Tag Archives: experts

AWS rejects Elasticsearch trademark lawsuit claims

AWS has responded to an Elasticsearch trademark lawsuit with broad denials of its claims, but experts said an eventual settlement is not only likely, but also the best outcome for customers.

The company sued AWS on Sept. 27 on grounds of false advertising and trademark infringement related to AWS’ Open Distro for Elasticsearch, its version of the popular distributed analytics and search engine. Elasticsearch Inc., or Elastic, originated and serves as chief maintainer of the open source project.

AWS, with the participation of Expedia and Netflix, launched Open Distro for Elasticsearch in March. The companies said this move was necessary because Elastic’s version includes too much proprietary code inside the main open source code line. Open Distro for Elasticsearch is fully open source and licensed under Apache 2.0, according to AWS.

The Elasticsearch trademark lawsuit contends that branding for both the original Amazon Elasticsearch Service, which AWS has sold since 2015, and Open Distro for Elasticsearch violates its trademark, and that customers are “likely to be confused as to whether Elastic sponsors or approves AESS [Amazon Elasticsearch Service] and Open Distro.”

AWS filed its response to Elasticsearch’s complaint last week in U.S. District Court for the Northern District of California. The company denies all wrongdoing, demands a jury trial and offers a series of defensive arguments, one being that Elastic trademark infringement claims “are barred at least in part” under the fair use doctrine. Another asserts that Elastic gave AWS a license to use the term “Elasticsearch.”

Overall, AWS’ response to the Elasticsearch trademark lawsuit is fairly boilerplate, said Jeremy Peter Green, a New York-based attorney specializing in trademark law who reviewed it and Elastic’s original complaint.

Click here to read the complaint.

“In the trademark world, different lawyers have different ways of doing this [but] usually law firms just have templates for these,” Green said.

For example, another AWS defense cites the doctrine of unclean hands, a legal concept that means a complainant shouldn’t be awarded relief if they have committed legal breaches of their own in a dispute.

This, too, is standard practice, according to Green. “There’s always a chance that during the discovery process, something will show up,” he said. “You’re just hedging your bets by accusing them of everything.”

Green has been evaluating options for managed Elasticsearch as part of a trademark search engine he plans to develop. AWS does seem to have sowed some consumer confusion, which is the basis of trademark infringement law, Green said.

“I like Elastic’s case here, from the perspective as both an attorney and consumer,” he said. Elastic’s initial complaint calls for treble damages and attorney’s fees, a figure that could be significant if it wins at trial.

Both of these companies have a major incentive to come to some kind of settlement.
Jeremy Peter GreenTrademark attorney

It is likely that the parties will settle, Green added. “I think [Elastic has] a good enough case that it would be silly for [AWS] to throw a lot of money at it.”

Many Elasticsearch users also host their clusters on AWS anyway, which blurs the competitive lines. “Both of these companies have a major incentive to come to some kind of settlement,” Green said.

Experienced enterprise IT buyers are aware of the potential repercussions of intellectual property battles, according to Holger Mueller, an analyst at Constellation Research in Cupertino, Calif. “But ultimately, it is in the interest of the sparring vendors to settle and keep customers going,” he said.

Go to Original Article

IBM Cloud Pak for Security aims to unify hybrid environments

IBM this week launched Cloud Pak for Security, which experts say represents a major strategy shift for Big Blue’s security business

The aim of IBM’s Cloud Pak for Security is to create a platform built on open-source technology that can connect security tools from multiple vendors and cloud platforms in order to help reduce vendor lock-in. IBM Cloud Paks are pre-integrated and containerized software running on Red Hat OpenShift, and previously IBM had five options for Cloud Paks — Applications, Data, Integration, Automation and Multicloud Management — which could be mixed and matched to meet enterprise needs.

Chris Meenan, director of offering management and strategy at IBM Security, told SearchSecurity that Cloud Pak for Security was designed to tackle two “big rock problems” for infosec teams. The first aim was to help customers get data insights through federated search of their existing data without having to move it to one place. Second was to help “orchestrate and take action across all of those systems” via built-in case management and automation. 

Meenan said IT staff will be able to take actions across a multi-cloud environment, including “quarantining users, blocking IP addresses, reimaging machines, restarting containers and forcing password resets.”

“Cloud Pak for Security is the first platform to take advantage of STIX-Shifter, an open-source technology pioneered by IBM that allows for unified search for threat data within and across various types of security tools, datasets and environments,” Meenan said. “Rather than running separate, manual searches for the same security data within each tool and environment you’re using, you can run a single query with Cloud Pak for Security to search across all security tools and data sources that are connected to the platform.” 

