technology

NetApp NAS solutions with clustered Data ONTAP give you reliable scale-out capabilities without reconfiguration.

NetApp® network-attached storage (NAS) solutions simplify data management and help you keep pace with growth while optimizing costs. Our NAS solutions give you nondisruptive operations, proven efficiency, and seamless scalability within a unified architecture.

Deploy NetApp NAS storage with the NFS protocol for your challenging technical and business applications. NetApp is an innovator in NAS storage and NFS advancements. We pioneered NFS standards for file-based storage access in UNIX/Linux environments, and we were first to market with pNFS support for NAS. Our NAS storage solutions have been tested against the leading NFS RFC standards.

Consolidate your Windows® file servers on NetApp NAS with native SMB/CIFS support. Integrate NetApp NAS systems into your Windows environment with minimal-to-no disruption, and connect them to existing authentication services such as Active Directory. Use SMB/CIFS shares for applications such as SharePoint and SQL, as well as for your custom and traditional workloads. Take advantage of SMB 3.0 support to improve scalability and manageability for Microsoft® Hyper-V® environments.

Cloud and big data environments demand high assurance data centric securityPLANTATION, Fla., 19 January, 2016 – Thales, leader in critical information systems and cybersecurity, and Vormetric, a provider of data-centric security to the world’s leading companies, announce that the Vormetric Data Security Manager (DSM) is now secured with Thales nShield hardware security modules (HSMs). Customers in highly regulated and security conscious industries such as finance and banking can now benefit from the heightened levels of trust and security provided by Thales HSMs.Vormetric DSM centralizes control of data-at-rest security enabling organizations to protect their sensitive data and meet new security mandates and compliance requirements. Where high levels of trust and security are demanded Thales HSMs provide FIPS 140-2 certified protection and key management.To meet the demands of customers with deployments distributed across multiple data centres, Thales HSMs offer Vormetric a superior approach to HSM initialization and ongoing administration. By utilizing the unique Thales Security World architecture customers can increase their security posture without the operational difficulties often associated with alternative solutions.Ashvin Kamaraju, vice president of product development at Vormetric says:“Our security conscious customers demand high levels of assurance and Vormetric has long offered these customers the option of an embedded FIPS 140-2 certified module. Thales HSMs are a critical component in meeting this security standard and also offer superior scalability to meet the demands of customers working in cloud and multi data-centre environments”.Cindy Provin, president, Thales e-Security, Inc. says:“As ever-greater volumes of data move to the cloud and big data environments the way in which data is stored, accessed and processed demands a data-centric security approach. Properly encrypted data is worthless to cyber-criminals and the deployment of FIPS-validated hardware is a long proven method to ensure encryption keys are safely stored and managed. The integrated delivery of Thales HSMs with Vormetric’s DSM allows customers to take advantage of best-in-class cryptographic hardware protection and key management, adding a further layer of security and reducing their operational risk.”Thales recently signed a definitive agreement to acquire Vormetric which, when completed, will extend Thales’ data protection and key management solutions to further protect enterprises against cybersecurity threats.For further information read the case study: www.thales-esecurity.com/knowledge-base/case-studies/vormetric For industry insight and views on the latest key management trends check out our blog www.thales-esecurity.com/blogsFollow Thales e-Security on Twitter @Thalesesecurity, LinkedIn, Facebook and YouTubeAbout VormetricVormetric’s comprehensive high-performance data security platform helps companies move confidently and quickly. Our seamless and scalable platform is the most effective way to protect data wherever it resides—any file, database and application in any server environment. Advanced transparent encryption, powerful access controls and centralized key management let organizations encrypt everything efficiently, with minimal disruption. Regardless of content, database or application—whether physical, virtual or in the cloud—Vormetric Data Security enables confidence, speed and trust by encrypting the data that builds business. About Thales e-SecurityThales e-Security is a leading global provider of trusted cryptographic solutions with a 40-year track record of protecting the world’s most sensitive applications and information. Thales solutions enhance privacy, trusted identities, and secure payments with certified, high performance encryption and digital signature technology for customers in a wide range markets including financial services, high technology, manufacturing, and government. Thales e-Security has a worldwide support capability, with regional headquarters in the United States, United Kingdom, and Hong Kong. www.thales-esecurity.com About ThalesThales is a global technology leader for the Aerospace, Transport, Defence and Security markets. With 61,000 employees in 56 countries, Thales reported sales of €13 billion in 2014. With over 20,000 engineers and researchers, Thales has a unique capability to design and deploy equipment, systems and services to meet the most complex security requirements. Its unique international footprint allows it to work closely with its customers all over the world.Positioned as a value-added systems integrator, equipment supplier and service provider, Thales is one of Europe’s leading players in the security market. The Group’s security teams work with government agencies, local authorities and enterprise customers to develop and deploy integrated, resilient solutions to protect citizens, sensitive data and critical infrastructure. Drawing on its strong cryptographic capabilities, Thales is one of the world leaders in cybersecurity products and solutions for critical state and military infrastructures, satellite networks and industrial and financial companies. With a presence throughout the entire security chain, Thales offers a comprehensive range of services and solutions ranging from security consulting, intrusion detection and architecture design to system certification, development and through-life management of products and services, and security supervision with Security Operation Centres in France, the United Kingdom and The Netherlands.Contact:Dorothée Bonneil Thales Media Relations – Security+33 (0)1 57 77 90 [email protected] Liz HarrisThales e-Security Media Relations+44 (0)1223 [email protected] KicklighterVormetric Media Relations+1 [email protected] ###Source: RealWire

