Archive for January 5, 2022

Guest Post: The Rise of a New Analytics Hero in 2022 

Posted in Commentary with tags on January 5, 2022 by itnerd

By David Wang, Vice President, Product Marketing, Imply 

The Rise of a New Analytics Hero in 2022 
Every year industry pundits predict data and analytics becoming more valuable the following year. But this doesn’t take a crystal ball to predict. There’s actually something much more interesting happening that’s going to change everything in the analytics world: the rise of a new hero, the software developer.  
If the past is any indication of the future, then what we are seeing is a major transformation unfolding across every industry: a changing of the guard, so to speak, of the ones who are creating value from data.

Today, the industry at large equates analytics with data warehousing and business intelligence.  It’s a traditional approach of BI experts querying historical data “once in a while” for the executive dashboards and reports that have been around for decades.  

But for bleeding-edge companies like Netflix, Target, and Salesforce, their use of analytics is much more progressive – and much more impactful and real-time. Companies like these see the true game-changer for data in the hands of their software developers.  

Their developers are building modern analytics applications and doing it with Apache Druid to deliver interactive data experiences for investigative, operational, and customer-facing insights. 
But what’s causing the emergence of these apps and what’s it mean for developers?  

Let’s break down the Top 5 reasons:

#1 The need for interactive analytics at scale is taking off

Increasingly, analytics are needed to understand a situation or investigate a problem. This requires the freedom to slice and dice and interact with data live with sub-second query response at any scale. It’s a dynamic user experience that can be best created via a developer-built application.
No one wants to sit around waiting for a query to process.  And while many databases will claim the checkbox for interactivity and speed, they’ll come with lots of scale constraints.  They’ll rely on tricks like roll ups, aggregations, or recent data only to make queries appear faster, but that just restricts the insights you can actually get. So the operative word here is “scale”. 

#2 High concurrency is becoming a must-have for every use case

The days of relying on a few BI analysts to write SQL queries are seemingly in the rear-view.  Data-driven companies today want to give everyone – from product managers to ops teams to data scientists – free access to explore. And, multi-tenancy takes user count even further. But concurrency doesn’t just come from the numbers of users. Developers are being asked to build analytics apps with dozens of visualizations with each firing off several concurrent SQL queries.  

Now I’ll admit – it’ll be hard to find a modern database today that doesn’t claim high concurrency.  You obviously wouldn’t want to force fit Postgres (or even Elastic) in uncomfortable positions. But what about scale-out cloud data warehouses?  Doesn’t elasticity = scale = high concurrency? Of course, but elasticity without insane compute efficiency (like with Apache Druid) is going to be a really expensive app.

#3 Desire to unlock the value of streaming data with analytics

Businesses of all kinds are rapidly adopting event-streaming platforms like Apache Kafka. Our friends at Confluent, the creators of Kafka, have built a data mesh that puts data ‘in motion’. With data swirling around constantly, what better use of it than to analyze it for continuous, real-time insights? 
Companies like Netflix are doing this and their developers are creating a huge competitive advantage by bringing together Apache Kafka and Druid to build an analytics app that enables a high quality, always-on, user experience.  

With an eye on real-time analytics, several things have to be taken into account.  Is analyzing streams alone enough – or does the use case need to compare streams against historical data?  For Intercontinental Exchange, it’s the full spectrum from present to past that gives them the right security visibility. Does ingestion scalability matter – do you need to process millions of events per second? What about latency or data quality?

#4 More and more companies want to give their customers analytics

Analytics of the past were about making better decisions for the business.  While still very relevant – and a huge opp to create more value – we are increasingly seeing companies build analytics apps to deliver insights to their customers. 

Companies like Twitter, Cisco ThousandEyes, and Citrix are doing this and driving material revenue.  They’re giving their customers visibility and insights – and that in turn creates big business for them. 
But it can be a pretty hairy outcome to use any database to build a customer-facing analytics app. There’s way more on the line than internal use cases when you think about SLAs and the customer experience. It’s in these apps where microseconds of latency makes a difference, downtime is costly, and concurrency and $$ goes through the roof. Thankfully there’s a database for that!

#5 The digitization of everything is built with analytics 
At this point in tech, I think we all see that every company is becoming a software company. But with everyone having easy access to the cloud, simply building cloud software and services isn’t enough to sustain an advantage. That’s why companies like Salesforce and AirBnB build analytics apps to optimize how they build their products.  

Developers there – and at the best software companies – are building analytics apps to help them create the best product experiences.  Whether it’s next-gen observability, user behavior insights, live A/B testing, or even recommendation engines, an analytics app is at work.