Meenan added that Cloud Pak for Security represented a shift in IBM Security strategy because of its focus on delivering “security solutions and outcomes without needing to own the data.”

“That’s probably the biggest shift — being able to deliver that to any cloud or on-premise the customer needs,” Meenan said. “Being able to deliver that without owning the data means organizations can deploy any different technology and it’s not a headwind. Now they don’t need to duplicate the data. That’s just additional overhead and introduces friction.”

One platform to connect them all

Meenan said IBM was “very deliberate” to keep data transfers minimal, so at first Cloud Pak for Security will only take in alerts from connected vendor tools and search results.

“As our Cloud Pak develops, we plan to introduce some capability to create alerts and potentially store data as well, but as with other Cloud Paks, the features will be optional,” Meenan said. “What’s really fundamental is we’ve designed a Cloud Pak to deliver applications and outcomes but you don’t have to bring the data and you don’t have to generate the alerts. Organizations have a SIEM in place, they’ve got an EDR in place, they’ve got all the right alerts and insights, what they’re really struggling with is connecting all that in a way that’s easily consumable.”

In order to create the connections to popular tools and platforms, IBM worked with clients and service providers. Meenan said some connectors were built by IBM and some vendors built their own connectors. At launch, Cloud Pak for Security will include integration for security tools from IBM, Carbon Black, Tenable, Elastic, McAfee, BigFix and Splunk, with integration for Amazon Web Services and Microsoft Azure clouds coming later in Q4 2019, according to IBM’s press release.

Ray Komar, vice president of technical alliances at Tenable, said that from an integration standpoint, Cloud Pak for Security “eliminates the need to build a unique connector to various tools, which means we can build a connector once and reuse it everywhere.”

“Organizations everywhere are reaping the benefits of cloud-first strategies but often struggle to ensure their dynamic environments are secure,” Komar told SearchSecurity. “With our IBM Cloud Pak integration, joint customers can now leverage vulnerability data from Tenable.io for holistic visibility into their cloud security posture.”

Jon Oltsik, senior principal analyst and fellow at Enterprise Strategy Group, based in Milford, Mass., told SearchSecurity that he likes this new strategy for IBM and called it “the right move.”

“IBM has a few strong products but other vendors have much greater market share in many areas. Just about every large security vendor offers something similar, but IBM can pivot off QRadar and Resilient and extend its footprint in its base. IBM gets this and wants to establish Cloud Pak for Security as the ‘brains’ behind security. To do so, it has to be able to fit nicely in a heterogeneous security architecture,” Oltsik said. “IBM can also access on-premises data, which is a bit of unique implementation. I think IBM had to do this as the industry is going this way.”

Martin Kuppinger, founder and principal analyst at KuppingerCole Analysts AG, based in Wiesbaden, Germany, said Cloud Pak for Security should be valuable for customers, specifically “larger organizations and MSSPs that have a variety of different security tools from different vendors in place.”

“This allows for better incident response processes and better analytics. Complex attacks today might span many systems, and analysis requires access to various types of security information. This is simplified, without adding yet another big data lake,” Kuppinger told SearchSecurity. “Obviously, Security Cloud Pak might be perceived competitive by incident response management vendors, but it is open to them and provides opportunities by building on the federated data. Furthermore, a challenge with federation is that the data sources must be up and running for accessing the data — but that can be handled well, specifically when it is only about analysis; it is not about real-time transactions here.”

The current and future IBM Security products

Meenan told SearchSecurity that Cloud Pak for Security would not have any special integration with IBM Security products, which would “have to stand on their own merits” in order to be chosen by customers. However, Meenan said new products in the future will leverage the connections enabled by the Cloud Pak.

“Now what this platform allows us to do is to deliver new security solutions that are naturally cross-cutting, that require solutions that can sit across an EDR, a SIEM, multiple clouds, and enable those,” Meenan said. “When we think about solutions for insider threat, business risk, fraud, they’re very cross-cutting use cases so anything that we create that cuts across and provides that end-to-end security, absolutely the Cloud Pak is laying the foundation for us — and our partners and our customers — to deliver that.”

Oltsik said IBM’s Security Cloud Pak has a “somewhat unique hybrid cloud architecture” but noted that it is “a bit late to market and early versions won’t have full functionality.”

