Horizon3ai Takes A Deep Dive Into Vulnerabilities With PaperCut Software

Posted in Commentary with tags on April 24, 2023 by itnerd

PaperCut is software is used by hundreds of millions of users in organizations worldwide to minimize waste and provide a secure and easy printing experience. In the US, State, Local, and Education (SLED) environments are typical users. 

But last month, PaperCut issued patches for two vulnerabilities exploited in the wild: CVE-2023-27350 and CVE-2023-27351. Their security advisory notes that CVE-2023-27350 allows remote code execution to compromise the PaperCut application server. 

On 19 April 2023, PaperCut published additional details including several indicators of compromise such as log file entries, known malicious domains, and YARA rules to detect observed malicious activity.

Horizon3ai’s Chief Attack Engineer Zach Hanley and the Horizon3.ai Red Team have just published “PaperCut CVE-2023-27350 Deep Dive and Indicators of Compromise” which analyzes PaperCut’s vulnerability patch, develops an exploit, includes IOCs and Shodan exposure.

Further research from Huntress also detailed this vulnerability on 21 April 2023 – including exploitation details and additional indicators of compromise.

If you use PaperCut, you might want to take a look at the deep dive and related material so that you can take action to keep your environment safe.

Leave a comment »

It Appears That Elon Is Handing Out Blue Checkmarks Like Candy

Posted in Commentary with tags on April 24, 2023 by itnerd

Last week I told you that when the great purge of legacy verification checkmarks happened, a handful of people such as Lebron James, Steven King, and Willam Shatner kept their checkmarks because Elon was paying for them. Well, it seems that Elon is paying for more people than those three people:

The latest speed bump in the rollout of Twitter’s revamped verification policy under new owner Elon Musk is here: Spite checkmarks. Twitter is capriciously awarding unwanted blue verification badges to the most prominent critics of those very badges.

That’s right, you can get a free Twitter Blue subscription and the blue checkmark that comes with it if you critique or criticize Elon.

But wait, there’s more:

Other prominent accounts have also been recipients of unwanted checkmarks. This growing list includes several actors and musicians like Bette Midler, Lil Nas X, Ian McKellen, and Jason Alexander. This is just the tip of the iceberg as more and more legacy users across the board are reporting that they’ve received their checkmarks without paying for Twitter Blue.

And to show what a train wreck next to a dumpster fire this is, there’s this:

 The accounts of Kobe Bryant, Anthony Bourdain, and Chadwick Boseman all appear to have been re-verified despite being dead.

Seriously Elon? Did you even think this through? Of course not. What I am I thinking? Elon is a “ready, fire, aim” sort of guy who doesn’t ever think things through. Speaking of not thinking things through, what he’s doing might be illegal.

IANAL, but if Twitter is actively labeling non-subscribers as subscribers, that’s fraud based on a legal concept called false endorsement. So if a three letter US government agency, or the US Justice Department agrees with that view, Elon is going to quickly regret ever doing this.

Finally, it doesn’t seem like Elon’s even trying make sure that he hands out verification checkmarks to the right people and companies as evidenced by this:

Twitter gave a fake Disney account verification status at the weekend.

The account, called @DisneyJuniorUK, was tweeting vile content, but managed to be verified with a gold tick before being suspended.

The owner alerted his followers by saying “this isn’t actually real right. someone pinch me or something” – and the tweet has since gone viral.

It comes as confusion continues at how Twitter’s updated verification system is working.

Twitter has been approached for comment.

Meanwhile, the “real” Disney Junior account has also been given a gold badge.

Wow, what a gong show. I actually want to replace the word gong with another word. But this is a family friendly blog.

So why is Elon doing this. My random thoughts go something like this:

  • Elon wants to get under the skin of people who don’t like him. That’s why Elon critics are getting checkmarks as he’s trolling them.
  • Elon is trying to head off mass impersonation of Twitter accounts because he took away legacy verification. That’s why celebs are getting their checkmarks back. Though as evidenced above, he’s clearly not getting that right.
  • Elon is trying to make Twitter Blue seem more popular than it is. Because right now, it’s not popular. In fact it’s a Scarlett Letter and not a status symbol.
  • Elon is trying to blunt the effectiveness of tools like this Chrome extension that mass blocks Twitter Blue subscribers. Because you wouldn’t want to block your favourite celebs. Right?

