Month: February 2021

Patching Missteps Are Not an Excuse to Blame Victims of Ransomware Attacks

first_img“It’s their own fault. They wouldn’t have been hit if they’d kept up with their patches and updates.”How many times did we hear this line in the wake of WannaCry, Petya and virtually every other cyber attack that has exploited known vulnerabilities in recent years? To hear the Monday-morning quarterbacks talk, you’d think data security teams the world over were either lazy, unknowledgeable or both if they fell victim to one of these massively successful cybercriminal ventures.While it’s true that some of this year’s major ransomware attacks could have been avoided with timely patching, blaming the victim is naive.For mid-sized and larger organizations with an average IT department, patching is not an easy feat – it’s challenging, time-consuming and rife with issues.The Scale IssueIt may be relatively easy to keep up with one or two software and OS updates when you’re working with a personal computer and a handful of applications. However, for IT teams responsible for updating thousands of systems, the number of patches needed per month is not one or two. It could be over 100!I recently counted that an average 500-bed hospital uses about 460 applications. Every application requires updates and patches on an ongoing basis. Moreover, the most common apps – Flash readers, web browsers and OSes – require more frequent attention. Finding and attacking vulnerabilities is time-consuming and expensive for cybercriminals. So by targeting common apps, they get a bigger bang for their buck. Luckily for cybercriminals, these apps tend to be rife with vulnerabilities.Let’s not forget that the existence of these vulnerabilities is not the victim’s fault – it’s the vendor’s. And while vendors receive their share of negative attention when vulnerabilities are revealed, for some reason we find vulnerabilities much less baffling than a victim‘s inability to keep up with the demands of applying the patches.The Domino EffectIf updates and patches could be rolled out without side effects, they would be slightly more manageable. But this isn’t the case either.Anyone who has worked for a large company knows firsthand the collective groan that spreads when the IT team announces updates. Updates are inconvenient – work comes to a standstill while employees download and reboot. And inevitably, there are issues.Maybe a few employees’ VPNs no longer work. Maybe their multi-factor authentication becomes buggy. The reality is that most updates bring with them an array of complications and a flurry of help-desk calls, so IT teams plan for updates with this expectation.The Offline ChallengeOf course, for every device that experiences an issue after an update, there’s another device that doesn’t receive the update at all. Endpoint security updates are typically pushed through an endpoint management console. If a device is not connected to the company’s network or not turned on when a patch is pushed, it will miss the update. If the user has administrative control, which is more common than you would think, he or she can opt out of the update. If either of these scenarios happens enough, the company suddenly finds itself with a massive data security gap.Ideally, IT figures this out and fixes it quickly. But we don’t live in an ideal world – we live in one that makes patching thousands of endpoints highly challenging. And it’s only one item out of many on the average IT team’s checklist.Patching Is Good. Endpoint Security That Works Is Better.Don’t get me wrong. Patching should unequivocally be a priority of every IT team. A good strategy is to prioritize updates so that the most mainstream products, such as apps, browsers, and OSes, get the top spot.But when a ransomware attack or other exploit succeeds, we shouldn’t simply be asking why the victims weren’t up-to-date. We should be asking what else broke down in the data security chain that allowed the compromise to happen.Did a software provider prioritize UI over security in their rush to market, allowing the vulnerability to exist in the first place? Did an endpoint security solution fail to stop a known threat? Was the victim relying on 10-year-old technology that simply is no longer equipped to stop modern threats?There are many reasons security programs can fail to stop a threat. It’s time to change the conversation to offer a more comprehensive outlook on why breaches succeed. Otherwise, the blame will continue to be passed, and victims will continue to feel defenseless no matter how hard they try to keep up with changing data security demands. Even worse, cybercriminals will continue to succeed in their attack ventures, draining companies of millions more dollars and the entire industry of peace of mind.last_img read more