“I believe that IBM delayed its release to align it with what it’s doing with Red Hat,” Oltsik said. “All that said, IBM has not missed the market, but it does need to be more aggressive to compete with the likes of Cisco, Check Point, FireEye, Fortinet, McAfee, Palo Alto, Symantec, Trend Micro and others with similar offerings.”

Kuppinger said that from an overall IBM Security perspective, this platform “is rather consequent.”

“IBM, with its combination of software, software services, and implementation/consultancy services, is targeted on such a strategy of integration,” Kuppinger wrote via email. “Not owning data definitely is a smart move. Good architecture should segregate data, identity, and applications/apps/services. This allows for reuse in modern, service-oriented architectures. Locking-in data always limits that reusability.”

Go to Original Article

Experts on demand: Your direct line to Microsoft security insight, guidance, and expertise – Microsoft Security

Microsoft Threat Experts is the managed threat hunting service within Microsoft Defender Advanced Threat Protection (ATP) that includes two capabilities: targeted attack notifications and experts on demand.

Today, we are extremely excited to share that experts on demand is now generally available and gives customers direct access to real-life Microsoft threat analysts to help with their security investigations.

With experts on demand, Microsoft Defender ATP customers can engage directly with Microsoft security analysts to get guidance and insights needed to better understand, prevent, and respond to complex threats in their environments. This capability was shaped through partnership with multiple customers across various verticals by investigating and helping mitigate real-world attacks. From deep investigation of machines that customers had a security concern about, to threat intelligence questions related to anticipated adversaries, experts on demand extends and supports security operations teams.

The other Microsoft Threat Experts capability, targeted attack notifications, delivers alerts that are tailored to organizations and provides as much information as can be quickly delivered to bring attention to critical threats in their network, including the timeline, scope of breach, and the methods of intrusion. Together, the two capabilities make Microsoft Threat Experts a comprehensive managed threat hunting solution that provides an additional layer of expertise and optics for security operations teams.

Experts on the case

By design, the Microsoft Threat Experts service has as many use cases as there are unique organizations with unique security scenarios and requirements. One particular case showed how an alert in Microsoft Defender ATP led to informed customer response, aided by a targeted attack notification that progressed to an experts on demand inquiry, resulting in the customer fully remediating the incident and improving their security posture.

In this case, Microsoft Defender ATP endpoint protection capabilities recognized a new malicious file in a single machine within an organization. The organization’s security operations center (SOC) promptly investigated the alert and developed the suspicion it may indicate a new campaign from an advanced adversary specifically targeting them.

Microsoft Threat Experts, who are constantly hunting on behalf of this customer, had independently spotted and investigated the malicious behaviors associated with the attack. With knowledge about the adversaries behind the attack and their motivation, Microsoft Threat Experts sent the organization a bespoke targeted attack notification, which provided additional information and context, including the fact that the file was related to an app that was targeted in a documented cyberattack.

To create a fully informed path to mitigation, experts pointed to information about the scope of compromise, relevant indicators of compromise, and a timeline of observed events, which showed that the file executed on the affected machine and proceeded to drop additional files. One of these files attempted to connect to a command-and-control server, which could have given the attackers direct access to the organization’s network and sensitive data. Microsoft Threat Experts recommended full investigation of the compromised machine, as well as the rest of the network for related indicators of attack.

Based on the targeted attack notification, the organization opened an experts on demand investigation, which allowed the SOC to have a line of communication and consultation with Microsoft Threat Experts. Microsoft Threat Experts were able to immediately confirm the attacker attribution the SOC had suspected. Using Microsoft Defender ATP’s rich optics and capabilities, coupled with intelligence on the threat actor, experts on demand validated that there were no signs of second-stage malware or further compromise within the organization. Since, over time, Microsoft Threat Experts had developed an understanding of this organization’s security posture, they were able to share that the initial malware infection was the result of a weak security control: allowing users to exercise unrestricted local administrator privilege.

Experts on demand in the current cybersecurity climate

On a daily basis, organizations have to fend off the onslaught of increasingly sophisticated attacks that present unique security challenges in security: supply chain attacks, highly targeted campaigns, hands-on-keyboard attacks. With Microsoft Threat Experts, customers can work with Microsoft to augment their security operations capabilities and increase confidence in investigating and responding to security incidents.

Now that experts on demand is generally available, Microsoft Defender ATP customers have an even richer way of tapping into Microsoft’s security experts and get access to skills, experience, and intelligence necessary to face adversaries.

Experts on demand provide insights into attacks, technical guidance on next steps, and advice on risk and protection. Experts can be engaged directly from within the Windows Defender Security Center, so they are part of the existing security operations experience:

We are happy to bring experts on demand within reach of all Microsoft Defender ATP customers. Start your 90-day free trial via the Microsoft Defender Security Center today.

