securitylinkindia

MassMediaLink India LLP SecurityLink India

FortiGuard Labs Reports Ransomware Not Slowing; Continues to be Relentless and More Destructive

Fortinet®, a global player in broad, integrated, and automated cybersecurity solutions, recently announced the latest semiannual FortiGuard Labs Global Threat Landscape Report. Threat intelligence from the second half of 2021 reveals an increase in the automation and speed of attacks demonstrating more advanced persistent cybercrime strategies that are more destructive and unpredictable. In addition, the expanding attack surface of hybrid workers and hybrid IT is a focal point that cyber adversaries are attempting to exploit. For a detailed view of the report, as well as some important takeaways, read the blog. Highlights of the 2H 2021 report follow: Log4j demonstrates dramatic speed of exploit organizations face: The Log4j vulnerabilities that occurred in late 2021 demonstrate the rapidly increasing speed of exploit that cybercriminals are attempting to leverage to their advantage. Despite emerging in the second week of December, exploitation activity escalated quickly enough, in less than a month, to make it the most prevalent IPS detection of the entire second half of 2021. In addition, Log4j had nearly 50x the activity volume in comparison to the well-known outbreak, ProxyLogon, that happened earlier in 2021. The reality is that organizations have very little time to react or patch today given the speeds that cyber adversaries are employing to maximize fresh opportunities. Organizations need AI and ML-powered intrusion prevention systems (IPS), aggressive patch management strategies, and the threat intelligence visibility to prioritize those threats propagating most quickly in the wild to reduce overall risk. Adversaries rapidly targeting new vectors across the attack surface: Some lesser or low-lying threats have the potential to cause bigger problems in the future and are worthy of watching. An example is newly crafted malware designed to exploit Linux systems, often in the form of executable and linkable format (ELF) binaries. Linux runs the back-end systems of many networks and container-based solutions for IoT devices and mission-critical applications, and it is becoming a more popular target for attackers. In fact, the rate of new Linux malware signatures in Q4 quadrupled that of Q1 2021 with ELF variant Muhstik, RedXOR malware, and even Log4j being examples of threats targeting Linux. The prevalence of ELF and other Linux malware detections doubled during 2021. This growth in variants and volume suggests that Linux malware is increasingly part of adversaries’ arsenal. Linux needs to be secured, monitored and managed as any other endpoint in the network with advanced and automated endpoint protection, detection and response. In addition, security hygiene should be prioritized to provide active threat protection for systems that may be affected by low-lying threats. Botnet trends show a more sophisticated evolution of attack methods: Threat trends demonstrate that botnets are evolving to adopt newer and more evolved cybercriminal attack techniques. Instead of being primarily monolithic and focused mostly on DDoS attacks, botnets are now multipurpose attack vehicles leveraging a variety of more sophisticated attack techniques, including ransomware. For example, threat actors, including operators of botnets like Mirai, integrated exploits for the Log4j vulnerability into their attack kits. Also, botnet activity was tracked associated with a new variant of the RedXOR malware, which targets Linux systems for data exfiltration. Detections of botnets delivering a variant of RedLine Stealer malware also surged in early October morphing to find new targets using a COVID-themed file. To protect networks and applications, organizations must implement zero trust access solutions to provide least access privileges especially to secure IoT endpoints and devices entering the network as well as automated detection and response capabilities to monitor anomalous behavior. “Cybersecurity is a fast-moving and dynamic industry, but recent threat events show unparalleled speeds at which cyber adversaries are developing and executing attacks today. New and evolving attack techniques span the entire kill chain but especially in the weaponization phase, showing an evolution to a more advanced persistent cybercrime strategy that is more destructive and unpredictable. To protect against this broad scope of threats, organizations need to implement AIpowered prevention, detection, and response strategies based on a cybersecurity mesh architecture allowing for much tighter integration, increased automation, as well as a more rapid, coordinated, and effective response to threats across the extended network” Michael Joseph Director System Engineering, India & SAARC, Fortinet Malware trends show cybercriminals maximizing ‘remote everything:’ Evaluating the prevalence of malware variants by region reveals a sustained interest by cyber adversaries in maximizing the remote work and learning attack vector. In particular, various forms of browser-based malware were prevalent. This often takes the form of phishing lures or scripts that inject code or redirect users to malicious sites. Specific detections vary across global regions, but can be largely grouped into leveraging three broad distribution mechanisms: Microsoft Office executables (MSExcel/ MSOffice), PDF files, and browser scripts (HTML/ JS). Such techniques continue to be a popular way for cybercriminals to exploit people’s desire for the latest news about the pandemic, politics, sports, or other headlines, and to then find entryways back to corporate networks. With hybrid work and learning remaining a reality, there are fewer layers of protection between malware and would-be victims. Organizations must take a ‘work-from-anywhere’ approach to their security by deploying solutions capable of following, enabling, and protecting users no matter where they are located. They need advanced security on the endpoint (EDR) combined with zero trust access solutions, including ZTNA. Secure SD-WAN is also critical to ensure secure WAN connectivity for the extended network. Ransomware activity still high and continues to get more destructive: FortiGuard Labs data reveals that ransomware has not subsided from peak levels over the last year and instead, the sophistication, aggressiveness, and impact of ransomware is increasing. Threat actors continue to attack organizations with a variety of new as well as previously seen ransomware strains, often leaving a trail of destruction. Old ransomware is being actively updated and enhanced, sometimes with wiper malware included, while other ransomware is evolving to adopt Ransomware-as-as-Service (RaaS) business models. RaaS enables more threat actors to leverage and distribute the malware without having to create the ransomware themselves. FortiGuard Labs observed a consistent level…