Microsoft Will Not Support Upcoming Processors Except On Windows 10

Microsoft has long been the bastion of long term support for older platforms, so today’s support news out of Redmond is particularly surprising. Intel launched its 6th generation Skylake cores back in August, and support on Windows 7 has been not as strong as Windows 10 right out of the gate. It’s not terribly strange that new features like Intel’s Speed Shift will not be coming to Windows 7, but…

GM’s vulnerability coordination portal on HackerOne.GM / HackerOneOn January 5, General Motors quietly flipped the switch on Detroit’s first public security vulnerability disclosure program, launched in partnership with the bug bounty and disclosure portal provider HackerOne. General Motors Chief Cybersecurity Officer Jeff Massimilla told Ars the new portal was a first step in creating relationships with outside security researchers and increasing the speed with which GM discovers and addresses security issues. “We very highly value third-party security research,” Massimilla said. He explained that under the program, those third parties can reveal vulnerabilities they find with the guarantee that GM will work with them and not take legal action—as long as they follow the fairly straightforward guidelines posted on the program’s portal. The choice of HackerOne was a key part of the program strategy, Massimilla said, because of that company’s existing relationship with security researchers. “We don’t have a lot of experience with this sort of program,” Massimilla admitted. HackerOne is hosting the program’s Web portal, which handles much of the workflow of managing disclosures. “We also have e-mail addresses and other contact points where we can communicate,” he added. HackerOne is currently hosting more than 400 vulnerability disclosure and bug bounty programs, of which about 100 are currently public. The remainder are “invitation only,” said HackerOne founder and CTO Alex Rice. With those, “the companies start testing their coordination with a few trusted hackers, working out the edge cases of coordination.” GM’s effort isn’t a full-blown bug bounty program like the one announced by Tesla at last year’s Def Con conference in Las Vegas—at least not yet. “Right now, it’s a public coordinated disclosure program, so when vulnerabilities are discovered we can work with researchers to resolve them,” Massimilla said. “We’re going to continue to assess and modify the program as it goes forward.” Various forms of recognition and rewards will be considered, he added, as the program evolves. Eight simple rules for hacking our cars The GM program’s rules are mostly simple. GM has publicly declared that researchers are safe from legal action as long as they:

do not cause harm to GM, our customers, or others;

provide a detailed summary of the vulnerability, including the target, steps, tools, and artifacts used during discovery (the detailed summary will allow us to reproduce the vulnerability);

do not compromise the privacy or safety of our customers and the operation of our services;

do not violate any criminal law;

do not violate any other law (other than those that would result only in claims by GM), or disrupt or compromise any data or vehicle that is not their own;

publicly disclose vulnerability details only after GM confirms completed remediation of the vulnerability and not publicly disclose vulnerability details if there is no completion date or completion cannot be ascertained;

confirm that they are not currently located in or otherwise ordinarily reside in Cuba, Iran, North Korea, Sudan, Syria or Crimea; and

confirm that they are not on the US Department of the Treasury’s Specially Designated Nationals List.