Learn more about Microsoft Defender ATP’s managed threat hunting service here: Announcing Microsoft Threat Experts.

Go to Original Article
Author: Microsoft News Center

DerbyCon panel discusses IT mistakes that need to stop

A panel of experts at DerbyCon discussed common IT mistakes that they don’t want to see happen anymore and offered some suggestions on how to avoid risks.

The talk broke down the IT mistakes the panelists thought needed to stop, ranging from basic security issues to more technical problems. The panelists included Lesley Carhart, principal threat analyst at Dragos Inc.; Chelle Clements, web content developer at Online Marketing and Publishing; April Wright, an application security architect; and Amanda Berlin, senior security architect at Blumira and CEO of Mental Health Hackers.

As the discussion went on, themes began to surface around education, communication and empowering users. Wright and Clements were advocates for not just better educating users, but finding ways to make that education more personal.

Wright focused on IT mistakes like oversharing on social media. She said oversharing can easily become a problem for enterprises, because all of that data can be used to spear-phish users and potentially gain access to a company network. 

“One thing that can be done to curb oversharing is to train users how to protect their families and themselves outside of work. Users need to understand what they’re doing and how it impacts others,” Wright said. “Learning to protect themselves will make them more aware and better advocates. If security isn’t personal to them, they won’t care, because they don’t care about your data; they care about their data.”

Clements agreed and cautioned users against oversharing on social media, as it “eventually comes back to bite them in the ass.”

She also added that basic security concerns are still an issue, including using bad passwords, visiting shady websites, opening email messages from unknown senders and clicking links within those messages.

Clements said finding better training methods is a must. She described security training that she set up over the years, including one-on-one sessions when possible, because “you may need a unique language to explain something. The way you explain something to a physicist will be different than a chemist.”

Wright added that there needs to be better training around the limitations of security products, because IT mistakes can come from users trusting products too much.

“A lot of people feel like they’re more protected than they really are. We [need to] teach them about the failings of what the technology is that’s designed to protect them,” Wright said. “The blinky boxes are great, but it’s really education that’s going to solve the problems of the users. It’s not putting in a bunch of things to protect them, like putting them in a rubber room. It’s teaching them that things are sharp and things are hot, and they shouldn’t touch them.”

Berlin added that these types of IT mistakes can happen with administrators, as well, who might not understand that a security product is “not a magic solution that you can just install and you’re done,” including not configuring products after installing them.

“It’s an ongoing process that you have to keep revisiting. If you have an MSSP [managed security services provider] or you’re doing it internally, that’s going to be someone’s full-time job. It’s something that you need to treat less of a project and more of an ongoing thing,” Berlin said. “Work closer with your security vendors and all your other vendors. They’re usually there to help you, and you are paying them. Keep them accountable. Actually work through the implementation, and make sure they’re continuously working on it and they don’t install it and forget it, as well.”

Beyond educating users, Carhart said IT staff needs to stop expecting security products to be perfect, because they are all just deterrents and, “ultimately, everybody is going to be vulnerable to phishing or a breach.”

“If you have a house, you put a door on that house, and that deters neighborhood kids from walking in. You put on a deadbolt, and that deters the casual thief. Then, maybe you put in an alarm system, and that deters the more dedicated [thieves]. But if someone is paying $10,000 to hire a hit man to kill you? Guess what that hit man is doing? He’s coming in and killing you. You’re going to die. I’m sorry,” Carhart said. “Security is like that. We add defense in depth, and we deter and deter, but people have to understand that you have to plan for that worst-case scenario.”

Empowering users

Carhart noted that many IT mistakes stem from users not feeling empowered to speak up, especially if they feel embarrassed after making a mistake. She said users need to be comfortable demanding better security and privacy from vendors, and be sure to speak up when the IT staff is asking for too much.

“We have all these tropes that we keep using over and over again, like, ‘Use a strong password, use a password manager,’ and stuff. And, sometimes, those are really tricky things to do,” Carhart said. “Have you ever tried to convert all of your passwords saved in a bunch of browsers to a password manager? That’s not an intuitive process. That’s really, really hard to do. So, I would like to see more end users tell their security people to go F themselves. Tell us when something is too hard.”

One reason users might not speak up, according to Wright, comes from social norms and users trying to be polite. This can lead to IT mistakes, because users aren’t willing to put themselves “in an uncomfortable situation” and ask questions regarding potential security incidents. 

