Summary Bullets:

• It turns out a recent bombshell report detailing how rogue microchips infected an unknown number of computer servers may not be true.

• The event illustrates that supply chain risk is legitimate, and enterprises must plan for the risk and implement methods to detect such compromises.

Cybersecurity’s biggest mystery is centered on a microchip so small, it might not even exist.

It all started on 4 October, when U.S. news agency Bloomberg reported that many of the motherboards manufactured by Super Micro Computer had been compromised before they ever left the factory. Continue reading “Super Micro Supply Chain Attack May Be Fake, But Supply Chain Risk is Genuine” →

Summary Bullets:

• Consumers’ unease with the misinformation, disinformation, and mishandling of personal digital data is driving new regulations and investment in developing new ways to protect content.
• Inrupt, a startup founded by Tim Berners-Lee, wants to shake up the status quo with technology that will effectively decentralize the web and put more control in the hands of end users.

Twenty-nine years after the first successful Internet transmission using Hypertext Transfer Protocol (HTTP), the protocol’s developer, Tim Berners-Lee, wants to disrupt the web status quo. In an effort to address mounting concerns about privacy on the web, Berners-Lee is forging a path to return control over data access and storage to end users. Berners-Lee’s new startup, Inrupt, is pushing for adoption of an open source platform which could, if widely implemented, effectively decentralize the web. The platform, known as ‘Solid,’ takes aim at the current digital data model in which a relatively small number of dominant web players maintain significant access and storage control over the majority of end-user information. Continue reading “Web Pioneer Lays Out Ambitious Plan to Disrupt Digital World Order” →

Summary Bullets:

• AI and machine learning are reducing the constraints of traditional SOC operations.
• Time saved through resulting automation can be put to use on high-priority investigation and response.

Recently, classic rock band The Kinks brought out a previously unreleased track called “Time Song,” which muses on the slippery ubiquity of this thing called time:

Time is ahead of us
Above and below us
Is standing beside us
And looking down on us…

While the song’s message is universal, that last part of the quoted lyrics above may be true when it comes to the key realities of security operations management. The number of person hours available does not come close to the number required to investigate every incident reported by an organization’s systems and users. When it takes a security analyst 10 to 15 minutes to research each incident, but the number of incidents pouring in via collected intelligence is in the hundreds or thousands daily, it can indeed feel like time itself is “looking down on us” and cruelly watching us fail to keep pace. Continue reading “Advanced SOC Capabilities Give Back Time” →

Summary Bullets:

• Facebook executives have been on a summer apology tour after the Cambridge Analytica fiasco came to light but new information surfaced that shows the company is still not adequately protecting consumer personal data.
• Lawmakers aren’t waiting for tech to self-regulate with California’s legislature passing a sweeping consumer privacy bill and federal regulators looking to follow suit.

Digital advertising, an $88 billion industry in 2017, is driving notable revenue expansion for some of the top social media platforms.  However, this growth has brought with it some questionable practices in how user information is mined and shared.  Facebook became a focus of intense scrutiny when it came to light that during the 2016 U.S. presidential election U.K.-based political consulting house Cambridge Analytical tapped data from tens of millions of Facebook users to build out voter profiles without express permission.  Facebook executives conducted something of an apology tour, testifying in front of a U.S. Congressional Committee and promising more transparency about how user data is handled and applied. Continue reading “Privacy and Data Integrity in the Disinformation Era” →

Summary Bullets:

• Software-defined networking is turning concern about security in the cloud on its head, enabling a winning model for protecting businesses.
• Enterprises get predictable cost and value, security vendors streamline go-to-market and service delivery, and network providers gain revenue from vendor partners by hosting ecosystems in a B2B2B role.

Protecting a business network has traditionally meant plugging in a bunch of different security ‘appliances,’ in each business location, to protect all the many different devices and machines connected to the LAN or WAN. Managing the process can be a nightmare for companies of even a modest size, to the point where many often simply give up. Continue reading “When Cloud-Based Security Can Mean Everybody Wins” →

Summary Bullets:

• Enterprises and communities should have clear aims when considering smart city projects.
• Smart cities should be built on a per-project basis rather than looking at the city/community as a whole.

There have been successful ‘smart city’ projects.  Orange Business Services (OBS) has enjoyed success working with Saudi Arabia on large-scale projects in the kingdom.  OBS has also helped ski resorts identify where visitors are travelling from and how they can make it easier for them to visit their resort.  This later example is not strictly a smart city program, but both of these projects point to important aspects of why projects seeking to use technology to aid communities can succeed and fail. Continue reading “Be Smarter When Building Smart Cities” →