The crystal ball for 2022

There you have it. Our prediction for this year. We see the world of analytics expanding rapidly to modern analytics apps – with developers becoming the new analytics heroes in organizations.  

Here’s to 2022!

Here’s A Mind Blowing Stat…. Attackers Can Breach 93% Of Networks In Under A Month

Posted in Commentary with tags on January 5, 2022 by itnerd

A new study from Positive Technologies found that threat actors can breach 93% of company networks and trigger unacceptable events in under a month. The researchers simulated various APT attack scenarios, applied social engineering tactics like malicious email attachments and analyzed countermeasures deployed. They selected test subjects from key sectors in the United States, including finance, fuel and energy, government, industrial and IT.

Saryu Nayyar, CEO and Founder, Gurucul had this to say:

“The data shows that with phishing attacks that harvest credentials being the #1 vector for initial compromises points to the challenge that security organizations have when it comes to the “human factor” in breach prevention. It is almost inevitable that one of these campaigns will be effective and with one mistaken click an organization is compromised. Worse yet, a malicious insider can appear to traditional XDR and SIEM’s as legitimate users and basically go unhindered until a major data theft occurs, or ransomware is executed. This is where the organizations can protect themselves by incorporating identity analytics and understanding the risks associated with user access, activity as part of their next generation SIEM. This can help organizations more quickly determine when a malicious insider is improperly using these credentials and prioritize associated risks to their infrastructure”

This illustrates that companies have a lot of work to ensure that they are fully protected from threats regardless of how they present themselves. That way they don’t add to that mind blowing stat.

UPDATE: I also got commentary from Dave Pasirstein, Chief Product Officer and Head of Engineering at www.truu.ai:

Compromised credentials continue to be highlighted as the most common method for breaches.  For years, the deployment of second factor (2FA) technologies have not materially moved the needle in terms of improvement, because primary factors are still tied to usernames/passwords.  Next-generation passwordless MFA is one of the few alternatives that can improve the situation by completely eliminating the password credential from the system, the account, and the user.”

FTC To American Companies: Fix Log4j Issues OR ELSE

Posted in Commentary with tags on January 5, 2022 by itnerd

Companies in the USA should consider this fair warning. The FTC has issued a warning to US companies that it will go after any company that fails to protect its customers’ data against ongoing Log4j attacks:

The duty to take reasonable steps to mitigate known software vulnerabilities implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act. It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action. According to the complaint in Equifax, a failure to patch a known vulnerability irreversibly exposed the personal information of 147 million consumers. Equifax agreed to pay $700 million to settle actions by the Federal Trade Commission, the Consumer Financial Protection Bureau, and all fifty states. The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future. 

Elizabeth Wharton who is the VP Operations for SCYTHE had this comment:

Compliance is never security, but you always need robust security practices to meet compliance requirements. Nearly every regulation – including GLBA – requires continuous assurance. In fact, the December 2021 Final Rule issued by the FTC under GLBA for financial institutions added provisions specific to regularly test or otherwise monitor the effectiveness of their security controls. To meet these requirements, they need to continuously validate their people, processes, and technologies, especially as new supply chain attack vectors like Log4j become more prevalent. 

Companies should do the right thing by default. But I would consider this warning from the FTC a major incentive to make sure that they address any and all issues in regards to not only this vulnerability, but any vulnerability that they might be aware of. Otherwise, they’re going to get the boom lowered on them.

Adriano Lands At CES & receives The Innovation Award Honoree & Launches Kickstarter Campaign

Posted in Commentary with tags on January 5, 2022 by itnerd

Domethics is an innovative Italian startup engaged in the design and implementation of IoT products and services, with a special focus on smart-home products and services, smart devices, elderly care and tele medical assistance.

Domethics is attending the next Consumer Electronics Show in Las Vegas, which runs January 5-8, 2021, to introduce Adriano, the IoT device that transforms each smartphone, tablet or smart TV into a powerful and low-cost gateway to control every home smart device via one designated app. Adriano already won the Innovation Award Honoree 2022 – “Smart Home” at the 2022 CES Innovation Awards, where Domethics ran as the only Italian contender to the title.

Adriano allows consumers to use old and outdated systems, giving them a second life. In order to do so, Adriano talks to other smart devices via a dedicated app which includes features such as Energy Management, Elderly Care, Home Automation and all Smart Working-related actions.

Moreover, Adriano works alongside smart thermostats, smart thermostatic valves, light bulbs and electrical outlets managed via radio. Thus, the device allows users to adjust home temperatures or supervise electricity consumption according to their needs, with a cut-down rate of 30% on waste and inefficiency.

By lifting the burden of physical activity and house management, Adriano can also be of help to the elderly and fragile, supervising day-to-day tasks: from opening gates and electrical roller shutters, to adjusting air quality and managing other appliances – Adriano will benefit the users with all the comforts of automation and no cables to pull.

Check out this short video to see what Adriano can bring to your smart home and learn how you can rescue that drawer of old phones from a lifetime in a landfill. Check out their just launched Kickstarter campaign here.

Threat Actors Break Into Networks To Quietly Steal Cash

Posted in Commentary with tags on January 5, 2022 by itnerd

Bleeping Computer is reporting that a group of threat actors known as Elephant Beetle are spending months inside to divert transactions in order to make a few bucks:

The group is very sophisticated and patient, spending months studying the victim’s environment and financial transaction processes, and only then moves to exploit flaws in the operation.

The actors inject fraudulent transactions into the network and steal small amounts over long periods, leading to an overall theft of millions of dollars. If they are spotted, they lay low for a while and return through a different system.

The expertise of ‘Elephant Beetle’ appears to be in targeting legacy Java applications on Linux systems, which is typically their entry point to corporate networks.

Clearly these aren’t your typical cybercriminals. Which makes them even more dangerous than your typical cybercriminals who are already pretty dangerous. Elizabeth Wharton who is the VP Operations for SCYTHE had this to say:

Cybercriminals are doing the same thing that we’ve seen in traditional fraud. This is the same kind of small-dollar value theft that we see when people try to embezzle money from a company. The difference here is that companies lack the tools to detect it. They can’t use their fraud detection tools because it’s not an internal person exploiting their systems. This is why they need new tools that give them a way to continuously validate their security processes and technologies, so that they know their people can detect these new exploits quickly.  

And Chris Olson, CEO of The Media Trust had this to say:

Elephant Beetle is another example of the ever-evolving sophistication of criminal activity leveraging the complexity of digital environments. While this group is creating fraudulent transactions in enterprise environments, it’s safe to assume they can also hijack and steal consumer data like banking details, credit card numbers, etc. The risk of weaponizing enterprise websites/mobile apps to harm consumers is too great to ignore. In 2022, we’ll start to see more discussion about the need for digital trust and safety across industry and regulatory forums.  

So the take home message is that companies need to up their game to ensure that they don’t fall victim to something like this.

Welcome to 2022.

UPDATE: I have added commentary from Saryu Nayyar, CEO and Founder, Gurucul:

“The adaptability of the Elephant Beetle threat actor and subsequent exploits developed to evade detection or modifications to continue once detected, shows a level of sophistication that is out of scope for traditional XDR or SIEM. In addition to leveraging dwell time to evade detection, the documented exploits are clearly meant to increase the level of noise created by most XDR/SIEMs leaving security analysts unable to correlate what is a real attack versus chasing false positives. The ability to baseline user access to applications and understand deviations in acceptable asset and network usage and behaviors with customizable machine learning models can drastically reduce the noise and discover attacks much more quickly despite the extensive use of dwell time.”

Additionally, The New York Office of the Attorney General has notified 17 companies of security breaches after it spent months monitoring hacking forums dedicated to credential stuffing attacks and found that more than 1.1 million user accounts had been hacked and sold online. Saryu Nayyar of Gurucul goes on to say this:

“The fact that the NY OAG was able to find this information shows that threat intelligence, dark web scanning and attack surface management have a long way to go in terms of credibility and usability by security teams. While these are all critical as part of the overall security process and are useful to augment existing security tools like Next Generation SIEM, such tools are not a silver bullet to protect an organization or significantly lower risk given. Security operations must rely on advanced machine learning and analytics that are increasingly sophisticated to pre-emptively identify breaches and prevent credential theft. In addition, once this data is made available to threat actors, identity profiling and behavioral analytics are the best approach when combined with traditional XDR capabilities to determine if stolen credentials are being misused within an organization”.

And Sam Jones, VP of Product Management, Stellar Cyber had this to say:

“Exposed credentials are unfortunately the norm, and likely will be until the username and password paradigm is eliminated. The best practice for enterprises to prevent credential stuffing is to stick to the basics – enforce strong MFA and go passwordless if possible. For end users, given we still live in a password world, the best thing you can do is ensure you don’t reuse passwords across services.”

And Chris Olson, CEO of The Media Trust had this to say:

Credential stuffing attacks are old hat, and remain effective. While consumers are responsible for their data, enterprises have a responsibility to safeguard it when input or surreptitiously collected via their websites/mobile apps. Taking ownership of how digital assets can harm consumers is critical to safeguarding consumer expectations of privacy and security. Those that have adopted digital trust and safety strategies are starting to see tangible results in their bottom line.