“This is a very hard thing to fix. It’s a culture thing; it’s an education thing; it’s a training thing, where you have to make sure that people understand they have the power to make or break the security controls that you have in place,” Wright said.

She added later that this can happen because users don’t listen to their instincts. “If you don’t listen to that voice [in your head] … you might notice things, but you’re not going to pay attention them.”

Carhart added that even those with no security expertise should feel empowered to speak up and “realize that security isn’t magic. It’s something they can learn about.”

“I’m in industrial control systems now, and I’m dealing with a lot of eclectic legacy systems from the ’70s and ’80s. The people who know those systems the best are the guys or girls who have been there for 30 years. They might not know everything about security, but they could be very interested in it,” Carhart said. “I’d like, as a solution to that problem, to have users remember that they can contribute to security, and there are elements of knowledge that they bring to the table that we don’t have.”

Berlin noted that communication issues can also be a problem with red and blue teams, especially if those teams aren’t paired up.

“It’s a really big problem when it comes to doing defensive stuff, because we can’t fix what we don’t know is broken, especially when you’re a contractor or an MSSP, because you don’t know the networks and everything that they have internally, as well as the red teamer that broke in or their internal team,” Berlin said.

Go to Original Article

No one likes waiting on the phone for a GP appointment. So why do we still do it?

The team behind the services are experts at healthcare, as they also run Patient.Info, one of the most popular medical websites in the UK. More than 100 million people logged on to the site in 2018 to read articles about healthcare, check symptoms and learn to live a healthier life, and more than 60% of GPs in England have access to it.

They also produce a newsletter that’s sent to 750,000 subscribers and around 2,000 leaflets on health conditions and 850 on medicines.

People can access Patient.Info 24 hours a day, seven days a week. It’s the same for Patient Access but web traffic spikes every morning when people want to book appointments to see their GP. To handle that demand, Patient Access runs on Microsoft’s Azure cloud platform. As well as being reliable and stable, all patient data is protected by a high level of security – Microsoft employs more than 3,500 dedicated cybersecurity professionals to help protect, detect and respond to threats, while segregated networks and integrated security controls add to the peace of mind.

“About 62% of GP practices use Patient Access,” says Sarah Jarvis MBE, the Clinical Director behind the service. “They’re using it to manage their services, manage appointments, take in repeat medications, consolidate a patient’s personal health record and even conduct video consultations.

“Just imagine your GP being able to conduct video consultations. If you’re aged 20 to 39 you might not want or need to have a relationship with a GP because you don’t need that continuity of care.

“But imagine you are elderly and housebound, and a district nurse visits you. They phone your GP and say: ‘Could you come and visit this patient’, but the GP is snowed under and can’t get there for a couple of hours. The district nurse is also very busy and must visit someone else.

“Now, with Patient Access, a Duty Doctor can look at someone’s medical record and do a video consultation in five minutes. If the patient needs to be referred, the GP can do it there and then from inside the system. The possibilities are endless, and older people, especially, have so much to gain from this.”

Go to Original Article
Author: Microsoft News Center

Report on Alexa-enabled devices puts spotlight on voice commerce

Will voice commerce catch on? It hasn’t yet, according to a new report by The Information, but experts said that won’t slow the growth of voice computing.

According to the report, which cites two people briefed on Amazon’s internal figures, only about 2% of the people who own Alexa-enabled devices — mainly Amazon’s Echo line of speakers — have made a purchase with their voices so far in 2018. Of the people who did buy something using Alexa voice shopping, about 90% didn’t try it again, the report states.

An Amazon spokesperson disputed the figures presented in The Information, but previous reports also conveyed less-than-stellar numbers when it comes to consumers using smart speaker devices for voice commerce. The Information’s numbers also jibe with a report released last fall by technology consulting firm Activate that found the majority of smart speaker owners use their devices for relatively simple functions like playing music, getting the weather or setting alarms. In fact, shopping wasn’t even on the list of things users said they do with their devices.

Zeus Kerravala, founder and principal analyst at ZK ResearchZeus Kerravala

“I’m not surprised,” said Zeus Kerravala, founder and principal analyst at ZK Research. “I think voice has a lot of potential; I just think there’s a lot of trust issues around it right now. It’s not dissimilar to what happened with online purchasing. A lot of people were cautious with that until they tried it a couple of times and they gained some confidence in it.”

Julie Ask, principal analyst at ForresterJulie Ask

Beyond that, using voice alone to shop is simply not practical, said Julie Ask, principal analyst at Forrester.

