 |
Network-attached storage devices more vulnerable than routers, researcher finds
A security review of network-attached storage (NAS) devices from multiple manufacturers revealed that they typically have more vulnerabilities than home routers, a class of devices known for poor security and vulnerable code.Jacob Holcomb, a security analyst at Baltimore-based Independent Security Evaluators, is in the process of analyzing NAS devices from 10 manufacturers and has so far found vulnerabilities that could lead to a complete compromise in all of them.“There wasn’t one device that I literally couldn’t take over,” Holcomb said Wednesday during a talk at the Black Hat security conference in Las Vegas, where he presented some of his preliminary findings. “At least 50 percent of them can be exploited without authentication,” he said.To read this article in full or to leave a comment, please click here Read More
WHITE PAPER: A10 Networks
Server Offload Is the Key
This paper is designed to lay out the ROI for the A10 Thunder™ Series ADC product line. It attempts to explain and quantify how ADC solutions can be used to increase the efficiencies of your infrastructure to significantly reduce your expenses, and to increase your competitive advantage. View Now>>
WHITE PAPER: Super Micro Computer Inc.
Not All Memory is Created Equal
Get the most our of mission-critical server and storage solutions by insisting on the best, server-grade memory available. Manufacturing quality and reliability varies greatly form memory supplier to supplier, lot-to-lot, and bin to bin. View Now>>
SSD controllers may run your applications someday
It’s time for enterprise applications and storage to work more closely together, even to the point where SSDs become a pool of computing power, according to Samsung Semiconductor.The company wants industry standards for greater coordination between those elements, seeking to make data centers more efficient. The benefits could include CPUs communicating more with SSDs (solid-state drives) in the shorter term and later SSD controllers sharing application processing. The company gave no target dates for what would necessarily be a long-term effort, but it’s calling on several industry groups to cooperate to make it a reality.With just HDDs (hard disk drives), storage performance historically lagged behind computing and memory, so the functions of each have remained separate. But the advent of various tiers of solid-state storage and memory has changed the equation, said Bob Brennan, a senior vice president at Samsung Semiconductor who leads the company’s Memory Solutions Lab. There are now faster drives with more built-in computing power and faster connections, he said. Servers aren’t getting as much performance out of storage as they could, he told an audience Tuesday at Flash Memory Summit, in Santa Clara, California.To read this article in full or to leave a comment, please click here Read More
WHITE PAPER: Citrix Systems
Magic Quadrant for ADCs
Citrix is positioned in the Leaders Quadrant for Application Delivery Controllers for the seventh consecutive year: the Gartner Magic Quadrant Report focuses on vendor's ability to solve complex application deployment challenges. Don't miss this chance to learn from Gartner's independent research. Learn More
OneDrive Continues Microsoft Migration to Amazon Mobile Devices
Microsoft moves its OneDrive cloud storage service to Amazon's Kindle Fire phones and tablets. Read More
WHITE PAPER: Super Micro Computer Inc.