Read More

Hikvision AX-HUB Wireless Intrusion Alarm Panel

Hikvision’s AX-HUB is an innovative product in intruder alarm systems segment, which ensures complete security for your home, retail outlets, warehouses, commercial offices and many more. It can be integrated to centralized surveillance and remote monitoring solutions as well. These devices are designed for catering residential and small commercial applications, the AX-HUB connects security peripherals such as motion detectors, magnetic contacts, and displacement sensors, alongside safety devices like smoke and gas sensors to keep people and your premises safe. Hikvision cameras and the AX-HUB alarm systems work seamlessly together to provide a recorded video clip or live HD video footage, directly through Hik-Connect, iVMS or instantly to monitoring stations. This allows active decisions to be made faster and more reliably in the event of an activation. Simple to install and use, the AX-HUB provides voice prompts locally to assist during installation, as well as alert the end user to any events. The AX-HUB is also compatible with the smart device App, in addition to a wide range of communication pathways and multiport IP communications via either the Cloud or CMS for added peace of mind. AX-HUB can be integrated with Wireless Smoke Detectors to provide sophisticated and cost effective fire protection solution. This Cloud connectivity allows full control of the system from anywhere via Hik-Connect, to easily and remotely arm, disarm and monitor the system. The Cloud also enables the use of revolutionary IVaaS (Intruder Verification as a Service), which allows end users and monitoring stations to quickly and efficiently confirm system events through HD video verification. Ax-Hub Intrusion Alarm Kit Ds-Pwa32-Kg USP’s of AX-HUB: Wireless Intrusion Panel with CCTV integration + Mobile App. Voice guiding for ease of operations. Ease of programming Via Web/ App. Two-way wireless communication. 32 wireless inputs, 8 keyfobs, 2 wireless sirens. In-built GPRS + SMS + voice dialing facility. Inbuilt LAN and Wi-Fi modules. Supports 2 nos. of Hikvision IP cameras for video verification. Supports viewing events video via mobile App. Transmission distance 800m in open area. 128-bit data encryption. In-built battery back-up upto 12Hrs. Mobile App. 3rd party CMS software compatibility. Solution AX-HUB DS-PWA32-KG package provides built-in of IoT modules AX-HUB with in-built GPRS module, Wi-Fi & LAN modules. Wireless pet immune motion sensor. Wireless magnetic contact. Key fob – a small security device with built-in authentication used to control and secure access to network services and data. HikConnect mobile App + SMS + Auto dialing voice call. Supports web browser for integrating Hikvision IP cameras with AX-HUB. IP cameras to be purchased separately. AX-HUB: Benefits WEB configuration The AX-HUB has a built-in web server which enables the device to be configured through a web browser over the local IP network. This offers more flexibility and time saving on site, as setup can be done quickly and efficiently using a laptop or compatible smart device. Easy setup and installation Setting up the system could not be simpler, with an intuitive and easy to use interface. Connect to the panel directly via our web-browser or with iVMS on a laptop for on-site setup or, alternatively, program the system using the Hik-Connect App. Learning devices and sensors onto the system is also easy using the one-push-to-learn feature on all Hikvision wireless intrusion devices, to save time and money. Multiple communication paths The variety of communication pathways available with the AX-HUB is unmatched. It offers LAN, Wi-Fi & GPRS connections with on-board communication modules and connectors for a simpler and more cost-effective installation. With multiport IP communications, the AX-HUB can also communicate simultaneously with multiple devices, to ensure alarm messages are sent to all that need them. The AX-HUB can also notify up to 6 phone numbers in the event of an alarm through voice calls, offering greater flexibility in the way that end users are notified about events on the system. ARC linkage If ARC connectivity is required, the AX-HUB can communicate alarms and other messages in Contact ID format for a rapid and efficient response. Two-way wireless devices With the AX-HUB, you can add up to 32 two-way wireless devices. This provides a system which is secure and flexible; allowing even larger premises to be secured with a wide range of indoor and outdoor Hikvision peripherals. Hik-Connect The end-user App, Hik-Connect, brings together an intrusion alarm and video functions like never before. Linking detectors and sensors to cameras for video verification, as well as providing the end user with the ability to monitor the system from anywhere in the world; remotely checking system status, receiving alerts, arming, disarming, HD video monitoring and more, to remain informed and in complete control at all times. IVaaS (Intruder Verification as a Service) This revolutionary service provides video verification (from any Hikvision or ONVIF IP camera on the premises) for users to quickly and efficiently confirm an alarm event on the system. During the configuration of the panel, 2 cameras can be linked to the AX-HUB, which incorporates a rolling video buffer. Where other video verification methods rely on sending low-quality static images to confirm events, IVaaS utilises Cloud technology alongside the buffer to link previously separate video and intruder systems to one platform. This provides a 7 second clip in the event of an alarm; 5 seconds pre-alarm and 2 seconds post-alarm. Hik-Connect advantages Simple arming and disarming with user friendly interface. Quickly view events and video recordings. Easily configure the system from the App. See wireless devices in each partition. View cameras and alarms in one App. Simplifying the experience for the end user, you can view and manage both your camera and alarm systems from one App in one screen. Check the status of wireless devices in each partition quickly and simply whilst being able to make changes to settings, bypass zones and more from inside the App. Set up system options and make changes in programming within Hik-Connect App, it helps to make configuration simple and easy to follow. The simple interface of the Hik-Connect App allows easy arming and disarming of the…