“It’s simply too hard [to purchase things via voice only] beyond replenishment of simple goods,” Ask said. “There are easier ways to buy. It’s hard to browse, you can’t see images and you can’t realistically listen to product descriptions — and who would want to.”

She added that although Amazon is number one in market share, retailers are wary of partnering with the company, which could also have played a role in the lackluster figures on shopping via Alexa-enabled devices.

Voice in the enterprise

Given all that, should the enterprise back off from pursuing voice computing? Not at all, said Werner Goertz, research director at Gartner. Just because “mom and pop” are not buying goods through Alexa-enabled devices today doesn’t say much about the value of the voice AI category as a whole — or about  consumer shopping habits going forward. Voice commerce will undoubtedly evolve, he said, and, in any case, people’s current disinclination to use Alexa-enabled devices for shopping shouldn’t dissuade CIOs from investing in voice computing.

Companies are definitely trying to reinvent brand experience and they’re doing that with smart speakers and with multimodal voice interactions as well.
Werner Goertzresearch director, Gartner

Goertz said there will be an organic growth in e-commerce capabilities and usage, with the hospitality industry, restaurants and chain stores already developing proofs of concepts and use cases that incorporate different transactions using voice AI technology.

An example Goertz gave was Amazon partnering with Marriott International to start bringing Amazon Echo smart speakers into hotels as part of the tech giant’s Alexa for Hospitality initiative. Hotel guests will be able to use the Alexa-enabled devices to order room service, call for more towels, order entertainment and more.

“Companies are definitely trying to reinvent brand experience and they’re doing that with smart speakers and with multimodal voice interactions as well,” Goertz said.

By multimodal voice interactions, Goertz means voice assistants with screens, like Amazon’s Echo Show. He said these kinds of devices lend themselves better to functions like voice commerce — and alleviate some of the issues with voice-only shopping raised by Forrester’s Ask.

Gartner analyst Ranjit Atwal agreed that multimodal voice devices using voice, video, chat and screens will eventually allow for more frequent and complex purchases — and a more integrated customer experience — but admits there’s still “a long way to go” for voice commerce.

As Kerravala said, “I think there will be a day when voice is the dominant interface … we just need to take baby steps in getting there.”

What’s the takeaway for CIOs, according to Ask?

“CIOs should use [voice technology] and pilot it, but in scenarios that make sense — easy information retrieval, control, et cetera,” she said. “Don’t stretch it beyond what it does easily.”

Experts skeptical an AWS switch is coming

Industry experts said AWS has no need to build and sell a white box data center switch as reported last week but could help customers by developing a dedicated appliance for connecting a private data center with the public cloud provider.

The Information reported last Friday AWS was considering whether to design open switches for an AWS-centric hybrid cloud. The AWS switch would compete directly with Arista, Cisco and Juniper Networks and could be available within 18 months if AWS went through with the project. AWS has declined comment.

Industry observers said this week the report could be half right. AWS customers could use hardware dedicated to establishing a network connection to the service provider, but that device is unlikely to be an AWS switch.

“A white box switch in and of itself doesn’t help move workloads to the cloud, and AWS, as you know, is in the cloud business,” said Brad Casemore, an analyst at IDC.

What AWS customers could use isn’t an AWS switch, but hardware designed to connect a private cloud to the infrastructure-as-a-service provider, experts said. Currently, AWS’ software-based Direct Connect service for the corporate data center is “a little kludgy today and could use a little bit of work,” said an industry executive who requested his name not be used because he works with AWS.

“It’s such a fragile and crappy part of the Amazon cloud experience,” he said. “The Direct Connect appliance is a badly needed part of their portfolio.”

AWS could also use a device that provides a dedicated connection to a company’s remote office or campus network, said John Fruehe, an independent analyst.  “It would speed up application [service] delivery greatly.”

Indeed, Microsoft recently introduced the Azure Virtual WAN service, which connects the Azure cloud with software-defined WAN systems that serve remote offices and campuses. The systems manage traffic through multiple network links, including broadband, MPLS and LTE.

Connectors to AWS, Google, Microsoft clouds

For the last couple of years, AWS and its rivals Google and Microsoft have been working with partners on technology to ease the difficulty of connecting to their respective services.

In October 2016, AWS and VMware launched an alliance to develop the VMware Cloud on AWS. The platform would essentially duplicate on AWS a private cloud built with VMware software. As a result, customers of the vendors could use a single set of tools to manage and move workloads between both environments.

