They Hid in Plain Sight

December 28, 2015

Those who carried out last November’s attacks in Paris made their plans in the open, but intelligence agencies failed to discover and thwart those plans beforehand. TechDirt reveals “Details of How The Paris Attacks Were Carried Out Show Little Effort by Attackers to Hide Themselves.” To us, that means intelligence agencies must not be making much use of the Dark Web. What about monitoring of mobile traffic? We suggest that some of the marketing may be different from the reality of these systems.

Given the apparent laxity of these attackers’ security measures, writer Mike Masnick wonders why security professionals continue to call for a way around encryption. He cites an in-depth report by  the

Wall Street Journal’s Stacy Meichtry and Joshua Robinson, and shares some of their observations; see the article for those details. Masnick concludes:

“You can read the entire thing and note that, nowhere does the word ‘encryption’ appear. There is no suggestion that these guys really had to hide very much at all. So why is it that law enforcement and the intelligence community (and various politicians) around the globe are using the attacks as a reason to ban or undermine encryption? Again, it seems pretty clear that it’s very much about diverting blame for their own failures. Given how out in the open the attackers operated, the law enforcement and intelligence community failed massively in not stopping this. No wonder they’re grasping at straws to find something to blame, even if it had nothing to do with the attacks.”

Is “terrorism” indeed a red herring for those pushing the encryption issue? Were these attackers an anomaly, or are most terrorists making their plans in plain sight? Agencies may just need to look in the right directions.

Cynthia Murrell, December 28, 2015

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Cyber Threat Intelligence Across the Enterprise

December 28, 2015

A blog series from iSightPartners aims to help organizations make the most of Cyber Threat Intelligence. The series is introduced in, “How CTI Helps Six Groups Do Their Jobs Better: A New Blog Series!” Writer Christina Jasinski explains:

“The importance of Cyber Threat Intelligence (CTI) has become more widely recognized in the past year.  But not many people realize how many different ways threat intelligence can be utilized across an enterprise. That’s why now is a good time to drill down and describe the wide range of use cases for employing threat intelligence for many different functions within an IT organization.

“Are you a CISO, SOC Analyst or an Incident Responder? Stay tuned….

“This is the first post in an iSIGHT Partners blog series that will delve into how IT security professionals in each of six distinct roles within an organization’s information security program can (and should) apply threat intelligence to their function.   Each post will include 3-4 use cases, how CTI can be used by professionals in that role, and the type of threat intelligence that is required to achieve their objectives.”

Jasinski goes on to describe what her series has to offer professionals in each of those roles, and concludes by promising to reveal practical solutions to CTI quandaries. Follow her blog posts to learn those answers.

Cynthia Murrell, December 28, 2015

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Desktop Web Searches Began Permanent Decline in 2013

December 28, 2015

The article on Quartz titled The Product that Made Google Has Peaked for Good presents the startling information that desktop web search is expected to remain in permanent decline. The main reason for Google’s prestige and growth peaked in 2013, the article suggests, and then declined for 20 out of the last 21 months. The article reports,

“Google doesn’t regularly disclose the number of search queries that its users conduct. (It has been “more than 100 billion” per month for a while.)… And while a nice chunk of Google’s revenue growth is coming from YouTube, its overall “Google Websites” business—mostly search ads, but also YouTube, Google Maps, etc.—grew sales 14%, 13%, and 16% year-over-year during the first three quarters of 2015. The mobile era hasn’t resulted in any sort of collapse of Google’s ad business.”

The article also conveys that mobile searches accounted for over half of all global search queries. Yes, overall Google is still a healthy company, but this decline in desktop searches will still certainly force some fancy dancing from Alphabet Google. The article does not provide any possible reasons for the decline. The foundations of the company might seem a little less stable between this decline and the restless future of Internet ads.

Chelsea Kerwin, December 28, 2015

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Blue Chip Consulting Firm and Its Predictions for 2016

December 27, 2015

I read “10 Business and Technology Trends to Watch in 2016.” These prognostications come from a unit of Accenture called Fjord.

What’s interesting about this list of which horses will win assorted races is that the forecast does not include the phrase “artificial intelligence.” Also, missing in action is the IoT mantra. You know, gentle reader, that your refrigerator will phone home to your health insurance provider when you snag a sugar and fat infused snack during March Madness.