The creation of a disclosure program may appear to be a small step in comparison to other bug bounty programs offered, like the Tesla initiative mentioned above. But Joshua Corman of the grassroots security advocacy organization I Am The Cavalry—a group that has lobbied automakers, medical device manufacturers and other industries to work with security researchers to build safer products—told Ars that GM’s move is “a huge” step. “This first of a kind disclosure program, if copied by rest of the auto industry, will really catalyze the maturity of their security practices,” he said. Part of the reason for that is because of the massive work that GM has had to do (and will continue to have to do) in simply working the bugs out of the bug-killing process itself. “There’s been a lot of tension around the bug bounty program,” said Rice. “But that’s obscuring the complexity that has to go into the underlying process. For a small company, it’s pretty straightforward. But for startups, it starts to get complicated pretty quickly. If there’s an open source project involved, for example, vulnerabilities need to be passed along. Take it up to a company the size of GM, and getting it right is a real problem, because many of the vulnerabilities that are going to be coming into the program aren’t their fault—but they’re still going to be stepping up to coordinate getting those bugs fixed.” Beware of dog Starting off with building a relationship with the security research community is, as Corman described it, the “crawling before the walking” of a bug program. But there’s a lot of relationship building to be done. Most automakers have private bug-hunting programs that involve internal staff or contract security researchers, Corman noted. Some accept bugs from external trusted researchers through private programs. But for independent security researchers who discover vulnerabilities, “Detroit currently has an implicit ‘beware of dog’ sign,” he said. “We’ve met people who say, ‘I found this bug but I’m not going to tell them, I don’t want a lawsuit.‘”Further ReadingHighway to hack: Why we’re just at the beginning of the auto-hacking eraA slew of recently revealed exploits shows gaps in carmakers’ security fit and finish. There’s a reason for that defensiveness. Handling vulnerabilities in the automobile industry can be extremely complex, since the vulnerabilities are often (as demonstrated in the hack of a Jeep Cherokee last year by Charlie Miller and Chris Valasek) in systems provided by multiple tiers of suppliers. Those suppliers may or may not have vulnerability patching processes of their own. Additionally, some vulnerabilities in previous generations of vehicles may be impossible to patch without ripping and replacing components of the car wholesale. That’s an extremely expensive proposition, and one that will likely reach only a fraction of affected vehicles even in a recall. “Most of the bugs found with bounty programs aren’t fixable,” Rice said. Before founding HackerOne, Rice was head of product security at Facebook. He sees how his new situation can be much more difficult. “Facebook finds bugs that it takes responsibility for but has to pass downstream,” he said. And sometimes getting those bugs fixed takes a long time—even when working with outside researchers. GM is now stepping into a situation that may be even thornier than that at Facebook. “For a company like GM to step forward, they’re telling every supplier that they also need a vulnerability coordination program.” The Jeep hack by Miller and Valasek is “the perfect example” of the problem automakers face in doing vulnerability management, Rice said. Fiat-Chrysler was “dealing with a dependency chain that is difficult to navigate.” The vulnerabilities exploited by Miller and Valasek were in software, hardware, and services provided largely by suppliers—most of whom don’t have vulnerability management processes in place. All that means bug fixes can take a long time. A similar demonstrated “takeover” vulnerability found by University of California-San Diego researchers in GM’s OnStar service took five years to resolve after it was privately disclosed to GM and the National Highway Traffic Safety Center. The processes to deal with resolving vulnerabilities simply didn’t exist at the time at GM, OnStar, or at suppliers, and most of the components involved weren’t necessarily designed with the idea of security updates in mind. Building in security That’s something GM has been working to resolve through the formation of Massimilla’s organization within the company, which began with his hiring in September of 2014. “We were one of the first automakers—I believe the first—to put a consolidated global group in place to deal with cybersecurity,” Massimilla said. “It’s a global organization, very well-funded, and it gets attention from senior management.” Enlarge / General Motors Cybersecurity Chief Jeff Massimilla.General MotorsMassimilla explained that the new security effort was having an impact on how GM develops its systems. “We’re taking a layered approach to security, designing our systems so we can understand what’s going on with them and so they can be updated over time.” Part of that involves building “detection and monitoring and response,” he said, for vulnerabilities and possible exploits of both GM’s back-office systems and those onboard GM vehicles. GM also joined the auto industry’s new Auto ISAC, a cyber threat information sharing and analysis center under the umbrella of the Alliance of Automobile Manufacturers. Massimilla is the vice-chair of the ISAC. “The ISAC is the industry coming together to share threat intelligence and work to take a proactive approach cross-industry to address problems.” He added that GM is also communicating with defense and electronics industry cybersecurity groups as well. Much of what Massimilla and GM are doing maps to the five “stars” proposed in I Am the Cavalry’s automotive safety program launched in August of 2014. It also follows emerging cybersecurity standards being developed by the ISO. “There are a lot of different groups that are looking at different programs that can be a comprehensive framework for security, and security vulnerability disclosure and the ability to work with outside researchers is key for any of them,” Massimilla acknowledged. Designing for security and enabling rapid responses to security problems are major parts of the puzzle—parts that many automakers have started to recognize with no small amount of pain over the past few years. In combination with the Library of Congress’ recent ruling exempting vehicle software from the Digital Millennium Copyright Act (DMCA)—a ruling that will kick in later this year—Corman believes programs like GM’s will draw vulnerability reports that many researchers may have been sitting on for years. “Once people recognize that here’s a welcome mat, people will start reporting more things they’ve found,” he said. “It’s going to be really tough for the other automotive OEMs to not follow suit. Everybody will then start finding bugs faster. They’ll see bugs are dense, not sparse, and that will help them make better design choices in the future.” The result, Corman said, will see an “upward spiral” in automotive safety practices. Automakers and their suppliers aren’t alone in being slow to adopt vulnerability coordination programs. In a survey HackerOne conducted of Forbes 2000 companies last year, 94 percent of the companies who participated said that they had “no identifiable process to respond” to vulnerability disclosures according to Rice. “There are vulnerabilities in every single one of those companies,” he asserted. “Having no process for dealing with them is doing everyone a disservice.”

HostGator is a global provider of web hosting and related services.

Founded in a dorm room at Florida Atlantic University by Brent Oxley, HostGator has grown into a leading provider of Shared, Reseller, VPS, and Dedicated web hosting. HostGator is headquartered in Houston and Austin, Texas, with several international offices throughout the globe.

HostGator Founded

In a Florida dorm room, HostGator’s founder Brent Oxley weighs the pros and cons of naming his company either hostgator.com or gatorhost.com, ultimately choosing the former and registering the domain on October 22, 2002.

The First 100 Customers

As of February 1st, 2003, HostGator had 112 active customers. On the same date, one year later, there would be 1,031 active customers.

blog.hostgator.com Publishes Its First Post

The HostGator blog published its first post, aptly titled “Welcome to Gator Crossing,” on May 4th, 2007. “Gator Crossing” remains the official name of the blog to this day.

Austin Office Opened

Having outgrown the initial Houston office, HostGator again looked West and expanded into a new 100,000 square foot office in Austin, Texas.

500 Employees

As of February, HostGator now has over 500 employees. And we’ve virtually never stopped hiring since!

EIG Acquisition

Changing how the world connects

Mobility, cloud, big data, and the Internet of Things are driving a profound change for businesses, creating massive opportunities for innovation as well as escalating customer expectations. Companies must respond by transforming themselves to move faster than ever. In this Connected Era, how well companies connect the explosion of apps, data and devices will define their success.

MuleSoft provides the platform that changes how businesses connect by making it fast, flexible and easy. APIs are the catalyst for this change, unleashing information and eliminating the friction of integration for unprecedented speed and agility. With Anypoint Platform’s API-led connectivity approach, MuleSoft is lifting the weight of custom connections and freeing companies to innovate faster.

Business transformation for industry leaders

Cloud email services are still not as big as you’d expect, but they’re growing stronger. Those are the results of an automated survey by market analyst Gartner.

According to the survey, 8.5 per cent of public companies use cloud email service from Microsoft’s Office 365, while 4.7 per cent use Google Apps for Work.

The rest 87 per cent use either on-premises, hybrid, hosted or private cloud email, managed by smaller companies.

The automated report looked at a ‘large number’ publicly available email routing records, the company said. By using the email server addresses in the domain records of some 40,000 public companies worldwide, Gartner was able to pinpoint which of those use cloud email from Google or Microsoft.

“Although it is still early days for cloud email adoption, both Microsoft and Google have achieved significant traction among enterprises of different sizes, industries and geographies,” said Nikos Drakos, research vice president at Gartner. “Companies considering cloud email should question assumptions that public cloud email is not appropriate in their region, size or industry. Our findings suggest that many varied organisations are already using cloud email, and the number is growing rapidly.”

Microsoft dominates, especially in industries such as utilities, energy and aerospace, while Google is more present in software publishing, retail, media, food and beverage or education.

“Among public companies using cloud-based email, Microsoft is more popular with larger organisations and has more than an 80 per cent share of companies using cloud email with revenue above $10 billion,” said Jeffrey Mann, research vice president at Gartner. “Google’s popularity is better among smaller companies, approaching a 50 per cent share of companies with revenue less than $50 million.”

Posted by MATTHEW ROSENQUIST in IT Peer Network on Feb 2, 2016 12:03:00 PM

Intel Corporation has a secret advantage to protect itself from cyber threats; a world class Information Technology (IT) shop. The 2015-2016 Intel IT Annual Performance Report showcases the depth of security, operational efficiency, and innovation to deliver robust IT services for business value.

IT is typically a thankless job, relegated to the back office, data centers, network rooms, and call-center cubicles.  Although not a profit center, Intel IT has an important role in the daily business of a global technology innovation and manufacturing giant.  Cybersecurity is an integral part of IT’s job to keep Intel running.

I spent many years working within Intel IT and security operations.  I can say with confidence it is one of the best IT shops in the industry.  The proof is in the report.

Intel IT has produced an annual report for many years to highlight their efforts to enable growth of the business, improve productivity of employees, manage costs, and protect the confidentiality of data and availability of critical systems.

This year is no different.  Intel has a massive network and digital net-worth to protect.  Intel presents a big target to attackers, both internal and external, and must defend itself with industry best practices.  In many cases it is involved in the development and proof-of-concept testing with the Intel Security solutions teams to vet products and request needed capabilities in response to new threats.

Here is a quick rundown of how Intel IT security stands guard.  Security supports over 100k employees in 72 countries, at 153 sites.  They are charged in protecting networks, clouds, servers, storage, PC’s, tablets, phones, and all the applications connecting them.  They must protect very sensitive silicon manufacturing, assembly, and test facilities where robots, chemicals, and people are making the magic of computer chips a reality.

By Andy Thurai on February 3, 2014

In that post, we discussed the different API deployment models as well as the need to understand the components of API management, your target audience and your overall corporate IT strategy. There was a tremendous readership and positive comments on the article. (Thanks for that!). But, there seem to be a little confusion about one particular deployment model we discussed – the Hybrid (SaaS) model. We heard from a number of people asking for more clarity on this model. So here it is.

Meet Hybrid SaaS

A good definition of Hybrid SaaS would be “Deploy the software, as a SaaS service and/or as on-premises solution, make those instances co-exist, securely communicate between each other, and be a seamless extension of each other.”

Large enterprises are grappling with multitudes of issues when they try to move from a primarily corporate datacenter to an all-out-in-cloud approach. Not only that is not feasible, but also it will result in wasting millions of dollars in sunk costs invested in their current datacenter.

