Skip to content

Posts from the ‘Enterprise software’ Category

How An AI Platform Is Matching Employees And Opportunities

How An AI Platform Is Matching Employees And Opportunities

Instead of relying on data-driven signals of past accomplishments, Eightfold.ai is using AI to discover the innate capabilities of people and matching them to new opportunities in their own companies.

Bottom Line: Eightfold.ai’s innovative approach of combining their own AI and virtual hackathons to create and launch new additions to their Project Marketplace rapidly is a model enterprises need to consider emulating.

Eightfold.ai was founded with the mission that there is a right career for everyone in the world. Since its founding in 2016, Eightfold.ai’s Talent Intelligence Platform continues to see rapid global growth, attracting customers across four continents and 25 countries, supporting 15 languages with users in 110 countries. Their Talent Intelligence Platform is built to assist enterprises with Talent Acquisition and Management holistically.

What’s noteworthy about Eightfold.ai’s approach is how they have successfully created a platform that aggregates all available data on people across an enterprise – from applicants to alumni – to create a comprehensive Talent Network. Instead of relying on data-driven signals of past accomplishments, Eightfold.ai is using AI to discover the innate capabilities of people and matching them to new opportunities in their own companies. Eightfold’s AI and machine learning algorithms are continuously learning from enterprise and individual performance to better predict role, performance and career options for employees based on capabilities.

How Eightfold Sets A Quick Pace Innovating Their Marketplace

Recently Eightfold.ai announced Project Marketplace, an AI-based solution for enterprises that align employees seeking new opportunities and companies’ need to reskill and upskill their employees with capabilities that line up well with new business imperatives. Eightfold wanted to provide employees with opportunities to gain new skills through experiential learning, network with their colleagues, join project teams and also attain the satisfaction of helping flatten the unemployment curve outside. Project Marketplace helps employers find hidden talent, improve retention strategies and gain new knowledge of who has specific capabilities and skills. The following is a screen from the Marketplace that provides employees the flexibility of browsing all projects their unique capabilities qualify them for:

How An AI Platform Is Matching Employees And Opportunities

Employees select a project of interest and are immediately shown how strong of a match they are with the open position. Eightfold provides insights into relevant skills that an employee already has, why they are a strong match and the rest of the project team members – often a carrot in itself. Keeping focused on expanding employee’s capabilities, Eightfold also provides guidance of which skills an employee will learn. The following is an example of what an open project positions looks like:

How An AI Platform Is Matching Employees And Opportunities

How An AI Platform Is Matching Employees And Opportunities

Employee applicants can also view all the projects they currently have open from the My Projects view shown below:

How An AI Platform Is Matching Employees And Opportunities

Project Marketplace is the win/win every employee has yearned for as they start to feel less challenged in their current position and start looking for a new one, often outside their companies. I recently spoke with Ashutosh Garg, CEO and Co-Founder and Kamal Ahluwalia, Eightfold’s President, to see how they successfully ran a virtual hackathon across three continents to keep the Marketplace platform fresh with new features and responsive to the market.

How to Run A Virtual Hackathon

Starting with the hackathon, Eightfold relied on its own Talent Intelligence Platform to define the teams across all three continents, based on their employees’ combined mix of capabilities. Ashutosh, Kamal and the senior management team defined three goals of the hackathon:

  1. Solve problems customers are asking about with solutions that are not on the roadmap yet.
  2. Accelerate time to value for customers with new approaches no one has thought of before.
  3. Find new features and unique strengths that further strengthen the company’s mission of finding the right career for everyone in the world.

It’s fascinating to see how AI, cybersecurity and revenue management software companies continue to innovate at a fast pace delivering complex apps with everyone being remote. I asked Ashutosh how he and his management team approached the challenge of having a hackathon spanning three continents deliver results. Here’s what I learned from our discussion and these lessons are directly applicable to any virtual hackathon today:

  1. Define the hackathon’s purpose clearly and link it to the company mission, explaining what’s at stake for customers, employees and the millions of people looking for work today – all served by the Talent Intelligence Platform broadening its base of features.
  2. Realize that what you are building during the hackathon will help set some employees free from stagnating skills allowing them to be more employable with their new capabilities.
  3. The hackathon is a chance to master new skills through experiential learning, further strengthening their capabilities as well. And often learning from some of the experts in the company by joining their teams.
  4. Reward risk-taking and new innovative ideas that initially appear to be edge cases, but can potentially be game changers for customers.

I’ve been interviewing CEOs from startups to established enterprise software companies about how they kept innovation alive during the lockdown. CEOs have mentioned agile development, extensive use of Slack channels and daily virtual stand-ups. Ashutosh Garg is the only one to mention how putting intrinsic motivation into practice, along with these core techniques, binds hackathon teams together fast. Dan Pink’s classic TED Talk, The Puzzle of Motivation, explains intrinsic motivators briefly and it’s clear they have implications on a hackathon succeeding or not.

Measuring Results Of the Hackathon

Within a weekend, Project Marketplace revealed several new rock stars amongst the Eightfold hackathon teams. Instead of doing side projects for people who had time on their hands, this Hackathon was about making Eightfold’s everyday projects better and faster. Their best Engineers and Services team members took a step back, re-looked at the current approaches and competed with each other to find better and innovative ways. And they all voted for the most popular projects and solutions – ultimate reward in gaining the respect of your peers. As well as the most “prolific coder” for those who couldn’t resist working on multiple teams.

Conclusion

Remote work is creating daunting challenges for individuals at home as well as for companies. Business models need to change and innovation cannot take a back seat while most companies have employees working from home for the foreseeable future. Running a hackathon during a global lockdown and making it deliver valuable new insights and features that benefit customers now is achievable as Eightfold’s track record shows. Project marketplace may prove to be a useful ally for employees and companies looking to stay true to their mission and help each other grow – even in a pandemic. This will create better job security, a culture of continuous learning, loyalty and more jobs. AI will change how we look at our work – and this is a great example of inspiring innovation.

 

What’s New In Gartner’s Hype Cycle For Endpoint Security, 2020

What’s New In Gartner’s Hype Cycle For Endpoint Security, 2020

  • Remote working’s rapid growth is making endpoint security an urgent priority for all organizations today.
  • Cloud-first deployment strategies dominate the innovations on this year’s Hype Cycle for Endpoint Security.
  • Zero Trust Security (ZTNA) is gaining adoption in enterprises who realize identities are the new security perimeter of their business.
  • By 2024, at least 40% of enterprises will have strategies for adopting Secure Access Service Edge (SASE) up from less than 1% at year-end 2018.

These and many other new insights are from Gartner Hype Cycle for Endpoint Security, 2020 published earlier this year and the recent announcement, Gartner Says Bring Your Own PC Security Will Transform Businesses within the Next Five Years. Gartner’s definition of Hype Cycles includes five phases of a technology’s lifecycle and is explained here.  There are 20 technologies on this year’s Hype Cycle for Endpoint Security. The proliferation of endpoint attacks, the rapid surge in remote working, ransomware, fileless and phishing attacks are together, creating new opportunities for vendors to fast-track innovation. Cloud has become the platform of choice for organizations adopting endpoint security today, as evidenced by the Hype Cycle’s many references to cloud-first deployment strategies.  The Gartner Hype Cycle for Endpoint Security, 2020, is shown below:

What’s New In Gartner’s Hype Cycle For Endpoint Security, 2020

 