Read More

Teledyne FLIR launches Conservator™ Subscription Software to Accelerate AI Development with Thermal Imaging

Teledyne FLIR recently announced the release of Conservator™, a cloud-based dataset development subscription software for perception engineers using thermal infrared and visible image datasets to train neural networks. Subscribers also gain access to application specific segments of the Teledyne FLIR annotated image library of more than one million images with more than 100 object label categories. Designed to meet the workflow demands of data scientists in automotive, defense, security, and smart cities applications, Conservator scales to support enterprise artificial intelligence (AI) teams in the research and development of object detection models. “Conservator is a powerful application for data scientists developing datasets with a full complement of workflow functions including annotation, version control, data right access and model performance,” said Arthur Stout, Director of AI Product Management at Teledyne FLIR Infrared Imaging OEM, “AI starts with quality data and this application supports collaboration to advance multi-sensor neural network development in commercial and defense AI applications.” Conservator includes dataset workflow tools for annotation, curation, quality assurance, and dataset version control. Built on a scalable and stable database, Conservator can manage petabyte scale libraries. In addition, the included Conservator Insights™ desktop tool provides analysis and visualization of model performance against ground truth references. This empowers data scientists to quickly pinpoint the specific images in large datasets causing false positives or missed detections, enabling rapid dataset iteration and neural network re-training. Conservator follows the recent release of the Teledyne FLIR expanded free starter thermal dataset for Advanced Driver Assistance Systems (ADAS) and self-driving vehicle researchers and developers. With both thermal and visible annotated images across fifteen object categories, the free starter thermal dataset allows the automotive and academic community to quickly evaluate the vehicle safety algorithm performance, neural network testing, and thermal sensors, such as the FLIR ADK™.  

Read More

COVID Omicron Lure used to Distribute RedLine Stealer Malware Variant

The Omicron variant has a much higher transmission rate, and as a result, daily counts of new Omicron patients have become a global concern. This has again renewed heightened concern about the pandemic, and cyber threat actors don’t shy away from using the situation to their advantage. FortiGuard Labs recently came across a curiously named file, ‘Omicron Stats.exe,’ which turned out to be a variant of Redline Stealer malware. The first reports of RedLine Stealer go back to March 2020 and it quickly became one of the most popular infostealers sold in underground markets. The information harvested by RedLine Stealer is sold on the dark net marketplace for as low as 10 US dollars per set of user credentials. The malware emerged just as the world began to deal with increased numbers of COVID patients and the growing fear and uncertainty that can cause people to lower their guard, which may have prompted its developers to use COVID as its lure. Normally, victims whose systems have been infected with this stealer unknowingly have their account passwords and full browser details recorded, and then sent to marketplace operators. Generally, in such cases, each compromised user profile includes login credentials for accounts on online payment portals, e-banking services, file-sharing or social networking platforms. The file name of this current variant, ‘Omicron Stats.exe,’ was used just as the Omicron variant was becoming a global concern, following the pattern of its previous variants. FortiGuard Labs has concluded that email is the infection vector for this variant as this malware is embedded in a document designed to be opened by the victim. Based on the information collected potential victims are spread across 12 countries. The information that it steals can be used for malicious actions by the same cybercriminal or sold to another threat actor for future activities. Advised Rajesh Maurya, Regional Vice President, India & SAARC at Fortinet, “Stay outside of the red zone by exercising basic security practices. Look at the sender’s email address before clicking on emailed links or downloading attachments, even if they appear to come from a trusted source. In most cases, phishing emails are sent from addresses that do not contain the supposed sender’s organization’s legitimate web address. Educate employees, family members, and friends about what to avoid and keep devices updated with the latest security software.”  