Increase Compute and Storage Performance
Expand your compute and storage capacities while dramatically lowering power consumption without performance sacrifices. View Now>>
How to Survive 4 Cloud Horror Stories
Horror stories don't just happen at the movie theater. In a few cases, companies make a big play to use the wrong cloud application or experience widespread outages in their connection to cloud storage.+ ALSO ON NETWORK WORLD Real-world horror stories +While vendors claim that cloud services are secure and reliable, that's not always the case. A better way than relying or vendor promises? Make sure your migration plans, budgets, existing infrastructure, security and any ancillary services all match up before making the jump to the cloud.To read this article in full or to leave a comment, please click here Read More
Storage maker builds fast SSD to prepare for life after NAND flash
Storage technologies much faster than NAND flash aren’t expected to reach most smartphones and data centers for years, but preparations are already underway in order to make the most of them when they arrive.Western Digital’s HGST subsidiary is demonstrating one advance in that effort this week, showing what it calls the world’s fastest SSD (solid-state drive) at the Flash Memory Summit in Santa Clara, California.The device, which can be plugged into a server’s PCIe slot like any SSD, isn’t a new storage product but a platform for demonstrating a low-latency interface that the company developed with future solid-state media in mind. It implemented the experimental communications protocol in a Linux driver on the server and in the SSD’s embedded software.To read this article in full or to leave a comment, please click here Read More
My Final Impressions of Black Hat 2014
I attended Black Hat 2014 in Las Vegas last week and wanted to write a post while I’m still feeling the buzz of the event. Here are just a few of my takeaways: Black Hat = High Energy. I attended Interop at the same venue (Mandalay Bay) for many years but I noticed that the event was getting stale and rather morose recently. It was quite invigorating then to witness the high-energy security crowd at Black Hat in comparison. There was lots of energy, great discourse, and plenty of knowledge transfer. Yes, there was commercialism and Vegas schmaltz, but Black Hat is more of a community get together than your typical stale trade show – and way more lively than Interop post the late 1990s. Black Hat vs. RSA. When I worked at EMC back in the late 1980s, one of the common sales mantras of the company was, “people who know how always work for people who know why.” This was a “solution selling” message intended to get the sales team to focus on the “why” customers who own business processes, financial results, and budgets, rather than the “how” customers who twiddle bits and bytes. With this analogy in mind, RSA is a “why” conference while Black Hat (and to some extent, (DEFCON) is a “how” conference. With this explained, there is also a difference as cybersecurity is a hardcore “how” discipline that revolves around the folks who know how to twiddle bits and bytes or can detect when someone else has twiddled bits and bytes in a malicious way. In my humble opinion, these two shows complement each other. Yes, we need extremely competent CISOs who know business, IT, and security technology but we must also have security practitioners with deep technical skills, devotion, and passion. RSA is focused on the former while Black Hat/DEFCON appeals to the latter. Security vendors should be at Black Hat. Many leading security vendors passed on Black Hat and allocated event budget dollars to RSA and shows like VMware instead. I get this but would suggest that they find ways to spread event investments around so they can attend Black Hat 2015. Why? Black Hat attendees may not be budget holders but they are the actual people who influence technology decisions and make up the majority of the cybersecurity community at large. These are the people who choose cybersecurity technologies that can meet technical requirements. Creative security technology vendors can also approach Black Hat as a recruiting opportunity, not just a sales and marketing event. I left Black Hat with even more cybersecurity concern. I’m in the middle of this world all the time so I hear about lots more about the bad guys’ Tactics, Techniques, and Practices (TTPs) than most people do. Even so, I spent the week hearing additional scary stories. For example, Blue Coat labs reported on 660 million hosts with a 24 hour lifespan it calls “one-day wonders.” As you can imagine, many of these hosts are malicious and their rapid lifespan files under the radar of signature-based security tools and threat intelligence. I also learned more about the “Operation Emmantel,” (i.e. from Trend Micro) that changes DNS settings and installs SSL certificates on clients, intercepts legitimate One-time passwords (OTPs) and steals lots of money from online banking customers. Black Hat chatter served as further evidence that our cyber-adversaries are not only highly-skilled, but way more organized than most people think. Endpoint security is truly “in play.” A few years ago, endpoint security meant antivirus software and a cozy oligopoly dominated by McAfee, Symantec, and Trend Micro (and to some extent, Kaspersky Lab and Sophos as well). To use Las Vegas terminology, all bets are off with regard to endpoint security now. With the rash of targeted attacks and successful security breaches over the past few years, enterprise organizations are questioning the value of AV and looking for layered endpoint defenses. Given this market churn, Black Hat was an endpoint security nexus with upstarts like Bromium, Cisco, Crowdstrike, Digital Guardian (formerly Verdasys), Druva, FireEye, Guidance Software, IBM, Invincea, Palo Alto Networks, Raytheon Cyber Products, RSA, and Webroot ready to talk about “next-generation” endpoint security requirements and products. While the incumbents have an advantage, endpoint security is becoming a wide-open market as evidenced by the crowd at Black Hat. Black Hat is a great combination of Las Vegas shtick, hacker irreverence, and a serious cybersecurity focus. Yup, it’s only a tradeshow but there is a serious undercurrent at Black Hat/DEFCON that is sorely missing from most IT events. To read this article in full or to leave a comment, please click here Read More
| |
No comments:
Post a Comment