Details Of What’s New In Gartner’s Hype Cycle for Endpoint Security, 2020

  • Five technologies are on the Hype Cycle for the first time reflecting remote working’s rapid growth and the growing severity and sophistication of endpoint attacks. Unified Endpoint Security, Extended Detection and Response, Business E-Mail Compromise Protection, BYOPC Security and Secure Access Service Edge (SASE) are the five technologies added this year. Many organizations are grappling with how to equip their remote workforces with systems, devices and smartphones, with many reverting to have employees use their own. Bring your PC (BYOPC) has become so dominant so fast that Gartner replaced BYOD on this year’s Hype Cycle with the new term. Gartner sees BYOPC as one of the most vulnerable threat surfaces every business has today. Employees’ devices accessing valuable data and applications continues to accelerate without safeguards in place across many organizations.
  • Extended detection and response (XDR) are on the Hype Cycle for the first time, reflecting the trend of vendor consolidation across cybersecurity spending today. Gartner defines XDR as a vendor-specific, threat detection and incident response tool that unifies multiple security products into a security operations system. XDR and its potential to reduce the total cost and complexity of cybersecurity infrastructures is a dominant theme throughout this year’s Hype Cycle. XDR vendors are claiming that their integrated portfolios of detection and response applications deliver greater accuracy and prevention than stand-alone systems, driving down Total Cost of Ownership (TCO) and increasing productivity. Key vendors in XDR include Cisco, FireEye, Fortinet, McAfee, Microsoft, Palo Alto Networks, Sophos, Symantec and Trend Micro.
  • Business email compromise (BEC) protection is on the Hype Cycle for the first time this year. Phishing attacks cost businesses $1.8B in 2019, according to the FBI, underscoring the need for better security in the area of business email. Gartner defines business email compromise (BEC) protection as a series of solutions that detect and filter malicious emails that fraudulently impersonate business associates to misdirect funds or data. There have been many instances of business email compromise attacks focused on C-level executives, hoping that a fraudulent directive from them to subordinates leads to thousands of dollars being transferred to outside accounts or being sent in gift cards. Gartner found that fraudulent invoices accounted for 39% of such attacks in 2018, posing an internal risk to organizations and reputation risk.
  • Unified Endpoint Security (UES) is being driven by IT organizations’ demand for having a single security console for all security events. Gartner notes that successful vendors in UES will be those that can demonstrate significant productivity gains from the integration of security and operations and those that can rapidly process large amounts of data to detect previously unknown threats. CIOs and CISOs are looking for a way to integrate UES and Unified Endpoint Management (UEM), so their teams can have a single, comprehensive real-time console of all devices that provides alerts of any security events. The goal is to adjust security policies across all devices. Absolute’s approach to leveraging their unique persistence, resilience and intelligence capabilities are worth watching. Their approach delivers unified endpoint security by relying on their Endpoint Resilience platform that includes a permanent digital tether to every endpoint in the enterprise. By having an undeletable digital thread to every device, Absolute is enabling self-healing, greater visibility and control. Based on conversations with their customers in Education and Healthcare, Absolute’s unique approach gives IT complete visibility into where every device is at all times and what each device configuration looks like in real-time.
  • Unified Endpoint Management (UEM) is expanding rapidly beyond managing PCs and mobile devices to provide greater insights from endpoint analytics and deeper integration Identity and Access Management. Gartner notes interest in UEM remains strong and use-case-driven across their client base. UEM’s many benefits, including streamlining continuous OS updates across multiple mobile platforms, enabling device management regardless of the connection and having an architecture capable of supporting a wide range of devices and operating systems are why enterprises are looking to expand their adoption of UEM. Another major benefit enterprises mention is automating Internet-based patching, policy, configuration management. UEM leaders include MobileIron, whose platform reflects industry leadership with its advanced unified endpoint management (UEM) capabilities. MobileIron provides customers with additional security solutions integrated to their UEM platform, including passwordless multi-factor authentication (Zero Sign-On) and mobile threat defense (MTD). MTD is noteworthy for its success at MobileIron customers who need to validate devices at scale, establish user context, verify network connections, then detect and remediate threats.
  •  Gartner says ten technologies were either removed or replaced in the Hype Cycle because they’ve evolved into features of broader technologies or have developed into tools that address more than security. The ten technologies include protected browsers, DLP for mobile devices, managed detection and response, user and entity behavior analytics, IoT security, content collaboration platforms, mobile identity, user authentication, trusted environments and BYOD being replaced by BYOPC.

 

Why Digital Transformation Always Needs To Start With Customers First

Why Digital Transformation Always Needs To Start With Customers First

Customers’ expectations, preferences, changing patterns in how and why they purchase need to be the core of any digital transformation effort.

Customers’ expectations, preferences, changing patterns in how and why they purchase need to be the core of any digital transformation effort. With it, digital transformation projects flourish and take on a life of their own. Without it, I’ve seen digital transformation projects become myopic, narrowly focused, substituting internal metric gains for measures that matter most to customers.

Digital Maturity Drives Revenue

Anyone who has worked on a digital transformation project quickly sees how the most digitally mature organizations can turn their investments in transformation into revenue by overwhelming customers with value. Initiatives that put customers first can serve to generate greater confidence among C-level executives and board members, leading to more funding. This is because business cases for customer-centric digital transformation projects are easier to create, more defensible and best of all, point to revenue gains and cost reductions.

Deloitte Insights’ recent survey uncovering the connection between digital maturity and financial performance accurately reflects the true state of customer-centric digital transformation. The article explains how the more digitally mature an organization is, the more achievable gains are in diversity and inclusion, Corporate Social Responsibility (CSR), customer satisfaction, product quality, gross margin and long-term financial performance. Deloitte’s latest study finds a strong correlation between the digital maturity of an enterprise and its net revenue and net profit margin. The following graphic makes clear how valuable pursuing digital maturity is, with customers being at the center of all transformation efforts. This contributes to greater net revenue and net profit margin growth:

A fascinating point regarding Deloitte Insights’ research is the correlation it uncovered between an organization’s digital transformation maturity and the benefits they gain in efficiency, revenue growth, product/service quality, customer satisfaction and employee engagement. They found a hierarchy of pivots successful enterprises make to keep pursuing more agile, adaptive organizational structures combined with business model adaptability, all driven by customer-driven innovation. The most digitally mature organizations can adopt new frameworks that prioritize market responsiveness, customer-centricity and have analytics and data-driven culture with actionable insights embedded in their DNA.

Mastering Data & Removing Roadblocks Are Key To Driving Customer Value

The two highest-payoff areas for accelerating digital maturity and achieving its many benefits are mastering data and creating more intelligent workflows. Deloitte Insights’ research team looked at the seven most effective digital pivots enterprises can make to become more digitally mature. The pivots that paid off the best as measured by revenue, margin, customer satisfaction, product/service quality and employee engagement combined data mastery and improving intelligent workflows. The following graphic shows how 51% of revenue growth can be explained by these two factors alone and 49% of improved customer satisfaction.

Data mastery and intelligent workflows are among the easiest areas to measure and include in a business case for digital transformation projects aimed at delivering a transcendent customer experience. Choosing to excel on the dimension of customer-centric data mastery gives enterprises the insights they need to create their unique omnichannel platforms. Adding in intelligent workflows that give customers the freedom to buy how, where and when they choose across any digital platform is the cornerstone of entirely new digital business models today. Capturing the voice of the customer and combining data mastery and intelligent workflows to gain an accurate, true 360-degree view of customers is invaluable for every aspect of go-to-market strategies.

Achieving Digital Maturity Requires A Framework

Enterprises that have customer centricity and a data-driven mindset are the most likely to succeed with a digital transformation initiative. As the Deloitte Insights study inferred, the most digitally mature organizations are continually adapting to customer and market dynamics. They’re prioritizing market responsiveness, striving to improve customer-centricity and have data-driven cultures with actionable insights as part of their DNA. Enterprises who see new digital business model opportunities and act on them capitalize on these three areas of organizational strength. They’re also able to combine their data mastery and intelligent workflows to identify areas of competitive opportunity to help them excel for their customers.

Consider how cybersecurity is now part of any customer experience, for good and bad. Multi-factor Authentication (MFA) and many other forms of identity verification secure customer transactions, yet they can also cause dissatisfaction. For any digitally mature enterprise, integrating cybersecurity into their existing framework is a challenge. The growth of new frameworks designed to empower greater customer-centricity, agility and actionable insights across every facet of a business is a fascinating area of watch.

One of the more interesting is BMC’s Autonomous Digital Enterprise (ADE) framework, which is shown below. Mapping Deloitte Insights’ top investment priorities for the next 12 months across all digital maturity levels to the ADE framework shows why frameworks like BMC’s are gaining adoption, particularly as organizations look to run and reinvent themselves with new digital business models built around AI/ML capabilities. The following graphic provides insights into how Deloitte’s top investment priorities are integral to BMC’s Autonomous Digital Enterprise Framework and its many contributions to the success of new digital business growth.

