What Threats Does Cyber Security Software Thwart?
February 19, 2021
I asked myself this question, “What threats does cyber security software thwart?” The SolarWinds’ misstep went undetected for months, maybe a year or more. I read “France Agency ANSSI Links Russia’s Sandworm APT to Attacks on Hosting Providers.” Reuters ran a short news item as well. You can read the report via this link. I don’t want to wade through the cyber security jargon in this post. Instead I want to highlight one fact: The “intrusions” dated back to 2017. Okay, this is another time block in which cyber security systems operated and failed to detect the malicious behavior.
The vector of attack was software used by Centreon. What’s Centreon do?
What’s ANSSI?
The French National Agency for the Security of Information Systems or Agence nationale de la sécurité des systèmes d’information.
What’s Centreon? LinkedIn says:
Centreon is a global provider of business-aware IT monitoring for always-on operations and performance excellence. The company’s holistic, AIOps-ready platform is designed for today’s complex, distributed hybrid cloud infrastructures. Privately held, Centreon was founded in 2005 as an open source software framework. Today, Centreon is trusted by organizations of all sizes across a wide range of public and private sectors. Centreon is headquartered in Paris and Toronto, with sales offices in Geneva, Luxembourg and Toulouse.
What’s Hub One?
It is a subsidiary of Aéroports de Paris. Hub One provides high speed radio networks and services to outfits like Air France and the French government.
What’s an APT?
An advanced persistent threat. The idea is that malware is inside a system or software and is able to remain undetected while it follows instructions from a bad actor.
Now back to the 2017 date.
The point is that current cyber security systems may not be able to provide the defenses which marketers tout.
We’re talking years which strikes me as very SolarWinds-like. Then there is the persistent question: What’s up with the commercial cyber security systems?
Stephen E Arnold, February 19, 2021
Intel: Outputting Horse Hooey (Translation for Thumbtypers: Nonsense)
February 16, 2021
I read “Intel Mocks Apple’s M1 MacBooks in Grudge-Bearing Ad Campaign.” Let’s assume that the information in the Tech Radar article is spot on. I learned:
Intel is back to mocking Apple, having posted a series of tweets highlighting the shortcomings of Apple’s M1 processors.
Yep, Intel and the tweeter thing.
The article points out that Apple divorced Intel from its M1 computers. But there are visitation writes for some Apple computers I think.
The write up points out:
Intel’s tweets link to a video from YouTuber Jon Rettinger, that compare laptops equipped with Intel chips to Apple’s ?M1? Macs. “If you’re looking for a good laptop in 2021, there are many things to consider, but processor choice might be more important than you think,” a description on Rettinger’s video reads. “You might be considering Apple’s new M1-based laptops, but before you hit the buy button, let me show you what Intel’s new Evo laptops can offer you!” Intel’s aggressive tweets come just days after the company posted a series of cherry-picked benchmarks designed to provide that its 11th-generation processors are better than Apple’s ARM-based M1 chips.
I have pointed out that Intel’s Horse Ridge announcement struck me as horse feathers. If Intel is using the tweeter to output negative vibes and fiddling benchmarks, is it possible that Intel has moved from horse ridge to horse feathers?
I prefer innovation, demonstrations of technical competence
Stephen E Arnold, February 16, 2021
Intel Speed Data: Horse Feathers from the Horse Ridge Gang
February 12, 2021
Intel is an interesting example of paranoia forgotten. One of the Intel wizards pointed out in a meeting, “I’m paranoid because everyone is out to get me.” I think this expert wrote a book based on this quip. Paranoid outfits have to try harder. Why? Others want to take them out.
AMD has not nailed the pin on the Horse Ridge Gang’s donkey—yet. Intel has managed to flub its fabbing. This failure to be afraid and thus work harder and smarter resulted in the company losing out in the Great CPU Race. Along the way, the company asserted that it had achieved something every quantum computing wannabe needed: A quantum controller chip. At the same time, AMD was putting in long hours trying to figure out how to go smaller, deliver more bang for the computer buck, and reduce its CPUs’ power consumption.
Whilst engaged in the quantum computing gold rush and fab flubbing, Apple did the M1 thing. How does Intel respond to a hippy dippy Silicon Valley outfit? The best way possible for an outfit which had lost the ability to fear what its competitors can do. Intel points out that Apple is pretty much a not-so-serious technology outfit.
You can get the details of this interesting explanation of fab flubbing, missing mobile, and finding itself trying to deal with AMD and Apple. It will be a while before the Horse Ridge thing produces Apple-scale revenues in my opinion.
The write up “Intel Swipes at Apple Silicon with Selective Benchmark Claims” states:
The [Intel presentation] slides generally appear to show Intel’s chip as being either comparable or superior to the M1 in various tasks, though with major caveats. For a start, the benchmarks use Intel’s “Real-world usage guideline” tests, a collection of trials that don’t seem to be actively followed by most other testers.
The article runs through some performance results showing the Horse Ridge Gang has fast horses. I then noted this passage:
While a company aims to present itself and its products in the best light, and potentially in a way that brings competitors down in comparison, Intel’s presentation indicates it is doing so by jumping through hoops. Cherry-picking test results and using more obscure testing procedures than typical suggests Intel is straining to paint itself in the best light.
I know that one can put lipstick on a pig. I was not aware that the Horse Ridge Gang decorated its performance data with stage make up and horse feathers.
Stephen E Arnold, February 12, 2021
IBM: Emphasizing the Big in Big Blue Quantum Computing
February 12, 2021
Did you know a small outfit in China is selling a person quantum computer. Discover Magazine reveals this in “A Desktop Quantum Computer for Just $5,000.” This means quantum computers will be crunching Excel spreadsheets for those with terminal spreadsheet fever.
But one must think big. I read “IBM Promises 100x Faster Quantum Computers through New Software Foundations.” The write up explains that Big Blue has gone big, quantumly speaking, of course:
IBM unveiled on Wednesday improvements to quantum computing software that it expects will increase performance of its complex machines by a factor of 100, a development that builds on Big Blue’s progress in making the advanced computing hardware. In a road map, the computing giant targeted the release of quantum computing applications over the next two years that will tackle challenges such as artificial intelligence and complex financial calculations. And it’s opening up lower level programming access that it expects will lead to a better foundation for those applications.
Imagine how much better Watson will perform with more quantum horsepower at its disposal.
But there’s more. The write up explains in a content marketing manner:
IBM is working on increasing the number of qubits in its quantum computers, from 27 in today’s “Falcon” to 1,121 in its “Condor” systems due in 2023. IBM expects in 2024 to investigate a key quantum computing technology called error correction that could make qubits much more stable and therefore capable, Jay Gambetta, IBM’s quantum computing vice president, said in a video.
And the source of this revelation? IBM, of course. The future is just two years away. Sounds good. Now how about revenue growth, explaining how the Palantir tie up will work, and when Watson will deliver on that promise of a billion in revenue from cognitive computing?
Stephen E Arnold, January 12, 2021
Business Intelligence, Expectations, and Data Fog
February 10, 2021
Business intelligence and government intelligence software promises real time data intake, analysis and sense making, and outputs with a mouse click. Have you heard the phrase, “I have the Brooklyn Bridge for sale”? Sure, sure, I know I don’t want to own the Brooklyn Bridge, but that super spiffy intelligence software (what I call intelware), count me in.
The marketing pitch for business intelligence and general intelligence software has not changed significantly over the years. In my experience, a couple of nifty outputs like a relationship diagram and a series of buttons set up to spit out “actionable intelligence” often close the deal. The users of the software usually discover three points not making up a large part of the demos, the discussions, and the final contract for the customer’s requirements.
I read “The Age Of Continuous Business Intelligence.” The idea is appealing. Lots of information and no time to read, review, digest, analyze, and discuss the available information. In my opinion, the attitude now is “I don’t have time.”
Yep, time.
The write up asserts:
we [an outfit called KX] know that shortening the time it takes to ingest, store, process, and analyze historic and real-time data is a game changer for businesses in all sectors. Our customers in finance, manufacturing, automotive, telecommunications and utilities tell us that when processes and systems are continuously fed by real-time data that is enriched by the context of historic data, they can automate critical business decisions resulting in significant operational and commercial benefits.
The write up contains a diagram which lays bare “continuous business intelligence.”
The write up concludes:
As the research clearly shows, real-time data analytics is a critical area of investment for many firms. To ensure maximum value is derived from these investments, it is imperative that organizations – regardless of size and sector – challenge their understanding of what real-time means. By implementing a strategy of continuous business intelligence, firms can dramatically reduce the time it takes to uncover and act on insights that can materially change the game in terms of growth, efficiency and profitability.
I love that “research clearly shows.” The challenges for the continuous thing include:
- Defining real time. (According to research my team did for a project years ago, there are numerous definitions of real time, and there is a Grand Canyon sized gap among these.)
- Making clear the computational short cuts necessary to process “fire hoses”. (Yep, these compromises have a significant impact on costs, validity of system outputs, and the mechanisms for issuing meaningful outputs from sense making.)
- Managing the costs. (Normalizing, verifying, processing, storing, and moving data require human and machine resources. Right, those things.)
Net net: Software whether for business or government applications in intelligence work only if the focus is narrow and the expectations of a wild and crazy MBA are kept within a reality corral. Otherwise, business intelligence will shoot blanks, not silver bullets.
Oh, KX is hooked up with a mid tier consulting firm. What’s that mean? A sudden fog has rolled in, and it is an expensive fog.
Stephen E Arnold, February 10, 2021
An Existential Question: What Do Business Intelligence Tools Do?
February 10, 2021
Business intelligence tools are integral for enterprise systems to achieve their optimum performance, but without technology expertise it is difficult to understand their importance. Towards Data Science explains how BI tools can help a business in the article, “What BI Tools Can Do—The Six Different BI Artifacts You Should Know.”
According to the article, the six BI artifacts are spreadsheets, OLAP cube, visuals (reports and dashboards), stories, graphs, and direct access. Most BI tools do not feature all six BI tools and neither do companies. This does not allow end users to work at their best. There are work arounds and smart end users know how to utilize them.
Each artifact has its weaknesses and the only way to solve them is work around them like when there is a lack of tools:
“We basically have to do the same thing we do in the rest of our software architecture. We can build modular things, architectures where we can quickly exchange the EL in our EL (T). Where we can quickly exchange our storage, our reporting tool for a notebook based architecture. We can build evolutionary architectures, where we are perfectly clear on our fitting function, the quality of our answers to current problems. Where we know we will take small iterative steps towards providing better answers.”
It helps to be versed in all tools to improve BI structure, but it is even better to have access to the entire toolbox. Developers and workers are only as good as their tools.
Whitney Grace, February 10, 2021
A Business Case for Search in the Time of Covid and the SolarWinds Misstep
February 8, 2021
Why does one working in an organization have to make a case for enterprise search? Oh, right, I forgot. Enterprise search has a rich history: Fast Search & Transfer with jail time for the founder, Autonomy with a sentencing date looming for the founder, Entopia with financial pain for its investors, and, well, the list of issues with enterprise search can be extended with references to IBM OmniSphere or STAIRS III, Delphes, Siderean, Arikus, Attensity, Brainware, Eegi, Relegence, Hakia, and the memorable Zaizi, among others.
“Making the Business Case for Enterprise Search” is sponsored. That means it is an advertisement, marketing collateral, and hoo hah. But what is its message. I noted this passage:
Knowledge-centric organizations know that tools such as intelligent search are critical for cutting through the noise and making relevant information discoverable. However, many executives don’t prioritize these types of tools.
Yep, and there is a reason. Consider that Elasticsearch is open source. Amazon offers search and is educating the enthusiastic for free. Put these successes against the backdrop of Google’s high profile failure: The GSA or Google Search Appliance, a fine product according to some Google engineers.
Regardless of today, large organizations typically have multiple information retrieval systems. The idea of federating the information is a really good one until the bean counters realize that the staff, professional for fee services, and the time required to figure out access controls, file formats, and how to cope with versions, rich media, trade secrets in engineering drawings and chemical formulas, and index latency cost more money than anyone revealed in a marketing pitch.
The write up notes:
In a recent survey, nearly half of all respondents said it was challenging finding the right information when they needed it.
One question: What’s right? The problem with enterprise search is that it is a fake discipline trying to gain traction in a world of business intelligence, analytics, and real time data capture, analysis, and outputs.
I laughed at the reminder “Don’t neglect security.” This is the era of the SolarWinds’ misstep. Security is underfunded in most organizations. Do responsible Boards of Directors and senior executives need to be reminded that their security systems is now Job Number One.
Enterprise search? Yeah, a hot enterprise solution. Just a solution which has become a utility and a free one via open source software at that.
Stephen E Arnold, February 8, 2021
Microsoft: Maybe Quantum Computing Can Help Out Defender?