Of course there might be other reasons at play here that I can’t fathom as I suspect that Elon’s mind is most likely a bit of a mess right now. But I think you get the point. This is yet another disaster that Elon has brought upon himself. And he’s flailing about like a fish out of water trying to figure out how to get himself out of it.

What a loser Elon is.

Leave a comment »

There Is Now A Chrome Extension To Auto Block People On Twitter Who Subscribe To Twitter Blue

Posted in Commentary with tags on April 24, 2023 by itnerd

Last week, I told you about a new trend on Twitter to block users on Twitter who were stupid enough chose to pay for Twitter blue:

What Elon doesn’t get is that getting a checkmark via Twitter Blue isn’t a status symbol. It represents the fact that you paid for attention and Elon has devalued the blue checkmark. In fact there’s a hashtag on Twitter called #BlockTheBlue where people who pay Elon $8 a month ($11 on iOS) to get a blue checkmark get blocked by those who haven’t paid Elon.

The reason behind this is that twitter will deboost your account if too many people who pay Elon $8 a month ($11 on iOS) block you. That gives you a massive incentive to block them before they can block you. Thus #BlockTheBlue is now a thing. Blocking people is a manual and time consuming process. Or at least it was as there’s now a Google Chrome extension that can help you with that:

Mute or Block Twitter Blue subscribers automatically, as you browse. Enjoy a much quieter and safer Twitter experience. The only accounts you’ll see are those of the *actual* factual verified accounts, and regular users. Twitter Blue users, begone!

You have to wonder what’s going to happen to the guy who created this when Elon finds out about it. After all, I can easily see Elon losing his mind and rage Tweeting about this. Then making threats to sue the guy. IANAL but I can’t see what Elon could possibly be suing for. But I digress. The fact is that is that that Twitter Blue is a disaster that Elon has created. And personally, I don’t see any way back from that. And it says a lot about how bad Twitter Blue is that someone has actually created a Chrome extension to block Twitter Blue users. That tells you how bad Elon has made Twitter Blue specifically, and Twitter as a whole. So, if you’re still on the bird site, and you haven’t paid for Twitter Blue which would cover the majority of people on Twitter, you may want to give this a go to make your Twitter experience better. Though if I were you, I would just abandon Twitter as it’s a hellscape that’s not worth wasting your time on.

UPDATE: There are now more extensions that block Twitter Blue users. Here’s the story.

3 Comments »

Torq Introduces World’s First Enterprise-GradeSecurity Hyperautomation Platform

Posted in Commentary with tags on April 24, 2023 by itnerd

Torq, the security hyperautomation leader, today introduced the world’s first enterprise-grade security hyperautomation platform capable of automating the most complex security  infrastructures at dramatic scale. Only Torq provides the ability to automate the entirety of workflows and processes across the entirety of modern enterprise security organizations to deliver best-in-class, end-to-end cybersecurity protection. The platform also offers the world’s first GPT AI-based analytics capability for auto-analyzing cybersecurity incidents, making strategic responses, and informing immediate and long-term defensive measures.

The Torq Hyperautomation Platform enables security professionals to create and deploy complex, sophisticated workflows in minutes, more than 10X faster than legacy SOAR and conventional security automation solutions that also involve costly professional services commitments. Torq customers now rely on the platform for more than 3m daily security automations. RSAC attendees can see the Torq Hyperautomation Platform in action at Booth #4340, South Hall, Moscone Center, San Francisco, April 24-27.

According to Gartner, “Hyperautomation is a business-driven, disciplined approach that organizations use to rapidly identify, vet, and automate as many business and IT processes as possible.” Torq is the only security automation vendor that delivers on this promise. With the Torq Hyperautomation Platform, its customers, spanning the Fortune 500 and the world’s leading cybersecurity vendors, including Wiz, Abnormal Security, Armis, and SentinelOne, are consolidating, managing, and orchestrating the entirety of their cybersecurity stacks. This includes powerful and complex tools driven by artificial intelligence, machine learning, event-driven software architectures, and robotic process automation. 