A year later, Google announced it had partnered with Cisco to connect Kubernetes containers running on Google Cloud with Cisco’s hyper-converged infrastructure, called HyperFlex. Cisco would also provide management tools and security for the hybrid cloud system.

Microsoft, on the other hand, offers a hybrid cloud platform called the Azure Stack. The software runs on third-party hardware and shares its code, APIs and management portal with Microsoft’s Azure public cloud to create a common cloud-computing platform. Microsoft hardware partners for Azure Stack include Cisco, Dell EMC and Hewlett Packard Enterprise.

Exactis leak exposes database with 340 million records

A marketing firm exposed records on most adults in the U.S., but experts weren’t surprised at the number of people affected and said the lesson should be about the depth of data gathered.

Marketing firm Exactis, a data company based in Palm Coast, Fla., exposed 340 million records — 230 million for individuals and 110 million for business customers — via a publicly accessible server, meaning anyone who knew where to look could have taken the data. Vinny Troia, security researcher and founder of NightLion Security, headquartered in St. Louis, Mo., discovered the potential Exactis leak and wrote on Twitter that he is working with the company to determine if anyone accessed the data. Exactis has since secured the server.

The data potentially exposed in the Exactis leak added up to 2 terabytes of information, including phone numbers, home and email addresses, but Bruce Silcoff, CEO of Shyft Network International, a cybersecurity company based in Barbados, said the Exactis leak is noteworthy “not only for the number of customers impacted, but also for the depth of compromised data.”

“It’s been reported that every record includes more than 400 variables of personal characteristics,” Silcoff wrote via email. “The reality is that we live in a digitized world and all our interactions on social channels are recorded, and this isn’t stopping anytime soon. The centralized storage of user information makes institutions like Exactis hacker bait. Never has there been such urgency nor opportunity to introduce a disruptive alternative to an antiquated system and solve an urgent global problem.”

Wired’s original report on the Exactis leak noted that the personal characteristics data could include information such as personal interests and habits, if the person smokes, has pets or the number, age and gender of the person’s children.

The reality is that we live in a digitized world and all our interactions on social channels are recorded, and this isn’t stopping anytime soon.
Bruce SilcoffCEO of Shyft

Troia told Wired that he found the Exactis leak with a simple Shodan search for ElasticSearch databases on publicly accessible servers in the U.S. While there is a huge trove of personal information, the dataset does not include Social Security numbers or credit cards, so experts said it would be more useful for social engineering.

Nico Fischbach, global CTO at Forcepoint, said the highly sensitive data in the Exactis leak “could be exploited by malicious actors to carry out a number of different types of attacks.”

“If an attacker combined this intel with data from the 2015 OPM breach, they could run human intelligencetype special operations attacks against cleared personnel. It’s also a huge asset to criminals using impersonation as a tool for phishing. Further, as 110 million of the records pertain to businesses, criminals could utilize the data for spear-phishing campaigns aimed at data exfiltration,” Fischbach wrote via email. “In the case of Cambridge Analytica, attackers had to ‘steal’ this type of profile data from Facebook, but, with Exactis, the data was publicly accessible on a server with weak or no authentication. This further underscores the need for enterprises to focus on knowing how their people interact with their data, have insight to risky activity and to think ahead on how vulnerabilities like this could be mitigated against, or prevented entirely.”

Ruchika Mishra, director products and solutions at Balbix, a cybersecurity company headquartered in San Jose, Calif., said this was likely a problem of Exactis not understanding the mindset of an attacker.

“There’s no doubt in my mind that Exactis knew exactly what type of information they had and the ramifications there would be if there was a breach,” Mischra wrote via email. “But the problem with most enterprises today is that they don’t have the foresight and visibility into the hundreds of attack vectors — be it misconfigurations, employees at risk of being phished, admin using credentials across personal and business accounts — that could be exploited.”

Robert Capps, vice president and authentication strategist for NuData Security, a behavioral biometrics company based in Vancouver, British Columbia, said “if U.S. citizens did not think their personal information has ever been compromised, this should convince them it definitely is.”

“Unfortunately, breaches are here to stay, but government agencies, businesses, and organizations across the U.S. can protect users by applying a new authentication framework,” Capps wrote via email. “Multi-layered security solutions based on passive biometrics and behavioral analytics make this stolen information useless to cybercriminals, as they identify users based on their behavior instead of data such as names, last names, dates of birth, passwords, addresses, and more.”

