Threat Intelligence Purchases
February 8, 2022
Many companies are (rightly) are putting more emphasis on cybersecurity. In order to make the task easier and more efficient, a business might invest in software to help manage and analyze all the data involved. BetaNews offers “Five Pointers for Choosing a Threat Intelligence Platform: What to Look For in a TIP.” We see this write-up as but a starting point—it holds some useful pointers but includes no benchmark about SolarWinds and Exchange type exploits. Nor does it address the vital points of insider threats and phishing. Readers looking to expand their cybersecurity efforts would do well to carry their research beyond this article. That said, we turn to writer Anthony Perridge’s description of a TIP:
“A Threat Intelligence Platform, or TIP, serves as a central repository for all threat data and intelligence from internal and internal sources. Correctly configured, the TIP should be able to deliver essential context around threats that helps the team understand the who, what, when, how and why of a threat. Crucially, it should also help prioritize threats, based on the parameters set by the organization, filtering out the noise so the resulting actions are clear. A good TIP benefits a range of stakeholders, from the board aiming to understand strategic risk to CISOs focusing on improving defense while staying on budget, and from security analysts collaborating more effectively to incident response teams benefiting from automated prioritization of incidents. Knowing what you need to invest in is the first step. The next is to understand the key features you need and why. There is a lot to consider, but in my view the following are five key areas that should be on your checklist as you evaluate TIPs.”
The piece goes on to describe each of these five factors: support for both structured and unstructured data (shouldn’t that be a given by now?); the ability to provide context around data; how the platform scores and prioritizes indicators; the integration options available; and effective automation balanced with manual investigation. Then there are the “business considerations,” in other words, the costs involved. For example, TIPs are usually offered on a subscription, per user basis. One should consider carefully how many users should get access—teams outside security operations, like risk management, might need to be included. Also, pay close attention to the fees that can add up, like integration and cloud hosting fees. See the write-up for more information; just remember not to stop your investigation there.
Cynthia Murrell, February 8, 2021
Machine Learning: Compare and Contrast
February 2, 2022
For machine learning pros looking to choose a framework, Analytics India Magazine examines one of the most prominent options alongside a new contender in, “TensorFlow Vs PyCaret: A Comparison of Machine Learning Frameworks.” The article takes us through an informative juxtaposition of the two open source frameworks, but it looks like neither option overwhelmingly comes out on top. Writer Sreejani Bhattacharyya begins:
“As companies are deploying more and more machine learning models into their systems, a variety of frameworks (some open-source, some not) have come up over the years to make this deployment faster and more efficient. Some of the popular frameworks include TensorFlow, Amazon SageMaker, IBM Watson Studio, Google Cloud AutoML, and Azure Machine Learning Studio, among others. Tensorflow, by far, takes one of the top spots when it comes to machine learning frameworks that technologists depend on. Recently, PyCaret, a low-code machine learning library in Python, has also become increasingly popular among ML practitioners. Let us take a look at how both of them work and what makes them different from each other.”
Bhattacharyya reminds us Google-developed TensorFlow recently celebrated its sixth birthday. At first it was designed for internal Googler use, but was later released under the Apache License, Version 2.0. Since then, a wealth of tools and libraries have grown up around the framework. TensorFlow works with several programming languages, including Python, C++, JavaScript, and Java and can be run on multiple CPUs and GPUs running macOS, Windows, Android, iOS, or 64-bit Linux. The most recent version 2.7.0 improved several features, like debugging, public convolution, and data service auto-sharding.
So why even consider a newcomer like PyCaret, which launched just last November? Code efficiency. We learn:
“Also open source in nature, PyCaret is a low-code machine learning library in Python. It helps data scientists perform end-to-end experiments efficiently. It allows them to move from preparing data to deploying their model within minutes. … Pycaret is rising in popularity in comparison to other ML libraries, as it provides an alternate low-code library that can perform complex machine learning tasks with only a few lines of code. It is built around several machine learning libraries and frameworks such as scikit-learn, XGBoost, Microsoft LightGBM, and spaCy, among others.”
The write-up goes on to describe the working areas of each framework and concludes with a summary of the advantages of each. In a nutshell, TensorFlow excels in performance, scalability, and library management. PyCaret has the edge in productivity and being business-ready. Bhattacharyya found both easy to deploy. Both of these ML frameworks are good options—the choice really comes down to one’s needs and preferences.