Conclusion

Quantifying the impact of having a customer-centric digital transformation strategy has proved elusive until recently. Deloitte Insights’ research shows how digital maturity enables greater gains from customer-centric digital transformation efforts. What’s fascinating about their research is how the progression of digital pivots leads to improved margin, revenue, customer satisfaction, diversity and inclusion and product quality gains. Equally interesting is the growing utility of frameworks like BMC’s, which are designed to enable long-standing enterprises to seamlessly embrace new digital business models, so they can flex and change with the world around them.

 

 

Where AIOps Is Delivering Results Today

Where AIOps Is Delivering Results Today

Bottom Line: Capitalizing on AI and machine learning’s inherent strengths to create contextual intelligence in real-time, LogicMonitor’s early warning and failure prevention systems reflect where AIOps is delivering results today.

LogicMonitor’s track record of making solid contributions to their customers’ ability to bring greater accuracy, insight, and precision into monitoring all IT assets is emerging as a de facto industry standard. Recently I was speaking with a startup offering Hosted Managed Services of a variety of manufacturing applications, and the must-have in their services strategy is LogicMonitor LM Intelligence. LogicMonitor’s AIOps platform is powered by LM Intelligence, enabling customers’ businesses to gain early warning into potential trouble spots in IT operations stability and reliability. LogicMonitor does the hard work for you with automated alert thresholds, AI-powered early warning capabilities, customizable escalation chains, workflows, and more.

Engineers who are working at the Hosted Managed Services provider I recently spoke with say LM Intelligence is the best use case of AI and machine learning to provide real-time alerts, contextual insights, discover new patterns in data, and make automation achievable. The following is an example of the LM Intelligence dashboard:

Where AIOps Is Delivering Results Today

How LogicMonitor’s Architecture Supports AIOps

One of the core strengths LogicMonitor continues to build on is integration, which they see as essential to their ability to excel at providing AIOps support for their customers. Their architecture is shown below. By providing real-time integration to public cloud platforms, combined with control over the entire IT infrastructure structure along with over 2,000 integrations from network to cloud, LogicMonitor excels at unifying diverse IT environments into a single, cohesive AIOps-based intelligence system.  The LogicMonitor platform collects cloud data through our cloud collectors. These collectors retrieve metrics such as the cloud provider health and billing information by making API calls to the cloud services. The collector is a Windows Service or background process that is installed in a virtual machine. This collector then pulls metrics from the different devices using a variety of different methods, including SNMP, WMI, perf Mon JMX, APIs, and scripts.

Where AIOps Is Delivering Results Today

Using AIOps To Monitor, Analyze, Automate

LogicMonitor has created an architecture that’s well-suited to support the three dominant dimensions of AIOps, including Monitoring, Analytics (AIOps), and Automating. Their product and services strategies in the past have reflected a strong focus on Monitoring. The logic of prioritizing Monitoring as a product strategy area was to provide the AI and machine learning models with enough data to train on so they could identify anomalies in data patterns faster. Their 2018/2019 major releases in the Monitor area reflect how the unique strength they have of capturing and making use of any IT asset that can deliver a signal is paying off. Key Monitor developers recently include the following:

  • Kubernetes Monitoring
  • Service Insight
  • Topology
  • Remote Sessions
  • Netflow
  • Configuration Monitoring
  • Public Cloud Monitoring
  • Applications Monitoring

LogicMonitor’s core strengths in AIOps are in the Anomaly Detection and Early Warning System areas of their product strategy. Their rapid advances in the Early Warning System development show where AIOps is delivering solid results today. Supporting the Early Warning System, there are Dynamic Thresholds and Root Cause Analysis based on Dependencies as well.

The Automate area of their product strategy shows strong potential for future growth, with the ServiceNow integration having upside potential. Today Alert Chaining and Workflow support integrations to Ansible, Terraform, Slack, Microsoft, Teama, Putter, Terraform, OpsGenie, and others.

Conclusion

LogicMonitor’s platform handles 300B metrics on any given day and up to 10B a month, with over 28K collectors deployed integrated with approximately 1.4M devices being monitored. Putting AI and machine learning to work, interpreting the massive amount of data the platform captures every day to fine-tune their Early Warning and Failure Prevention Systems, is one of the most innovative approaches to AIOps today. Their AIOps Early Warning System is using machine learning Algorithms to fine-tune Root Cause Analysis and Dynamic Thresholds continually. AIOps Log Intelligence is also accessing the data to complete Automatic Log Anomaly Detection, Infrastructure change detection, and Log Volume Reduction to Signal analysis.

 

 

 

5 Ways Machine Learning Can Thwart Phishing Attacks

5 Ways Machine Learning Can Thwart Phishing Attacks

Mobile devices are popular with hackers because they’re designed for quick responses based on minimal contextual information. Verizon’s 2020 Data Breach Investigations Report (DBIR) found that hackers are succeeding with integrated email, SMS and link-based attacks across social media aimed at stealing passwords and privileged access credentials. And with a growing number of breaches originating on mobile devices according to Verizon’s Mobile Security Index 2020, combined with 83% of all social media visits in the United States are on mobile devices according to Merkle’s Digital Marketing Report Q4 2019, applying machine learning to harden mobile threat defense deserves to be on any CISOs’ priority list today.

How Machine Learning Is Helping To Thwart Phishing Attacks

Google’s use of machine learning to thwart the skyrocketing number of phishing attacks occurring during the Covid-19 pandemic provides insights into the scale of these threats. On a typical day, G-Mail blocks 100 million phishing emails. During a typical week in April of this year, Google’s G-Mail Security team saw 18M daily malware and phishing emails related to Covid-19. Google’s machine learning models are evolving to understand and filter phishing threats, successfully blocking more than 99.9% of spam, phishing and malware from reaching G-Mail users. Microsoft thwarts billions of phishing attempts a year on Office365 alone by relying on heuristics, detonation and machine learning strengthened by Microsoft Threat Protection Services.

42% of the U.S. labor force is now working from home, according to a recent study by the Stanford Institute for Economic Policy Research (SIEPR). The majority of those working from home are in professional, technical and managerial roles who rely on multiple mobile devices to get their work done. The proliferating number of threat surfaces all businesses have to contend with today is the perfect use case for thwarting phishing attempts at scale.

What’s needed is a machine learning engine capable of analyzing and interpreting system data in real-time to identify malicious behavior. Using supervised machine learning algorithms that factor in device detection, location, user behavior patterns and more to anticipate and thwart phishing attacks is what’s needed today. It’s a given that any machine learning engine and its supporting platform needs to be cloud-based, capable of scaling to analyze millions of data points. Building the cloud platform on high-performing computing clusters is a must-have, as is the ability to iterative machine learning models on the fly, in milliseconds, to keep learning new patterns of potential phishing breaches. The resulting architecture would be able to learn over time and reside on the device recursively. Protecting every endpoint if it’s connected to WiFi or a network or not is a key design goal that needs to be accomplished as well. MobileIron recently launched one of the most forward-thinking approaches to solving this challenge and its architecture is shown below:

5 Ways Machine Learning Can Thwart Phishing Attacks

Five Ways Machine Learning Can Thwart Phishing Attacks 

The one point of failure machine learning-based anti-phishing apps continue to have is lack of adoption. CIOs and CISOs I’ve spoken with know there is a gap between endpoints secured and the total endpoint population. No one knows for sure how big that gap is because new mobile endpoints get added daily. The best solution to closing the gap is by enabling on-device machine learning protection. The following are five ways machine learning can thwart phishing attacks using an on-device approach:

1.    Have machine learning algorithms resident on every mobile device to detect threats in real-time even when a device is offline.  Creating mobile apps that include supervised machine learning algorithms that can assess a potential phishing risk in less than a second is what’s needed. Angular, Python, Java, native JavaScript and C++ are efficient programming languages to provide detection and remediation, so ongoing visibility into any malicious threat across all Android and iOS mobile devices can be tracked, providing detailed analyses of phishing patterns. The following is an example of how this could be accomplished:

5 Ways Machine Learning Can Thwart Phishing Attacks

2.    Using machine learning to glean new insights out of the massive amount of data and organizations’ entire population of mobile devices creates a must-have.  There are machine learning-based systems capable of scanning across an enterprise of connected endpoints today. What’s needed is an enterprise-level approach to seeing all devices, even those disconnected from the network.

