How Is Your Web Traffic? Ah, What Web Traffic?
March 29, 2021
I read an interesting article called “In 2020, Two Thirds of Google Searches Ended Without a Click.” Where are those clicks? The clicks belong to the Google. And your Web traffic? Not so good unless one “pays to play”; that is, buy adds get traffic usually.
The write up explains that data from one outfit which has failed and another called SimilarWeb suggest that more than 60 percent of searches do not end with a click to another Web property.
There is fancy search engine optimization for this situation, but in simple terms, it means that once a query’s results are displayed, Google either answers the question, looks at Google’s in results “cards”, or the user clicks on a phone number. Hasta la vista Web site of yore.
One colorful way to explain this Google strategy of becoming the Web is “click cannibalization.” I like the term. Google is eating the clicks. The long term play is for Web sites to disappear, and the Google will die. But that is unlikely in the short term.
What is happening is that many Web sites no longer get traffic, flail away with search engine optimization craziness, and end up buying some ads. The challenge is for a small out fit to generate enough cash to buy sufficient ads to make it worth the GOOG’s while to direct some traffic to these tiny fish.
The SEO slant inn the write up does offer a solution. The reason? There isn’t one in my opinion. Googzilla likes cannibalization. Yum yum yum.
Stephen E Arnold, April xx, 2021
The Value of Threat Data: An Interesting Viewpoint
March 29, 2021
Security is not job one in the cyber security business. Making sales and applying technology to offensive cyber actions are more important. Over the past couple of decades, security for users of mainstream enterprise applications and operating systems has been a puppet show. No one wants to make these digital ecosystems too secure; otherwise, it would be more difficult, expensive, and slow to compromise these systems when used by adversaries. This is a viewpoint not widely known by some professionals, even those in the cyber security business. Don’t agree. That’s okay with me. I would invite those who take exception to reflect on the failure of modern cyber security systems, including threat intelligence systems, to prevent SolarWinds and Microsoft Exchange security breaches. Both are reasonably serious, and both illustrate the future of cyber operations for the foreseeable future. Just because the mainstream pundit-verse is not talking about these security breaches does not mean the problem is solved. It is not.
“Threat Data Helps Enterprises Strengthen Security” describes a different point of view. I am not confident that the data in the write up have factored in the very loud signals from the SolarWinds and Microsoft Exchange missteps. Maybe “collapses” is a more appropriate word.
The write up states:
Benefits of threat data feeds include; adding unique data to better inform security (71 percent), increasing preventive blocking to ensure better defense (63 percent), reducing the mean time to detect and remediate an attack (55 percent), and reducing the time spent researching false positives (51 percent). On the downside 56 percent of respondents also say threat feeds deliver data that is often too voluminous or complex to provide timely and actionable intelligence.
Let’s consider these statements.
First, with regard to benefits, knowing about what exactly? The abject failure of the cyber security defenses for the SolarWinds and Microsoft Exchange problems did zero to prevent the attacks. Victims are not 100 percent sure that recently “sanitized” systems are free from backdoors and malware. The fact that more than half of those in the survey believe that getting threat intelligence is good says more about the power of marketing and the need to cyber security professionals to do something to demonstrate to their superiors that they are on the ball. Yeah, reading about Fullz on the Dark Web may be good for a meeting with the boss, but it does and did zero for the recent, global security lapses. Organizations are in a state of engineered vulnerability, and threat intelligence is not going to address that simple fact.
Next, what about the information in the threat feeds. Like the headlines in a supermarket tabloid or a TikTok video, titillation snags attention. The problem, however, is that despite the high powered systems from developers from Herliya to Mountain View, information flows generate a sense of false security.
A single person at FireEye noticed an anomaly. That single person poked around. What did that individual find: Something in a threat feed, a snappy graphic from a $100,000 visualization tool, or specific information about a malware attack? Nope, zippy items and factoids. Links to Dark Web sites add spice.
The write up says:
Each of the organizations surveyed faced an average of 28 cyber attacks in the past two years. On average, respondents say 38 percent of these attacks were not stopped because security teams lacked timely and actionable data. Respondents also report that 50 percent of all attacks can be stopped using timely and actionable intelligence.