Cynthia Murrell, February 2, 2022
Microsoft Defender: Are There Other Winners?
February 1, 2022
I believe everything I read on the Internet, of course. One of the fascinating aspects of being old and doing the 21st century equivalent of clipping coupons is coming across “real” research studies. I read “Still Think Microsoft Defender Is Bad? Think Again, Says AV-TEST.”
The write up in Make Use Of Dot Com believes in Windows Defender. It article states:
A recent report by AV-TEST revealed that not only does Microsoft Defender perform well, it actually outperforms many highly-recommended antiviruses
The article included a link to the AV-Test December 2021 Report, and I downloaded it. The AV Test outfit is “the independent IT security institute.” The investment firm Triton owns Swiss IT Security, which is the outfit which “owns” AV-Test.
What does Swiss IT Security Group AG do? Security, consulting, the cloud, and related services.
What does the SITS Group care about Microsoft and its assorted products? With Microsoft’s wide use in organizations, SITS Group probably has an above average keenness for the Redmond wizards’ constructs.
What does this mean for the victory of the Windows Defender system in the AV-TEST Report? For me, I formulated several hypotheses:
- Windows Defender is now able to deal with the assorted threats directed at Microsoft operating systems? Rest easy. Malware popping up on a Windows device is obviously something that is unlikely to occur. Thank goodness.
- Cheerleading for Windows Defender probably makes Microsoft’s security team feel warm and fuzzy which will allow their efforts to deal with Exchange Server issues a more pleasant experience.
- Bad actors will have to rethink how to compromise organizations with Microsoft software. Perhaps some of these individuals will give up criminal activity and join the Red Cross or its equivalent.
For me, institutes which do not reveal their ownership are interesting outfits. But how many antivirus vendors achieved the lofty rank of Windows Defender, according to the report dated December 2021? Here they are:
Avira
Bull Guard
ESET
F Secure
Kaspersky
McAfee
Norton 360
Total Security
Viper.
Windows Defender makes 10 “winners.”
Now of these 10 which is the one that will make SolarWinds, ransomware, compromised Outlook emails, and Azure Cosmos excitement a thing of the past? Another question: “Which of these sort of work in the real world?” And, “If there is a best, why do we need the nine others?”
These are questions one can ask Triton / Swiss IT Security Group AG / AV Test to answer?
Net net: Marketing.
Stephen E Arnold, February 1, 2022
Coalesce: Tackling the Bottleneck Few Talk About
February 1, 2022
Coalesce went stealth, the fancier and more modern techno slang for “going dark,” to work on projects in secret. The company has returned to the light, says Crowd Fund Insider with a robust business plan and product, plus loads of funding: “Coalesce Debuts From Stealth, Attracts $5.92M For Analytics Platform.”
Coalesce is run by a former Oracle employee and it develops products and services similar to Oracle, but with a Marklogic spin. That is one way to interpret how Coalesce announced its big return with its Coalesce Data Transformation platform that offers modeling, cleansing, governance, and documentation of data with analytical efficiency and flexibility. Do no forger that 11.2 Capital and GreatPoint Ventures raised $5.92 million in seed funding for the new data platform. Coalesce plans to use the funding for engineering functions, developing marketing strategy, and expanding sales.
Coalesce noticed that there is a weak link between organizations’ cloud analytics and actively making use of data:
“ ‘The largest bottleneck in the data analytics supply chain today is transformations. As more companies move to the cloud, the weaknesses in their data transformation layer are becoming apparent,’ said Armon Petrossian, the co-founder and CEO of Coalesce. “Data teams are struggling to keep up with the demands from the business, and this problem has only continued to grow with the volumes and complexity of data combined with the shortage of skilled people. We are on a mission to radically improve the analytics landscape by making enterprise-scale data transformations as efficient and flexible as possible.’”
Coalesce might be duplicating Oracle and MarkLogic, but if they have discovered a niche market in cloud analytics then they are about to rocket from their stealth. Hopefully the company will solve the transformation problem instead of issuing marketing statements as many other firms do.