Convenience: Driver of BI innovation

Allaa “Ella” Hilal is among that rare breed of computer experts who straddle the academic and commercial worlds. As director of data at Ottawa-based Shopify, Hilal oversees data product development for the e-commerce company’s international and larger merchants, also known as Plus customers. She is also an adjunct associate professor in the Centre for Pattern Analysis and Machine Intelligence at the University of Waterloo in Ontario, where she earned a Ph.D. in electrical and computer engineering.

An expert in data intelligence, wireless sensor networks and autonomous systems, Hilal is among the featured speakers at the Real Business Intelligence Conference on June 27 to 28 in Cambridge, Mass.  Here, Hilal discusses what’s driving business intelligence (BI) innovation today and some of the pitfalls companies should be aware of.

What is driving BI innovation today?

Ella Hilal: First of all, in this day and age, companies are creating more and more products to derive customer convenience. This convenience ends up saving time, which ties to money. When we become more efficient, whether it’s in our IT systems or in our daily commute, we gain moments that we can spend on something else. We can have more time with our families and loved ones, or even gain more time or resources to do the things we love or care about.

There is this immediate need and craving for more efficiency and convenience from the customer side. And businesses all are aware of this craving. They are trying to think about what they can do with the data that exists within the systems or data being collected from IoT, which they know is valuable. The power of BI lies in the fact that it can take all of these different data sources and derive valuable insights to drive business decisions and data products that empower customers and the business in general.

There are many methodologies of how you can apply this to your business, and I plan to discuss some methodologies during my talk at the Real Business Intelligence Conference.

Companies have been doing business intelligence for a long time; they’ve had to figure out which data is useful and which is not for their businesses. What’s different about capitalizing on data generated from technologies like IoT and smart systems?

Hilal: Generally, only 12% of company data that is analyzed today is critical to a business — the rest is either underutilized or untapped. If we think we’re doing such a good job with the analytics we have today, imagine if you apply these efforts across the entire data available in your business. At Shopify, we work to identify the pain points of running a business and use data to provide value to the merchants so they have a better experience as an entrepreneurs.

So, there is huge value we can mine and surface. And when we talk about advanced analytics, we’re not talking about just basic business analytics; we’re talking also about applying AI, machine learning, prediction, forecasting and even prescriptive analytics.

Most CIOs are acutely aware that AI and advanced analytics should be part of a BI innovation strategy. But even big companies are having trouble finding skilled people to do this work.

Hilal: It’s a problem every company will face, because the skilled data scientist is still scarce compared to the need. One challenge is that the people who have the technical abilities to do this strong analytical work don’t always have the business acumen that is needed for an experienced data scientist. They might be very smart in doing sophisticated analysis, but if we don’t tie that with business acumen, they fail to communicate the business value and enable the decision-makers with useful insights. Furthermore, the lack of business acumen makes it challenging to build data products you can utilize or sell. So, you need to build the right kind of team.

Community and university collaborations are one of the strongest approaches that big companies are adopting; you can see that Google, Uber and Shopify, for example, are all partnering with university research labs and reaping the benefits from a technical perspective. They have the technical team and the business acumen team, which then brings the work in-house to focus on data analytics products. So, you get to bridge the gap between this amazing research initiative and the productization of the results.

Another benefit is that with these partnerships, researchers with very strong technical AI and statistical backgrounds can also develop business acumen, because they are working closely with product managers and production teams. This is definitely a longer-term strategy. Wearing my research hat, I can say that universities are also working hard to introduce programs with a mix of computer science and machine learning, programs with a good mix of the old pillars of data science and new approaches.

So, companies need to come up with new frameworks for capitalizing on data. Are there pitfalls companies want to keep in mind?

Hilal: You’ll hear me say this time and time again: We all need to have a sense of responsible innovation. We’re in this industrial race to build really good products that can succeed in the market, and we need to keep in mind that we are building these products for ourselves, as well as for others.

When we create these products, it is the distributed responsibility of all of us to make sure that we embed our morals and ethics in them, making sure they are secure, they are private, they don’t discriminate. At Shopify, we are always asking ourselves, ‘Will this close or open a door for a merchant?’ It is not enough that our products are functional; they have to maintain certain ethical standards, as well.

We’ve reported on how the IoT space may pose a threat because developers are under such pressure to get these products to market that considerations like security and ethics and who owns the data are an afterthought.

Hilal: We should not be putting anything out there that we wouldn’t want in our own homes. But this is not just about AI or IoT. Whether it is a piece of software or hardware system, we need to make sure that security is not a bolt-on, or that privacy is fixed after the fact with a new policy statement — these things need to be done early on and need to be thought of before and throughout the production process.