Finally Dave Pasirstein, Chief Product Officer and Head of Engineering at TruU had this to say:

“The primary countermeasure to credential stuffing is multifactor authentication (MFA), and one of the best multifactor approaches to eliminate the credential stuffing attack vector is passwordless MFA.”

 

Ring Announces New Customizations to Its Award Winning Alarm System

Posted in Commentary with tags on January 5, 2022 by itnerd

Today, Ring announced the Ring Alarm Glass Break Sensor, the first sensor of its kind from Ring. Ring Alarm Glass Break Sensor enables households and businesses with Ring Alarm to monitor glass windows or doors for break in attempts. The Ring Alarm Glass Break Sensor leverages AI technology to accurately detect valid glass break events like windows being smashed or cracked and dismiss false alarms like jingling keys or clattering dishes. At $49.99 CAD it is available for Pre-Order today, January 5 and will be available for purchase on February 16.

Home security is not a one-size-fits-all solution. For Ring, real smart security is based on a customer’s needs and preferences, and customers have the control to create unique home security systems using a mix of devices and features that specifically address their needs. With Ring Alarm Glass Break Sensor, Ring is able to give customers even more choice when building the alarm system that works best for them.

You can find out more via this blog post from Ring.

EnGenius Launches First Wi-Fi 6E Access Point For SMB Market 

Posted in Commentary with tags on January 5, 2022 by itnerd

EnGenius Technologies Inc., a worldwide manufacturer of future-proof enterprise networking solutions, today announced the release of the very first Wi-Fi 6E access point designed for the SMB market. Featuring the Qualcomm Networking Pro 1210 platform, the ECW336 Wi-Fi 6E indoor ceiling mount tri-band access point has been developed for use in the recently unleashed 6 GHz spectrum. 

The EnGenius Cloud ECW336 access point marks the company’s first venture into 6E territory. Experts predict that as many as 500 million Wi-Fi 6E compatible devices will spill onto the market in the next three years, enjoying massive, pristine Wi-Fi real estate. While the 2.4 and 5 GHz bands offer a total of 560 MHz of spectrum and 27 channels, 6 GHz alone offers 1200 MHz of spectrum and 59 channels.

With its 6E capability, the ECW336 AP easily supports the ever-growing bandwidth demands of densely congested environments such as multi-family units, senior living, student housing, universities, retail, corporate workspaces, resorts, stadiums/arenas, medical centers.

Business professionals and consumers alike will experience breathtaking Wi-Fi connection speeds. Virtually no more lag or buffering. No more endless delays when downloading. The future of lightning fast, unimpeded Wi-Fi is finally here.

Top Features of the ECW336 Access Point:

  • Operates in the 6 GHz band, which offers interference-free signals and paves the way for innovation.
  • Can access 14 additional 80 MHz channels or 7 160 MHz super-wide channels to avoid bottlenecks and reach gigabit Wi-Fi.
  • Includes powerful quad-core processor to boost performance exponentially.
  • Contains three radios (2.4 GHz, 5 GHz, and now 6 GHz) to support thousands of current and new devices.
  • Features high efficiency Wi-Fi 6 technology to handle a massive number of connections and deliver better communication.
  • Comes with 5 Gbps Ethernet port to easily support gigabit wireless speeds and higher user consumption.
  • Includes new diagnostic tools, spectrum analysis, and real-time channel utilization for greater Wi-Fi performance, enabled by EnGenius Cloud PRO.

The high efficiency of Wi-Fi 6 wireless technology is becoming more prominent in today’s devices, but the true power of these features will now be unleashed in the massive, unexplored 6 GHz realm. Now, users will realize what true gigabit wireless speed really means.

Now is the time to take advantage of this ground-breaking technology. The ECW336 will start shipping worldwide in the first quarter of 2022. For more information on how you can get yours, visit https://www.engeniustech.com/wi-fi-6e-groundbreaking-performance-in-the-6-ghz-spectrum.html.

Fisker Reveals World’s First Digital Radar System In A Production Vehicle

Posted in Commentary with tags on January 5, 2022 by itnerd

Fisker Inc. is showcasing its Fisker Ocean all-electric SUV at CES in Las Vegas, highlighting the vehicle’s state-of-the-art Advanced Driver Assistance System (ADAS).

Called Fisker Intelligent Pilot, the ADAS platform integrates four types of sensors: an industry-leading surround-view camera suite, a camera-based driver-monitoring system, ultrasonic technology, and a Digital-Imaging Radar System that Fisker expects will be first to market when the Fisker Ocean begins production in November 2022.

The Fisker Ocean’s cameras are sourced from one of the market leading suppliers and provide latest-generation vision capability, with a front-facing 8-megapixel camera delivering the highest resolution currently available in a vehicle. The 360-degree camera system enables base-level object detection from proven technology used on tens of millions of vehicles globally.

Fisker’s industry-first, Digital Code Modulation-based radar system uses five units positioned around the Fisker Ocean to confirm and enhance what the cameras see. The system also provides an additional degree of perception in conditions of bad weather and excessive sun glare, and performance superior to analog radar systems. The Fisker Digital Radar, for example, can locate vehicles at 200 meters (656 feet) and pedestrians at 80 meters (262 feet).

The system can also better distinguish its surroundings in environments of high light-dark contrast, such as in tunnels and on bridges, and differentiate objects of varying sizes and speeds on highways, such as cars, trucks, and motorcycles. Additionally, Fisker Digital Radar can separate objects from backgrounds and detect low-lying roadway obstructions.

With its features working together, Fisker Intelligent Pilot’s perception stack with camera and radar sensor fusion makes better decisions at highway speeds, in city traffic, and in poor weather.

To ensure that the driver is attentive when the system is engaged, Fisker Intelligent Pilot uses an A-pillar-mounted interior camera that monitors for drowsiness and concentration. 

Fisker Intelligent Pilot features standard on the $68,999 Fisker Ocean Extreme and Fisker Ocean One include:

  • 360-degree Surround View with 3D
  • Door Opening Warning 
  • Park My Car – automatic parking spot finder
  • Park Assist with Wheel Guard – parallel parking aid
  • Adaptive Drive Control  
  • Automatic Emergency Braking – Premium
  • Reverse Collision Mitigation
  • Evasive Steering Assist
  • Integrated Drive Assist  
  • Traffic Jam Assist (with Integrated Drive Assist) 
  • Driver Drowsiness and Attention Warning  
  • Traffic Sign/Light Recognition  
  • Front and Side Collision Warning 
  • Lane Change Assist   
  • Lane Keep Assist 
  • Intelligent Speed Assist 
  • Emergency Lane Departure Avoidance 
  • Blind Spot Monitoring

[Sport and Ultra trim levels each come equipped with the full ADAS hardware system and a subset of the software-enabled features above. Fisker expects to offer additional features as over-the-air delivered options, provided at the point of sale or post-purchase.] 

Streaming Platform Angel Studios Raises $47 Million Investment Led By Gigafund

Posted in Commentary with tags on January 5, 2022 by itnerd

Angel Studios, the streaming platform behind the most successful crowdfunded shows of all time, has raised $47 million to bring control of the entertainment industry back to consumers and creators. The round caps off a major comeback year for cofounders Neal and Jeffrey Harmon, who led Angel Studios to over $100 million in annual revenue just one year after Disney and Warner Bros. tried to shut the studio down in court. 

The financing was led by Gigafund, a venture capital firm backing the world’s most ambitious and transformative entrepreneurs, and Bain-backed Uncorrelated Ventures, which invests in infrastructure software. Gigafund is known for being one of the largest investors in SpaceX, as well as other game-changing companies in industries ranging from education and energy to healthcare and housing. Original seed investors Alta Ventures and Kickstart Fund also participated. In addition to the venture backing, five million of the investment round was crowdsourced directly from Angel Studios fans. 

Today’s movie business is a $280-billion industry almost totally controlled by five major Hollywood studios. Studio executives decide what content to produce in boardrooms behind closed doors, with little to no input from consumers. As a result, almost 80% of the films that Hollywood thinks audiences want to see fail to break even every year, while real audiences rarely get the chance to enjoy the stories that matter most to them. Studios rely on a few major hits to maintain the status quo.

Angel Studios is a community-driven movie studio that empowers audiences to decide what content gets produced and distributed, while creating communities around each project. Creators pitch projects on the Angel platform, and “Angel investors” fund the ones they’re most excited to see (via the Angel Funding Portal). Post-production, content is delivered directly to viewers and goes viral as fans share it with others. 

The Angel model has already produced three of the most successful crowdfunded shows of all time, including: 

  • The Chosen, the #1 crowdfunded media project in history, viewed over 300 million times to date, with a special in theaters this Christmas. 
  • Dry Bar Comedy, the #1 family-friendly stand-up comedy channel, currently on its eighth season with one billion views a year.
  • The Wingfeather Saga, the world’s #1 crowdfunded animated kids show, currently in production. 

With this latest funding round, Angel plans to continue improving its streaming platform, market to new audiences, and develop its content pipeline for 2022 and beyond.