Leverage AI for Competitive Advantage in the Enterprise

first_imgArtificial intelligence (AI). I’m sure by this point in the year, you’ve heard these two words more times than you can count, and have started to think about a world of self-driving cars and robot home assistants. But what does this mean for enterprises?That’s a question our team at Dell EMC hears from customers on a daily basis. These customers want to understand how they can leverage this technology that promises so much, but do so in a way that doesn’t require a steep learning curve that will grind their business activities to a halt.This is where the Ready Solutions from Dell EMC come in. To gain competitive advantage, enterprise organizations must collect, analyze, and manage large amounts of data – which is the heart of what is promised by machine learning and deep learning. In November, we announced new Ready Bundles for Machine and Deep Learning that will enable customers to enjoy easier adoption and derive faster benefits from machine and deep learning.A critical reason why these Ready Solutions will be able to offer such value to enterprises is Dell EMC’s commitment to working with leading technology vendors to deliver better solutions to our customers. In developing these Ready Solutions, we are working with several leading innovators including NVIDIA, Intel, Mellanox Technologies and Bright Computing. And we remain committed to looking for new ways to work with these technology leaders and with leading AI software companies to add additional value to our Ready Solutions, making it easier than ever for customers to gain value from machine and deep learning.A great example of our continued work with leading AI technology vendors is the latest update to our Dell EMC Deep Learning Ready Bundle with NVIDIA. We’ve worked with the teams at NVIDIA and Bright Computing so that this solution will be able to take advantage of NVIDIA’s latest Tesla V100 technology as well as Bright Computing’s new Bright Cluster Manager for Data Science.  This Ready Bundle approach will help our customers simplify their architecture within a deep learning environment – and all without necessarily having to acquire new software skills.AI is the future—don’t get left behindThe newest Dell EMC collaborations with both NVIDIA and with Bright Computing benefit machine and deep learning, data analytics, HPC, OpenStack private clouds, and hybrid clustered environments for multiple workloads that are changing the modern datacenter. But beyond bringing our customers the latest innovations, we want to ensure we help lift the roadblocks many customers face in deriving value from their AI, machine and deep learning investments.I hear many customers say that they simply don’t have the time or resources to develop the skills required to design, deploy and manage advanced AI solutions. A big part of the Dell EMC AI Ready Solutions will focus on helping our customers with consulting, deployment, education and support to jump-start their AI journey, solve common AI challenges and drive business outcomes. Specifically, the Dell EMC team has invested in AI expertise to help customers fill the skills gap and provide use case driven, tailored services to help them get the most out of their AI investment. Dell EMC’s consulting services provide a flexible, open and practical approach to AI, which enables our customers to choose the technologies and tools that work for them to drive successful business outcomes.To see these solutions in action or to simply learn more, come see us at booth #815 at NVIDIA GTC, the premier AI and deep learning event in San Jose, California.Editor’s Update 4/10/18: For more on the new AI Ready Solutions, check out this video from the conference, in which Shaikh describes the new AI Ready Solutions for Rich Brueckner of Inside HPC.last_img read more

The Right Technology for Your Unique Small Business Demands

first_imgSmall businesses need to be agile to make the most of their business opportunities. By having the latest technology, it will help get them there faster. In the United States, only 39.2% of small businesses have any full-time IT staff in-house.[1]Growing businesses are challenged to manage expenses, improve productivity, and reduce complexities across their organizations. We see you, we understand your small business challenges, and want to make sure you get the best quality servers to help you achieve your IT goals. We realize that you may not have the time/resources to focus on your IT needs or manage business data on a complex IT solution. IT issues are likely to be disruptive and detrimental to small businesses.Don’t let these challenges get in the way of your work. Our PowerEdge servers offer enterprise features at an affordable price. Since they are made to grow and scale with your business, they can help with future expense reduction. Our one-socket PowerEdge servers are also built to process data quickly and enable everyday business applications to run faster and reduce interruptions.While these servers are designed for small to medium businesses, their increased performance, enterprise-class management, and robust security capabilities make them just as applicable for larger organizations as well. They come in a couple of form factors and a variety of feature sets that are optimized for different workloads and environments. Remember, one size does NOT fit all.These four servers, the PowerEdge T140, T340, R240 and R340, feature a couple new important updates. The key feature among all these are the new Intel® Xeon® E-2200 processors. These latest processors now provide 100%[2] more cores than the previous server generation (up to 8 cores vs. 4 cores), allowing for increased performance and faster task completion. In fact, you can improve performance by up to 35% faster using PowerEdge one-socket servers with Intel® Xeon® E-2200 processors.[3]Something else to think about is how you can automate your server lifecycle. Automation is key when it comes to handling pesky routine tasks. By leveraging these simple and efficient tools, you’ll reduce time and effort on server management and invest more of that time on bigger priorities. As a business, you never want your applications to stop working, so we’ve integrated built-in security, proactive support and hot-plug options to keep your business operating.iDRAC is embedded across most PowerEdge servers and provides one of the best remote management solutions in the market for 1-to-1 server management.You can access your servers anywhere, anytime from your mobile device with the Dell EMC OpenManage Mobile (with OpenManage Enterprise).Set up as much as 66% faster with our ProDeploy suite of services, simply tell Dell EMC what applications you’d like to run, and we’ll configure and deploy the server in your office.[4]Proactively resolve issues with up to 72% less effort by leveraging technology from ProSupport Plus and SupportAssist.[5]See which PowerEdge one-socket server works best for you.RacksR240: The R240 is excellent for both general-purpose and industry-specific workloads. Typically for small to medium businesses where the IT infrastructure consists of multiple servers and can be consolidated in a rack. Another feature update for this server is the addition of a 450W cabled power supply to support the higher core count for faster performance. The R240 can handle collaboration/sharing, mail/messaging, file/print, data coordination, and web hosting.R340: The R340 is designed to boost productivity, scale at your own pace, and help simplify your IT infrastructure. It offers high availability features like hot-plug drives and hot-plug redundant power supplies. The R340 is great for file/print, mail/messaging, collaboration/sharing and remote/branch offices. Plus, the R340 goes into the same type of SMB rack infrastructure as the R240.TowersT140: This is an excellent server for desktop consolidation and general business applications. It includes tasks like collaboration, productivity apps, file-and-print, mail and messaging, office data coordination and file sharing. The T140 typically goes to small office/home office users and helps these businesses get organized. Plus, it also simplifies the IT of their growing business onto a reliable platform and attain greater productivity.T340: The T340 tower server is well-suited for single-tier workloads and offers room for expansion. While it supports the same kind of general-purpose applications as the T140, the T340 offers greater internal storage capacity. It can accommodate users with rapidly expanding data storage requirements or allowing steady data growth and expandability. Its convenient tower form also makes it a popular choice for remote office/branch office sites, for example, bank branches and retail outlets.The PowerEdge one-socket servers can help simplify your IT environment, make better use of data, and are ready to scale with your business. Check out a couple of tips to help get you started on your server selection if you are unsure where to begin.For additional information about PowerEdge servers, visit dellemc.com/servers, or contact your small business technology advisor for more information at 877-BUY-DELL.Be sure to follow us and join the conversation on Twitter @DellEMCServers.[1] IDC FutureScape: Worldwide SMB 2020 Predictions, Doc # US45587619, Oct. 2019[2] Based on Dell EMC Internal analysis comparing T340, R240, and R340 vs the previous generation. September 2019. (Not applicable to the T140)[3] Based on Dell EMC internal testing November 2019 comparing PowerEdge 1S Servers running Intel® Xeon® E-2186 processors vs PowerEdge 1S Servers running Intel® Xeon® E-2288 processors using SPECcpu2017 int_rate_base. Actual results may vary.[4] Based on a November 2017 Principled Technologies Test Report commissioned by Dell EMC comparing in-house deployment vs. Dell EMC ProDeploy for Enterprise deployment service for Dell PowerEdge R730 servers, Dell Storage SC9000 and SC420 and networking components. Actual results may vary.[5] Based on June 2018 Principled Technologies Report commissioned by Dell EMC, “Save time and IT effort resolving server hardware issues with ProSupport Plus and SupportAssist,” compared to Basic Warranty without SupportAssist. Actual results will vary.last_img read more