Read More

Ford and ADT to form Joint Venture to Fortify Vehicle Security with Breakthrough Technology

Ford and ADT launch Canopy to provide AI-powered connected security cameras and a corresponding mobile app for a variety of vehicle makes and models. Offerings will integrate the Safe by ADT platform to provide professional monitoring and help businesses protect valuable work equipment in vehicles and individual owners strengthen security inside and outside vehicles. Canopy will build and sell its first product and subscription service early next year to protect cargo areas of high-volume commercial trucks and vans in the U.S. and U.K. Canopy was incubated by Ford’s New Business Platform team and plans to begin integrating its security solution with on-board vehicle cameras in Ford vehicles next year. Canopy expects to expand offering to other manufacturers over time. Ford and ADT Inc. will invest in a new joint venture called Canopy that combines ADT’s professional security monitoring and Ford’s AI-driven video camera technology to help customers strengthen security of new and existing vehicles across automotive brands. “The combination of our technologies and our deep security experience creates a new category of protection for work and personal vehicles,” said Elliot Cohen, ADT Chief Business Development Officer, “Vehicles represent the second-most-valuable asset for consumers, and helping to protect them extends ADT’s safe, smart, and sustainable solutions far beyond the home.” Canopy plans to launch industry-first, multi-sensor security systems with available professional monitoring early next year. The first products to be manufactured and sold will be available in the U.S. and the U.K. for the industry’s highest-volume commercial and retail pickups and vans – including the Ford F-150, F-150 Lightning, Transit vans and E-Transit – and will be easily installable by customers to protect expensive work and recreational equipment. “Thieves have been even more active during the pandemic and know business owners store valuable equipment in vehicles, often hauling more than $50,000 of gear. Canopy is here for those who’ve had enough of thefts that threaten their livelihoods,” said Franck Louis-Victor, Vice President, Ford New Business Platform, “Key to Ford’s software-led transformation are new ideas such as Canopy and collaborating with other innovators such as ADT, which brings to vehicle security their leadership protecting families, homes, and businesses.” The FBI estimates that stolen work equipment cost more than $7.4 billion in 2020 in the U.S., and theft of valuable work equipment is believed to be underestimated in stolen vehicle reports. Small business owners face even greater opportunity costs with the deferral or loss of jobs while replacing stolen items. Canopy also plans to begin integrating camera security solutions in Ford vehicles next year for seamless protection inside and outside vehicles. Canopy will seek factory-vehicle integrations with other automakers over time. Starting a vehicle security revolution Canopy’s first smart vehicle security system accessory offering will make use of acoustic sensors for vans, onboard cameras, radar, LTE, and GPS. The initial product will have a camera that can be mounted in either a van’s cargo area or on a pickup facing the bed. The platform will use AI technology to identify and report credible threats while reducing false alarm signals. Customers will be connected to the system via the Canopy app to livestream video from the vehicle, get notified of suspicious activity, or review past events. The system will trigger a smartphone alert of any indicators of potential criminal activity, such as breaking glass, metal cutting, or suspicious motion or sound near the vehicle. Customers can warn potential thieves they are being monitored by speaking through the smartphone app, enabled by a two-way audio feature that will be available by next year. The system’s AI is designed to distinguish true threats from benign acts – such as a cat jumping into a pickup bed or construction sounds near a vehicle – before alerting the owner or ADT monitoring agents of potential theft. The system will alert ADT monitoring professionals if it detects a person loitering around or breaching the vehicle. ADT monitoring agents can then contact customers, fleet managers, or police to take additional measures to help prevent theft. Credible threats will trigger additional responses, including audible alerts and programmable voice recordings and two-way audio in future updates. The first-of-its-kind Canopy products will be sold through vehicle dealerships, major retailers, and online. Ford Pro will be an important launch partner delivering these solutions to commercial and government customers of all sizes, helping drive business forward and accelerate productivity at a global scale. “Commercial customers around the world are laser focused on protecting investments from costly replacements that can impact their bottom lines,” said Ted Cannis, CEO, Ford Pro, “Canopy will help Ford Pro deliver another service to fleets helping to improve total cost of ownership by staying productive and avoiding downtime associated with stolen tools and damaged vehicles – including the majority with mixed fleets since Canopy technology will be available across brands.” More innovation to come The Canopy team has been developing and testing its first technologies for two years as part of Ford’s New Business Platform innovation incubation group. They will now be headquartered in Detroit and London and led by Interim CEO Christian Moran. The Canopy team has been developing and testing its first technologies for two years as part of Ford’s New Business Platform innovation incubation group. They will now be headquartered in Detroit and London and led by Interim CEO Christian Moran. Canopy also will seek relationships with other automotive, insurance, and technology companies to expand offerings, explore insurance benefits for use of the technology, and co-create new innovations. Ford and ADT’s investment in Canopy is subject to certain conditions, including regulatory approvals, and initial funding is expected to close in the second quarter of 2022. The partners expect to invest approximately $100 million during the next three years.  

Read More

NICE and Magnet Forensics Partner to Digitally Transform Police Case Building and Investigations

NICE and Magnet Forensics recently announced a partnership to digitally transform police case building and investigations to accelerate the pursuit of justice. The integration of NICE Investigate and Magnet REVIEW will enable police agencies to automatically merge digital forensic evidence from Magnet REVIEW with other digital evidence sources in NICE Investigate to streamline case building and investigations. As a one-stop solution for managing digital evidence and investigations, NICE Investigate improves operational efficiency by enabling investigators to collect, analyze and share digital evidence through a single login. NICE Investigate automatically pulls evidence into electronic case folders from records management, CAD (computer aided dispatch), body-worn video, mobile apps and other core systems. When investigators log into NICE Investigate, their evidence is waiting. With the additional integration of Magnet REVIEW, investigators will receive automated alerts when additional forensic evidence becomes available. Chris Wooten, Executive Vice President, NICE, commented, “We’re excited to partner with Magnet Forensics. Our partnership will create seamless workflows and efficiencies for investigators and further simplify the digital evidence review process across more data types. Now, police departments will be able to review all evidence, connected in one place, to accelerate case building, and get to the truth faster.” Adam Belsher, Chief Executive Officer, Magnet Forensics, said, “Police agencies are burdened with an overwhelming volume of digital evidence from a variety of sources, which require their own specialized investigative tools and highly trained specialists. It’s slowing down their investigations and compromising justice. We’re partnering with NICE because we’re both committed to making our digital investigation solutions interoperable so that investigators can consolidate critical digital evidence and leverage analytics tools to complete their cases in a more timely and effective fashion.” Magnet REVIEW is a cloud-based, collaborative and secure digital forensic review platform that enables investigators to access and examine digital forensic evidence and associated metadata acquired through a variety of digital forensic tools (from sources such as smartphones, computers, and IoT devices). Through the integration of Magnet REVIEW and Evidencentral’s NICE Investigate, forensic evidence from Magnet REVIEW will be pulled into NICE Investigate case folders through a seamless, automated, electronic process, where it can be consolidated and cohesively analyzed alongside other types of digital evidence, using analytical tools. As both solutions leverage Microsoft Azure, agencies will also be able to leverage the cloud to facilitate remote work and collaboration, scale to handle heavier caseloads, better safeguard and manage growing digital evidence, reduce infrastructure and overhead costs, and improve security and resiliency. “This collaboration between NICE and Magnet Forensics enables public safety organizations to use the power of the cloud to improve digital evidence review processes,” added Kirk Arthur, Microsoft’s Sr. Director of Worldwide Public Safety & Justice, “This is the future of digital evidence management and processing, especially for law enforcement agencies who can now leverage these technologies together to reduce case backlogs and accelerate investigations, while also benefitting from the security and scalability of the trusted Microsoft Azure cloud.” Under the partnership, Magnet Forensics is also joining NICE’s Evidencentral Marketplace. The Evidencentral Marketplace is the first open digital evidence management ecosystem created specifically for public safety and criminal justice agencies.  

