used by those device an can unauthorizedly view the camera feeds.
Reference:
https://portswigger.net/daily-swig/zero-day-vulnerabilities-in-nooie-baby-monitors-could-allow-video-feed-hijack
Antonio Cozza says
The Tokyo Olympics happen to have been a cybersecurity success story overall as many technologies were utilized to successfully defend against any major attacks from being successful by using an offensive security mindset to serve as the defense for the games. User and Entity Behavior Analytics (UEBA) were used with threat intelligence to hunt APTs expected to attempt to compromise aspects of the Olympics.
https://www.securitymagazine.com/articles/95880-the-tokyo-olympics-are-a-cybersecurity-success-story
Mitchell Dulaney says
“How Walmart abstracts its hybrid cloud for developers”
Walmart is finalizing implementation of what it calls the “Walmart Cloud Native Platform”, an abstraction layer that sits between the public and private cloud infrastructures that Walmart leverages. The platform is meant to enable Walmart’s internal developers to write code without concerns regarding which infrastructure will ultimately run the code, as well as allowing developers to implement components of the different public clouds and Walmart’s internally-managed private cloud from a single consistent virtual machine or container environment.
This cloud abstraction layer is meant to improve Walmart’s service delivery in a number of ways. First, it facilitates improved productivity and efficiency on the part of their developers. The article notes that Walmart is now able to push approximately 170,000 changes to their web back end per month, compared to about 100 per month without this system. Furthermore, it simplifies deployment of software across the different cloud infrastructures Walmart uses. The company currently utilizes Google Cloud and Microsoft Azure in addition to its own Walmart Private Clouds, and the Cloud Native Platform will improve their ability to provide applications to different regions across those unique infrastructures. Overall, the company expects these changes to result in an 18% improvement in annual price optimization, illustrating the benefits an organization can reap when it embraces and innovates in the cloud computing space.
https://www.infoworld.com/article/3666468/how-walmart-abstracts-its-hybrid-cloud-for-developers.html
Kyuande Johnson says
After the famous Target breach, there have been major security improvements within Target’s environment. These improvements were implemented and contained various aspects of information security. Target has improved its Monitoring and logging capabilities. Which included additional rules, alerts, centralized log feeds, and enabled additional logging capabilities. Target limited vendor access by decommissioning vendor access to the server impacted in the breach and disabled select vendor access points including FTP and telnet protocols. Target also improved the security of user account by coordinating a reset of 445,000 Target team member and contractor passwords, broadened the use of two-factor authentication, expanded password vaults, disabled multiple vendor accounts, reduced privileges for certain accounts, and developed additional training related to password rotation.
https://corporate.target.com/article/2014/04/updates-on-Target-s-security-and-technology-enhanc