Baker’s Half Dozen — Episode 9

first_imgIf you’ve got questions about this episode, or a question you’d like Matt to answer in the next episode, comment below or tweet Matt using #BakersHalfDozen.Episode 9 Show Notes:Item 1: On Premise vs. On PremisesItem 2: Taking a picture of a black holeItem 3: Using CRISPR for molecular data storageItem 4: Satellite monitoring of lakesItem 5: Lawless dataItem 6: A.I. ApocalypseItem 6.5: Yoctosecondlast_img

Man who wore horns at riot willing to speak at Trump’s trial

first_imgPHOENIX (AP) — The lawyer for an Arizona man who took part in the insurrection at the U.S. Capitol while sporting face paint, no shirt and a furry hat with horns is offering to have his client testify at former President Donald Trump’s upcoming impeachment trial. Lawyer Albert Watkins said he hasn’t spoken to any member in the Senate since announcing his offer to have Jacob Chansley testify. Watkins said it’s important for senators to hear from someone who was incited by Trump. Watkins said Chansley feels betrayed by the former president after Trump refused to pardon Chansley. Chansley hasn’t yet entered a plea to his charges.last_img read more

Fence at Capitol blocks DC government from enacting new laws

first_imgWASHINGTON (AP) — That foreboding black fence erected around the U.S. Capitol building has had an unintentional side effect: walling off the local government’s ability to enact new laws. Under terms of the District’s relationship with the federal government, physical paper copies of all new laws must be hand-delivered to Senate and House leadership. By Monday afternoon, the problem appeared to have been solved. But officials says the episode shines a light on the larger overall issue: the fact that D.C. isn’t a state and needs to run its local laws past Congress in the first place.last_img read more

Moon, Biden agree to work on joint North Korea strategy

first_imgSEOUL, South Korea (AP) — The South Korean and U.S. presidents agreed on the need for a comprehensive strategy on North Korea as they push to work together to achieve denuclearization on the Korean Peninsula. During their first phone talks since President Joe Biden’s Jan. 20 inauguration, South Korean President Moon Jae-in proposed the allies make joint efforts. Moon’s office quoted Biden as saying it’s important for Washington and Seoul to have the same position. Moon wants to resume nuclear diplomacy that collapsed when former President Donald Trump rejected Kim’s limited denuclearization steps in exchange for lifting sanctions. Moon said earlier that Biden could learn from Trump’s successes and failures though he acknowledged Biden was likely to try a different approach.last_img read more