Read More

Milestone Systems in Australia Joins Red Cross Lifeblood Teams

Around 33,000 donations are needed every week in Australia. These are critical to the healthcare system as donations help patients experiencing cancer, surgery, trauma and childbirth complications or might support patients who have serious health conditions such as auto-immune disorders. The Milestone Blood Drive runs between 1 November and 31 December and staff members, as well as suppliers, friends and family have been invited to donate blood or plasma. As states emerge from lockdowns, regular donors are likely to face more competition for their time, especially during November to December. They will be figuring out new routines that include returning to sporting and lifestyle activities, work commutes and socialising. In an effort to address the ongoing need for blood, Milestone staff are rolling up their sleeves and donating blood and plasma, as an important part of their ‘new normal routine’. In doing so, they hope to form new giving habits, whilst also raising the awareness of blood donations and are taking a collaborative approach to encourage the wider industry to join the blood drive. To ensure donations can be counted towards this blood drive, a Lifeblood team has been set up for Milestone staff, friends, family and suppliers. The Lifeblood Team forms part of the blood donation program run by Australian Red Cross Lifeblood and the blood drive is designed to bring people together to save lives. As each blood donation is broken down into three parts and sent to three different recipients, the blood drive has the benefit of counting donations, as well as the amount of lives saved by participating donors. In this way, every donation is considered a gift of life. “In this time of Covid-19 where people are feeling vulnerable, and discouraged, our team in Australia decided to come together to spread the word amongst the security industry about the importance of blood donation. The idea is that we work together and encourage our partners, customers, and wider industry community to join the Milestone ‘Lifeblood Team’ with the goal of helping others and saving as many lives as possible by the end of the year,” said Brett Hansen, Country Manager for South Pacific at Milestone Systems. When blood is separated, there are parts that last for only 7 days, so maintaining this supply, regardless of the upcoming festive period, is essential. “The need for donations never stop, so it is important to keep supplies flowing. By spreading information or donating blood, we are doing our best to save lives. We can see this initiative spreading across the video technology industry here too, and strongly encourage our friends, partners, and colleagues to join us in our quest.” said Danielle Joynson, Marketing Manager for Milestone Systems South Pacific. “While it is very much a part of Milestone’s DNA to contribute to the greater good and give back to society, this particular program is much bigger than just us. It takes only a little effort to donate blood, but this small act can have a huge positive impact on somebody’s life. We urge our friends in the security and tech industries to help us and turn a small act of kindness into a major movement of goodwill,” concluded Hansen.  

Read More

The Rise of Serverless Cloud

Prashanth G J, CEO of TechnoBind Revolutions in the technology field are often driven by the emergence of new technologies. The pandemic has not only challenged the modern world but also created a humongous opportunity to revolutionize. However, creating something valuable and profitable is the ultimate goal of any technical revolution. Cloud computing has been experiencing a period of anomalous growth, several factors have been responsible for this, including the rise of mobile computing, increased maturity of cloud offerings, improved network performance, etc. This constant innovation and growth lead to the invention of serverless cloud computing. Serverless cloud, the future Serverless computing is a cloud-based architecture where the cloud provider has total control over the underlying infrastructure that supports an organization’s activities. It is a platform that hides server utilization from developers and executes code on-demand automatically scaled and billed only if the code is running. Serverless cloud is a relatively new technology, and it is capable of turning your enterprise into a vibrant, flexible, service-oriented working model of the future. Serverless cloud enables your enterprise to expand into the cloud with serverless architecture all over the public and private cloud environments. One of the efficient ways to ensure that diverse resources are available at scale is done by migrating the IT environment to the cloud. Serverless cloud aims to put an end to tedious and time-consuming development and O&M work for servers and other infrastructures in the cloud-based application. When compared with traditional models, serverless models allow enterprises to build applications based on a large number of mature cloud service capabilities. This ensures fewer technical decision-making points and simpler implementations. Because of optimized cloud products, enhanced product integration capabilities, and improved software automation the serverless cloud will help enterprises improve their agility. Some key benefits of serverless cloud Expenses: The most tangible benefit is cost. Serverless cloud enables enterprises to only pay for whatever they need when they need it. Because there are almost no unnecessary resources, as blocks of servers are never sitting idle waiting for utilization. Configuration: The configuration will be significantly more straightforward and streamlined as the host firm handles the greater part. This facilitates scaling up the extra resources without customary downtime for your configuration. Speed: Because the enterprise does not need to manage the server, deploying the services and applications is much easier and faster. This will let the development team to focus on creating their service and then deploying it without worrying about the backend server. Automation which is a key trait of serverless cloud makes it particularly appealing for unpredictable workloads. Most importantly, serverless cloud enables developers to focus on what they should be doing making way for business agility and digital experimentation. Serverless Cloud is destined to transmute the future software model and process and is the future of cloud computing. With serverless cloud, enterprises can place their hands on improvised scalability, flexibility, and affordability. We are now witnessing an era where there is an ever-increasing demand to scale, leverage, and spin applications. These demands indicate that serverless clouds are the future. Cloud services are moving ahead to deliver real-time demand as they have ready deployment of services and applications. There is no doubt that the future-oriented technology for cloud services is serverless functions. Traditional cloud computing will undergo transition and will make way for serverless cloud. There have been several cases for many businesses and enterprises that prove that adoption of serverless cloud has resulted in operational boons such as cost-cutting and easy deployment.  