3.    Machine learning algorithms can help strengthen the security on every mobile device, making them suitable as employees’ IDs, alleviating the need for easily-hackable passwords. According to Verizon, stolen passwords cause 81% of data breaches and 86% of security leaders would do away with passwords, if they could, according to a recent IDG Research survey. Hardening endpoint security to the mobile device level needs to be part of any organizations’ Zero Trust Security initiative today. The good news is machine learning algorithms can thwart hacking attempts that get in the way making mobile devise employees’ IDs, streamlining system access to the resources they need to get work done while staying secure.

4.    Keeping enterprise-wide cybersecurity efforts focused takes more than after-the-fact analytics and metrics; what’s needed is look-ahead predictive modeling based machine learning data captured at the device endpoint.  The future of endpoint resiliency and cybersecurity needs to start at the device level. Capturing data at the device level in real-time and using it to train algorithms, combined with phishing URL lookup, and Zero Sign-On (ZSO) and a designed-in Zero Trust approach to security are essential for thwarting the increasingly sophisticated breach attempts happening today.

5.    Cybersecurity strategies and the CISOs leading them will increasingly be evaluated on how well they anticipate and excel at compliance and threat deterrence, making machine learning indispensable to accomplishing these tasks. CISOs and their teams say compliance is another area of unknowns they need greater predictive, quantified insights into. No one wants to do a compliance or security audit manually today as the lack of staff due to stay-at-home orders makes it nearly impossible and no one wants to jeopardize employee’s health to get it done.  CISOs and teams of security architects also need to put as many impediments in front of threat actors as possible to deter them, because the threat actor only has to be successful one time, while the CISO/security architect have to be correct 100% of the time. The answer is to combine real-time endpoint monitoring and machine learning to thwart threat actors while achieving greater compliance.

Conclusion

For machine learning to reach its full potential at blocking phishing attempts today and more advanced threats tomorrow, every device needs to have the ability to know if an email, text or SMS message, instant message, or social media post is a phishing attempt or not. Achieving this at the device level is possible today, as MobileIron’s recently announced cloud-based Mobile Threat Defense architecture illustrates. What’s needed is a further build-out of machine learning-based platforms that can adapt fast to new threats while protecting devices that are sporadically connected to a company’s network.

Machine learning has long been able to provide threat assessment scores as well. What’s needed today is greater insights into how risk scores relate to compliance. Also, there needs to be a greater focus on how machine learning, risk scores, IT infrastructure and the always-growing base of mobile devices can be audited. A key goal that needs to be achieved is having compliance actions and threat notifications performed on the device to shorten the “kill chain” and improve data loss prevention.

Answers To Today’s Toughest Endpoint Security Questions In The Enterprise

Answers To Today's Toughest Endpoint Security Questions In The Enterprise

  • Enterprises who are increasing the average number of endpoint security agents from 9.8 last year to 10.2 today aren’t achieving the endpoint resilience they need because more software agents create more conflicts, leaving each endpoint exposed to a potential breach.
  • 1 in 3 enterprise devices is being used with a non-compliant VPN, further increasing the risk of a breach.
  • 60% of breaches can be linked to a vulnerability where a patch was available, but not applied. Windows 10 devices in enterprises are, on average, 95 days behind on patches.

CIOs, CISOs and cybersecurity teams say autonomous endpoint security is the most challenging area they need to strengthen in their cybersecurity strategy today. Software agents degrade faster than expected and conflict with each other, leaving endpoints exposed. Absolute’s 2020 State of Endpoint Resilience Report quantifies the current state of autonomous endpoint security, the scope of challenges CISOs face today and how elusive endpoint resiliency is to achieve with software agents. It’s an insightful read if you’re interested in autonomous endpoint security.

Endpoint Security Leads CISOs’ Priorities In 2020

With their entire companies working remotely, CIOs and CISOs I’ve spoken with say autonomous endpoint security is now among their top three priorities today. Cutting through the endpoint software clutter and turning autonomous endpoint security into a strength is the goal. CISOs are getting frustrated with spending millions of dollars among themselves only to find out their endpoints are unprotected due to software conflicts and degradation.  Interested in learning more, I spoke with Steven Spadaccini, Vice President, Sales Engineering at Absolute Software and one of the most knowledgeable autonomous endpoint cybersecurity experts I’ve ever met. Our conversation delved into numerous cybersecurity challenges enterprise CIOs and CISOs are facing today. My interview with him is below:

The Seven Toughest Questions the C-Suite Is Asking About Endpoint Security

Louis: Thank you for your time today. I have seven questions from CIOs, CISOs and their teams regarding endpoint security. Let’s get started with their first one. What happens if an endpoint is compromised, how do you recover, encrypt, or delete its data?

Steven:  It’s a challenge using software agents, both security and/or management, to do this as each agents’ tools and features often conflict with each other, making a comprised endpoints’ condition worse while making it virtually impossible to recover, encrypt, delete and replace data. The most proven approach working for enterprises today is to pursue an endpoint resilience strategy. At the center of this strategy is creating a root of trust in the hardware and re-establishes communication and control of a device through an unbreakable digital tether. I’m defining Endpoint Resilience as an autonomous endpoint security strategy that ensures connectivity, visibility and control are achieved and maintained no matter what is happening at the OS or application level. Taking this approach empowers devices to recover automatically from any state to a secure operational state without user intervention. Trust is at the center of every endpoint discussion today as CIOs, CISOs and their teams want the assurance every endpoint will be able to heal itself and keep functioning

Louis: Do endpoint software security solutions fail when you lose access to the endpoint, or is the device still protected at the local level?

Steven: When they’re only protected by software agents, they fail all the time. What’s important for CISOs to think about today is how they can lead their organizations to excel at automated endpoint hygiene. It’s about achieving a stronger endpoint security posture in the face of growing threats. Losing access to an endpoint doesn’t have to end badly; you can still have options to protect every device. It’s time for enterprises to start taking a more resilient-driven mindset and strategy to protecting every endpoint – focus on eliminating dark endpoints. One of the most proven ways to do that is to have endpoint security embedded to the BIOS level every day. That way, each device is still protected to the local level. Using geolocation, it’s possible to “see” a device when it comes online and promptly brick it if it’s been lost or stolen.

Louis: How can our cybersecurity team ensure compliance that all cybersecurity software is active and running on all endpoints?

Steven: Compliance is an area where having an undeletable tether pays off in a big way. Knowing what’s going on from a software configuration and endpoint security agent standpoint – basically the entire software build of a given endpoint – is the most proven way I’ve seen CISOs keep their inventory of devices in compliance. What CISOs and their teams need is the ability to see endpoints in near real-time and predict which ones are most likely to fail at compliance. Using a cloud-based or SaaS console to track compliance down to the BIOS level removes all uncertainty of compliance. Enterprises doing this today stay in compliance with HIPAA, GDPR, PCI, SOX and other compliance requirements at scale. It’s important also to consider how security automation and orchestration kicks on to instantly resolve violations by revising security controls and configurations, restoring anti-malware, or even freezing the device or isolating it from data access. Persistent visibility and control give organizations what they need to be audit-ready at every moment.

Having that level of visibility makes it easy to brick a device. Cybersecurity teams using Absolute’s Persistence platform can lead to humorous results for IT teams, who call the bricking option a “fun button as they watch hackers continually try to reload new images and right after they’re done, re-brick the device again. One CIO told the story of how their laptops had been given to a service provider who was supposed to destroy them to stay in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and one had been resold on the black market, ending up in a 3rd world nation. As the hacker attempted to rebuild the machine, the security team watched as each new image was loaded at which time they would promptly brick the machine. After 19 tries, the hacker gave up and called the image rebuild “brick me.”

Louis: With everyone working remote today, how can we know, with confidence where a given endpoint device is at a moments’ notice?

Steven: That’s another use case where having an undeletable tether pays off in two powerful ways: enabling autonomous endpoint security and real-time asset management. You can know with 100% confidence where a given endpoint device is in real-time so long as the device is connected to a permanent digital tether . Even if the device isn’t reachable by your own corporate network it’s possible to locate it using the technologies and techniques mentioned earlier. CIOs sleep better at night knowing every device is accounted for and if one gets lost or stolen, their teams can brick it in seconds.

Louis: How can our IT and cybersecurity teams know all cybersecurity applications are active and protecting the endpoint?

Steven: By taking a more aggressive approach to endpoint hygiene, it’s possible to know every application, system configuration and attributes of user data on the device. It’s important not to grow complacent and assume the gold image IT uses to configure every new or recycled laptop is accurate. One CIO was adamant they had nine software agents on every endpoint, but Absolute’s Resilience platform found 16, saving the enterprise from potential security gaps. The gold image is an enterprise IT team was using had inadvertently captured only a subset of the total number of software endpoints active on their networks. Absolute’s Resilience offering and Persistence technology enabled the CIO to discover gaps in endpoint security the team didn’t know existed before.

Louis: How can we restrict the geolocations of every endpoint?

Steven: This is an area that’s innovating quickly in response to the needs enterprises have to track and manage assets across countries and regions. IP tracking alone isn’t as effective as the newer techniques, including GPS tracking, Wi-Fi triangulation, with both integrated into the Google Maps API. Enterprises whose business relies on Personal Identifiable Information (PII) is especially interested in and adopting these technologies today. Apria Healthcare is currently using geofencing for endpoint security and asset management. They have laptops in use today across Indonesia, the Philippines and India. Given the confidential nature of the data on those devices and compliance with local government data protection laws, each laptop needs to stay in the country they’re assigned to. Geofencing gives Apria the power to freeze any device that gets outside of its region within seconds, averting costly fines and potential breaches.

Louis: How can our IT team immediately validate an endpoint for vulnerabilities in software and hardware?

Steven: The quickest way is to design in audit-ready compliance as a core part of any endpoint resilience initiative. Endpoint resilience to the BIOS level makes it possible to audit devices and find vulnerabilities in real-time, enabling self-healing of mission-critical security applications regardless of complexity. The goal of immediately validating endpoints for current security posture needs to be a core part of any automated endpoint hygiene strategy. It’s possible to do this across platforms while being OS-agnostic yet still accessible to over 500M endpoint devices, deployed across Microsoft Windows, macOS via a Mac Agent and Chrome platforms.

Conclusion

Knowing if their autonomous endpoint security and enterprise-wide cybersecurity strategies are working or not is what keeps CIOs up the most at night. One CISO confided to me that 70% of the attempted breaches to his organization are happening in areas he and his team already knew were vulnerable to attack. Bad actors are getting very good at finding the weakest links of an enterprises’ cyber defenses fast. They’re able to look at the configuration of endpoints, see which software agents are installed, research known conflicts and exploit them to gain access to corporate networks. All this is happening 24/7 to enterprises today. Needing greater resilient, persistent connections to every device, CISOs are looking at how they can achieve greater resilience on every endpoint. Capitalizing on an undeletable tether to track the location of the device, ensure the device and the apps on that device have self-healing capabilities and gain valuable asset management data  – these are a few of the many benefits they’re after.

10 Ways AI Is Accelerating DevOps

10 Ways AI is Accelerating DevOps

Looking to reduce the delays DevOps teams are challenged with, software development tool providers are accelerating the pace of integrating AI- and Machine Learning technologies into their apps and platforms. Accelerating every phase of the Software Development Lifecycle (SDLC) while increasing software quality is the goal. And the good news is use cases are showing those goals are being accomplished, taking DevOps to a new level of accuracy, quality, and reliability.

What’s particularly fascinating about the ten ways AI is accelerating DevOps is how effective it is proving to be in assisting developers with the difficult, time-consuming tasks that take away from coding. One of the most time-consuming tasks is managing the many iterations and versions of requirements documents. A leader in using AI to streamline every phase of the SDLC and assist with managing requirements is Jira Software from Atlassian, widely considered the industry standard in this area of DevOps.

The following are ten ways AI is accelerating DevOps today:

  1. Improving DevOps productivity by relying on AL and ML to autosuggest code segments or snippets in real-time to accelerate development. DevOps teams interviewed for this article from several leading enterprise software companies competing in CRM, Supply Chain Management, and social media markets say this use case of AI is the most productive and has generated the greatest gains in accuracy. Initial efforts at using AI to autocomplete code were hit or miss, according to a DevOps lead at a leading CRM provider. She credits DevOps’ development tools providers’ use of supervised machine learning algorithms with improving how quickly models learn and respond to code requests. Reflecting what the DevOps teams interviewed for this article prioritized as the most valuable AI development in DevOps, Microsoft’s Visual Studio Intellicode has over 6 million installs as of today.
  2. Streamlining Requirements Management using AI is proving effective at improving the accuracy and quality of requirements documents capturing what users need in the next generation of an app or platform.  AI is delivering solid results streamlining every phase of creating, editing, validating, testing, and managing requirements documents. DevOps team members are using AI- and ML-based requirements management platforms to save time so they can get back to coding and creating software products often on tight deadlines. Getting requirements right the first time helps keep an entire project on the critical path of its project plan. Seeing an opportunity to build a business case of keeping projects on schedule, AI-powered software development tools providers are quickly developing and launching new apps in their area. It’s fascinating to watch how quickly Natural Language Processing techniques are being adopted into this area of DevOps tools. Enterprises using AI-based tools have been able to reduce requirements review times by over 50%.
  3. AI is proving effective at bug detection and auto-suggestions for improving code. At Facebook, a bug detection tool predicts defects and suggests remedies that are proving correct 80% of the time with AI tools learning to fix bugs automatically. Semmle CodeQL is considered the leading AI-based DevOps tool in this area. DevOps teams using CodeQL can track down vulnerabilities in code and also find logical variants in their entire codebase. Microsoft uses Semmle for vulnerability hunting. Security researchers in Microsoft’s security response team use Semmle QL to find variants of critical problems, allowing them to identify and respond to serious code problems and prevent incidents.
  4. AI is assisting in prioritizing security testing results and triaging vulnerabilities.  Interested in learning more about how ML can find code vulnerability in real-time, I spoke with Maty Siman, CTO Checkmarx, says that “even organizations with the most mature SDLCs often run into issues with prioritizing and triaging vulnerabilities. ML algorithms that focus on developers’ or AppSec teams’ attention on true positives and vulnerable components that pose a threat are key to navigating this challenge.” Maty also says that ML algorithms can be taught to understand that one type of vulnerability vs. another has a higher percentage of being a true positive. With this automated “vetting” process in place, teams can optimize and accelerate their remediation efforts in a much more informed manner.
  5. Improving software quality assurance by auto-generating and auto-running test cases based on the unique attributes of a given code base is another area where AI is saving DevOps teams valuable time. This is invaluable for stress-testing new apps and platforms across a wide variety of use cases. Creating and revising test cases is a unique skill set on any DevOps team, with the developers with this skill often being overwhelmed with test updates. AI-based software development tools are eliminating test coverage overlaps, optimizing existing testing efforts with more predictable testing, and accelerating progress from defect detection to defect prevention. AI-based software development platforms can identify the dependencies across complex and interconnected product modules, improving overall product quality in the process. Improving software quality enhances customer experiences, as well.
  6. AI is proving adept at troubleshooting defects in complex software apps and platforms after they’ve been released and shipped to customers. Enterprise software companies go to great lengths in their software QA processes to eliminate bugs, logic errors, and unreliable segments of code. Retrofitting releases or, worst case, recalling them is costly and impacts customers’ productivity. AI-based QA tools are proving effective at predicting which areas of an enterprise application will fail before being delivered into complex customer environments. AI is proving effective at root cause analysis, and also has proved effective in accelerating a leading CRM providers’ application delivery and a 72% reduction in time-to-restore in customers’ enterprise environments. Another DevOps team says they are using AI to auto-configure their applications’ settings to optimize performance in customer deployments.
  7. ML-based code vulnerability detection can spot anomalies reliably and alert DevOps teams in real-time. Maty Siman, CTO Checkmarx told me that, “assuming that your developers are writing quality, secure code, machine learning can set a baseline of “normal activity” and identify and flag anomalies from that baseline.” He continued, saying that “ultimately, we live in an IT and security landscape that’s evolving every minute of every day, requiring systems and tools that learn and adapt at the same, if not a greater, speed. Organizations and developers can’t do it alone and require solutions that improve the accuracy of threat detection to help them prioritize what matters most.” Spotting anomalies quickly and taking action on them is integral to building a business case for AI software-based QA and DevOps tools.
  8. Advanced DevOps teams are using AI to analyze and find new insights across all development tools, Application Performance Monitoring (APM), Software QA, and release cycle systems. DevOps teams at a leading Supply Chain Management (SCM) enterprise software provider are using AI to analyze why certain projects go so well and deliver excellent code while others get caught in perpetual review and code rewrite cycles. Using supervised machine learning algorithms, they’re able to see patterns and gain insights into their data. Becoming data-driven is quickly becoming part of their DNA, a DevOps lead told me this week on a call.
  9. Improving traceability within each release cycle to find where gaps in DevOps collaboration and data integration workflows can be improved.  AI is enabling DevOps teams to stay more coordinated with each other, especially across remote geographic locations. AI-driven insights are helping to see how shared requirements and specifications can reflect localization, unique customer requirements, and specific performance benchmarks.
  10. Creating a more integrated DevOps strategy where AI can deliver the most value depends on frameworks that can keep DevOps customer-centric while improving agility and nurturing an analytics-driven DNA to gain insights into operations. DevOps leaders interviewed for this article say integrating security into development cycles reduces bottlenecks that get in the way of staying on schedule. Several went on to say that frameworks capable of integrating Quality Assurance into the DevOps workflows are key. AI’s use cases taken together reflect the potential to revolutionize DevOps. Executing on this promise, however, requires a framework that empowers enterprise DevOps teams to deliver a transcendent customer experience, automate customer transactions, and provide support for automation everywhere. One of the leaders in this area is BMC’s Autonomous Digital Enterprise framework, which helps businesses harness AI/ML capabilities to run and reinvent in a rapidly transforming world. It’s helping enterprises innovate faster than their competitors by enabling the agility, customer centricity, and actionable insights integral to driving data-driven business outcomes.