SolarWinds went undetected for possibly longer than 18 months. Attacks one knows about are one thing. The painful reality of SolarWinds and Microsoft Exchange breaches are another. Marketing won’t make the reality different.
Stephen E Arnold, March 29, 2021
Amazon: Where Does It Get AI Technology?
March 26, 2021
I saw an interesting table from Global Data Financial Deals Database. What’s interesting is that Apple, Facebook, Google, and Microsoft were active purchasers of AI companies. I understand that “taking something off the table” is a sound business tactic. Even if the AI technology embodied in a takeover is wonky, a competitor cannot take advantage of the insights or the people in a particular firm.
I found the inclusion of Accenture in the table interesting. The line between “consulting” and “smart software” seems to be permeable. One wonders how other big dog consulting firms will address what appears to be their smart software gaps. I have long believed that blue chip consulting firms were 21st century publishing companies. The combination of renting smart people and providing smart technology to clients is the type of amalgamation which appears to meet certain needs of Fortune 1000 firms and major government entities and some non governmental organizations.
What jumped out at me as I looked at the data and scanned the comments about it was the absence or failure to include one key question:
What’s Amazon doing to get its artificial intelligence technology?
Buying AI technology to leverage it or take it away from competitors is one method. Has Amazon found another way? Which approach is “better” in terms of intellectual property and real world applications?
I will address this question and a couple of other equally obscure facts about what may be one of the smartest companies in the world in my lecture at the upcoming 2021 National Cyber Crime Conference.
Buying AI capabilities is, it seems, the go to method for some high profile outfits. But is it the only path to smart software? No, it is not.
Stephen E Arnold, March 26, 2021
How about Those Cyber Security Awards? Great in the Wake of SolarWinds and the MSFT Exchange Issues
March 26, 2021
The Cyber Defense Awards, hosted by Cyber Defense Magazine, has released its list of “InfoSec Awards for 2020-Winners.” The introduction reads:
“These InfoSec Awards are in their 8th year and specifically focused on finding innovative infosec players who have a presence in the United States and other countries. With over 3,200 cybersecurity companies worldwide, only a small number – roughly 10% – are highlighted as InfoSec Awards 2020 winners, based upon independent judging and analysis. This year, we’ve continued to expand our coverage of some of our winning Women in Cybersecurity who will be rolled into our annual update, highlighting some of the innovative women helping taking cybersecurity to new heights.”
It is nice that the awards are recognizing the contributions of women in the male dominated field, and the post presents us with an impressive list of companies. However, we note one name seems to be missing—FireEye, the firm whose smart human analyst (non AI infused) actually caught the widespread SolarWinds’ attack. After that debacle, the effects of which the cyber-security community is still unraveling, we wonder whether these awards are justified. Perhaps they should have taken the year off.
Be that as it may, those interested in the cyber security field may want to check out the full list. It and a description of the judges’ approach can be viewed at the link above.
Now the $64 dollar question: How many of these “winners” detected the SolarWinds and Exchange breaches? Choose one: [a] None, [b] Zip, [c] Zero, [d] Nada.
Cynthia Murrell, March 26, 2021
Sounds Good: Financial Firms Need Organic Search Strategies
March 26, 2021
ATM Marketplace draws our attention to a recent study from SEO firm Terakeet in, “Google Study Shows Companies Need to Tap Into Organic Search Strategies to Drive Greater Traffic.” Hmm, sounds like Google’s algorithm may be at odds with its goal of selling paid-search ads. We learn:
“The report, Google Market Share Report for Personal Finance, focuses on three primary areas of personal finance: consumer banking, credit cards and personal investing, along with nine underlying market sectors to reveal that non-bank websites are dominating Google across all sectors. For example, non-banks hold 90% of the market share for cash back credit cards and for rewards credit cards, with NerdWallet owning the large percentage of both categories at 19.62% and 24.92% respectively.”
The study observes that, though organic search drive more than five times the ROI than paid search in the financial market, most banks put little value on organic search. NerdWallet, of course, is a financial information and comparison site. It is a good illustration of the sort of site that is edging banks out of search results. The write-up continues:
“The competitive SEO landscape has evolved and encompasses more than just traditional offline competitors, including publishers, aggregators, comparison sites, government sites and others.
Many of the websites have long-form content clearly organized by topic areas. For example, Bankrate’s long-form content has helped it capture more than 29% of the organic search market share for keywords examined. The websites offer a range of free, interactive online tools and calculators (i.e. financial literacy scoring tools, free credit score tools, free credit reports, and free credit monitoring) that are not only helpful to site visitors, but offer backlinks to other websites to increase SEO visibility.”
Terakeet used its own proprietary search-engine market-share analysis tool, Carina, to crunch the data. Founded in 2001, the private SEO company is headquartered in Syracuse, New York.
Cynthia Murrell, March 26, 2021
How about That 5G?
March 26, 2021
Here we have some premium marketing hoo hah from Digital Trends, “8 Exciting Use Cases that Show What 5G Can Really Do.” In our experience, most people find 4G,LTE, and ATT DSS-fake-5G to be faster than 5G. The write-up seems to presage a time when 5G Ultra Wideband networks have expanded much farther than they have. Writer Jacob Kienlen envisions:
“Like any upgrade to our mobile network infrastructure, the most exciting aspect is the speed and consistency it brings. That, combined with latency reductions, is enough to start predicting some of the opportunities 5G will provide in the coming years. Some of the most obvious 5G use cases are related to technologies that can only really be made better by an improved mobile network. These are things like smart cities, autonomous vehicles, and businesses. The difference between 4G and 5G in that regard is the sheer improvement to consistent high-speed internet on the go. That improvement will bring with it a slew of improvements to existing technologies, but also spark entirely new ones that couldn’t exist with 4G or 3G networks. Here are some of the most exciting 5G cases you can look forward to.”
Can we, really? Right now people are turning off the 5G service on their mobile phones because it is too slow and unreliable. Let us play along, though, and picture a world where 5G has engulfed us coast-to-coast. The eight use cases described here include better home internet; better communication, with both voice and video calls; more viable autonomous vehicles; improved video-streaming quality; advanced agriculture technologies; the rise of more smart cities; a refined Internet of Things; and advances in healthcare, from faster and easier remote diagnoses and operations to health-monitoring smart watches for all.
Keinlen does paint an exciting picture, and perhaps it will come to pass someday. For the foreseeable future, though, these visions remain illusory for most of us.
Cynthia Murrell, March 26, 2021
Exchange Servers: Not Out of the Dog House Yet
March 25, 2021
Here’s a chilling statement I spotted in “Microsoft Servers Being Hacked Faster Than Anyone Can Count”:
This free-for-all [Exchange Server] attack opportunity is now being exploited by vast numbers of criminal gangs, state-backed threat actors and opportunistic “script kiddies… Because access is so easy, you can assume that majority of these environments have been breached.
The statement is attributed to Antti Laatikainen, senior security consultant at the cyber security firm F-Secure.
Is this accurate?
The ever fascinating digital publication Windows Central ran a story with a headline that offers a different point of view: “Microsoft Says 92% of Exchange Servers Have Been Patched or Mitigated.”
The discussion about these different views raises a number of questions:
- Does Microsoft want to remediate its business processes to make its products and services more secure? (More security means more difficulties for certain government agencies who use security as a way to achieve their objectives.)
- Can security professionals be trusted to identify security problems or issues? (The SolarWinds’ misstep went undetected for months, maybe as much as two years before information about the issue surfaced in a FireEye statement.)
- Can continuous development and update processes deliver acceptable security? (The core business process may exponentially increase the attack surface with each fast cycle change and deployment.)
How secure are “patched” Exchange servers? A very good question indeed.
Stephen E Arnold, March 25, 2021
The Google: Accused of Going Slow
March 25, 2021
I love the automated emails which inform me that one of my WordPress posts has violated Google AMP requirements. We use an automated system to post. We don’t make changes on the fly to our posts. Yet Google wants us to stop everything and fix an AMP issue. The only problem is that we did not create the AMP issue, and the GOOG does not bother to explain what the issue is. We are, however, are supposed to hop to it.