Read More

Resurgence of Tape Backup in the Digital Era

Nikhil Korgaonkar, Regional Director, Arcserve India & SAARC Most people today will consider reels of tape to be as dated as steam engine and analog cameras, having been replaced by newer, faster, and more efficient technologies. Unfortunately, one can still see many stories around reporting the death of tape storage, citing technology drawbacks as a significant reason. Such as, tapes can be labor-intensive, requiring a manual process to change them at the beginning or end of every day. Tapes are long and stringy, and can also be misplaced or outright lost. These factors and more have given tape storage a poor reputation in today’s marketplace, and they are helping to drive the steady migration to flash storage and cloud storage. But here’s the thing. Despite all the criticism and naysaying, tape has survived and is in fact more relevant today than ever as a means of data storage. With 5G adoptions and the dramatic expansion of the internet of things (IoT), the amount of data being generated is more than what can be stored easily. As of January 2021, there were 4.66 billion active internet users worldwide, accounting for 59.5 percent of the global population. By 2025, there will be 38.6 billion IoT-connected devices worldwide. One can only imagine what will be the size of data generated by 38+ billion objects! Storing such massive amounts of data on the cloud can be expensive, especially if all of it is not urgent or mission-critical. And nothing comes close to storing voluminous data on tapes. Besides, storage cost is very little per gigabyte. Tape is like the mainframe computer, which allegedly died more than 20 years ago but is still a tried-and-true technology in many large enterprises. Tape capacity shipments are on the upswing. A recent report from the Tape Storage Council found that a record 114,079 PB of linear tape-open (LTO) tape capacity shipped in 2019. That’s about 400% more than was shipped in 2009. Here are five reasons why tape storage offers significant advantages over other options. 1. Tape boasts better protection against ransomware Many of today’s data-storage technologies such as cloud storage, can’t fully protect the organization against the growing threat of ransomware attacks. On the other hand, tape backup is offline, so it can’t be easily infiltrated by malware or any other kind of cyberattack. The tapes themselves are often kept at offsite locations or in storage vaults. That means tape can serve as the last line of defense. Even if ransomware thieves penetrate all the other defenses, they still won’t be able to score if all the data is safely backed up on tape. So, it’s ironic that while we become more and more connected and digitized, we rely on good old tape to give us an extra layer of protection and better secure our data against ransomware. Tape offers other security capabilities as well, such as write-once-read-many (WORM), which means that data once written can never be overwritten or deleted, either unintentionally or by those who wish to do the harm. This capability is critical because it’s not just outside hackers who pose a threat. Sometimes insiders are the problem. If a disgruntled employee tries to delete all the data, having tape storage can completely negate that threat. 2.Tape can survive disasters Even after all these years, backing up data on tape and sending it offsite is still a highly reliable disaster recovery method. If the office burns down or there’s a once-in-a-century flood or any other kind of natural disaster, the safest way of protecting the data is to put it on tape in a secure remote location. That’s why savvy organizations will never stop doing tape storage. 3.Tape is cost-effective The cost of tape storage continues to decrease while its storage capacity increases. Tape remains one of the least expensive options for longterm data archiving. According to Fujifilm, tape is three to four times cheaper to use than disk for long-term storage. The leading tape backup format is LTO, and with the introduction of LTO-8 several years ago, enterprises can store up to 30TB of data compressed on a single tape. But that’s just the beginning. In the not-too-distant future, LTO-generation-12 will store up to 480TB compressed on one tape. That means tape can easily accommodate the massive data growth that almost every organization faces. 4.Tape makes insurers happy Cyber liability insurance is a type of insurance designed to cover losses and penalties associated with a data breach or other cyberattack. But large insurance providers are getting very selective when underwriting new cyber policies. Many will only insure customers that have ironclad data-protection strategies. That means businesses must increase their investments in security tools and processes to prove that they are a worthwhile risk to insurance providers. Having an A-to-Z strategy that includes disk storage, cloud storage, and tape storage gives a better risk profile in the eyes of cyber insurance providers. Need more benefits? Ask the insurance company if they will reduce the premiums since the data is backed up to tape. Better still, companies with an end-to-end security strategy that includes backup & recovery and storage may not even need cyber insurance. If companies have three different storage media at their disposal, they can protect themselves in pretty much any potential data-loss scenario. 5.Tape lasts much longer Data storage professionals have a saying. There are two types of hard disks: those that have failed and those that will fail. Yes, modern-day technologies like magnetic storage, flash storage, and cloud storage offer a lot in performance and flexibility. But they fall far short of tape storage when it comes to shelf life. They don’t even come close. Tape storage has an average lifespan of 30 years. Disk storage, by contrast, typically starts to fail after about five years. Right now, tape storage is the only medium that will preserve data well into the future. Tape may be one of the oldest methods for data storage, but it remains highly relevant for backup…

Read More

The Convergence of Physical and IT Security – and What it Means for Your Business

“The age of IoT and AI means that physical and IT security are no longer separate domains. Instead, everything is connected, and you need to converge your security leadership, teams, capabilities, and technologies to navigate the evolving risk landscape ~ Fred Streefland, Director of Cybersecurity and Privacy at Hikvision EMEA” Until recently, physical and cybersecurity domains were separate from one another. Security teams, access control systems, and CCTV systems were used to physically secure buildings – from data centers to factories and warehouses. And IT teams looked after IT and network security with firewalls, anti-virus software, and data encryption technologies. But as organizations have forged ahead on their digital transformation journeys, innovative technologies such as IoT and AI have blurred the lines between physical security and cybersecurity: a trend that’s set to continue long term. Why IoT is increasing your physical and IT ‘attack surface’ When thinking about your overall security strategy, consider that your security cameras and other security infrastructure are now ‘IoT devices’ that are connected to the network. This gives criminals and hackers a much larger ‘attack surface’ for their activities, with multiple ways into your organization. For example, hacking or otherwise accessing a network-connected camera or other device can allow criminals to override physical security controls and enter restricted areas or buildings. Equally, hackers who can breach IoT devices on the network may be able to disrupt critical systems, steal data, install ransomware, or otherwise compromise your company’s operations. Physical break-ins also pose major cybersecurity risks Equally, criminals who manage to circumvent your physical security infrastructure can also gain access to IT equipment and systems housed in restricted buildings. This means they can extend the impact of their localized attack across the length and breadth of your network, causing untold damage and disruption in the process. This is especially the case where server rooms are left open or unlocked within a building. The mission-criticality of the network, and the sensitive data stored in connected systems, means that much stronger security is needed for these kinds of facilities to ensure they are never accessed, even if intruders breach your building defenses. Here are some examples of how physical threat vectors can compromise digital security: An infected USB drive is planted in a parking lot, lobby, etc., which an employee picks up and loads onto the corporate network. An attacker breaks into a server room and installs a rogue device that captures confidential data. An attacker pretends to be an employee and counts on a real employee’s courtesy to hold the door for him as they enter together. An inside actor looks over the shoulder of a system engineer as they type administrative credentials into a system. The most well-known example of an attack on physical systems followed by an attack of IT systems is the hack on the retail giant Target in 2013. The attackers used an HVAC vendor’s credentials to compromise the network and ultimately the point of sale (PoS) systems of this company. The attackers ‘entered’ the company via the Heating, Ventilation & Air Conditioning (HVAC) systems and managed to compromise several millions of credit cards of Target customers, which caused the resignation of the CIO and CEO of Target. Why ignoring the issue isn’t an option The consequences of security breaches – whether they take place in the physical or IT domain – are potentially devastating for many organizations, and especially those in mission-critical industries. Security breaches at electricity sub-stations, for example, could leave entire towns or cities without power. And similar breaches in data centers could result in internet ‘blackouts,’ major data breaches, regulatory fines, and a raft of other negative impacts. To minimize the risks of security breaches in the age of IoT, forward-thinking organizations are looking to extend their security strategies seamlessly across the physical and IT domains. This holistic and integrated approach requires both organizational and technology changes that reflect the rapidly changing physical and IT security risk landscape. 4 key strategies for integrating your physical and IT security Forward-thinking organizations are beginning to integrate their physical and IT security provision based on 4 key strategies: Creating an integrated security culture and transformation plan: Any successful integration of physical and IT security begins with a strategy based on digital transformation. This strategy needs to be communicated across the entire security organization from the top down, preparing teams for the transition to integrated physical and cybersecurity, including key milestones and potential disruptions and change management issues. Appointing a CISO or data officer who is responsible for both physical and IT security: The siloed nature of physical and IT security responsibilities increases the risk that attacks in a particular domain will go undetected, or that responses will be too slow to prevent negative impacts from occurring. By appointing a CISO or other c-level executive for joint responsibility, and visibility, of physical and IT security, these potential gaps can be closed, and faster, more effective responses can be mounted in the event of a breach in either domain. Converging physical and IT security monitoring within a single dashboard interface: In terms of technology, integrating IT and physical security monitoring into a single dashboard helps to dramatically decrease the risk of a breach, and to mitigate the impacts if a breach should occur. For example, by mapping cyber and physical threats together, a unified dashboard can spot anomalies more quickly, and pinpoint where the threat originated based on an unidentified device in the network, unauthorized access to a device or physical space, or other threat indicators. Deploying innovative technologies that enable truly unified security responses: By implementing data analytics platforms, smart video solutions, AI-powered security algorithms and other innovative technologies of this type, organizations can detect security threats across physical and IT domains in near-real time. Additionally, false positives can be minimized, further saving time and resources and speeding up security responses. How Hikvision can help At Hikvision, we provide smart video technologies and AI-powered security algorithms that help to improve security in…

Read More