Z Trek: The Alan Zeichick Weblog

, ,

Key takeaways from RSA Conference 2018

Nine takeaways from the RSA Conference 2018 can give business leaders some perspective on how to think about the latest threats and information security trends. I attended the conference in April, along with more than 42,000 corporate security…
, ,

The perfect sport for CEOs

Oracle CEO Mark Hurd is known as an avid tennis fan and supporter of the sport’s development, having played in college at Baylor University. At the Collision Conference last week in New Orleans, Hurd discussed the similar challenges facing…
,

Five things you need to know about microservices

Microservices are a software architecture that have become quite popular in conjunction with cloud-native applications. Microservices allow companies to add or update new or existing tech-powered features more easily—and quite frequently even…
, ,

Blockchain increases trust between business partners

No doubt you’ve heard about blockchain. It’s the a distributed digital ledger technology that lets participants add and view blocks of transaction records, but not delete or change them without being detected. Most of us know blockchain…
, ,

Staying awake, worrying about network attackers

Get ready for insomnia. Attackers are finding new techniques, and here are five that will give you nightmares worse than after you watched the slasher film everyone warned you about when you were a kid. At a panel at the 2018 RSA Conference…
, ,

Why your Security Operations Center can’t scale

Blame people for the SOC scalability challenge. On the other hand, don't blame your people. It's not their fault. The security operations center (SOC) team is frequently overwhelmed, particularly the Tier 1 security analysts tasked with triage.…
, ,

Microsoft Security thinks like Skynet

Got Terminator? Microsoft is putting artificial intelligence in charge of automatically responding to detected threats, with a forthcoming update to Windows Defender ATP. Microsoft is expanding its use of artificial intelligence and big data…
, ,

Threat report from Oracle, KPMG points to strong trust in the cloud

Is the cloud ready for sensitive data? You bet it is. Some 90% of businesses in a new survey say that at least half of their cloud-based data is indeed sensitive, the kind that cybercriminals would love to get their hands on. The migration…
, , ,

Hot new Verizon Data Breach report focuses on ransomware, botnets

Ransomware rules the cybercrime world – perhaps because ransomware attacks are often successful and financially remunerative for criminals. Ransomware features prominently in Verizon’s fresh-off-the-press 2018 Data Breach Investigations…

Oh, look, a message from Citibank House, USA

How very British – having correspondence from “Citibank House,” somewhere in the state of North Carolina. It’s like the address for the British Broadcasting Corp. was simply BBC, Bush House, London, for many decades. The building's street…
, ,

What IHS Markit says about the IoT and colocation hosts

Endpoints everywhere! That’s the future, driven by the Internet of Things. When IoT devices are deployed in their billions, network traffic patterns won’t look at all like today’s patterns. Sure, enterprises have a few employees working…
, , ,

Blockchain solves PDF document signature headaches

The purchase order looks legitimate, yet does it have all the proper approvals? Many lawyers reviewed this draft contract so is this the latest version? Can we prove that this essential document hasn’t been tampered with, before I sign…
,

There's no one best programming language

Asking “which is the best programming language” is like asking about the most important cooking tool in your kitchen. Mixer? Spatula? Microwave? Cooktop? Measuring cup? Egg timer? Lemon zester? All are critical, depending on what you’re…

The FBI isn’t sending you to a Nigerian bank for an ATM card

Mr. Christopher A. Wray is confused. Otherwise, why else would he use an email address that says Eric Wilson? Why else would he say he’s head of the FBI, but uses an email domain at a supply-chain management company in Pennsylvania? Why would…
, , ,

Make software as simple as possible – but not simpler

Albert Einstein famously said, “Everything should be made as simple as possible, but not simpler.” Agile development guru Venkat Subramaniam has a knack for taking that insight and illustrating just how desperately the software development…
, ,

Let’s make data warehouses more autonomous — here’s why

As the saying goes, you can’t manage what you don’t measure. In a data-driven organization, the best tools for measuring the performance are business intelligence (BI) and analytics engines, which require data. And that explains why data…
,

The economic cost of data breaches to a business – and to the country

“We estimate that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.” That’s from a February 2018 report, “The Cost of Malicious Cyber Activity to the U.S. Economy,” by the Council of Economic…
, ,

DevOps gets rid of the developer / operations wall

The “throw it over the wall” problem is familiar to anyone who’s seen designers and builders create something that can’t actually be deployed or maintained out in the real world. In the tech world, avoiding this problem is a big part…
,

What Java 10 means for developers

Simplified Java coding. Less garbage. Faster programs. Those are among the key features in the newly released Java 10, which arrived in developers’ hands only six months after the debut of Java 9 in September. This pace is a significant…
, , ,

Don’t take stupid Facebook quizzes

“What type of dog are you?” “I scored 9 out of 10 on this vocabulary test! Can you beat me? Take the quiz!” “Are you a true New Yorker?” If you use Facebook (or other social media sites) you undoubtedly see quizzes like this nearly…

Yes, this scam sounds strange and unbelievable

Oh, no! The scammer’s letter was returned undelivered! Well, this is a nice scam, isn’t it, including using an address at lawyer.com as the faked sender. (According to my quick detective work, the email originated from a commercial Internet…
,

inching toward cyberwar with Russia

Has Russia hacked the U.S. energy grid? This could be bigger than Stuxnet, the cyberattack that damaged uranium-enriching centrifuges in Iran back in 2010 – and demonstrated, to the public at least, that cyberattacks could do more than erase…

No, I am not embarrassed by your spam scam attempt

I had to clean up the formatting on this email to make it somewhat more readable. I hope you enjoy the stilted language and attempts to assure the recipient that this isn’t actually a scam. These messages are always scams. Delete them,…
, ,

Users mess up security on browser-equipped IoT devices

Go ahead, blame the user. You can’t expect end users to protect their Internet of Things devices from hacks or breaches. They can’t. They won’t. Security must be baked in. Security must be totally automatic. And security shouldn’t allow…

Fake Amex message is barely trying

Could anyone fall for this spam message that claims to be from American Express? Sure, it has pretty graphics, but come on. Look at all those typos. Look at sentences that don't make any sense. And really, we’re going to open that file? Amex…

You can rent a mid-size jet aircraft for $50,000 savings

This message came to one of my spam trap email addresses. So, this private jet company thinks that hovering addresses from websites is the best way to find customers. Maybe they’re right. In any case, it’s spam. Amusing spam, but spam nonetheless.…
, , ,

Blockchain is a secure system for trustworthy transactions

Blockchain is a distributed digital ledger technology in which blocks of transaction records can be added and viewed—but can’t be deleted or changed without detection. Here’s where the name comes from: a blockchain is an ever-growing…
,

No lessons learned from cloud security breaches

Far too many companies fail to learn anything from security breaches. According to CyberArk, cyber-security inertia is putting organizations at risk. Nearly half — 46% — of enterprises say their security strategy rarely changes substantially,…
,

Surprise! Serverless computing has servers

Don’t be misled by the name: Serverless cloud computing contains servers. Lots of servers. What makes serverless “serverless” is that developers, IT administrators and business leaders don’t have to think about those servers. Ever. In…
, , ,

How transformative is DevOps? Well, it depends

DevOps is a technology discipline well-suited to cloud-native application development. When it only takes a few mouse clicks to create or manage cloud resources, why wouldn’t developers and IT operation teams work in sync to get new apps out…