Conclusion

Accelerating development cycles while ensuring the highest quality code gets produced is a challenge all DevOps teams face. AI is helping to accelerate every phase of DevOps development cycles by anticipating what developers need before they ask for it. Auto suggesting code segments, improving software quality assurance techniques with automated testing, and streamlining requirements management are core areas where AI is delivering value to DevOps today.

Improving Online Learning Experiences One Secured Endpoint At A Time

Improving Online Learning Experiences One Secured Endpoint At A Time

Bottom Line: Defining the perfect mix of cloud apps, platforms and secured endpoints to create compelling online learning experiences customizable to students’ learning strengths is how schools are overcoming the challenge of virtual teaching.

There are over 56 million students in the U.S. alone who are relying on remote learning apps, platforms and autonomous endpoint security to protect them as they pursue their education. School districts, online educators and teachers quickly realized the move to 100% online classes could mean the end to outdated mechanized approaches to teaching. Eager to teach using technologies that tailor individual learning programs to every student’s unique learning strengths, schools are combining cloud, e-learning and endpoint security with strong results. Combining technologies gives every student regardless of their socioeconomic background a chance to excel. The goal is to provide unique personalized instruction at scale using a teaching technique called scaffolding. Scaffolding stresses creating an individual learning plan for each student complete with reinforcement for each lesson.

Why Cybersecurity Is The Cornerstone Of Online Learning 

Tailoring the latest technologies to the diverse needs of online learners is the easy part of creating an online learning program. Far more difficult is choosing the right endpoint security strategies to protect their identities, every one of their video conference sessions with peers and teachers and thwarting breach attempts. Parents, teachers, students and administrators all need to trust an e-learning platform to make it work. The bottom line is an e-learning platform needs to create and grow trust while being adaptive enough to meet students’ unique learning needs.

Interested in learning more about how leading online educators are bringing together the latest cloud and autonomous endpoint security technologies to help students learn online, I recently interviewed Eric Ramos Chief Technology Officer at Duarte Unified School District and Dean Phillips, Senior Technology Director, David Atkins, Director of Marketing and Communications and Jennifer Shoaf, Deputy Chief Academic Officer at PA Cyber.  Duarte Unified School District (USD) serves the educational needs of 3,400 scholars at the elementary, K-8 and high school levels. The Pennsylvania Cyber Charter School (PA Cyber) in Midland, PA, is one of the most experienced and successful online K-12 public schools in the nation serving over 12,000 students. Together the group of education professionals provided valuable insights into how educators can combine cloud, collaboration and cybersecurity applications to create more personalized, effective learning experiences for students. David Atkins of PA Cyber says that their approach to e-learning is succeeding because they take a fully holistic view of the student, their family and their situation. “Our collaboration with the student starts from the very moment that there’s interest in having some sort of cyber education. And we go from enrollments, all the way through any issues of that students could have, or the students family could have and take them all the way through graduation’ David said. “We take the time to listen and see the student as a complete person.”

The following are the key insights based on our conversations:

  • Choosing to make cybersecurity the highest priority treats students as customers, protecting their unique online learning experiences while providing excellent access across all socioeconomic levels. That’s when online learning experiences excel. What’s impressive how committed the team of educators I spoke with is about making technology work as a catalyst to help every student achieve their educational goals across all socioeconomic levels. They’re also the most advanced at tailoring complex technologies to deliver customized online learning experiences with PA Cyber serving 12,000 remote students at once. “Each of our students is different and they’re looking to accomplish different things and they learn in different ways. We have a different classroom options that they can choose from. And we have a lot of different scaffolding options in place when it comes to our instructional platform, “Jennifer Shoaf, Deputy Chief Academic Officer at PA Cyber said. Eric Ramos, CTO at USD says that he and his staff “reach out to teachers and staff members and provide them with the latest cybersecurity alerts and make sure they are aware of how their autonomous endpoint security platform is securing every laptop and making their job of staying in compliance to security protocols easy.” Eric continued saying that, “having an undeletable digital tether gives my staff, senior educators and me peace of mind, especially with summer here and the need to keep track of the Chromebooks out with students and families.”
  • The more resilient the autonomous endpoint security on the laptop, the easier it is to secure, upgrade and locate each of them if they’re lost or stolen. Duarte Unified School District provides Chromebooks to students for use all year long, often also providing an Internet HotSpot as many students’ families don’t have Internet access. PA Cyber provides students a Dell laptop and an entire technology kit that includes printers and peripherals as well. Having an undeletable digital tether to every laptop makes it possible to keep every system up to date on security and system patches. Dean Phillips, Senior Technology Director at PA Cyber, says that it’s been very helpful to know each laptop has active autonomous endpoint security running at all times. Dean says that endpoint management is a must-have for PA Cyber “We’re using Absolute’s Persistence to ensure an always-on, two-way connection with our IT management solution, Kaseya®, which we use to remotely push out security patches, new applications and scripts. That’s been great for students’ laptops as we can keep updates current and know where the system is. Without an endpoint management solution on student laptops, it is very difficult to manage endpoints without that agent. So Absolute absolutely helps us with that as well. That’s been a big plus.” Eric Ramos, CTO, says that Absolute has been great, especially when student calls in and says they can’t find their laptop. I don’t know where it is. It’s lost or maybe stolen. We’re able to pull that up, figure out the last time it got pinged and we can locate that usually. Nine times out of 10, the student finds it by next day by just having that information. So that’s been crucial. It’s always been something we love having.”
  • Standardize on a secure cloud platform that is flexible enough to support scaffolding or individualized learning yet hardened enough to protect every laptop connected to it via an undeletable digital tether. A major challenge both online schools face is keeping their cloud platforms adaptive enough to support students’ varying skills yet also secure enough to protect every student online.  Dean Phillips, Senior Technology Director at PA Cyber, says that it’s best to “keep technology as simple as possible for the students and families. Standardization is key, I think, with everything you do from a technology standpoint. Making sure that you build from the inside out from the core. Your applications and networks and making sure that that’s consistent all the way to the endpoint, I think that’s extremely important.” PA Cyber’s lessons learned creating a secure and adaptive e-learning platform makes the goal of providing personalized instruction for every student achievable at scale.  Jennifer Shoaf, Deputy Chief Academic Officer at PA Cyber, explains how the school personalizes online instruction for every student. “It all starts when the student first comes to PA Cyber and we try to get an understanding of where they are and where they should be and where they want to see themselves, whether it’s in a month or in a couple years, or when they graduate from our school. So one of the things that we pride ourselves on here at this school is allowing for multiple modes of instruction for our students,” Jennifer said.
  • Capitalizing on the excellent asset management reporting autonomous endpoint security solutions have, CTOs and senior IT directors are gaining new insights into how to improve learning effectiveness. Having resilient, persistent connections to every endpoint with an undeletable digital tether also provides invaluable asset management data. Eric Ramos of Duarte USD and Dean Phillips of PA Cyber are leaders in this area of e-learning today. Eric Ramos says that asset management and activity reports made possible by the autonomous endpoint platform he is using from Absolute makes getting prepared for senior management meetings easy. “During principal meetings, I’m able to pull up these reports and say, look, these were the goals at the beginning of the year to use these four products at this amount of time. And here’s where you’re at on a small window. Or you can look at it over time and saying, this has been an increase here, this is a decrease here, these sites are doing really well with it, these sites may be not. But let’s now talk about what’s working for you. What are your teachers liking about the particular program? Or, program aside, how are your results coming about?” Eric Ramos, CTO said.