February 1, 2021
The February 9, DarkCyber video news program contains a short item about Microsoft’s January 20, 2021, explanation of the SolarWinds’ misstep. Spoiler: Hey, Microsoft was not responsible. If you are interested in the MSFT explanation with some remarkable self promotion for its security prowess, navigate to this link. But to the matter at hand. Microsoft security will no doubt benefit from its latest technical innovation. “Microsoft Claims Breakthrough in Quantum Computing” reports:
This [MSFT and University of Sydney] team has developed a cryogenic quantum control platform that uses specialized CMOS circuits to take digital inputs and generate many parallel qubit control signals. The chip that powers this control platform is called Gooseberry.
Does this beg the inclusion of the Intel Horse Feathers — no, strike that — Intel Horse Ridge technology?
The write up continues:
There’s no doubt that both Gooseberry and the cryo-compute core represent big steps forward for quantum computing, and having these concepts peer-reviewed and validated by other scientists is another leap ahead.
I hope the technology innovators surge ahead to apply the “breakthrough” to the Redmond giant’s security for Azure and Windows 10, which of course were not the SolarWinds’ problem. The gilded lily language “supply chain” was maybe, a little, sort of tangentially involved.
Supply chain? Gooseberries and horse feathers perhaps?
Stephen E Arnold, February
Humble Brag or Majestic Wisdom: The Waymo Method of Dealing with Pesky Tesla
January 27, 2021
John Krafcik (a Googler) is the head of Waymo. That’s a name which means one get “way more” than from any other outfit. Get it? Cool?
“Waymo CEO Dismisses Tesla Self Driving Plan: This Is Not How It Works” contains some interesting and allegedly true factoids. I found this passage thought provoking:
Waymo CEO John Krafcik dismissed Tesla as a Waymo competitor and argued that Tesla’s current strategy was unlikely to ever produce a fully self-driving system. “For us, Tesla is not a competitor at all,” Krafcik said. “We manufacture a completely autonomous driving system. Tesla is an automaker that is developing a really good driver assistance system.”
Furthermore, the Google Waymo entity “rejected Tesla’ strategy years ago.” The GOOG approach? This is a characterization:
They [the Waymo experts who deliver way more] focused on building a self-driving taxi service that would never have customers in the driver’s seat…
Both approaches are interesting, but perhaps a more pragmatic approach would be to design roads that reduce the need to create really smart software. Leave a special road, and the humanoid takes over driving chores. One Highway 101, kick back and let Tesla and Waymo deliver way more than some drivers expect.
Way more than stock lift, and Google’s need to declare quantum supremacy and its greatness again an again. But, on the other hand, it’s just a down-home, mom-and-pop operation with a love for advertising and self promotion.
Stephen E Arnold, January 27, 2021
Post SolarWinds: No Kidding! Cyber Threats in 2021
January 21, 2021
KnowBe4 is a cyber security company based in Clearwater, Florida. The company offers a wide range of cyber security services and information. Like other cyber security firms, its systems and analysts did not notice the SolarWinds’ misstep. From my vantage point in rural Kentucky, this could be a miscommunication, a misunderstanding on my part, or another example of the ineffectiveness of US cyber security solutions offered by “experts.”
I spotted an article written by a KnowBe4 professional called “Top IT Security Threats in 2021.” This “content strategy and evangelist” seems to operate from the KnowBe4 office in South Africa.
Yep, there are cyber security threats. The SolarWinds’ misstep and the failure of heavily promoted cyber security and threat intelligence vendors to “notice” the breach remains fresh in my mind. FireEye is thinking about the misstep as well. That company released a free cyber tool to help entities figure out if their systems are compromised. (Quick comprehension test #1: What if the tool does not locate a breach? Is the system actually secure? Take the time needed to answer this question. Hint: Think about false positives for Covid tests?)
What are the threats in 2021? KnowBe4’s “content strategy and evangelist points out:
- Phishing
- Ransomware
- Remote working
- Passwords
- Disinformation.
Comprehensive, but isn’t something missing? (Quick comprehension test #2: What’s missing?)
The SolarWinds’ misstep?
If KnowBe4-type solutions worked, wouldn’t SolarWinds be off the security radar?
I like companies which have crystal ball capabilities; that is, the outfits know before? Marketing is more important than performance maybe?
Stephen E Arnold, January 21, 2021
-
- Subscribe to Beyond Search
Feature archive
News archive
-
