🗂 Link: The Cost of Banking Is About to Go Up: What the Capital One Breach at Amazon Could Mean for the Industry

“The adoption of cloud platforms is a movement that will not be stopped,” says Jerry Silva, research director, IDC’s Financial Insights Group. “But there will be a slowdown as regulators step in to ensure that the security and resiliency structures that have always applied to banks directly are applied to the cloud providers with which they do business.”

Source: The Cost of Banking Is About to Go Up: What the Capital One Breach at Amazon Could Mean for the Industry

🗂 Link: Broadcom acquires Symantec’s enterprise security business for $10.7B

“Symantec will be left with its consumer product portfolio, which includes the Norton antivirus software and LifeLock identity protection brand.” And lots more details, including recent Broadcom acquisitions and pressures.

Source: Broadcom acquires Symantec’s enterprise security business for $10.7B

Why Wells Fargo Wants to ‘Repave’ Its Platform Every Day

Wells Fargo, explains how the company is combating advanced persistent threats, as well as an onslaught of CVEs, by repaving its entire platform multiple times per week — with a goal of doing so every day by the end of 2019.

That is, they rebuild production three times a week, probably now more.

Source: Why Wells Fargo Wants to ‘Repave’ Its Platform Every Day

Link: The My Health Record story no politician should miss

“Early signs of Alzheimer’s disease or other forms of dementia would mean the end of a political career, perhaps rightly so. But with all the taboos still surrounding mental health, signs of less dramatic conditions could be used as political leverage. A prescription for an anti-psychotic medication, say, or even just a series of appointments with a psychiatrist known to specialise in these disorders. The timing of medical treatment can also reveal politically problematic patterns of activity. Prescriptions for erectile dysfunction pills would be perfectly reasonable for a male in his 60s or beyond, although they’d doubtless trigger embarrassing comments about flaccid policies. But what if the politician was married, the prescriptions were always in the weeks before overseas missions, and after the last such trip there was a series of weekly visits to a sexual health clinic? Infidelity can kill a career.”
Original source: The My Health Record story no politician should miss

Link: The My Health Record story no politician should miss

“Early signs of Alzheimer’s disease or other forms of dementia would mean the end of a political career, perhaps rightly so. But with all the taboos still surrounding mental health, signs of less dramatic conditions could be used as political leverage. A prescription for an anti-psychotic medication, say, or even just a series of appointments with a psychiatrist known to specialise in these disorders. The timing of medical treatment can also reveal politically problematic patterns of activity. Prescriptions for erectile dysfunction pills would be perfectly reasonable for a male in his 60s or beyond, although they’d doubtless trigger embarrassing comments about flaccid policies. But what if the politician was married, the prescriptions were always in the weeks before overseas missions, and after the last such trip there was a series of weekly visits to a sexual health clinic? Infidelity can kill a career.”
Original source: The My Health Record story no politician should miss

Link: Oracle plans to end Java serialization, but that’s not the end of the story

‘Oracle’s chief architect, Mark Reinhold, shared his thoughts about Java’s serialization mechanism which he called a “horrible mistake” and a virtually endless source of security vulnerabilities. This is evident in nearly half of the vulnerabilities that have been patched in the JDK in the last 2 years are related to serialization. Serialization security issues have also plagued almost every software vendor including Apache, Oracle, Pivotal, Cisco, McAfee, HP, Adobe, VMWare, Samsung, and others.’
Original source: Oracle plans to end Java serialization, but that’s not the end of the story

Link: DockerCon coverage from 451: security focus

“Steve Singh took over as CEO a year ago and has presided over a growing number of customers – more than 500 enterprise customers to date – and associated revenue. On that note, the company announced it expects to grow bookings beyond $100m in 2018.”
Original source: DockerCon coverage from 451: security focus

Link: AT&T to Acquire AlienVault | AlienVault

“The acquisition will combine AlienVault’s expertise in threat intelligence with AT&T’s cybersecurity solutions portfolio that includes threat detection and prevention as well as response technologies and services. After the acquisition closes, AT&T business customers will be able to access our unified security management platform that helps make organizations more effective at threat detection and response, by giving them access to a broad set of enterprise-grade security capabilities.”
Original source: AT&T to Acquire AlienVault | AlienVault

Link: Serverless Architectures: A Paradigm Shift in …

“One of the biggest security upsides to developing on serverless architectures is that organizations don’t have to deal with the daunting task of having to constantly apply security patches for the underlying operating system. These tasks are now in the domain of the serverless architecture provider.”

The rest – the application code – still needs to be secure. Of course.
Original source: Serverless Architectures: A Paradigm Shift in …

Link: Merrill Corporation alongside Leading Technology Companies, Launch New Category for M&A Professionals

“Merrill uses MongoDB technology to build horizontal applications on top of four key pillars: a secure repository, document collaboration, data and machine learning as well as analytics. Pivotal Cloud Foundry is used across all engineering stages – development, testing and production – with a focus on maximizing the microservices infrastructure that arranges the application into a suite of independently deployable, modular services. For security, identity and storage components Merrill DatasiteOne uses Microsoft Azure Key Vault, Azure Active Directory and Azure Storage.”
Original source: Merrill Corporation alongside Leading Technology Companies, Launch New Category for M&A Professionals

Link: “Do They Have AI?” or That Rant on AI in Security

‘It turns out that our AI analysts often use the phrase “AI” to mean “top techniques from the field of Artificial Intelligence” which today means “deep neural networks” (DNNs, shorthanded to “deep learning” by some), natural language processing, image recognition, etc (the latter probably use DNNs anyway).’
Original source: “Do They Have AI?” or That Rant on AI in Security

Link: Worldwide Spending on Security Solutions Forecast to Reach $91 Billion in 2018, According to a New IDC Spending Guide

“Worldwide spending on security-related hardware, software, and services is forecast to reach $91.4 billion in 2018, an increase of 10.2% over the amount spent in 2017.” Also, a breakdown of spending per industry and type of security product.
Original source: Worldwide Spending on Security Solutions Forecast to Reach $91 Billion in 2018, According to a New IDC Spending Guide

Link: Using VMware’s Harbor with PKS (and Why Kubernetes Needs a Container Registry)

“A container registry is the repository for all your container images. Since your core business applications are packaged into containers (built out of container images), you must protect these images just as you would any other important enterprise IT system. That’s where the image registry comes into play.”
Original source: Using VMware’s Harbor with PKS (and Why Kubernetes Needs a Container Registry)

Link: Aqua Extends Container Security Platform to Kubernetes, Cloud Services

“With Aqua 3.0, users can create fine-grained user access control roles and policies. Access to kubectl commands can be specified to particular users, and governed by Aqua’s scalable labeling format. The Kubernetes controls also provides the ability to block unapproved images from running across entire cluster, as well as the ability to control network traffic based on Kubernetes namespaces, clusters or deployments.”

Plus, some policy drift report making. Done with a sidecar.
Original source: Aqua Extends Container Security Platform to Kubernetes, Cloud Services

Link: To Build a More Capable Cyber Policy Field, Teach Policy to Technologists

If you want to change government with IT, first make sure you understand how government works before you go and try to debug and refactor it.
Original source: To Build a More Capable Cyber Policy Field, Teach Policy to Technologists

Link: To Build a More Capable Cyber Policy Field, Teach Policy to Technologists

If you want to change government with IT, first make sure you understand how government works before you go and try to debug and refactor it.
Original source: To Build a More Capable Cyber Policy Field, Teach Policy to Technologists

Link: Meltdown and Spectre underscore the ongoing need for infrastructure automation

“In the Cloud Foundry scenario, these are embodied by BOSH to automate the infrastructure resource, namely VMs, container clusters, virtual storage and networks, configuration and deployment and Concourse for the development pipeline. Together, these enable organizations to rapidly and consistently patch all applications using the PaaS environment. Together, these enable organizations to rapidly and consistently patch all applications using the PaaS environment.”
Original source: Meltdown and Spectre underscore the ongoing need for infrastructure automation