However, those expectations of snappy reaction to order from authorities do not apply to the Google. (Does that surprise you?)
“U.S. DOJ Accuses Google of Dragging Its Feet in Antitrust Trial” makes it clear that there is Google’s definition of “snappy” and the US legal system’s definition. The write up reports:
…the Justice Department said that Alphabet’s Google had balked at some search terms that the government wanted it to use to locate relevant documents.
Google is quoted as telling US legal authorities:
“The DOJ Plaintiffs’ proposal is unreasonable and not proportional to the needs of this case,” Google said in the filing.
Beyond Search thinks that it understands the Google’s position; to wit:
- Google has more money and lawyers and time than the US Department of Justice.
- Google has a wealth of delaying tactics to use; for example, the firm can explain that it cannot locate documents. This worked when Google was asked to provide salary data which the mom and pop ad shop could not gin up. Imagine that.
- Churn among lawyers in the US Department of Justice is a constant. Perhaps the idea is, “Let’s wait and see if more friendly lawyers get assigned to the case.”
Logical, right? That’s why I have to react immediately to an AMP message caused by Google’s onw system. Absolutely.
Stephen E Arnold, March 26, 2021
High Tech Tension: Sparks Visible, Escalation Likely
March 25, 2021
I read Google’s “Our Ongoing Commitment to Supporting Journalism.” The write up is interesting because it seems to be a dig at a couple of other technology giants. The bone of contention is news, specifically, indexing and displaying it.
The write up begins with a remarkable statement:Google has always been committed to providing high-quality and relevant information, and to supporting the news publishers who help create it.
This is a sentence pregnant with baby Googzillas. Note the word “always.” I am not certain that Google is in the “always” business nor am I sure that the company had much commitment. As I recall, when Google News went live, it created some modest conversation. Then Google News was fenced out of the nuclear ad machinery. Over time, Google negotiated and kept on doing what feisty, mom and pop Silicon Valley companies do; namely, keep doing what they want and then ask for forgiveness.
Flash forward to Australia. That country wanted to get money in exchange for Australian news. Google made some growling noises, but in the end the company agreed to pay some money.
Facebook on the other hand resisted, turned off its service, and returned to the Australian negotiating table.
Where was Microsoft in this technical square dance?
Microsoft was a cheerleader for the forces of truth, justice, and the Microsoft way. This Google blog post strikes me as Google’s reminding Microsoft that Google wants to be the new Microsoft. Microsoft has not done itself any favors because the battle lines between these two giants is swathed in the cloud of business war.
Google has mobile devices. Microsoft has the enterprise. Google has the Chromebook. Microsoft has the Surface. And on it goes.
Now Microsoft is on the ropes: SolarWinds, the Exchange glitch, and wonky updates which have required the invention of KIR (an update to remove bad updates).
Microsoft may be a JEDI warrior with the feature-burdened Teams and the military’s go to software PowerPoint. Google knows that every bump and scrape slows the reflexes of the Redmond giant.
Both mom and pop outfits are looking after each firm’s self interests. Fancy words and big ideas are window dressing.
Stephen E Arnold, March 25, 2021
Insights into Google AMP: A Glimpse Inside the Walled Garden
March 25, 2021
Google is talking privacy. Google is pushing accelerated Web pages. Google is doing what it can to stifle third party cookies. The datasphere will be a better, more tidy place, right?
Navigate to “Google AMP. A 70% Drop in Our Conversion Rate.” Notice these points:
- A technical adept tried to follow the Google rules and experienced a decline in conversion rates
- The procedure outlined in the write up will be a challenge for many online publishers to follow
- The write up does not explain why these positive initiatives of the Google have turned out to have a couple of negatives.
Google is moving access to content produced by certain third parties into its walled garden. The goal is to obtain control and extract maximum information. The silliness about relevance and consistency should be placed in the wooden shed in the corner of the walled garden behind the statue of Googzilla.
For many Facebook is the Internet. That Facebook content is what users generate, others want, and Facebook monetizes.
Google wants this set up too. Get amped up on that, gentle reader. Plus, with increased legal scrutiny, the mom and pop online ad company has to hustle along.
Stephen E Arnold, March 25, 2021