The First and Only Enterprise-Grade Security Hyperautomation Platform
Torq has pioneered the first truly enterprise-grade hyperautomation platform with the comprehensive scalability and protection customers require. It hyperautomates on-premise and hybrid environments at elastic scale. Torq offers immense extensibility that goes far beyond APIs. It also delivers the security automation industry’s only cloud-native, SaaS-based multi-tenant, zero-trust architecture. In addition, it provides horizontal scaling and parallelism with guaranteed SLAs. And it does it all in the simplest, more straightforward way possible, with instant workflow development featuring intuitive smart steps to guide users at any technical level. Customers also benefit from the industry’s most powerful visual data transformation capabilities. Together, these elements are emancipating SecOps and other security professionals from routine, manual tasks, enabling them to focus on higher-value strategic activities.

Integrates with Anything, Automates Everything
With the Torq Hyperautomation Platform, customers enjoy offers the deepest integrations imaginable, that enable them to:

  • Connect to Everything–Every app, every stack, vendor agnostic across cloud, on-premise, and hybrid environments, including Microsoft Teams, Slack, Discord, and Zoom.
  • Use No-Code, Low-Code and Full-Code–Go beyond APIs, with support for any CLI, on any platform, and any programming, or scripting languages, including Python, GraphQL, C#, and gRPC.
  • Bring Your Own Container–Torq orchestrates containerized actions that can connect internal and external platforms seamlessly, including support for Docker, Kubernetes, Amazon Web Services, and Azure.

Delivers on the Promise of Hyperautomation AI
Torq is liberating overworked security and IT operations professionals by innovatively deploying the power of AI. The Torq Hyperautomation Platform integrates GPT to dramatically enhance SecOps using Natural Language Processing (NLP) to accurately answer user requests in real-time, which elevates the speed, quality, and accuracy of investigating and resolving security issues.

With GPT integration, Torq uniquely delivers a chatbot interface integrated into Slack, MS Teams, Discord, and Zoom to communicate with security tools and systems. Now, SOC analysts or any authorized operators can use natural language to intuitively search for specific information and insights across multiple security tools and data sources. It simplifies interactions with complex security tools and makes analysts more efficient in threat hunting, investigations, and response. It also auto-escalates self-service requests, notifying SecOps teams when a critical incident requires human intervention.

Drives the Resolution of Contextual Security Cases with Hyperautomation
Torq collects a large number of unprocessed events and signals into contextually-enriched cases, ordered by severity, priority, and field of ownership. It also orchestrates the analysis and remediation of security cases across multiple organizational functions, and tracks all security decisions in a single dynamic framework.

Torq drives the hyperautomation of organizational processes around handling security cases by providing unparalleled flexibility and extensibility for every organizational process involved.

Learn more and get started with the Torq Hyperautomation Platform now.

Leave a comment »

Stop Me If You’ve Heard This Before…. Bell Canada Seriously Needs To Improve Their Customer Service

Posted in Commentary with tags on April 23, 2023 by itnerd

Something that has been a constant with my stories about Bell Canada has been the fact that they have a great product in terms of their fibre Internet offerings, but their customer service sucks. In fact, I have previously said this:

If I were Mirko Bibic the CEO of Bell, I’d be doing everything possible to improve the customer experience as my experience with their call centre reps was not that good. And improving the customer experience should include ending their practice of outsourcing and offshoring their customer service staff. I say that because Rogers doesn’t have outsourced and offshore staff, and their customer experience is far better than Bell’s. And that was enough for my wife and I to hang in with them despite the fact that their Internet offering was substandard in comparison to what Bell offers. That is until their outage issues forced us to Bell. But to be clear, if Rogers somehow is able to get their act together and comes up with an Internet offering that is actually competitive with Bell and actually reliable, and Rogers customer service continues to better than Bell, then they may have the means to lure us back. Because having great customer service is what matters. And right now, Bell doesn’t have that. At least not at the call centre level.

Yesterday was a great example of that. My wife complained to me that the Internet was slow. So like any good husband, I investigated this expecting to find that the Internet was fine and something was wrong with her iPhone which was the device that she was using. Expect the Internet was not fine based on this:

Something was seriously wrong with my download speed as it was abysmal. It wasn’t even 10% of the speed that I normally get as evidenced by the speed test from last October. The upload speed was more or less fine. So after rebooting my HH4000 a couple of times and not getting any change in speed, I called Bell. After punching my way through their phone system, I got an actual human who after I explained my issue to them, audibly signed and then promptly hung up on me.

Now this surprised me, but didn’t surprise me at the same time. It did surprise me as I expect that in 2023 that all calls in any call centre are recorded and a percentage of them are reviewed. And I would assume that when this call was reviewed, he should be as good as fired. But the fact that he hung up on me suggests that this specific agent either didn’t know that, or didn’t care because he was playing the odds that this call would not be reviewed. As for it didn’t surprise me part, I have heard stories like this before in places like Reddit as well as from some of my clients. Which is Bell call centre reps have a tendency to hang up on people. Either way, it tells you all you need about how seriously the employees of whatever call centre Bell contracts take their jobs. I’ll come back to that later.

Now I called back and once again punching my way through their phone system, I got a woman who after I explained my issue to them, and the fact that I was hung up on, took a very professional attitude in terms of trying to address this issue. She also apologized for the previous agent hanging up on me. After running some tests and confirming that my Internet speed was abysmally slow, she made some changes on her end which caused my HH4000 to reboot. What she likely did was push a new speed profile to the HH4000 so that it knew how fast it was supposed to be going. That implied that the profile that was on the modem was incorrect or messed up. After the modem came back up, she ran a few more tests along with yours truly and the problem was fixed.

Total time invested: 3 Minutes for the call where the agent hung up on me, and 16 minutes for the call where the issue was actually fixed.

Now this issue highlights the fact that Bell’s customer service can be great, or it can be crap. It’s simply luck of the draw based on the agent that you get. I’ve had good experiences with Bell’s customer service as evidenced here. But this was certainly a bad experience that worked itself out at the end of the day. And that’s Bell Canada’s major problem. Since Bell clearly does not have any control of whomever they outsource their customer service to, customers of Bell get a very uneven experience. And that experience can trend toward bad if you call them often enough. This needs to change because the only thing stopping Bell from completely destroying Rogers is the quality of their customer service. It needs to be consistently good so that customers know that when they call Bell, they will get the help that they need. And by consistently, I mean 100% of the time. That’s not happening right now. And even with Rogers bringing back jobs to Canada that Shaw outsourced to other countries, that’s not enough pressure for Bell to do the same thing. The fact that Rogers has done this means that Rogers has an advantage over Bell which is that they completely control the customer experience. As I said earlier, the fact that Rogers had great customer service was enough to keep us with them until their products became unreliable. Bell really needs to rethink how they deliver customer service because that’s the only thing that’s keeping them from wiping the floor with Rogers. And they need to get moving on that now.

1 Comment »

CISA and Others Release Strategies for Protecting Smart Cities 

Posted in Commentary with tags on April 22, 2023 by itnerd

CISA and NCSC along with their equivalents in Canada, Australia and New Zealand have published Cybersecurity Best Practices for Smart Cities designed to help stakeholders build protections into new systems from the planning stage.

The document warns that due to the intrinsic value of the large data sets, not only are smart cities vulnerable to financially motivated cyber-criminals but with complex, automated supply chains, terrorists could paralyze critical services and even cause physical harm or loss of life.

While currently infrastructure services are separate, the challenge for defenders is that by integrating all systems into a single-network landscape, they will expand the digital attack surface for each participating organization, while making visibility and control more challenging for security teams.

Key recommendations are as expected and suggest that planners undertake:

  • Secure planning and design: principle of least privilege, MFA, zero trust architectures, prompt patching, device security, and protection for internet-facing services
  • Proactive supply chain risk management: covering the software supply chain, IoT and device supply chains, and managed/cloud service providers
  • Operational resilience: backing up systems and data, workforce training, and incident response and recovery

Carol Volk, EVP , BullWall(she/her)


   “This effort by the US and other nations is a commendable move towards promoting cybersecurity in the planning and design of smart city systems. It highlights the recognition of the inherent risks associated with large data sets in smart cities and the need for proactive measures to protect against cyber threats.

   “The emphasis on secure planning and design, proactive supply chain risk management, and operational resilience in the recommendations is crucial in ensuring the security of smart city systems. 

   “In particular, recognizing the risks of centralizing too much data in smart city systems is significant. Centralized data can become a single point of failure and will attract malicious actors like bees to honey. Governments must consider the balance between data centralization for operational efficiency and the need for data protection and privacy. Even the best planning will be thwarted by determined attackers, whether private or nation states. After watching ransomware attacks increasingly evade the best preventative measures, we need solid detection and containment layers as standard fare in these new network designs.”

Bryson Bort, Founder and CEO, SCYTHE had this to say:

   “I have worked smart city security in various countries since 2015. The joint country collaboration on best practices is particularly interesting in this case. The smart city of tomorrow promises a better way of life for its citizens with possibilities like re-routing traffic with sensors but must design for resilience and protective measures to assure the digital traffic doesn’t hit any potholes.”

Corey Brunkow, Dir of Eng Operations, Horizon3.ai follows up with this:

   “The CISA doc is pretty general but has links to useful information and has a section on Supply Chain Security Guidance which is critically important as the recent Toyota Supply Chain attack demonstrated.    This specific section from the UK NCSC addressing supply chain security guidance seems particularly relevant for best practices similar to what is needed.  

  1. Understand the risks
  2. Know who your suppliers are and build an understanding of what their security looks like
  3. Understand the security risk posed by your supply chain”

Roy Akerman, Co-Founder & CEO, Rezonate:

   “Smart cities are here, and we will see more and more cities adopt these practices – both with technology innovation as well as with government services. CISA recommendations are logical, yet they are far from reality. They may seem like basic functions yet today there are no vulnerability-free environments, the speed of patching is never real-time, zero-trust is a continuous journey, not a one and done. Smart city infrastructure will be distributed across many vendors and many teams, inevitably resulting in an increased attack surface that will lead to security breaches if not handled properly.

   “It is critical for the foundation of smart cities to be connected and based on strong automation, as with the private sector, resources are limited but effective security practices must be put in place to safeguard identity data. The approach must include both proactive measures and a defense-in-depth approach assuming compromise and readiness when a security breach occurs. Success will be evaluated by how fast they are able to get back online.”

Smart cities are going to be considered critical infrastructure in the not so distant future. Thus it’s good to see that there are these guidelines are out there to make smart cities as safe as possible.

Leave a comment »

Today Is Earth Day

Posted in Commentary on April 22, 2023 by itnerd

Earth Day, recognized on April 22 across the globe, is one of the most widely celebrated events to increase awareness and appreciation of the Earth’s natural environment, honor the environmental movement’s achievements, and highlight the need to protect Earth’s natural resources for future generations. 

In recognition of Earth Day, I have some commentary from some industry leaders. Staring with  Jason Lohrey, Founder and CEO of Arcitecta:

“It is critical to act now – and decisively – to protect our environment. Arcitecta and its employees join with the many individuals and organizations across the globe to boost awareness of the preciousness of our environment, deploying initiatives to help protect it, and taking actions that encourage those we do business with to help preserve our planet.  

When purchasing products and services, we must focus on sourcing from organizations that minimize their environmental footprint, such as using renewable energy, minimizing the use of polluting transport, and sustainable production that considers the full product life-cycle. At Arcitecta we proactively seek out companies to do business with that are demonstrably taking measures to implement sustainability initiatives.   

More specifically, Arcitecta utilizes the minimum amount of hardware, and the most energy efficient hardware in the development of its data management software systems. We have installed solar panels on our buildings to power our office needs and to return significant excess power to the electricity grid. Our philosophy is to limit business travel as much as possible, to encourage the use of public transport and cycling, to provide charging stations for our employees’ electric cars, which an increasing number of them have.  

Next up is Molly Presley, SVP of Marketing at Hammerspace weighs in on this timely and important topic.

“As nations around the globe strive to meet sustainability goals and reduce their climate impact, the technology industry is coming under increasing pressure to both use data to innovate and identify more efficient solutions while, at the same time, reducing the impact of those same IT technologies. The fight to make positive change for the environment is a forefront focus of enterprises and governments that continuously use technology to create positive change while navigating new policies, standards, laws, and regulations that drive significant changes in their ways of doing business. 

Within the data computing and data storage industry, there are tremendous and rapidly increasing technological advancements; however, organizations experience significant workflow challenges and inefficiencies when data gets trapped in storage silos and locations. Compute infrastructure requires significant power, and it is difficult to move data to geographies that have more efficient and available energy. It is also incredibly inefficient to have numerous copies of the same data stored in power-consuming storage systems that must live in air-conditioned data centers. To meet sustainability goals, organizations need data to be freely available to their teams anywhere as a global resource, unbound by location and data silos. 

Automated data orchestration in a cross-platform global namespace across silos, sites, and clouds is emerging as a game-changer in this area. Typically, organizations need more power to accomplish everything they need to do. However, even when power is available in specific locations, it can be much more expensive to access and heavier on the environment to generate it. The capability to enable transparent, automated data orchestration, even on live data, enables workflows to achieve unprecedented efficiencies, leveraging any combination of on-premises and cloud resources. In addition, it creates an agile environment that can adapt to changing requirements to better meet tight deadlines and budgets.  

In summary, when energy and power are not available and very expensive, bundling content into files and efficiently orchestrating it to other areas using available, lower-cost, more efficient compute is a win-win – you achieve a more cost-effective, energy-efficient solution and a greener approach.”

Hopefully these comments from industry leaders can help you to make your own impact on Earth Day as we only have one planet and we have to do our best to take care of it.

Leave a comment »

Marinette Marine Shipyard Ransomware Attack Delays Operations

Posted in Commentary with tags on April 22, 2023 by itnerd

According to US Naval Institute News, on April 12th the Fincantieri Marinette Marine shipyard that builds the U.S. Navy’s Freedom-class Littoral Combat Ship and the Constellation-class guided-missile frigate fell victim to a ransomware attack last week that has disrupted operations across the shipyard.

On the morning of the attack, large chunks of data on the shipyard’s network servers were rendered unusable by an unknown professional group. The compromised data is used to feed instructions to the shipyard’s computer numerical control (CNC) manufacturing machines, resulting in devices like welders, cutters, bending machines and other computer-controlled tools being offline for several days. 

As of yesterday afternoon, it is believed that some of the CNC machines at Marinette are again operational, and repair and construction operations continue, but email and some networked operations remain off-line for now.

Based on information from the Navy, it’s unclear if the attackers stole any data.

Carol Volk, EVP , BullWall had this to say:

   “This ransomware attack on the Fincantieri Marinette Marine shipyard disrupted operations across the shipyard by rendering data on network servers unusable, impacting critical CNC manufacturing machines. This highlights the potential impact of cyber attacks on industrial control systems and the need for robust detection mechanisms to identify and respond to such threats promptly. Even if data theft did not occur, the disruption caused by the attack can have significant operational and financial implications.

   “While preventative measures are crucial, it is important to acknowledge that motivated cybercriminals are constantly evolving their tactics and can often stay one step ahead. As such, detection and containment capabilities should be considered as “must have” defenses in addition to preventative measures.”

Roy Akerman, Co-Founder & CEO, Rezonate follows with this:

   “In addition to seeing ransomware groups with financial gain as thier main goal, we also see ransomware applied as a way to divert attention when attackers are creating a “smoke screen” with different objectives in mind, such as propagating through the network and creating backdoors for other more lucrative motivations. Especially here, in the case of the U.S. Navy where there is an increased risk of ransomware being the first visible risk while other true intentions remain stealthy.”

Hopefully the Navy figures out what happened and if the attackers stole the data. Because this will indicate how bad this ransomware attack truly is. Which given what this shipyard does, is something that we all have the right to know.

Leave a comment »

Europe’s Air-Traffic Agency Under Attack from Pro-Russian Hackers 

Posted in Commentary with tags on April 22, 2023 by itnerd

Via the Wall Street Journal, the news is out that pro-Russian hackers attacking Europe’s air-traffic Agency:

“The cyberattack on the agency’s website started on April 19, a spokeswoman for the European Organisation for the Safety of Air Navigation, also known as Eurocontrol, said, adding that it wasn’t affecting the agency’s air-traffic control activities.”

Of particular interest to us was this commonsense bit of information:

“Systems used for aviation safety are subject to stringent cyber-protection protocols and aren’t connected to external networks that could allow hackers to access them directly, the official said.”

David Mitchell, Chief Technical Officer, HYAS had this comment:

   “It is important for critical OT systems like Air Traffic Control, power & water to be air-gapped from other IT systems — primarily because OT systems can often be decade(s) old and do not have the normal software update cycle of IT systems. Due to the nature of interactions with resources on the Internet or internal IT environments, it is very difficult to isolate newer systems and software to an air gapped environment while maintaining functionality.”

Jan Lovmand, CTO, BullWall follows up with this:

   “Air-gapping, biometrics, and other methods of breaking the flow of data can be effective tools in preventing malicious actors from breaking into sensitive data networks, especially in high-security environments such as aviation safety systems. Air-gapping, which involves physically isolating critical systems from external networks, can provide a strong layer of defense against cyber-attacks. By keeping critical systems completely disconnected from external networks, the risk of unauthorized access or data breaches is significantly reduced.

   “Biometrics, such as fingerprint or retina scans, can add an additional layer of security by requiring unique physiological characteristics for access. This can help prevent unauthorized access to sensitive systems and data, as biometric data is difficult to replicate or spoof.

   “Other methods of breaking the flow of data, such as using one-way data diodes or unidirectional gateways, can also be effective in preventing data leaks or unauthorized access. These technologies allow data to flow in one direction only, preventing any backflow of information that could be exploited by hackers.

   “While these measures can be effective in protecting sensitive data networks, they also have limitations. Air-gapping can be challenging to implement in complex networks, as it requires physical separation and can hinder communication and data exchange between systems. Biometrics, although highly secure, can also face issues such as false positives or false negatives, leading to potential access errors. 

   “A comprehensive defense strategy should incorporate multiple layers of security, including network segmentation, access control, data encryption and reliable backup and ransomware containment systems, in the event that all else fails, to provide robust protection against cyber threats.”

Roy Akerman, Co-Founder & CEO, Rezonate concludes with this:

   “It is a common practice across different government agencies to apply completely air-gapped systems and total separation from wiring, to network, to software and mission critical systems. While there’s no silver bullet protection, as we are proven often, OT (Operational Technology) infrastructure like water, gas and electricity supply, military and air-traffic, and other deemed critical services apply the most stringent access and functional operation. 

   “The focus for the past few years, with nation state attacks on countries infrastructures and a near constant attack on countries as part of the global geopolitics, has increased both the risks as well as the readiness and practices implemented.”

These attacks on critical infrastructure are going to be the norm going forward. Thus defences on this infrastructure need to be on point. Otherwise these attacks will be successful which hurts us all.

Leave a comment »

Guest Post: Cisco Announces Intent to Acquire Smartlook, Enabling New Offerings for Cisco AppDynamics and Full-Stack Observability

Posted in Commentary with tags on April 21, 2023 by itnerd

By Ronak Desai, Senior Vice President & GM AppDynamics & Full-Stack Observability

I’m pleased to share that Cisco is announcing its intent to acquire Smartlook, a privately held company headquartered in Brno, Czech Republic. It represents a big step forward in delivering even more value for Cisco AppDynamics and the Full-Stack Observability Digital Experience Monitoring (DEM) solution, with new application and user experience insights, analytics, and troubleshooting capabilities.

Creating Seamless Digital Experiences 

Organizations expect digital services to be high-performing and intuitive, with easy-to-navigate user experiences. Poor user experience directly impacts digital business outcomes and improving that experience can positively impact customer satisfaction, brand reputation, and revenue generation.

DEM tracks the performance and quality of an end user’s digital experience on a mobile device, desktop, browser, or game console, as well as the experience through a digital endpoint like an API, IoT device, SaaS service, or application agent. Our customers expect us to provide capabilities for end-to-end monitoring of an experience for user accessing applications and services hosted anywhere from any location using any device. DEM technologies seek to observe and model users’ behavior as a continuous flow of interactions in the form of user journeys.

Digital Experience Monitoring (DEM) tracks the performance and quality of an end user’s digital experience across multiple devices and applications

Smartlook takes an enhanced industry approach to Real User Monitoring (RUM) as a critical component of DEM. It utilizes session recordings with event-based analytics to analyze end-user digital behavior and provides insights into user interactions in the production application environments. This enables organizations to efficiently troubleshoot hard-to-replicate digital behavior anomalies and analyze user interaction trends across web and mobile application platforms, helping them to optimize user experiences and business outcomes.

Cisco is committed to helping our customers optimize their digital experiences. The Smartlook team brings extensive expertise in the design and development of user experience (UX) platforms with web and mobile capabilities, which helps further strengthen Cisco AppDynamics and the upcoming Cisco FSO Platform (general availability in June 2023) to meet our customers’ growing digital experience demands.

I look forward to what we can accomplish together and welcome the Smartlook team members to Cisco’s FSO and AppDynamics team when the acquisition closes in the fourth quarter of FY23.

Leave a comment »

« Older Entries
Newer Entries »