Whitney Grace, February 1, 2022
An Encomium to Microsoft: Just Some Small, Probably Irrelevant, Omissions
January 31, 2022
I read “Don’t Forget Microsoft.” Back in the days when my boss at Booz Allen & Hamilton was the toast of business schools, he dragged me along to order bottled water and carry his serious looking briefcase. The most enjoyable part of these excursions to assorted business schools, conferences, and meetings was the lingo. There was a self-importance in the people to whom my boss lectured. The fellow had a soft, gentle voice, and it would output jargon, truisms gleaned from Norm Augustine, and BAH precepts like hire people smarter than you are and look for “Type A” people who will work 60 hours a week.
This write up reminded me of those interesting discussions with those who wanted wisdom about how to be a baller in business. If one looks at the essay/analysis of Microsoft Corporation, one sees mountain tops. These are indeed important; for example:
- The prediction that MSFT will become a $10 trillion dollar company. Translation: Buy stock now.
- The cloud and the new things Microsoft is doing. Translation: AWS and Google are toast.
- Games. Yes, the meta thing. Translation: If you are a coding young gun, apply for a job and ride the tsunami named Softie.
And there are other peaks poking above the intellectual “clouds.”
However, I noted a small, probably irrelevant, omission or two from the write up. These are my opinions, and I assume that those younger and much smarter than I will point out that I am a crazy old coot. Here goes, so take a deep breath.
- Microsoft is unable to address the security issues its software and systems spawn; that is, the cat-and-mouse game between bad actors and good actors pivot in a large part on the seemingly infinite number of security-related issues. These range from decades old Word macros to zippy new methods like those still creating headaches in the aftermath of the SolarWinds’ misstep, the Exchange Server issues, and the soothing information presented on the Microsoft Security Alert page which has not been update for four days as I write down my thoughts. (MSFT tells me that it will take only two hours to read the document.
- Issues related to stuff that happens between different Microsoft employees. I don’t want to belabor the point but “Microsoft Will Review Sexual Harassment Investigation Of Bill Gates, Others” presents some interesting information.
- Clumsy distractions as innovation. I am thinking of the Android enhanced Windows 11 and the announcement of a big deal for an electronic game company. These “big” moves distract people from other facets of the organization.
Net net: Interesting essay, quite positive, and only a few minor omissions. Who cares about security, employee well being, and masterful public relations? I sure don’t.
As my former boss and mentor at BAH told me, “As long as it generates money, everything will be okay.” Plus, I haven’t forgotten Microsoft, okay?
Stephen E Arnold, January 31, 2022
NSO Group: Yes, Again with the PR Trigger
January 31, 2022
I have no idea if the write up “NSO’s Pegasus Spyware Used to Target a Senior Human Rights Watch Activist” is spot on. The validity of the report is a matter for other, more youthful and intelligent individuals. My thought when reading this statement in the article went in a different direction. Here’s the quote I noted:
In a tweet, Fakih showed a screenshot of a notification she received from Apple informing her she may have been the target of a state-sponsored attacker.
Okay, surveillance. Usually surveillance requires someone to identify something as warranting observation. the paragraph continues:
Though others versions of Pegasus software uses text messages embedded with malicious links to gain access to a target’s device, Fakih said she was the victim of a “zero-click attack” that is capable of infecting a device without the target ever clicking a link. Once a target is successfully infected, NSO’s Pegasus software allows the end-user to surveil the target’s photos, documents, and even encrypted messages without the target ever knowing.
The message is that NSO Group continues to get coverage in what might be called Silicon Valley real news media. Are there other systems which provide similar functionality? Why is a cloud service unable to filter problematic activities?
The public relations magnetism of the NSO Group appears to be growing, not attenuating. Other vendors of specialized software and services whose very existence was a secret a few years ago has emerged as the equivalent of the Coca-Cola logo, McDonald’s golden arches, or the Eiffel tower.
My view is that the downstream consequences of exposing specialized software and services may have some unexpected consequences. Example: See the Golden Arches. Crave a Big Mac. What’s the NSO Group trigger evoke? More coverage, more suspicions, and more interest in the methods used to snag personal and confidential information.
Stephen E Arnold, January 31, 2022
PR Dominance: NSO Group Vs Peloton
January 27, 2022
If you have followed the PR contrail behind the NSO Group, you probably know that the Israeli specialized software and services firm has become a household name at least among the policeware and intelware community. A recent example is reported in “Israel’s Attorney General Orders Probe of NSO Spyware Claims.” The write up explains:
Israel’s attorney general says he is launching an investigation into the police’s use of phone surveillance technology following reports that investigators tracked targets without proper authorization
Not good.
But there is a bright cloud on the horizon.
“Second TV Show Emerges With Peloton Twist As A Plot Point” asserts:
Already reeling from its announcement last week that it is halting production of its connected fitness products as demand wanes, Peloton must now face another tv show that seems to indicate its devices may cause issues for a certain segment of the population.
Translating the muffy-wuffy writing, the idea is that a character in a US tv show rides a Peloton, suffers a heart attack, and dies. The alleged panini-zation of small creatures under one model’s walking belt was a definite negative. But not even NSO Group is depicted knocking off the talent in a program. Keep in mind that two shows use the Peloton as an artistic device a twist on the deus ex machina from high school English class required reading of Greek tragedies.
Will Peloton continue its climb to the top of the PR leader board? My hunch is that NSO Group hope that it does.
Stephen E Arnold, January 27, 2022
A Small Reminder: Finding Accurate, Actionable Information Is More Than Marketing Hoo-hah
January 14, 2022
Information retrieval ignites many interesting discussions. In our global environment, factionalism is the soup du jour. Talking about search can triggering dysphagia if a foot is consumed or apoplexy if one’s emotions go ballistic.
To keep search chatter in balance, I recommend “Scoop: IBM Tries to Sell Watson Health Again.” The write up does an non-job of romping through the craziness of IBM Watson and assorted medical windmills. There is one telling passage in the write up which I wish to highlight; to wit:
Big Blue wants out of health care, after spending billions to stake its claim, just as rival Oracle is moving big into the sector via its $28 billion bet for Cerner.
What’s up with IBM Watson in general and health care in particular? Several observations from my snowy redoubt in rural Kentucky, a state which has failed to emulate the business success of Tennessee. Is it Mitch? I don’t know.
Now my thoughts:
- Answering questions about scientific, technical, and medical questions is less demanding than figuring out what a TikTok message means. Failing in STM is like tripping over a bottle cap in a deserted NFL stadium’s parking lot
- Watson and its cognitive assertions requires training. Training is expensive. Google is working hard to convince itself and others to embrace the Snorkelesque approach. Watson’s method is a bit behind the sail boat’s curve in my opinion. Maybe the training race is over and Watson is in dry dock.
- The crazy assertions that cancer doctors could work better, faster, and more cheaply with Watson by their side resulted in one major event. The flashy Houston medical center showed Watson where the Exit door was located.
What will happen when a group of money people buy Watson? Lots of meetings, some tax planning, and quite a few telephone calls to college friends. Then a flip.
Will Watson health emerge a winner? IBM missed its chance the first time around. Perhaps the company can team with other health care competitors and craft a revenue winner. Will IBM ring up the Google? Will IBM make a trip to Redmond, home of the OS/2 debacle?
Who knows? Perhaps the company will apply some effort to fixing up its lagging cloud business? Again, who knows? Let’s ask Watson.
Stephen E Arnold, January 14, 2022
Search Quality: 2022 Style
January 11, 2022
I read the interesting “Is Google Search Deteriorating? Measuring Google’s Search Quality in 2022?” The approach is different from what was the approach used at the commercial database outfits for which I worked decades ago. We knew what our editorial policy was; that is, we could tell a person exactly what was indexed, how it was indexed, how classification codes were assigned, and what the field codes were for each item in our database. (A field code for those who have never encountered the term means an index term which disambiguates a computer terminal from an airport terminal.) When we tested a search engine — for example, a touch of the DataStar systems — we could determine the precision and recall of the result set. This was math, not an opinion. Yep, we had automatic indexing routines, but we relied primarily on human editors and subject matter experts with a consultant or two tossed in for good measure. (A tip of the Silent 700 paper feed to you, Betty Eddison.)
The cited article takes a different approach. It is mostly subjective. The results of the analysis is that Google is better than Bing. Here’s a key passage:
So Google does outperform Bing (the difference is statistically significant)…
Okay, statistics.
Several observations:
First, I am not sure either Bing’s search team or Google’s search team knows what is in the indexes at any point in time. I assume someone could look, but I know from first hand experience that the young wizards are not interested in the scope of an index. The interest is reducing the load or computational cost of indexing new content objects and updating certain content objects, discarding content domains which don’t pay for their computational costs, and similar MBA inspired engineering efficiencies. Nobody gets a bonus for knowing what’s indexed, when, why, and whether that index set is comprehensive. How deep does Google go unloved Web sites like the Railway Retirement Board?