Conclusion

Delivering an excellent online learning experience needs to start with a cybersecurity strategy that includes autonomous endpoint security. Duarte USD and PA Cyber are leaders in this field, being among the first to see how combining core technologies while having an undeletable digital tether to every laptop is a must-have. Earning and growing the trust of parents, students, teachers and school administrators start with an endpoint security strategy that can adapt and grow as an e-learning program does.

Why Security Needs To Be Integral To DevOps

Why Security Needs To Be Integral To DevOps

Bottom Line: DevOps and security teams need to leave one-time gating inspections in the past and pursue a more collaborative real-time framework to achieve their shared compliance, security and time-to-market goals.

Shorter product lifecycles the need to out-innovate competitors and exceed customer expectations with each new release are a few of the many reasons why DevOps is so popular today. Traditional approaches to DevOps teams collaborating with security aren’t working today and product releases are falling behind or being rushed to-market leading to security gaps as a result.

Based on conversations with DevOps team leaders and my own experience being on a DevOps team the following are factors driving the urgency to integrate security into DevOps workflows:

  • Engineering, DevOps and security teams each have their lexicon and way of communicating reinforced by siloed systems.
  • Time-to-market and launch delays are common when engineering, DevOps and security don’t have a unified system to use that includes automation tools to help scale tasks and updates.
  • Developers are doing Application Security Testing (AST) with tools that aren’t integrated into their daily development environments, making the process time-consuming and challenging to get done.
  • Limiting security to the testing and deployment phases of the Software Development Lifecycle (SDLC) is a bottleneck that jeopardizes the critical path, launch date and compliance of any new project.
  • 70% of DevOps team members have not been trained on how to secure software adequately according to a DevSecOps Global Skills survey.

Adding to the urgency is the volume of builds DevOps teams produce in software companies and enterprises daily and the need for having security integrated into DevOps becomes clear. Consider the fact that Facebook on Android alone does 50,000 to 60,000 builds a day according to research cited from Checkmarx who is taking on the challenge of integrating DevOps and security into a unified workflow. Their Software Security Platform unifies DevOps with security and provides static and interactive application security testing, newly launched software composition analysis and developer AppSec awareness and training programs to reduce and remediate risk from software vulnerabilities.

Synchronizing Security Into DevOps Delivers Much Needed Speed & Scale

DevOps teams thrive in organizations built for speed, continuous integration, delivery and improvement. Contrast the high-speed always-on nature of DevOps teams with the one-time gating inspections security teams use to verify regulatory, industry and internal security and compliance standards and it’s clear security’s role in DevOps needs to change. Integrating security into DevOps is proving to be very effective at breaking through the roadblocks that stand in the way of getting projects done on time and launched into the market.  Getting the security and DevOps team onto the same development platform is needed to close the gaps between the two teams and accelerate development. Of the many approaches available for accomplishing this Checkmarx’s approach to integrating Application Security Testing into DevOps shown below is among the most comprehensive:

Why Security Needs To Be Integral To DevOps

Making DevOps A Core Strength Of An Organization

By 2025 nearly two-thirds of enterprises will be prolific software producers with code deployed daily to meet constant demand and over 90% of new apps will be cloud-native, enabling agility and responsiveness according to IDC FutureScape: Worldwide IT Industry 2020 Predictions. IDC also predicts there will be 1.6 times more developers than now, all working in collaborative systems to enable innovation. The bottom line is that every company will be a technology company in the next five years according to IDC’s predictions.

To capitalize on the pace of change happening today driven by DevOps, organizations need frameworks that deliver the following:

  • Greater agility and market responsiveness – Organizations need to create operating models that integrate business, operations and technology into stand-alone businesses-within-the-business domains.
  • Customer Centricity at the core of business models – The best organizations leverage a connected economy to ensure that they can meet and exceed customer expectations.  By creating an ecosystem that caters to every touchpoint of the customer journey using technology, these organizations seem to anticipate their customer needs and deliver the goods and services needed at the right time via the customer’s preferred channel.  As a result, successful organizations see growth from their existing customer base while they acquire new ones.
  • Have a DNA the delivers a wealth of actionable Insights – Organizations well-positioned to turn data into insights that drive actions to serve and anticipate customer needs are ahead of competitors today regarding time-to-market.  These organizations know how to pull all the relevant information, capabilities and people together so they can act quickly and efficiently in making the right decisions. They are the companies that will know the outcome of their actions before they take them and they will be able to anticipate their success.

BMC’s Autonomous Digital Enterprise framework, shown below highlights how companies that have an innovation mindset and the three common traits of agility, customer centricity and actionable insights at their foundation have greater consistency and technology maturity in their business model characteristics compared to competitors. They also can flex and support fundamental operating model characteristics and key technology-enabled tenets. These tenets include delivering a transcendent customer experience, automating customer transactions and providing automation everywhere seeing enterprise DevOps as a natural evolution of DevOps, enabling a business to be more data-driven and achieving more adaptive cybersecurity in a Zero-Trust framework.

Why Security Needs To Be Integral To DevOps

Conclusion

Meeting the challenge of integrating security in DevOps provides every organization with an opportunity to gain greater agility and market responsiveness, become more customer-centric and develop the DNA to be more data-driven. These three goals are achievable when organizations look to how they can build on their existing strengths and reinvent themselves for the future. As DevOps success goes so goes the success of any organization. Checkmarx’s approach to putting security at the center of DevOps is helping to break down the silos that exist between engineering, DevOps and security. To attain greater customer-centricity, become more data-driven and out-innovate competitors, organizations are adopting frameworks including BMC’s Autonomous Digital Enterprise to reinvent themselves and be ready to compete in the future now.

 

 

 

 

Dissecting The Twitter Hack With A Cybersecurity Evangelist

Dissecting The Twitter Hack With A Cybersecurity Evangelist

Bottom Line: Shattering the false sense of security in tech, the recent Twitter hack blended altruism, fame, greed, social engineering via SIM swapping and insider threats to steal $120,000 from victims when the economic and political damage could have been far worse.

Targeting the most influential celebrities on Twitter, hackers orchestrated a social engineering-based attack Wednesday promoting a cryptocurrency scam. Business leaders, celebrities, politicians and billionaires’ accounts were hacked using Twitter’s administrative tools. Personal Twitter accounts hacked include those of Amazon CEO Jeff Bezos, Joe Biden, Tesla CEO Elon Musk, President Barack Obama, Bill Gates, Warren Buffet and others. Apple and Uber’s Twitter accounts were also hacked.