Here’s the list. How many of these buzzwords do you recognize? Hint: Not many. The object of the listing is to stimulate you to hire Fjord to cleave the glacier of your understanding with the white hot heat of the consulting firm’s insight:

  1. Micromoments
  2. Services with manner
  3. The employee experience
  4. Disappearing apps
  5. Flattening of privilege
  6. Government for the people
  7. Health in our own hands
  8. Virtual reality
  9. The return of simplicity
  10. Design from within.

Quite a list. I am still puzzled with the micromoments thing. Perhaps this is a reflection of the “quality time” blue chip consultants try to set aside for appropriate interaction with their families. Some of the other predictions are Zen like; for example, flat privilege except for those with platinum airline reward cards and the return of simplicity to partner office decorations. And there is no reference to search, content processing, or predictive analytics. There are subsumed under the metaphors used to predict the future. Delphic in a way I surmise.

There you have it. Enjoy your employee experience when you miss your goals for the quarter, gentle reader.

Stephen E Arnold, December 27, 2015

Quote to Note: Smart Software

December 26, 2015

I read “Eric Schmidt and Jared Cohen on Technology in 2016.” The write up recycles the Google ideas which will keep the firm’s revenues pumping along. Tucked into the rah rah for smart software was a quote I circled as particularly interesting. Keep in mind that the statement comes from a firm in the online advertising business with some wild and crazy ideas tossed into its mix of products and services. Here’s the statement:

Those who design AI should establish best practices to avoid undesirable outcomes.

Two questions crossed my mind: What’s “undesirable” and what’s “outcomes”? With folks driving into Google cars and the somewhat interesting “solve death” activities, the comments about the future are interesting.

Stephen E Arnold, December 26, 2015

Technical Debt: Financial Disaster

December 25, 2015

Adoption of cloud-based services provides the enterprise with I read “Treat Technical Debt Like a Bad Relationship.” Googlers called attention to technical debt. I wrote about that Google paper earlier in 2015. The idea is not a new one. The idea is that today’s technology requires on-going investment.

That investment is necessary if the product is to be kept working and in step with what competitors offer. What happens if one ignores the technical debt, the local bean counter points out that the amount of dough required to keep a product is greater than its revenue. End of story. Some products can chug along for years. I don’t think too much about my refrigerator unless it stops working. I don’t repair it if it is 11 years old. I get a new one. That’s what happens with search and content processing. A recent example is GoDaddy. The company bought Enterprise (yes, I know that your friendly mid tier consultant does not know about this system. But GoDaddy decided after 11 years to get a new one.

In the write up, the notion of a bad relationship speaks more about the author than about how the finances of a technology work out over time. Perhaps an expensive divorce would be more apt. Plenty of organizations license a search and content processing technology and then figure out that a new one is needed. Expensive? Yep.

The write up points out:

Adoption of cloud-based services provides the enterprise with the ability to minimize technical debt by striking a balance between continuously delivered cloud solutions and existing controls necessary to remain compliant with security requirements. Experienced technical personnel must assess those requirements against available cloud offerings. Increased cloud adoption will free technical security personnel from managing software, empowering them to spend more time on assessments and adoption of technology to stay ahead of evolving threats.

What happens if the cloud solution delivers the same cost burdens as any other enterprise application?

The answer is, “Get a new one.”

That’s what IBM itself does. The company coded up STAIRS III, converted it, and still sells the technology today. IBM bought iPhrase, bought Vivisimo, invested in home brew content processing initiatives like Web Fountain. Now IBM has wrapped scripts around a basket of technologies.

If one buys into the IBM solution, will the technical debt become a tiny part of the information technology budget? I don’t think so. The customer pays for its decisions. The vendor loses a client. A technology failure can impair or cause a business failure.

Technological debt is very different from having a bad friend. The divorce metaphor works well: Pain, lawyers, and brutal costs.

How does one deal with technical debt? Well, buy cloud services from IBM, after you, gentle reader, query Watson for guidance.

Stephen E Arnold, December 25, 2015

Quote to Note: Axil Springer

December 25, 2015

I read “A Giant in Print Reboots.” (If the link does not resolve, snag a copy of the dead tree edition of the New York Times for December 21, 2015. Navigate to page B 1.) Like other “print publishers embrace the digital revolution” articles, the “giant” Axil Springer is really going to go a new direction. I noted this morning that about 25 years ago, the consumerist Internet began.