The current NSA actions have muddied up the public cloud safety, further undermining enterprise control over applications and data in the cloud. Yet, the pressure to have a mobile first, a cloud first or some API-centric model means enterprises must move some operations to the cloud.

So enterprises are trying a hybrid model to entertain the seemingly contradictory need for agility and security. In doing so, most organizations are building two different flavors of the same services leading to different silos. Obviously the cloud version is more geared towards fast, easily provisioned, low cost and the self-owned data center version would be geared more towards complete integration with existing eco-system. Often, this leads to two different silos.

Most software versions today don’t support Hybrid SaaS because they are not designed to operate both as a service and/or as an in-house install. A true Hybrid SaaS model allows you to install components that operate in both places with similar (if not the same) functions. In addition, there will also be a connector that allows the continuous integration between the components to make this seamless.

Some savvy organizations are intelligent enough to build the consolidated hybrid API model that we have seen.

One API, Expose Anywhere

The ultimate goal is to publish APIs to the right audience with the right enterprise policies, right amount of security, and just the right amount of governance. The motto here is scale when you can, own what you must. What is the right amount for you? It depends on who your developers are, where your APIs are located now, and what sort of security and compliance requirements you have.

The concept of One API is to publish and be available in multiple places, accessed by multiple audiences (internal developers/applications, external developers, and partners) and be available for multiple channels (mobile, social, devices, etc.). All demand a different experience, which is where the hybrid model really excels.

So how does it actually work? In a hybrid API management deployment the API traffic comes directly to the Enterprise and the API metadata is available in two places: on premise and in the cloud.  The API metadataavailable from an on-premise portal is usually targeted to an internal developer.

Here the metadata and API documentation might be slightly different – an internal developer may require a different response format (XML for instance) for integration with internal systems and have a different access mechanism (API keys or internal credential) compared to an external or zero-trust developer. In this case this means that API traffic never goes to the cloud or any developer portal for that matter – this is often a point of confusion in the hybrid model.

Metadata that is available in the cloud would be described differently and use common standards for access such as OAuth and JSON, with rich community features to encourage the adoption of APIs. While the endpoint information is advertised in the cloud, the traffic itself is sent directly to the Enterprise datacenter, with policies enforced by an API gateway. Also, the UX and the registration process is lighter and faster to attract wider audience.

Hybrid SaaS API Management

View sessions running on servers and the SQL statements they are executing

Group, sort and export events to find what you need and share with others

Simple, clean design provides quick start and run in 2 clicks

Easily connect to both local and remote SQL Servers

Idera’s SQL XEvent Profiler emulates the functionality and simplicity of SQL Server Profiler, letting you quickly view data from SQL events and see what’s happening on the server. Plus, it leverages SQL Extended Events (XEvents) as the backing technology — making it more efficient, more powerful and more scalable than SQL Trace.

View SQL Activity in Real-Time

View both the sessions running on your servers and the SQL statements being executed by your users in real time with an easy-to-use, syntax-highlighted UI.

Group, Sort, and Export Events

Simplified grid view provides a list of events that users can group and sort by category (including application name, user, and event type) allowing them to identify the information they need quickly and without the need for scrolling. Users also have the ability to export Event information in xls or pdf files to share with others if necessary.

Elegant Design

“Download and Go” design provides easy install in a few minutes. The clean and simple UI offers users the ability to start and stop XEvent sessions in 2 clicks—just like the SQL Profiler experience they are accustomed to—so they can get a quick peek at what’s happening on the server and move on to other tasks. No need to create or modify cumbersome templates.

Lightweight

Leveraging the SQL Server XEvents technology backend allows Idera’s SQL XEvent Profiler to easily connect to local and remote SQL Servers without slowing them down.

Use Cases

Use this tool for a variety of diagnostic and/or auditing purposes including:

Determine which SQL queries are the highest impact based on CPU, reads, writes or duration

Determine which applications have the heaviest activity

Determine which users are responsible for specific activities on a SQL server

Determine the specific activity resource utilization impact per user

Track user activity for audit purposes