Second, without time benchmarks and hard data about precision and recall, the subjective approach to evaluating search results misses the point of Bing and Google. These are systems which must generate revenue. Bing has been late to the party, but the Redmond security champs are giving ad sales the old college drop out try. (A tip of the hat to MSFT’s eternal freshman, Bill Gates, too.) The results which are relevant are the ones that by some algorithmic cartwheels burn through the ad inventory. Money, not understanding user queries, supporting Boolean logic, including date and time information about the content object and when it was last indexed, are irrelevant. In one meeting, I can honestly say no one knew what I was talking about when I mentioned “time” index points.
Third, there are useful search engines which should be used as yardsticks against which to measure the Google and the smaller pretender, Bing. Why not include Swisscows.ch or Yandex.ru or Baidu.com or any of the other seven or eight Web centric and no charge systems. I suppose one could toss in the Google killer Neeva and a handful of metasearch systems. Yep, that’s work. Set up standard queries. Capture results. Analyze those results. Calculate result overlap. Get subject matter experts to evaluate the results. Do the queries at different points in time for a period of three months or more, etc., etc. This is probably not going to happen.
Fourth, what has been filtered. Those stop word lists are fascinating and they make it very difficult to find certain information. With traditional libraries struggling for survival, where is that verifiable research process going to lead? Yep, ad centric, free search systems. It might be better to just guess at some answers.
Net net: Web search is not very good. It never has been. For fee databases are usually an afterthought if thought of at all. It is remarkable how many people pass themselves off as open source intelligence experts, expert online researchers, or digital natives able to find “anything” using their mobile phone.
Folks, most people are living in a cloud of unknowing. Search results shape understanding. A failure of search just means that users have zero chance to figure out if a result from a free Web query is much more than Madison Avenue, propaganda, crooked card dealing, or some other content injection goal.
That’s what one gets when the lowest cost methods to generate the highest ad revenue are conflated with information retrieval. But, hey, you can order a pizza easily.
Stephen E Arnold, January 11, 2022
Sentiment Analysis: A Comparison with Jargon
January 3, 2022
For anyone faced with choosing a sentiment extraction method, KD Nuggets offers a useful comparison in, “Sentiment Analysis API vs Custom Text Classification: Which One to Choose?” Data consultant and blogger Jérémy Lambert used a concrete dataset to demonstrate the pros and cons of each approach. For sentiment analysis, is team tested out Google Cloud Platform Natural Language API, Amazon Web Service Comprehend, and Microsoft Azure Text Analytics. Of those, Google looks like it performed the best. The custom text classification engines they used were Google Cloud Platform AutoML Natural Language and Amazon Web Service Comprehend Custom Classification. Lambert notes there are several other custom classification options they could have used, for example Monkey Learn, Twinwords, and Connexun. We observe no specialized solutions like Lexalytics were considered.
Before diving into the comparison, Lambert emphasizes it is important to distinguish between sentiment analysis and custom text classification. (See the two preceding links for more in-depth information on each.) He specifies:
“*Trained APIs [sentiment analysis engines] are based on models already trained by providers with their databases. These models are usually used to manage common use cases of : sentiment analysis, named entity recognition, translation, etc. However, it is always relevant to try these APIs before custom models since they are more and more competitive and efficient. For specific use cases where a very high precision is needed, it may be better to use AutoML APIs [custom text classification engines]. … AutoML APIs allow users to build their own custom model, trained on the user’s database. These models are trained on multiple datasets beforehand by providers.”
See the write-up for details on use cases, test procedures, performance results, and taxi-meter pricing. For those who want to skip to the end, here is Lambert’s conclusion:
“Both alternatives are viable. The choice between Sentiment Analysis API and Custom text classification must be made depending on the expected performance and budget allocated. You can definitely reach better performance with custom text classification but sentiment analysis performance remains acceptable. As shown in the article, sentiment analysis is much cheaper than custom text classification. To conclude, we can advise you to try sentiment analysis first and use custom text classification if you want to get better accuracy.”
Cynthia Murrell, January 3, 2022
-
- Subscribe to Beyond Search
Feature archive
News archive
-