Axil Springer owns a chunk of the Web search engine which keeps a senior Alphabet Google executive awake at night. You know this search system, don’t you, gentle reader? You use Qwant.com everyday, don’t you?

Tucked in the article is a quote to note. I circled:

I would not exclude that in 10 years’ time our company could be 100 percent digital in terms of revenue and 80 or even 90 percent international.–Mathias Döpfner, Axel Springer CEO

Pushing out the transformation to 2026 lines up with the time horizons on which some print publishers operate. My view is that a decade is a long time in today’s somewhat volatile business environment.

Stephen E Arnold, December 25, 2015

Alphabet Google Makes Cheerful Robot Reindeer

December 24, 2015

Short honk: I love reindeer. Brown creatures. Nice eyes. Well, Alphabet Google has a different take on these Santa friendly mammals. Remember, gentle reader, the Googlers like robots. What could be better than combining a mammal loved by children and a robot? Here’s a snap of the Googler’s improvement on Mother Nature.

image

Would this frighten a three year old? No. Look at the blade runner legs, the red decorations, and the absence of a head. I wonder if the reindeer robots have a red LED for a nose. Ho ho ho.

I think these robots would be useful in third world countries to help deal with poverty, disease, a shortage of troops, and what not.

Stephen E Arnold, December 24, 2015

Star Wars and Its Big Data Lessons

December 24, 2015

I thought the Big Data hype had peaked. Wrong. Navigate to “6 Lessons ‘Star Wars’ Can Teach Us About Big Data.” The insight upon which the article is based is that Star Wars is not designed as a multi billion dollar commercial vehicle for Disney. Nope. Star Wars is a really nifty way to learn six lessons about Big Data. My mind is firing synapses. Amazing. Brilliant. Yes, go to a two hour movie designed to entertain the folks in love with the confection of light sabers, nifty space ships, and assorted folks who are very similar to those who reside in Harrod’s Creek, Kentucky.

What are the six learnings, which I assume were crafted in strict adherence to the rules of peer reviewed, tenure track journal article crafting. Here we go:

  1. Recognize the full value of data. For example, look at the many killed via nifty weapons and conclude, avoid the weapons.
  2. Seek context to better understand your data. Okay, don’t be where a nifty weapon will strike. Got it.
  3. Make precise measurements and calculations. I would just ask a rolling robot, however.
  4. Plan what one is tracking or measuring. Wow.
  5. Hire smart analysts. I would add, “who have a love for Star Wars.”
  6. Use data to inform decision making. Yep, that works in films too.

Remarkable. It is time to quaff another mug of bourbon infused egg nog and tackle another Big Data topic.

Stephen E Arnold, December 24, 2015

Index and Search: The Threat Intel Positioning

December 24, 2015

The Dark Web is out there. Not surprisingly, there are a number of companies indexing Dark Web content. One of these firms is Digital Shadows. I learned in “Cyber Threat Intelligence and the Market of One” that search and retrieval has a new suit of clothes. The write up states:

Cyber situational awareness shifts from only delivering generic threat intelligence that informs, to also delivering specific information to defend against adversaries launching targeted attacks against an organization or individual(s) within an organization. Cyber situational awareness brings together all the information that an organization possesses about itself such as its people, risk posture, attack surface, entire digital footprint and digital shadow (a subset of a digital footprint that consists of exposed personal, technical or organizational information that is often highly confidential, sensitive or proprietary). Information is gathered by examining millions of social sites, cloud-based file sharing sites and other points of compromise across a multi-lingual, global environment spanning the visible, dark and deep web.

The approach seems to echo the Palantir “platform” approach. Palantir, one must not forget, is a 2015 version of the Autonomy platform. The notion is that content is acquired, federated, and made useful via outputs and user friendly controls.

What’s interesting is that Digital Shadows indexes content and provides a search system to authorized users. Commercial access is available via tie up in the UK.

My point is that search is alive and well. The positioning of search and retrieval is undergoing some fitting and tucking. There are new terms, new rationale for business cases (fear is workable today), and new players. Under the surface are crawlers, indexes, and search functions.

The death of search may be news to the new players like Digital Shadows, Palantir, and Recorded Future, among numerous other shape shifters.

Stephen E Arnold, December 24, 2015

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta