LucidWorks and Search: Spying an Issue
November 3, 2013
If you are tracking the evolution of open source enterprise search vendors, you may want to read βEnterprise Search Technology: Leading the Battle against Internal Threats without Sacrificing Employee Privacy.β In my years of covering the intersection of enterprise search, I marvel at a fresh conflation. In my talk next week at the search conference in Washington, DC, I may ask the audience about this issue. Until then, consider the LucidWorksβ viewpoint. Fascinating. Fascinating indeed. search continues to move in new and surprising directions. For case studies of vendors who have pioneered new directions in search, check out the case studies at www.xenky.com/vendlor-profiles.
Stephen E Arnold, November 3, 2013
AddOns Secure SharePoint Cloud Data
October 10, 2013
As more and more information moves to the Cloud, questions arise about how to secure that data. CipherPoint has announced a new Cloud data security solution that hopes to help solve the problem. Read more in the EON article, βCipherPoint Announces Cloud Data Security Solution for SharePoint Online and Office365.β
The article begins:
βWith CipherPoint Eclipseβ’ for SharePoint Online and Office365, organizations can now identify, secure and audit access to sensitive and regulated data stored in cloud collaboration platforms. This new solution provides customers with robust encryption, using industry standard encryption algorithms, access control, audit reporting and customer-controlled encryption keys to address real concerns that large enterprises have about cloud security.β
Stephen E. Arnold, a longtime expert in search and founder of Arnold IT, has frequently noted that while SharePoint is the most widely used enterprise solution, it is not necessarily the highest functioning. Key features are still lacking and it might not be much longer before even the biggest enterprises go looking for other solutions, including open source. Enterprises still using SharePoint often have to supplement with additional add-ons, such as the security solution that CipherPoint now offers.
Emily Rae Aldridge, October 10, 2013
Rethink SharePoint Authentications
September 27, 2013
Microsoftβs recent SharePoint security bulletin left a few developers shaking in their the code. According to Threat Postβs article, βSharePoint Fixes Priority For September 2013 Patch Tuesday,β online SharePoint installations are vulnerable to thirteen critical threats and Microsoft only patched ten of them. The threats lead to remote code execution on the collaboration server. Nearly all versions of SharePoint are affected and any installation that has disabled the user highest risk.
The CVE-2013-1330 bug is the worst threat. It is a remote code execution that gives the attacker privileges in the context of W3WP service account, but it requires authentication to gain access. If that feature is turned off, your SharePoint installation is a delightful smorgasbord of hacked information.
Some are surprised about Microsoftβs alarm and user ignorance:
β βItβs interesting that Microsoft prioritized the SharePoint bulletin as highly as they did. In theory, the vulnerability requires authentication. Given the frequency with which people disable SharePoint authentication and the ease of access to documentation on that process, the priority needs to be that high,β said Tyler Reguly, technical manager of security research and development at Tripwire. βPeople know their computers and email need good passwords. It boggles my mind that we see so many SharePoint deployments in anonymous mode. ββ
I have been told multiple times by online expert Stephen E Arnold of Arnold IT to always take security risks seriously and find a solution quickly or private information will be stolen faster than a Google search.
Whitney Grace, September 27, 2013
Shodan and the Scary Side of Search
September 25, 2013
Search can be a lot of things, but “terrifying”? Yes, I’m afraid so. Forbes describes a thoroughly modern, search-related threat in, “The Terrifying Search Engine that Finds Internet-Connected Cameras, Traffic Lights, Medical Devices, Baby Monitors, and Power Plants.”
You may have heard the story about the hacked baby monitor, through which one truly deplorable individual viewed and harassed a sleeping two-year-old who was tucked into her own bed. In this piece, journalist Kashmir Hill examines the search engine Shodan, which she says probably facilitated that digital predator. Such a trespass is just the tip of the chill-inducing iceberg. She writes:
“Shodan crawls the Internet looking for devices, many of which are programmed to answer. It has found cars, fetal heart monitors, office building heating-control systems, water treatment facilities, power plant controls, traffic lights and glucose meters. A search for the type of baby monitor used by the Gilberts reveals that more than 40,000 other people are using the IP camβand may be sitting ducks for creepy hackers. . . .
“Shodanβs been used to find webcams with security so low that you only needed to type an IP address into your browser to peer into peopleβs homes, security offices, hospital operating rooms, child care centers and drug dealer operations. Dan Tentler, a security researcher who has consulted for Twitter, built a program called Eagleeye that finds webcams via Shodan, accesses them and takes screenshots. He has documented almost a million exposed webcams.”
Scary stuff, but that is not all. The article notes that many modern buildings that house everything from apartments to businesses to government facilities have security, lighting, and HVAC systems connected to the Internet, where they could be hijacked. Even entire power grids could be usurped. The unnerving possibilities seem endless.
Like many scary things, Shodan can also be used for good. Folks working in security, academia, law enforcement, and white-hat hacking have used the tool to find susceptible devices and see that they are secured. It is also at least a bit comforting that the FTC is aware of Shodan’s capabilities and the vulnerabilities it reveals. The takeaway for consumers, of course, is to pay close attention to locking down devices from our end, with things like obscure user names (not “admin”!) and hard-to-guess passwords. Better yet, at least for now, we may wish to tune out the growing siren song that promises convenience through universal connectivity. The cost could be too high until security is significantly improved.
The programmer that developed and now runs the search engine, John Matherly, originally envisioned it being used by corporations for, let’s call it, competitor research. The sharp turn into creepy territory, though, does not seem to bother him. In fact, he seems to see this development as a good thing, shining light on inadequate security practices at companies that sell internet-connected devices. See the article for more about the man behind Shodan and the hornets’ nest that he has soundly thwacked.
Cynthia Murrell, September 25, 2013
Sponsored by ArnoldIT.com, developer of Augmentext
HP Autonomy Brings Secure Cloud Sharing to the Workplace
September 21, 2013
HP Autonomy aims to bring stronger security to the cloud with Autonomy LinkSite, a solution that integrates WorkSite, the division’s on-site data management solution, with HP’s public cloud-based sharing and collaboration service Flo CM. Market Wired shares the details in, “HP Autonomy Delivers Proven and Secure Enterprise-Grade Alternative to Consumer File Sharing Services.”
It has not taken long for many of us to get used to today’s cloud-based, consumer file-sharing technology. We want to be able to share anything of any size with anyone from any device, synchronizing instantly. Such expectations brought into the workplace from our personal habits can mean real security headaches for businesses. At the same time, continuing to rely on the very limiting method of sharing files through email is becoming less and less tenable. The press release tells us:
“Autonomy LinkSite combines an enterprise-grade document and email management system with the ease of use and simplicity of a consumer solution. It provides the enterprise with a single, integrated, user-friendly tool for external file sharing and collaboration. Autonomy LinkSite enables a single file or an entire project folder to be shared in the cloud with internal and external collaborators, directly from the Autonomy WorkSite application. . . .
“‘For the first time, organizations no longer have to turn a blind eye to continued use of undocumented consumer file sharing services,’ said Neil Araujo, general manager, Enterprise Content Management, HP Autonomy. “Businesses now have a very attractive alternative that satisfies the needs of the users as well as the IT and compliance teams.'”
The write-up lists the following benefits of this new tool: collaboration across firewalls; the convenience of a single point of access for each user; synchronization across all employee devices; an ease of use that they say surpasses that of the consumer-grade file-sharing options; and, perhaps most importantly, the “seamless” extension of security, authorization, and audit properties from WorkSite into the cloud.
Tech giant HP purchased Autonomy in what was, let’s just say, a much-discussed deal back in 2011. Founded in 1996, Autonomy grew from research originally performed at Cambridge University. Their solutions help prominent organizations around the world manage large amounts of data.
Cynthia Murrell, September 21, 2013
Sponsored by ArnoldIT.com, developer of Augmentext
Bold Assertions about Big Data Security Threats
September 17, 2013
Big Data comes with its own slew of security problems, but could it actually be used to keep track of them? The idea of using big data to catch security threats is a novel idea and a big one to stand behind. PR Newswire lets is know that, βAnubisBetworksβs Big Data Intelligence Platform Analyses Millions Of Cyber Security Threat Events.β AnubisNetworks is a well-known name in the IT security risk management software and cloud solutions field and its newest product to combat cyber threats is StreamForce. StreamForce is a real-time intelligence platform that detects and analyzes millions of cyber security threats per second.
StreamForce de-duplicates events to help speed up big data storage burden, which is one of the biggest challenges big data security faces.
βWithin the new “big-data” paradigm – the exponential growth, availability and use of information, both structured and unstructured – is presenting major challenges for organizations to understand both risks as well as seizing opportunities to optimize revenue. StreamForce goes to the core of dealing with the increasingly complex world of events, across a landscape of distinct and disperse networks, cloud based applications, social media, mobile devices and applications. StreamForce goes a step further than traditional “after-the event” analysis, offering real-time actionable intelligence for risk analysts and decision makers, enabling quick reaction, and even prediction of threats and opportunities.β
StreamForce is the ideal tool for banks, financial institutions, telecommunication companies, government intelligence and defense agencies. Fast and powerful is what big data users need, but does StreamForce really stand behind its claims? Security threats are hard to detect for even the most tested security software. Can a data feather duster really do the trick to make the difference?
Whitney Grace, September 17, 2013
Sponsored by ArnoldIT.com, developer of Beyond Search
IBM Has Security Flaws
September 8, 2013
IBM is a respected technology company and it appears that hardly anything can bad can be said about them. There comes a time when every company must admit they have a fault in their product and IBM must step up to the plate this time. The news comes to us from Secunia, a Web site that monitors technology security, in the warning, βSecurity Advisory SA54460-IBM Content Analytics With Enterprise Search Multiple Vulnerabilities.β The warning is labeled as moderately critical and should worry organizations that use the software to manage their data. The bug messes with cross site scripting, manipulates data, exposes sensitive information, and a DoS.
Here is the official description:
βIBM has acknowledged a weakness and multiple vulnerabilities in IBM Content Analytics with Enterprise Search, which can be exploited by malicious people to disclose certain sensitive information, conduct cross-site scripting attacks, manipulate certain data, and cause a DoS (Denial of Service).β
Ouch! IBM must not be happy about this, but at least they discovered the problem and Content Analytics users can expect a patch at some point. Hate to bring up Microsoft at this venture, but whenever a big company has a problem I canβt help but think about how Microsoft never has a product launch without some issues. IBM is reliable and hopefully they will not go down the same path as Windows 8.
Whitney Grace, September 08, 2013
Sponsored by ArnoldIT.com, developer of Beyond Search
Webinar to Show How Cogito Intelligence API Delivers Strategic Insights
August 20, 2013
Calling all software developers, analysts and systems integrators. The leading semantic intelligence developer, Expert System is hosting a webinar entitled, βWhatβs Hiding In Your Data? Test Drive Our Semantic API.β The webinar is scheduled for August 28 at 12 pm ET/9 am PT and registration is now open.
We recommend that professionals who are interested in transforming content and data streams into actionable and strategic information should sign up. A unique offering of this webinar is the live product test drive so that those interested can see how their flagship Cogito Intelligence API works.
The webinar description summarizes Cogito Intelligence API:
Cogito Intelligence API is a unique API that uses the power of semantic processingβText Mining, Categorization, Taggingβand deep domain vertical knowledge for Intelligence to help analysts access and exploit some of their most strategic sources of information. As the only semantics based system, Cogito Intelligence API provides complete understanding of meaning and context in the processing of data and resolves ambiguities in data more effectively than solutions based on keywords or statistics.
Another unique offering from the Cogito API revolves around corporate security. Their solution is already embedded with corporate security measures, which enables businesses to operate all applications with the same confidence that Cogito offers.
Megan Feil, August 20, 2013
Sponsored by ArnoldIT.com, developer of Beyond Search
Approaching Infrastructure Challenges with Intelligence API
August 6, 2013
The rise of metadata is here, but will companies be able to harness its value? Concept Searching points to the answer that ROI has not been successful with this across the board. A recent article, βSolving the Inadequacies and Failures in Enterprise Search,β admonishes the laissez-faire approach that some companies have towards enterprise search. The author advocates, instead, towards a hands-on information governance approach.
What the author calls a βmetadata infrastructure frameworkβ should be created and should be comprised of automated intelligent metadata generation, auto-classification, and the use of goal and mission aligned taxonomies.
According to the article:
The need for organizations to access and fully exploit the use of their unstructured content wonβt happen overnight. Organizations must incorporate an approach that addresses the lack of an intelligent metadata infrastructure, which is the fundamental problem. Intelligent search, a by-product of the infrastructure, must encourage, not hamper, the use and reuse of information and be rapidly extendable to address text mining, sentiment analysis, eDiscovery and litigation support. The additional components of auto-classification and taxonomies complete the core infrastructure to deploy intelligent metadata enabled solutions, including records management, data privacy, and migration.
We wholeheartedly agree that investing in infrastructure is a necessity β across many areas, not just search. However, when it comes to a search infrastructure, we would be remiss not to mention the importance of security. Fortunately there are solutions like Cogito Intelligence API that offer businesses focused on avoiding risks the confidence in using a solution already embedded with corporate security measures.
Megan Feil, August 6, 2013
Sponsored by ArnoldIT.com, developer of Beyond Search
Open Source to Help Secure Cloud Storage
August 5, 2013
As technology advances quickly, so do security concerns. It stands to reason that new technologies open up new vulnerabilities. But open source is working to combat those challenges in an agile and cost-effective way. Read the latest on the topic in IT World Canada in their story, βOpen-Source Project Aims to Secure Cloud Storage.β
The article begins:
βThe open source software project named Crypton is working on a solution that would enable developers to easily create encrypted cloud-based collaboration environments. There are very few cloud services that offer effective encryption protection for data storage, according to Crypton. Security has always been the top concern for many enterprise organizations when it comes to cloud services and applications.β
It is reasonable that enterprises are concerned about security when it comes to cloud services and storage. For that reason, many prefer on-site hosting and storage. However, some open source companies, like LucidWorks, build value-added solutions on top of open source software and guarantee security as well as support and training. And while LucidWorks offers on-site hosting as well, those who venture into the Cloud can have the best of both worlds with cost-effective open source software and the support of an industry leader.
Emily Rae Aldridge, August 5, 2013
Sponsored by ArnoldIT.com, developer of Beyond Search
-
- Subscribe to Beyond Search
Feature archive
News archive
-
