Today's cyber security technological evolution milestones in the context of effective detection and response are the endpoint detection and response (EDR), Manage Detection and Response (MDR), and Network Detection and Response (NDR). However, these all solutions are running independently and missing the correlated high level processed alert to which Extended Detection and Response (XDR) is a solution that emerged, rather than adding another tool, XDR aims to change this security landscape and enable a more compelling activity of the security stack. What problem does XDR solve? Attackers often target endpoints, but they also target other layers of the IT domain in the corporate network, such as email servers and cloud systems, and they may bounce between layers or hide in the interface between them to evade detection. XDR solves both problems at once.
The past two years have seen radical digital transformation. Companies and industries that have traditionally been hesitant to adopt new technology suddenly embraced their digital transformations--they needed to find new ways to work. Interestingly, many experts believe that these radical shifts are only the beginning. In a recent Deloitte survey, three-quarters of executives stated that they expect more changes in the next five years than there were in the past five years. The rate of change only increases as organizations are more open and willing to make the changes they need to keep up with the competition. Digital transformation (DX) encourages business organizations to adopt new technologies in order to deliver better value to their customers.
Smart home devices from companies such as Amazon and Google can be hacked and used to crash websites, steal data and snoop on users, an investigation reveals. Consumer group Which? has found poor security on eight smart devices, some of which are no longer supported with vital security updates due to their age. Examples include the first generation Amazon Echo smart speaker, released in 2014, and a Virgin Media internet router from 2017. All of the products had vulnerabilities that could leave users exposed to cybercriminals, Which? Domestic abuse survivors can also be tracked and controlled by ex-partners who exploit weak security on devices including Wi-Fi routers and security cameras.
Orange Business Services announced Tuesday the launch of Service Manage-Watch. The new solution, aimed at enterprise IT departments, monitors network services and applications and uses artificial intelligence (AI) for predictive analysis to monitor potential problems. Service Manage-Watch (or Watch for short) was developed to answer enterprise needs to monitor interconnected IT services, said the company. "Monitoring and measuring, however, are increasingly complex as IT estates expand, potentially resulting in lack of global visibility to identify root causes of issues or recurring glitches, inability to anticipate incidents, and poor alert management. Traditional monitoring tools take a siloed approach based on one tool per service, proving inadequate for today's distributed infrastructure," said Orange Business Services.
Technologies such as artificial intelligence (AI), machine learning, the internet of things and quantum computing are expected to unlock unprecedented levels of computing power. These so-called fourth industrial revolution (4IR) technologies will power the future economy and bring new levels of efficiency and automation to businesses and consumers. AI in particular holds enormous promise for organisations battling a scourge of cyber attacks. Over the past few years, cyber attacks have been growing in volume and sophistication. The latest data from Mimecast's State of Email Security 2022 report found that 94% of South African organisations were targeted by e-mail-borne phishing attacks in the past year, and six out of every 10 fell victim to a ransomware attack.
The global Automotive Cybersecurity Market size is projected to grow from USD 2.0 billion in 2021 to USD 5.3 billion by 2026, at a CAGR of 21.3%. Increasing incidents of cyber-attacks on vehicles and massive vehicles recalls by OEMs have increased awareness about automotive cybersecurity among OEMs globally. Moreover, increasing government mandates on incorporating several safety features, such as rear-view camera, automatic emergency braking, lane departure warning system, and electronic stability control, have further opened new opportunities for automotive cybersecurity service providers globally. As a result, there are various start-ups present in the automotive cybersecurity ecosystem. Government initiatives toward building an intelligent transport system have also further escalated the demand for cybersecurity solutions all over the world.
Deception is a powerful resilience tactic that provides observability into attack operations, deflects impact from production systems, and advises resilient system design. A lucid understanding of the goals, constraints, and design trade-offs of deception systems could give leaders and engineers in software development, architecture, and operations a new tactic for building more resilient systems--and for bamboozling attackers. Unfortunately, innovation in deception has languished for nearly a decade because of its exclusive ownership by information security specialists. Mimicry of individual system components remains the status-quo deception mechanism despite growing stale and unconvincing to attackers, who thrive on interconnections between components and expect to encounter systems. Consequently, attackers remain unchallenged and undeterred. This wasted potential motivated our design of a new generation of deception systems, called deception environments. These are isolated replica environments containing complete, active systems that exist to attract, mislead, and observe attackers. By harnessing modern infrastructure and systems design expertise, software engineering teams can use deception tactics that are largely inaccessible to security specialists. To help software engineers and architects evaluate deception systems through the lens of systems design, we developed a set of design principles summarized as a pragmatic framework. This framework, called the FIC trilemma, captures the most important dimensions of designing deception systems: fidelity, isolation, and cost. The goal of this article is to educate software leaders, engineers, and architects on the potential of deception for systems resilience and the practical considerations for building deception environments. By examining the inadequacy and stagnancy of historical deception efforts by the information security community, the article also demonstrates why engineering teams are now poised--with support from advancements in computing--to become significantly more successful owners of deception systems.
We are able to turn on the lights in our homes from a desk in an office miles away. The built-in cameras and sensors embedded in our refrigerator let us easily keep tabs on what is present on the shelves, and when an item is close to expiration. When we get home, the thermostat has already adjusted the temperature so that it's lukewarm or brisk, depending on our preference. These are not examples from a futuristic science fiction story. These are only a few of the millions of frameworks part of the Internet of Things (IoT) being deployed today.
Organizations' attack surfaces are exponentially expanding, contributing to an unprecedented growth in cybersecurity risks. The internet of things, 5G, Wi-Fi 6, and other networking advances are driving an increase in network-connected devices that can be exploited by cybercriminals. For many employees, remote work is expected to remain the rule, not the exception, providing cybercriminals with many new opportunities. And as more organizations integrate data with third-party applications, APIs are a growing area of security concern. Expanding attack surfaces and the escalating severity and complexity of cyberthreats are exacerbated by a chronic shortage of cybersecurity talent.
The ACM constitution provides that our Association hold a general election in the even-numbered years for the positions of President, Vice President, Secretary/Treasurer, and Members-at-Large. Biographical information and statements of the candidates appear on the following pages (candidates' names appear in random order). In addition to the election of ACM's officers--President, Vice President, Secretary/Treasurer--two Members-at-Large will be elected to serve on ACM Council. The 2022 candidates for ACM President, Yannis Ioannidis and Joseph A. Konstan, are working together to solicit and answer questions from the computing community! Please refer to the instructions posted at https://vote.escvote.com/acm. Please note the election email will be addressed from email@example.com. Please return your ballot in the enclosed envelope, which must be signed by you on the outside in the space provided. The signed ballot envelope may be inserted into a separate envelope for mailing if you prefer this method. All ballots must be received by no later than 16:00 UTC on 23 May 2022. Validation by the Elections Committee will take place at 14:00 UTC on 25 May 2022. Yannis Ioannidis is Professor of Informatics & Telecom at the U. of Athens, Greece (since 1997). Prior to that, he was a professor of Computer Sciences at the U. of Wisconsin-Madison (1986-1997).