Using SIM swapping, in which threat actors trick, coerce or bribe employees of their victims to gain access to privileged account credentials and administrative tools, hackers were able first to change the email address of each targeted account. Next, two-factor authentication was turned off so when an alert was sent of the account change it went to the hacker’s email address. With the targeted accounts under their control, hackers began promoting their cryptocurrency scam. While not all details of the attack have surfaced Motherboard’s story of how hackers convinced a Twitter employee to help them the hijack accounts makes for fascinating reading.

Dissecting The Hack

Interested in dissecting the hack from a cybersecurity standpoint, I contacted Dr. Torsten George, Cybersecurity Evangelist and industry expert from Centrify. Torsten is also a leading authority on privileged access management and how to thwart breaches involving privileged access credentials.

Louis:  What was your initial impression upon breaking news of the hack and what did you believe would cause such a massive hack of celebrity and leading political figures accounts this past week?

Torsten: When the news broke, the media probably polled other security experts and the first initial reaction was, ‘Oh, that’s a massive attack, most likely a credential-based attack,’ because 80% of today’s data breaches go back to privilege access abuse. They are typically first triggered by phishing attacks, the precursor to many attacks where the attackers tried to capture these credentials and then leverage them to attack their victim’s organizations.

So, the breaking news indicated that most likely, somebody was able to leverage a compromised credential to enter into the Twitter environment and take over accounts. However, more and more information became available, with screenshots being shared of internal Twitter tools. For me, that raised a red flag, because in a typical attack pattern we’re seeing three distinct phases in the cyber-attack lifecycle: the compromise, the exploration phase and the exfiltration of sensitive data, which includes covering up tracks and potentially creating a backdoor for future attacks.

When performing reconnaissance, hackers commonly try to identify regular IT schedules, security measures, network traffic flows and scan the entire IT environment to gain an accurate picture of the network resources, privileged accounts and services. Domain controllers, Active Directory and servers are prime reconnaissance targets to hunt for additional privileged credentials and privileged access.

They wouldn’t necessarily look for administrative tools that could be leveraged for their attack unless they have intimate knowledge that those tools exist in the victim’s environment — be it by having worked for the company in the past or representing an insider threat.

Louis: What’s the anatomy of an insider attack, based on your experience?

Torsten: As was later confirmed by Twitter, it became very apparent that this is a case of insider threats, where you have an insider that has been leveraged for this attack. The most common insider threats can be defined by the intent and motivation of the individuals involved. The 2019 Verizon Insider Threat Report defines five distinct insider threats based on data breach scenarios and they all have excellent, accurate names: the Careless Worker, the Inside (often recruited) Agent, the Disgruntled Employee, the Malicious Insider and the Feckless Third-Party.

Considering the global environment we’re facing right now, with Covid-19 and other related economic hardships, the risk of insider threats is exacerbated, as pending furloughs or pay cuts may tempt employees to exfiltrate data to secure a new job or make up for income losses.

So a privileged administrator might be more open to people that approach them and say, ‘Would you be willing to share with us your access credentials, or would you do something on our behalf to exfiltrate data or to manipulate data?’ That risk has increased dramatically across all industries.

So it turned out the first suspicion was phishing attacks, followed by compromised credentials. It turns out to be an insider threat. Organizations need to be prepared for that.

Louis: What can companies do to reduce the likelihood a malicious insider will hack them?

Torsten: It becomes a little bit trickier when you deal with a malicious insider because they most likely know your environment, they might know your defense mechanisms and they might know the security tools that your likely using. So they can bypass these security controls and try to gain the control of data that they can then profit from.

Organizations have to rethink the way that they’ve structured their defense controls and truly take an approach of an in-depth strategy with a different layer of defenses. The first layer that comes to mind in this particular case is multi-factor authentication (MFA) which is still low-hanging fruit. There are still many organizations out there that are not taking advantage of implementing MFA.

While MFA is highly recommended, it isn’t as effective against insider threats because they have that second factor of authentication and can pass those challenges. Organizations need to go beyond MFA if they want to have a layered security strategy.

Louis: What are some of the ways they can go beyond MFA to avoid being the victim of an insider threat?

Torsten: A very important component of your defense strategy should be the approach of zero standing privileges, which is something Gartner recommends to its clients. That means that I have normal privileges and entitlements to do my job, like answering emails and using the Internet, but that’s probably all I need. If I need more access, I’ll have to elevate my privilege for the time needed to do that particular task but then rescind that privilege once it’s done.

If I have zero standing privileges – even if somebody compromises my credential, even if I’m an insider – I don’t have immediate access to the keys to the kingdoms to do whatever I want.

And before privilege elevation, organizations should require context through a formal request. For example, require the user to submit a ticket through ServiceNow or any other IT Service Management platform to detail what they need to access, for how long and to do what. That way, there is an auditing trail and an approval process. If the threat actor – whether insider or not – doesn’t do this they don’t get privileged access to that target system.

Louis: Besides those perhaps expected controls, what other controls might have helped in this particular scenario?

Torsten: Organizations should also take advantage of modern tools to leverage machine learning technology, so that looks at user behavior and risk factors to also get a hold of these insider attacks. All the other security controls are more tailored towards external preparation at first. Still, once you implement machine learning technology and user behavior analytics that’s where you also can capture insider threats.

Machine learning can look for suspicious activity, such as a target being accessed outside of a typical maintenance window, or is the administrator logging in from a different location or device than usual. It can then trigger an MFA request and also issue a real-time alert, regardless of whether the MFA challenge is successfully resolved.

Furthermore, in the case of Twitter, there are privacy and regulatory concerns that could also be additional triggers for real-time alerts and to shut down this activity automatically. Regulations like the CCPA (California Consumer Privacy Act) and GDPR (General Data Protection Regulation) mean that platforms like Twitter have to be very careful with any access to or manipulation of a customer’s feed. That could – and should have – instantly triggered a real-time alert when an administrator was posting on behalf of a user.

Louis: Do you think this is going to be the start of an entirely new era of hacks where hackers will pay off internal employees for promotional messages?

Torsten: Quite frankly, we have seen an uptick since the start of the Covid-19 pandemic. And I believe now that this Twitter attack has been covered in the press so much, you will have copycats that will try to do the same. Some of them will also target social media platforms, but others that might be a little bit smarter because social media is easily detectable if something goes wrong. An industry like healthcare could be a prime target and there is already news that Russian hackers are attacking healthcare providers and research labs to try to gain access to vaccine research.

Louis: Given how significant this hack is in terms of the progression or the growing sophistication of threats, what are the top three predictions you have for the rest of 2020?

Torsten: Ransomware is an example of a technique that has changed quite significantly in two ways. First, they are no longer only delivered via an email, but also via social media platforms, SMS messages and more. Second, ransomware is no longer only focused on shutting down business operations. The most recent example with EDP Renewables North American, a subsidiary of an European-based electric utilities company, showed that hackers leveraged ransomware to exfiltrate data. Not to lock it down, but to exfiltrate data and then ask for ransom from their victim to not publish the data on the Dark Web.

Second, as I’ve already covered, the current economic hardships of the pandemic will cause more people to jump on the bandwagon and become cybercriminals. And these aren’t the people you see in movies – dark characters in hoodies using sophisticated hacking techniques to breach the government. These are your neighbors, the little boys next door. For them it’s not a big deal to become a cyber-criminal.

Third, as you’d expect, the number of cyber-attacks will increase as a result and they will continue to find new and innovative ways to find the easiest way in. The Twitter incident taught us that there was no technology “breach” required. It was just finding the right person with the right privileges and paying them to do 25 Tweets. That’s an easy payday.

I think this whole crisis that we’re going through will see a major uptick in attacks from the traditional cyber hackers, but also from a whole bunch of newbies and greenhorns that will try out their luck and see if they can make a buck. Either by ransomware attacks, phishing attacks, social engineering or any combination thereof.

%d bloggers like this: