Cisco Webex vulnerabilities may enable attackers to covertly join meetings

Cisco Webex vulnerabilities

Cisco has fixed three bugs in its Cisco Webex video conferencing offering that may allow attackers to:

  • Join Webex meetings without appearing in the participant list (CVE-2020-3419)
  • Covertly maintain an audio connection to a Webex meeting after being expelled from it (CVE-2020-3471)
  • Gain access to information (name, email, IP address, device info) on meeting attendees without being admitted to the meeting (CVE-2020-3441)

About the Cisco Webex vulnerabilities

The three flaws were discovered by IBM researchers, after the company’s research department and the Office of the CISO decided to analyze their primary tool for remote meetings (i.e., Cisco Webex).

“These vulnerabilities work by exploiting the handshake process that Webex uses to establish a connection between meeting participants,” the researchers shared.

“These flaws affect both scheduled meetings with unique meeting URLs and Webex Personal Rooms. Personal rooms may be easier to exploit because they are often based on a predictable combination of the room owner’s name and organization name. These technical vulnerabilities could be further exploited with a combination of social engineering, open source intelligence (OSINT) and cognitive overloading techniques.”

The vulnerabilities can all be exploited by unauthenticated, remote attackers, either by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site or by browsing the Webex roster.

More details about the possible attacks are available in this blog post, though details about the flaws will be limited until more users are able to implement the provided updates/patches.

Patches and security updates

The bugs affect both Cisco Webex Meetings sites (cloud-based) and Cisco Webex Meetings Server (on-premises).

Cisco addressed them in Cisco Webex Meetings sites a few days ago and no user action is required.

Users of Cisco Webex Meetings Server are advised to upgrade to 3.0MR3 Security Patch 5 or 4.0MR3 Security Patch 4, which contain the needed fixes.

CVE-2020-3419 also affects all Cisco Webex Meetings apps releases 40.10.9 and earlier for iOS and Android, so users are urged to implement the provided updates.

WekaIO WekaFS: Unified storage solutions with cloud-native ecosystem partners

WekaIO announced a transformative cloud-native storage solution underpinned by the world’s fastest file system, WekaFS, that unifies and simplifies the data pipeline for performance-intensive workloads and accelerated DataOps.

Weka has developed reference architectures (RAs) with leading object storage technology providers, like Amazon Web Services (AWS), Cloudian, IBM, Seagate, Quantum, Scality, and others in Weka’s Technology Alliance Program, to deliver cost-efficient, cloud-native data storage solutions at any scale.

And Weka’s OEM partnership with Hitachi Vantara will deliver an integrated end-to-end stack solution based on the Hitachi Content Platform.

WekaFS provides the ease of managing petabytes of data in a single, unified namespace wherever in the pipeline the data is stored, while also delivering the best performance to accelerate artificial intelligence/machine learning (AI/ML), genomics research, high-performance computing (HPC), and high-performance data analytics (HPDA) workflows.

Weka’s unified storage solutions with cloud-native ecosystem partners provide the following customer benefits:

  • Faster actionable business intelligence from a single high-performance storage solution
  • Cost-efficiency with the ability to manage, scale, and share data sets
  • Operational agility eliminating storage silos across edge, core, and cloud
  • Enterprise robustness and secure data governance

Manage more petabytes of data cost-effectively and with fewer resources

Extending the WekaFS namespace from high-performance flash to an Amazon Simple Storage Service (S3) REST-enabled cloud object storage system is a simpler and more cost-efficient strategy for managing petascale datasets without compromising performance.

The filesystem metadata resides on flash while seamlessly extending capacity over object storage, private or public. All the I/Os are serviced by the flash tier while leveraging the object tier for capacity scaling.

WekaFS allows data portability across multiple consumption models supporting both private and public clouds with the ability to extend the namespace across both. A cloud-first model delivers the best storage efficiency and TCO across consumption models and data tiers.

Facilitating data protection, mobility, and DR

As data has become a strategic asset for businesses, lifecycle management is paramount. However, the datasets encountered in AI/ML, genomics, HPC, and HPDA have grown so big and agile that traditional backup and DR applications fall short, creating siloed namespaces and workflows that are lacking operational agility and data protection.

Data versioning is achieved using Weka’s instant and space-efficient snapshots capability for experiment reproducibility and explainability. The snap-to-object feature captures a point-in-time copy of the entire, unified (flash and object store) file namespace that can be presented as another file namespace instance in a private or public cloud.

Weka’s integrated snapshots and end-to-end encryption features ensure data is always backed up and secure throughout its lifecycle. WekaFS also provides immutability and data mobility for these datasets with instant recovery.

Weka has partnered with leading private and public cloud partners to ensure a fully validated and performant storage solution ecosystem, including these certified solutions: AWS S3, AWS Outposts, Cloudian HyperStore, Hitachi Content Platform (HCP), IBM Cloud Object System (IBM COS), Quantum ActiveScale, and Scality RING.

A new threat matrix outlines attacks against machine learning systems

A report published last year has noted that most attacks against artificial intelligence (AI) systems are focused on manipulating them (e.g., influencing recommendation systems to favor specific content), but that new attacks using machine learning (ML) are within attackers’ capabilities.

attacks machine learning systems

Microsoft now says that attacks on machine learning (ML) systems are on the uptick and MITRE notes that, in the last three years, “major companies such as Google, Amazon, Microsoft, and Tesla, have had their ML systems tricked, evaded, or misled.” At the same time, most businesses don’t have the right tools in place to secure their ML systems and are looking for guidance.

Experts at Microsoft, MITRE, IBM, NVIDIA, the University of Toronto, the Berryville Institute of Machine Learning and several other companies and educational organizations have therefore decided to create the first version of the Adversarial ML Threat Matrix, to help security analysts detect and respond to this new type of threat.

What is machine learning (ML)?

Machine learning is a subset of artificial intelligence (AI). It is based on computer algorithms that ingest “training” data and “learn” from it, and finally deliver predictions, decisions, or accurately classify things.

Machine learning algorithms are used for tasks like identifying spam, detecting new threats, predicting user preferences, performing medical diagnoses, and so on.

Security should be built in

Mikel Rodriguez, a machine learning researcher at MITRE who also oversees MITRE’s Decision Science research programs, says that we’re now at the same stage with AI as we were with the internet in the late 1980s, when people were just trying to make the internet work and when they weren’t thinking about building in security.

We can learn from that mistake, though, and that’s one of the reasons the Adversarial ML Threat Matrix has been created.

“With this threat matrix, security analysts will be able to work with threat models that are grounded in real-world incidents that emulate adversary behavior with machine learning,” he noted.

Also, the matrix will help them think holistically and spur better communication and collaboration across organizations by giving a common language or taxonomy of the different vulnerabilities, he says.

The Adversarial ML Threat Matrix

“Unlike traditional cybersecurity vulnerabilities that are tied to specific software and hardware systems, adversarial ML vulnerabilities are enabled by inherent limitations underlying ML algorithms. Data can be weaponized in new ways which requires an extension of how we model cyber adversary behavior, to reflect emerging threat vectors and the rapidly evolving adversarial machine learning attack lifecycle,” MITRE noted.

The matrix has been modeled on the MITRE ATT&CK framework.

attacks machine learning systems

The group has demonstrated how previous attacks – whether by researchers, read teams or online mobs – can be mapped to the matrix.

They also stressed that it’s going to be routinely updated as feedback from the security and adversarial machine learning community is received. They encourage contributors to point out new techniques, propose best (defense) practices, and share examples of successful attacks on machine learning (ML) systems.

“We are especially excited for new case-studies! We look forward to contributions from both industry and academic researchers,” MITRE concluded.

Is the skills gap preventing you from executing your enterprise strategy?

As many business leaders look to close the skills gap and cultivate a sustainable workforce amid COVID-19, an IBM Institute for Business Value (IBV) study reveals less than 4 in 10 human resources (HR) executives surveyed report they have the skills needed to achieve their enterprise strategy.

skills gap enterprise

COVID-19 exacerbated the skills gap in the enterprise

Pre-pandemic research in 2018 found as many as 120 million workers surveyed in the world’s 12 largest economies may need to be retrained or reskilled because of AI and automation in the next three years.

That challenge has only been exacerbated in the midst of the COVID-19 pandemic – as many C-suite leaders accelerate digital transformation, they report inadequate skills is one of their biggest hurdles to progress.

Employers should shift to meet new employee expectations

Ongoing consumer research also shows surveyed employees’ expectations for their employers have significantly changed during the COVID-19 pandemic but there’s a disconnect in how effective leaders and employees believe companies have been in addressing these gaps.

74% of executives surveyed believe their employers have been helping them learn the skills needed to work in a new way, compared to just 38% of employees surveyed, and 80% of executives surveyed said their company is supporting employees’ physical and emotional health, but only 46% of employees surveyed agreed.

“Today perhaps more than ever, organizations can either fail or thrive based on their ability to enable the agility and resiliency of their greatest competitive advantage – their people,” said Amy Wright, managing partner, IBM Talent & Transformation.

“Business leaders should shift to meet new employee expectations brought on by the COVID-19 pandemic, such as holistic support for their well-being, development of new skills and a truly personalized employee experiences even while working remotely.

“It’s imperative to bring forward a new era of HR – and those companies that were already on the path are better positioned to succeed amid disruption today and in the future.”

The study includes insights from more than 1,500 global HR executives surveyed in 20 countries and 15 industries. Based on those insights, the study provides a roadmap for the journey to the next era of HR, with practical examples of how HR leaders at surveyed “high-performing companies” – meaning those that outpace all others in profitability, revenue growth and innovation – can reinvent their function to build a more sustainable workforce.

Additional highlights

  • Nearly six in 10 high performing companies surveyed report using AI and analytics to make better decisions about their talent, such as skilling programs and compensation decisions. 41% are leveraging AI to identify skills they’ll need for the future, versus 8% of responding peers.
  • 65% of surveyed high performing companies are looking to AI to identify behavioral skills like growth mindset and creativity for building diverse adaptable teams, compared to 16% of peers.
  • More than two thirds of all respondents said agile practices are essential to the future of HR. However, less than half of HR units in participating organizations have capabilities in design thinking and agile practices.
  • 71% of high performing companies surveyed report they are widely deploying a consistent HR technology architecture, compared to only 11% of others.

“In order to gain long-term business alignment between leaders and employees, this moment requires HR to operate as a strategic advisor – a new role for many HR organizations,” said Josh Bersin, global independent analyst and dean of the Josh Bersin Academy.

“Many HR departments are looking to technology, such as the cloud and analytics, to support a more cohesive and self-service approach to traditional HR responsibilities. Offering employee empowerment through holistic support can drive larger strategic change to the greater business.”

skills gap enterprise

Three core elements to promote lasting change

According to the report, surveyed HR executives from high-performing companies were eight times as likely as their surveyed peers to be driving disruption in their organizations. Among those companies, the following actions are a clear priority:

  • Accelerating the pace of continuous learning and feedback
  • Cultivating empathetic leadership to support employees’ holistic well-being
  • Reinventing their HR function and technology architecture to make more real-time data-driven decisions

IBM helps KAZ Minerals protect and maintain operations, even in case of a disaster

IBM announced it has built a disaster recovery site using IBM Cloud infrastructure, intended to help KAZ Minerals protect and maintain operations – even in case of a disaster.

KAZ Minerals is a high growth company focused on large scale, low cost open pit copper mining in the CIS region, and with a track record for the successful delivery of greenfield mining projects.

With natural disasters globally becoming more common and unpredictable, the company needed to update its business continuity planning, so it turned to IBM to develop a cloud-based disaster recovery site for its on-premises data center.

The disaster recovery site was built using IBM Cloud Bare Metal Servers and VMware Site Recovery Manager with vSphere Replication. The solution is designed to automate the processes of migrating, recovering, testing, re-protecting and failing-back virtual machine workloads and achieve target service level objectives.

The hybrid cloud approach to combining disaster recovery site in cloud with the on-premises data center will position KAZ Minerals to efficiently restore mission critical business applications, including enterprise resource planning and analytics, in case a disaster affects the data center.

By using IBM public cloud, the company will be able to take advantage of the native redundancy, scalability, availability and flexibility of the cloud platform. In addition, by running its disaster recovery system in the cloud, KAZ Minerals is able to avoid spending on additional IT infrastructure associated with setting up an on-premises system.

“With our asset base mainly consisting of large scale and low cost copper mines, we need to keep the operating overheads at bay and the IBM’s cloud-based disaster recovery solution does exactly that – by eliminating the need for additional capex while providing a clear price/usage pattern,” said Stanislav Dmitriyev, Group IT Director at KAZ Minerals.

The cloud-based disaster recovery site was set up in just four months by IBM Services. The required resources are immediately scaled up in case of a disaster, while in the normal data center operation mode, the cloud services costs are kept to a minimum.

“By choosing the hybrid cloud approach, KAZ Minerals has prepared for its business resiliency without making the IT infrastructure redundant and may focus on the primary operations and strategic development,” said Denys Petrov, Country General Manager of IBM in Kazakhstan.

Disaster recovery site consists of information technologies and best practices designed to prevent or minimize data loss and business disruption resulting from catastrophic events—everything from equipment failures and localized power outages to cyberattacks, natural disasters and other disruptive events. Cloud-based backup and disaster recovery solutions support both on-premises and cloud-based production environments.

“We see an interest from clients in cloud-based disaster recovery solutions to help them thrive in the new reality. Many of our clients have thousands of applications. Maintaining and securing these in a hybrid cloud environment is critical to their success.

“Agility is key, and our cloud resources and virtualization technologies allow IBM to implement complex infrastructure projects in quick timeframes and provide large industrial clients such as KAZ Minerals with disaster recovery solutions to address their business requirements and protect their business-critical workloads,” said Nikolay Molchanov, Infrastructure Services Leader, IBM Russia and the CIS.

IBM accelerates its hybrid cloud growth strategy to drive digital transformations for its clients

IBM announced it will accelerate its hybrid cloud growth strategy to drive digital transformations for its clients. Additionally, IBM will separate its Managed Infrastructure Services unit of its Global Technology Services division into a new public company (“NewCo”). This creates two industry-leading companies, each with strategic focus and flexibility to drive client and shareholder value.

The separation is expected to be achieved as a tax-free spin-off to IBM shareholders, and completed by the end of 2021.

“IBM is laser-focused on the $1 trillion hybrid cloud opportunity,” said Arvind Krishna, IBM Chief Executive Officer. “Client buying needs for application and infrastructure services are diverging, while adoption of our hybrid cloud platform is accelerating. Now is the right time to create two market-leading companies focused on what they do best.

“IBM will focus on its open hybrid cloud platform and AI capabilities. NewCo will have greater agility to design, run and modernize the infrastructure of the world’s most important organizations. Both companies will be on an improved growth trajectory with greater ability to partner and capture new opportunities – creating value for clients and shareholders.”

“We have positioned IBM for the new era of hybrid cloud,” said Ginni Rometty, IBM Executive Chairman. “Our multi-year transformation created the foundation for the open hybrid cloud platform, which we then accelerated with the acquisition of Red Hat. At the same time, our managed infrastructure services business has established itself as the industry leader, with unrivaled expertise in complex and mission-critical infrastructure work.

“As two independent companies, IBM and NewCo will capitalize on their respective strengths. IBM will accelerate clients’ digital transformation journeys, and NewCo will accelerate clients’ infrastructure modernization efforts. This focus will result in greater value, increased innovation, and faster execution for our clients.”

IBM, a leading hybrid cloud and AI company

IBM will focus on its open hybrid cloud platform, which represents a $1 trillion market opportunity. Building on IBM’s hybrid cloud foundation, the company acquired Red Hat to unlock the full value of the cloud for clients, further accelerating adoption of the platform.

This platform facilitates the deployment of powerful AI capabilities to enable the power of data, application modernization services, and systems. These are all underpinned by the security, unmatched expertise in industry verticals, and deep commitment to open source innovation that clients expect from IBM.

With tighter integration and focus on its open hybrid cloud and AI solutions, IBM will move from a company with more than half of its revenues in services to one with a majority in high-value cloud software and solutions. IBM will also have more than 50% of its portfolio in recurring revenues.

IBM’s open hybrid cloud platform architecture, based on RedHat OpenShift, works with the entire range of clients’ existing IT infrastructures, regardless of vendor. This platform allows clients to “write-once/run-anywhere,” and enables a hybrid cloud approach that drives up to 2.5 times more value for clients than a public cloud-only solution.

IBM’s unique full-stack capabilities and large ecosystem of partners and ISV’s deliver innovation and enable clients to unlock the full value of the hybrid cloud and their data.

IBM’s software portfolio, focused on data and AI, automation, and security, enables the widest access to innovation through open source.

IBM’s business, strategy and technology consultants help clients transform by modernizing their existing applications, and by building new AI-infused data analysis capabilities on the leading open hybrid cloud platform.

IBM’s secure, mission-critical public cloud is designed to provide all required regulatory controls, and offers clients a foundation of open source software, security leadership, and enterprise-grade infrastructure.

IBM’s Systems business, integrated with the hybrid cloud platform, allows cloud-native developers to capitalize on the unique capabilities of IBM’s hardware. Leveraging its long-term relationships with clients, IBM will continue to drive the innovation in hardware that enterprises rely on for their most mission-critical computing needs.

As part of this strategic acceleration, IBM is taking action to simplify and optimize its operating model for speed and growth. This includes streamlining its geographic model and transforming its go-to-market structure to better engage with and support clients.

IBM is also continuing to consolidate its shared services. This simplified and focused operating model will support accelerated innovation for the hybrid cloud, and provide more flexibility to increase investment in growth areas. The result will be an enhanced financial profile with a clear trajectory for improved revenue and profit growth.

NewCo, the leading managed infrastructure services company

The new company (to be named at a subsequent date) will immediately be the world’s leading managed infrastructure services provider. It has relationships with more than 4,600 technology-intensive, highly regulated clients in 115 countries, including more than 75% of the Fortune 100, a backlog of $60 billion, and more than twice the scale of its nearest competitor.

The new company will be entirely focused on managing and modernizing client-owned infrastructures, a $500 billion market opportunity. It will leverage its unrivaled expertise to offer hosting and network services, services management, infrastructure modernization, and migrating and managing multi-cloud environments. These are critical services that are core to client operations.

With a streamlined business model, NewCo will create value by helping enterprises optimize their performance through AI and automation. NewCo’s services will enable enterprises to build agility and efficiency into their infrastructure and datacenters.

NewCo will be able to better modernize infrastructures for an unparalleled roster of clients in all industries, with relationships that have been built over decades.

NewCo will extend its leadership through increased investment in the next generation of transformational managed infrastructure services, with more opportunity for margin expansion, profit growth and cash generation.

NewCo will also be able to partner fully across all cloud vendors, opening new avenues for growth, while maintaining a strong strategic partnership with IBM and continuing to serve existing and new clients.

Separation transaction details

The proposed separation is expected to be effected through a pro-rata spin-off to IBM shareowners that will be tax-free for U.S. federal income tax purposes.

The transaction is subject to customary closing conditions, including Form 10 registration with the U.S. Securities and Exchange Commission, receipt of a tax opinion from counsel, and final approval by IBM’s Board of Directors. The separation is currently expected to be completed by the end of 2021.

Following separation, the companies together are initially expected to pay a combined quarterly dividend that is no less than IBM’s pre-spin dividend per share. Following the completion of the separation, each company’s dividend policy will be determined by its respective Board of Directors.

One-time transaction costs are expected to include tax charges, operational separation activities, and other customary items.

J.P. Morgan Securities LLC and Lazard are serving as financial advisors for the transaction, with Paul, Weiss, Rifkind, Wharton & Garrison LLP acting as legal advisor.

Preliminary third-quarter results

In connection with today’s announcement, IBM is providing preliminary financial results for the third quarter ended September 30, 2020. IBM expects to report revenue of $17.6 billion, GAAP diluted earnings per share from continuing operations of $1.89, and operating (non-GAAP) earnings per share of $2.58.

As IBM is currently in its normal financial closing process, these are approximate figures and are subject to revision until IBM reports its full third-quarter results as planned later this month.

Inadequate skills and employee burnout are the biggest barriers to digital transformation

Nearly six in ten organizations have accelerated their digital transformation due to the COVID-19 pandemic, an IBM study of global C-suite executives revealed.

barriers digital transformation

Top priorities are shifting dramatically as executives plan for an uncertain future

Digital transformation barriers

Traditional and perceived barriers like technology immaturity and employee opposition to change have fallen away – in fact, 66% of executives surveyed said they have completed initiatives that previously encountered resistance.

Participating businesses are seeing more clearly the critical role people play in driving their ongoing transformation. Leaders surveyed called out organizational complexity, inadequate skills and employee burnout as the biggest hurdles to overcome – both today and in the next two years.

The study finds a significant disconnect in how effective leaders and employees believe companies have been in addressing these gaps. 74% of executives surveyed believe they have been helping their employees learn the skills needed to work in a new way, just 38% of employees surveyed agree.

80% of executives surveyed say that they are supporting the physical and emotional health of their workforce, while just 46% of employees surveyed feel that support.

The study which includes input from more than 3,800 C-suite executives in 20 countries and 22 industries, shows that executives surveyed are facing a proliferation of initiatives due to the pandemic and having difficulty focusing, but do plan to prioritize internal and operational capabilities such as workforce skills and flexibility – critical areas to address in order to jumpstart progress.

“For many the pandemic has knocked down previous barriers to digital transformation, and leaders are increasingly relying on technology for mission-critical aspects of their enterprise operations,” said Mark Foster, senior vice president, IBM Services.

“But looking ahead, leaders need to redouble their focus on their people as well as the workflows and technology infrastructure that enable them – we can’t underestimate the power of empathetic leadership to drive employees’ confidence, effectiveness and well-being amid disruption.”

The study reveals three proactive steps that emerging leaders surveyed are taking to survive and thrive.

Improving operational scalability and flexibility

The ongoing disruption of the pandemic has shown how important it can be for businesses to be built for change. Many executives are facing demand fluctuations, new challenges to support employees working remotely and requirements to cut costs.

In addition, the study reveals that the majority of organizations are making permanent changes to their organizational strategy. For instance, 94% of executives surveyed plan to participate in platform-based business models by 2022, and many reported they will increase participation in ecosystems and partner networks.

Executing these new strategies may require a more scalable and flexible IT infrastructure. Executives are already anticipating this: the survey showed respondents plan a 20 percentage point increase in prioritization of cloud technology in the next two years.

What’s more, executives surveyed plan to move more of their business functions to the cloud over the next two years, with customer engagement and marketing being the top two cloudified functions.

Applying AI and automation to help make workflows more intelligent

COVID-19 has disrupted critical workflows and processes at the heart of many organizations’ core operations. Technologies like AI, automation and cybersecurity that could help make workflows more intelligent, responsive and secure are increasing in priority across the board for responding global executives. Over the next two years, the report finds:

  • Prioritization of AI technology will increase by 20 percentage points
  • 60% of executives surveyed say they have accelerated process automation, and many will increasingly apply automation across all business functions
  • 76% of executives surveyed plan to prioritize cybersecurity – twice as many as deploy the technology today.

As executives increasingly invest in cloud, AI, automation and other exponential technologies, leaders should keep in mind the users of that technology – their people. These digital tools should enable a positive employee experience by design, and support people’s innovation and productivity.

barriers digital transformation

COVID-19 created a sense of urgency around digital transformation

Leading, engaging and enabling the workforce in new ways

The study showed placing a renewed focus on people may be critical amid the COVID-19 pandemic while many employees are working outside of traditional offices and dealing with heightened personal stress and uncertainty.

Ongoing IBV consumer research has shown that the expectations employees have of their employers have shifted amidst the pandemic – employees now expect that their employers will take an active role in supporting their physical and emotional health as well as the skills they need to work in new ways.

To address this gap, executives should place deeper focus on their people, putting employees’ end-to-end well-being first. Empathetic leaders who encourage personal accountability and support employees to work in self-directed squads that apply design thinking, Agile principles and DevOps tools and techniques can be beneficial.

Organizations should also think about adopting a holistic, multi-modal model of skills development to help employees develop both the behavioral and technical skills required to work in the new normal and foster a culture of continuous learning.

Red Hat Marketplace: Buy, deploy and manage enterprise software

The Red Hat Marketplace is a one-stop-shop to find, try, buy, deploy and manage enterprise applications across an organization’s hybrid IT infrastructure, including on-premises and multicloud environments.

Red Hat Marketplace

A private, personalized marketplace experience is also available with Red Hat Marketplace Select at an additional cost for enterprises that want additional control and governance with curated software for more efficiency and scale that is pre-approved for that particular enterprise.

Red Hat Marketplace and Red Hat Marketplace Select, operated by IBM, deliver an ecosystem of software from a range of independent software vendors (ISVs) built on Red Hat OpenShift to provide clients with modern, consistent solution discovery, trial, purchase and deployment. Red Hat OpenShift allows for the portability of mission-critical workloads across secured hybrid cloud environments with certified enterprise software that can help companies avoid vendor lock-in.

For companies building cloud-native infrastructure and applications, Red Hat Marketplace is an essential destination for unlocking the value of cloud investments, designed to minimize the barriers facing global organizations as they accelerate innovation. A growing ecosystem of ISVs has embraced the marketplace because it offers them an efficient, vendor-neutral, and data-driven channel for selling and supporting products in enterprise accounts.

The growing list of more than 50 commercial products available for purchase includes leading solutions across 12 different categories—including AI/ML, Database, Monitoring, Security, Storage, Big Data, Developer tools, and more—from ISVs such as Anchore, Cockroach Labs, CognitiveScale, Couchbase, Dynatrace, KubeMQ, MemSQL, MongoDB, and StorageOS.

All products are certified for Red Hat OpenShift and offered with commercial support. Built on the open Kubernetes Operator Framework, they can run on OpenShift like a cloud service, with capabilities like automated install and upgrade, backup, failover and recovery. With one of the largest commercial collections of portable, managed software built on open standards, Red Hat Marketplace is designed to help solve client challenges for hybrid, multicloud environments with features that are purpose-built for DevOps teams, buyers, IT leaders, and CIOs.

New power in the customer’s control

As organizations operate within hybrid cloud environments, they are increasingly concerned about governance and control of the applications running in those environments. To address this concern, the private version—Red Hat Marketplace Select—allows clients to not only provide their teams with easy access to curated, pre-approved software, but also to track usage and spending by departments of all the software deployed across hybrid cloud environments.

Marketplace customers are finding specific and strategic ways to take advantage of the marketplace. Anthem Inc. is pioneering personalized, predictive, and preventative solutions through efforts that include models enabled by AI. To accomplish their mission, they require a hybrid cloud platform that allows for secured data transfer between multiple parties. Anthem has been working closely with CognitiveScale, one of the ISVs on Red Hat Marketplace, and is now ready to move into the next phase by collaborating with Red Hat to create one of the first customized marketplaces for themselves through Red Hat Marketplace Select.

Leveraging the power of Red Hat OpenShift

With automated deployment, Red Hat Marketplace makes software instantly available for deployment on any Red Hat OpenShift cluster. Red Hat OpenShift is the industry’s most comprehensive enterprise Kubernetes platform, enabling portable, cloud-native software to run as a managed service by embedding operational expertise alongside the software itself.

Software programs available through Red Hat Marketplace can be deployed across the open hybrid cloud and operate in any environment with minimal set-up and overhead, making management at scale easy. With the integration of the enterprise-grade Kubernetes capabilities within Red Hat OpenShift, organizations can achieve build-once, run-anywhere portability across hybrid cloud platforms.

“We believe that removing the operational barriers to deploy and manage new tools and technologies can help organizations become more agile in hybrid multicloud environments. The software available on Red Hat Marketplace is tested, certified and supported on Red Hat OpenShift to enable built-in management logic and streamline implementation processes. This helps customers run faster with automated deployments while enjoying the improved scalability, security, and orchestration capabilities of Kubernetes-native infrastructure,” said Lars Herrmann, senior director, Technology Partnerships, Red Hat.

BT Security announces critical security partners for global portfolio

BT Security has announced the key partners that it will work with going forward to provide industry-leading managed security services to customers. The decision follows BT’s largest-ever appraisal of its security suppliers, and a comprehensive review of the security vendor ecosystem as a whole.

BT’s decision to refine its security partner base was driven by the recognition that many of its customers find it difficult to navigate today’s complex security landscape.

The huge range of suppliers and products in the market can be bewildering, and lead to the adoption of multiple overlapping systems. This in turn can render security estates difficult to manage, burdened with unnecessary costs and, ultimately, with lower overall levels of protection.

BT Security is reflecting its customers’ desire to reduce complexity by having a leaner set of partners and clearly laying out its view of the best providers for specific security requirements.

The confirmed partners were agreed following a detailed evaluation of their respective capabilities across all security control and threat management technologies. The final selection provides BT’s view of the security market’s leading providers, who will support a harmonized portfolio of solutions to its customers going forward.

Kevin Brown, Managing Director of BT Security, said: “Our new security partner ecosystem showcases the benefits of BT Security as a Managed Security Services Provider. We’re able to use our deep experience and insight of the security ecosystem to help our customers navigate what can be an incredibly confusing market.

“We’re also ensuring that BT Security customers will benefit from working with the best suppliers from across the security industry.”

McAfee, Palo Alto Networks and Fortinet were selected as BT Security’s ‘Critical Partners’. Each of those companies will provide a range of services and products that will be incorporated into BT Security’s global portfolio, as well as providing holistic support to its commercial and operational activities.

BT Security will also work with these partners to develop a roadmap of security solutions which continue to reflect evolving customer demands and integrate the latest developments in security automation.

Lynn Doherty, Executive Vice President of Global Sales and Marketing at McAfee, said: “We’re proud to partner with BT to fight against cybercrime and accelerate new business environments for our customers as they look for more solution integrations, deeper engagement and faster modernization efforts.

“Together through our strategic service provider partners, like BT, McAfee is able to deliver world class security services that enable organizations to evolve their defenses into areas like Secure Access Service Edge (SASE) and Extended Detection and Response (XDR).”

Alex Zinin, VP, Global Service Provider Business at Palo Alto Networks, said: “We’ve been working closely with BT Security for several years to bring innovative cybersecurity solutions to our joint customers.

“We are honored to be selected as one of their critical partners to continue this close collaboration, in recognition of the breadth of our security capabilities across multiple market segments. This comes at a time when it’s never been more essential for communications and security to be closely aligned to help all organisations with staff working remotely.

“We look forward to working together as we strive to make each day safer and more secure than the one before.”

John Maddison, Executive Vice President of Products and Chief Marketing Officer at Fortinet, said: “Digital Innovation is disrupting all industries, markets, and segments, leading to increased risk as cyber threats take advantage of this disruption.

“To protect against known advanced threats as well as unknown sophisticated attacks, Fortinet enables organizations to apply security anywhere and protect all edges – including WAN, cloud, data center, endpoint, identity, and home – while reducing the number of required products to save costs and remove complexity.

“We’re proud to partner with BT Security to help customers address the most critical security challenges and protect data across the entire digital infrastructure.”

Microsoft, IBM and Cisco were all confirmed as ‘Strategic Partners’ for BT Security. This categorization reflects not only their relationship with BT Security, but also their broader activities and remit across the whole of BT.

BT Security also confirmed a further nine ‘Ecosystem Partners’, who will be incorporated into its global portfolio of solutions for customers due to their complementary technology capabilities. These partners are Skybox, Forescout, Zscaler, Check Point, CrowdStrike, Okta, Qualys, Netscout and F5.

Through deeper strategic relationships, BT Security and its partners will work together to provide better customer experience and protection, while those selected partners will also be BT Security’s main collaborators as they look to develop future customer solutions.

BT Security will regularly review the partnerships to monitor the latest vendor developments, while continuing to assess the wider industry for new and emergent security companies and technologies.

New IBM POWER10 processor has transparent memory encryption for end-to-end security

IBM revealed the next generation of its IBM POWER CPU family: IBM POWER10. Designed to offer a platform to meet the unique needs of enterprise hybrid cloud computing, the IBM POWER10 processor uses a design focused on energy efficiency and performance in a 7nm form factor with an expected improvement of up to 3x greater processor energy efficiency, workload capacity, and container density than the IBM POWER9 processor.

IBM POWER10

Designed over five years with hundreds of new and pending patents, the IBM POWER10 processor is an important evolution in IBM’s roadmap for POWER. Systems taking advantage of IBM POWER10 are expected to be available in the second half of 2021. Some of the new processor innovations include:

  • AIBM’s first commercialized 7nm processor that is expected to deliver up to a 3x improvement in capacity and processor energy efficiency within the same power envelope as IBM POWER9, allowing for greater performance.
  • Support for multi-petabyte memory clusters with a breakthrough new technology called Memory Inception, designed to improve cloud capacity and economics for memory-intensive workloads from ISVs like SAP, the SAS Institute, and others as well as large-model AI inference.
  • New hardware-enabled security capabilities including transparent memory encryption designed to support end-to-end security. The IBM POWER10 processor is engineered to achieve significantly faster encryption performance with quadruple the number of AES encryption engines per core compared to IBM POWER9 for today’s most demanding standards and anticipated future cryptographic standards like quantum-safe cryptography and fully homomorphic encryption. It also brings new enhancements to container security.
  • New processor core architectures in the IBM POWER10 processor with an embedded Matrix Math Accelerator which is extrapolated to provide 10x, 15x and 20x faster AI inference for FP32, BFloat16 and INT8 calculations per socket respectively than the IBM POWER9 processor to infuse AI into business applications and drive greater insights.

“Enterprise-grade hybrid clouds require a robust on-premises and off-site architecture inclusive of hardware and co-optimized software,” said Stephen Leonard, GM of IBM Cognitive Systems.

“With IBM POWER10 we’ve designed the premier processor for enterprise hybrid cloud, delivering the performance and security that clients expect from IBM. With our stated goal of making Red Hat OpenShift the default choice for hybrid cloud, IBM POWER10 brings hardware-based capacity and security enhancements for containers to the IT infrastructure level.”

IBM POWER10 7nm form factor delivers energy efficiency and capacity gains

IBM POWER10 is IBM’s first commercialized processor built using 7nm process technology. IBM Research has been partnering with Samsung Electronics on research and development for more than a decade, including demonstration of the semiconductor industry’s first 7nm test chips through IBM’s Research Alliance.

With this updated technology and a focus on designing for performance and efficiency, IBM POWER10 is expected to deliver up to a 3x gain in processor energy efficiency per socket, increasing workload capacity in the same power envelope as IBM POWER9. This anticipated improvement in capacity is designed to allow IBM POWER10-based systems to support up to 3x increases in users, workloads and OpenShift container density for hybrid cloud workloads as compared to IBM POWER9-based systems.

This can affect multiple datacenter attributes to drive greater efficiency and reduce costs, such as space and energy use, while also allowing hybrid cloud users to achieve more work in a smaller footprint.

Hardware enhancements to further secure the hybrid cloud

IBM POWER10 offers hardware memory encryption for end-to-end security and faster cryptography performance thanks to additional AES encryption engines for both today’s leading encryption standards as well as anticipated future encryption protocols like quantum-safe cryptography and fully homomorphic encryption.

Further, to address new security considerations associated with the higher density of containers, IBM POWER10 is designed to deliver new hardware-enforced container protection and isolation capabilities co-developed with the IBM POWER10 firmware.

If a container were to be compromised, the POWER10 processor is designed to be able to prevent other containers in the same Virtual Machine (VM) from being affected by the same intrusion.

Cyberattacks are continuing to evolve, and newly discovered vulnerabilities can cause disruptions as organizations wait for fixes. To better enable clients to proactively defend against certain new application vulnerabilities in real-time, IBM POWER10 is designed to give users dynamic execution register control, meaning users could design applications that are more resistant to attacks with minimal performance loss.

[embedded content]

Multi-petabyte size memory clustering

IBM POWER has long been a leader in supporting a wide range of flexible deployments for hybrid cloud and on-premises workloads through a combination of hardware and software capabilities.

The IBM POWER10 processor is designed to elevate this with the ability to pool or cluster physical memory across IBM POWER10-based systems, once available, in a variety of configurations.

In a breakthrough new technology called Memory Inception, the new processor is designed to allow any of the IBM POWER10 processor-based systems in a cluster to access and share each other’s memory, creating multi-Petabyte sized memory clusters.

For both cloud users and providers, Memory Inception offers the potential to drive cost and energy savings, as cloud providers can offer more capability using fewer servers, while cloud users can lease fewer resources to meet their IT needs.

Infusing AI into the enterprise hybrid cloud to drive deeper insights

As AI continues to be more and more embedded into business applications in transactional and analytical workflows, AI inferencing is becoming central to enterprise applications. The IBM POWER10 processor is designed to enhance in-core AI inferencing capability without requiring additional specialized hardware.

With an embedded Matrix Math Accelerator, the IBM POWER10 processor is expected to achieve 10x, 15x, and 20x faster AI inference for FP32, BFloat16 and INT8 calculations respectively to improve performance for enterprise AI inference workloads as compared to IBM POWER9, helping enterprises take the AI models they trained and put them to work in the field.

With IBM’s broad portfolio of AI software, the processor is expected to help infuse AI workloads into typical enterprise applications to glean more impactful insights from data.

Building the enterprise hybrid cloud of the future

With hardware co-optimized for Red Hat OpenShift, IBM POWER10-based servers will deliver the future of the hybrid cloud when they become available in the second half of 2021.

Samsung Electronics will manufacture the processor, combining Samsung’s semiconductor manufacturing technology with IBM’s CPU designs.

Adopting more tools doesn’t necessarily improve security response efforts

While organizations have slowly improved in their ability to plan for, detect and respond to cyberattacks over the past five years, their ability to contain an attack has declined by 13% during this same period, IBM reveals.

security response efforts

The global survey conducted by Ponemon Institute found that respondents’ security response efforts were hindered by the use of too many security tools, as well as a lack of specific playbooks for common attack types.

Lack of security response planning

While security response planning is slowly improving, 74% of organizations surveyed are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all.

This lack of planning can impact the cost of security incidents, as companies who that have incident response teams and extensively test their incident response plans spend an average of $1.2 million less on data breaches than those who have both of these cost-saving factors in place.

The key findings include:

  • Slowly improving: More surveyed organizations have adopted formal, enterprise-wide security response plans over the past 5 years of the study; growing from 18% of respondents in 2015, to 26% in this year’s report (a 44% improvement.)
  • Playbooks needed: Even amongst those with a formal security response plan, only one third (representing 17% of total respondents) had developed specific playbooks for common attack types – and plans for emerging attack methods like ransomware lagged even further behind.
  • Complexity hinders response: The amount of security tools that an organization was using had a negative impact across multiple categories of the threat lifecycle amongst those surveyed. Organizations using 50+ security tools ranked themselves 8% lower in their ability to detect, and 7% lower in their ability to respond to an attack, than those respondents with less tools.
  • Better planning, less disruption: Companies with formal security response efforts applied across the business were less likely to experience significant disruption as the result of a cyberattack; over the past two years, only 39% of these companies experienced a disruptive security incident, compared to 62% of those with less formal/consistent plans.

“While more organizations are taking incident response planning seriously, preparing for cyberattacks isn’t a one and done activity,” said Wendi Whitmore, Vice President of IBM X-Force Threat Intelligence.

“Organizations must also focus on testing, practicing and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complexity challenges and speed the time it takes to contain an incident.”

Updating playbooks for emerging threats

The survey found that even amongst organizations with a formal cybersecurity incident response plan (CSIRP), only 33% had playbooks in place for specific types of attacks.

Since different breeds of attack require unique response techniques, having pre-defined playbooks provides organizations with consistent and repeatable action plans for the most common attacks they are likely to face.

Amongst the minority of responding organizations who do have attack-specific playbooks, the most common playbooks are for DDoS attacks (64%) and malware (57%). While these methods have historically been top issues for the enterprise, additional attack methods such as ransomware are on the rise.

While ransomware attacks have spiked nearly 70% in recent years, only 45% of those in the survey using playbooks had designated plans for ransomware attacks.

Additionally, 52% of those with security response plans said they have never reviewed or have no set time period for reviewing/testing those plans. With business operations changing rapidly due to an increasingly remote workforce, and new attack techniques constantly being introduced, this data suggests that surveyed businesses may be relying on outdated response plans which don’t reflect the current threat and business landscape.

More tools led to worse response capabilities

The report also found that complexity is negatively impacting incident response capabilities. Those surveyed estimated their organization was using more than 45 different security tools on average, and that each incident they responded to required coordination across around 19 tools on average.

However, the study also found that an over-abundance of tools may actually hinder organizations ability to handle attacks. In the survey, those using more than 50 tools ranked themselves 8% lower in their ability to detect an attack (5.83/10 vs. 6.66/10), and around 7% lower when it comes to responding to an attack (5.95/10 vs. 6.72/10).

These findings suggest that adopting more tools didn’t necessarily improve security response efforts – in fact, it may have done the opposite. The use of open, interoperable platforms as well as automation technologies can help reduce the complexity of responding across disconnected tools.

Amongst high performing organizations in the report, 63% said the use of interoperable tools helped them improve their response to cyberattacks.

Security response efforts: Better planning pays off

This year’s report suggests that surveyed organizations who invested in formal planning were more successful in responding to incidents. Amongst respondents with a CSIRP applied consistently across the business, only 39% experienced an incident that resulted in a significant disruption to the organization within the past two years – compared to 62% of those who didn’t have a formal plan in place.

Looking at specific reasons that these organizations cited for their ability to respond to attacks, security workforce skills were found to be a top factor. 61% of those surveyed attributed hiring skilled employees as a top reason for becoming more resilient; amongst those who said their resiliency did not improve, 41% cited the lack of skilled employees as the top reason.

Technology was another differentiator that helped organizations become more cyber resilient, especially when it comes to tools that helped them resolve complexity.

Looking at organizations with higher levels of cyber resilience, the top two factors cited for improving their level of cyber resilience were visibility into applications and data (57% selecting) and automation tools (55% selecting).

Overall, the data suggests that surveyed organizations that were more mature in their response preparedness relied more heavily on technology innovations to become more resilient.

How do I select a SIEM solution for my business?

A Security Information and Event Management (SIEM) solution collects and analyzes activity from numerous resources across your IT infrastructure. A SIEM can provide information of critical importance, but how do you find one that fits your organization?

To select an appropriate SIEM solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals in order to get insight to help you get started.

Jae Lee, Senior Director, Elastic Security

select SIEM solutionSIEM is a mature product category and continues evolving. However, SIEM needs to enable teams to evolve, as SecOps transforms from “traditional” to “adaptive.”

Let’s start with people — traditional skillsets are based on tools (e.g., vulnerability, firewall, IDS/IPS, etc.), but broader skillsets are needed to help practitioners adapt quickly. Manipulating and analyzing data, performing collaborative research, understanding adversaries/tradecraft — SIEM must help augment and develop these skillsets.

Next is process — with improved skills, alerts no longer rule (unless allowed to), and pre-defined, static SOPs / playbooks alone are not enough. Teams now require real-time analysis to hunt — including performing research, reverse-engineering and simulating threats, and more. Context is everything. Hunting and operationalizing effectively requires full visibility — not in a separate tool, but within the SIEM.

Finally, technology. Full visibility isn’t just broad coverage, but fast insights. Also, detections need to work OOTB. Consider endpoint — there, OOTB detections have high accuracy. The same principle should apply in SIEM, without requiring every analyst to be an expert rule author. SIEM isn’t just “technology” — it needs real-world-validated security content.

As SecOps matures, major investments are often required for the care and feeding of a SIEM. You have to stop threats and justify your investment. Give yourself the runway to be confident that once deployed the SIEM can meet your fast-evolving needs, and ask hard questions around scale and flexibility — from detections to integrations, to deployment options, to pricing metrics.

Christopher Meenan, Director, QRadar Product Management and Strategy, IBM Cloud and Cognitive Software

select SIEM solutionThe first thing to think about is what use cases you need to address. Your requirements will look very different depending on whether you need to secure your organization during a cloud transformation, build a unified IT and OT security operations program, or simply address compliance. Your use cases will drive requirements around integrations, use case content, analytics, and deployment methods.

Ask the vendors how they can help address your requirements. Understand which integrations and use case content are included, versus which require a separate license or custom development. Understand what analytics are available and how those analytics are used to detect known and unknown threats. Ask what frameworks, such as MITRE ATT&CK, are natively supported.

If you’re like most companies, your team is understaffed – which means you need usable products that help shorten the learning curve for new analysts and make your experienced team members more efficient. Ask how each solution measurably increases efficiency during the detection, investigation and response processes. Also ask about SaaS deployments and MSSP partnerships if to reduce on-going management requirements.

Most importantly, don’t be shy. Ask for a proof of concept to make sure the tools you’re considering will work for you.

Stephen Moore, Chief Security Strategist, Exabeam

select SIEM solutionThe most seasoned and well-resourced security teams can be easily overwhelmed by the volume of organizational alerts they receive in a day and that complexity – coupled with the inherent difficulties of detecting credential-based attacks – means many SOC analysts now experience several pains that traditional SIEMs can’t solve, including alert fatigue, a lack of skilled analysts and lengthy investigation times.

Many organizations are now migrating their SIEM to the cloud, which allows analysts to harness greater compute power, sift through, interpret and operationalize SIEM data. Now more of their time is spent finding bad things versus platform and server support. But to choose the right SIEM for ‘the business’ you need to consult with it. You need to align its capabilities to the goals, concerns and expectations of the business – which will undoubtedly have changed over the last few months. Above all else, this requires taking the time to ask the questions.

Then, make choices based on known adversary behavior and breach outcomes – focusing specifically on credentials – ensuring your platform is adversary adaptable and object centered. Ask, will it improve your time to answer (TTA) questions, such as ‘which account or asset is associated with this alert?’ or ‘what happened before, during, and after?’

Finally, any solution needs to help your SOC analysts focus on the right things. Key to this is automation – both in the form of incident timelines that display the full scope, acting as the storyboard of the incident, as well as an automated incident response capability for when action must be taken to return the environment to normal. Providing automation of the necessary investigation steps is the most important thing an incident responder can have so they may take action faster and most importantly minimize the risk of an incomplete response.

Wade Woolwine, Principal Security Researcher, Rapid7

select SIEM solutionWhile the term SIEM has “security” as the very first word, event and log management isn’t just for security teams.

When organizations look to invest in a SIEM or replace an existing SIEM, they should consider use cases across security, IT/cloud, engineering, physical security, and any other group who may benefit from a centralized aggregation of logs. Once the stakeholders have been identified, documenting the specific logs, their sources, and any use cases will ensure the organization has a master list of needs against which to evaluate vendors.

Organizations should also recognize that the use cases will change over time and new use cases will be implemented against the SIEM, especially within the security team. For this reason, organizations should also consider the following as hard requirements to support future growth:

  • Support for adding and categorizing custom event sources by your own team
  • Support for cloud based event sources
  • Field searching level with advanced cross-data-type search functionality and regular expression support
  • Saved searches with alerting
  • Saved searches with dynamic dashboard reporting
  • Ability to integrate threat feeds
  • Support for automation platform integration
  • API support
  • Multi-day training included with purchase

Jesper Zerlang, CEO, LogPoint

select SIEM solutionAs the complexity of enterprise infrastructures is increasing, a key component of a Modern SIEM solution is the ability to capture data from everywhere. This includes data on-premises, in the cloud, and from software, including enterprise applications like SAP. In today’s complex threat landscape, a SIEM that fully integrates UEBA and allows enterprises to relevantly enhance security analytics instantly is an absolute necessity.

The efficiency of your SIEM solution is entirely dependent on the data you feed into it. If the license model of a SIEM solution relies on the volume of data ingested or the number of transactions, the cost will be ever-increasing due to the overall growth in data volumes. As a consequence, you may select to skip SIEM coverage for certain parts of your infrastructure to cut costs, and that can prove fatal.

Choose a SIEM with a license model that that support the full digitalization of your business and allows you to fully predict the future cost. This will ensure that your business needs are aligned by your technology choices. And last but not least: Select a SIEM solution that has documented short time-to-value and complete your SIEM project on time. SIEM deployments, whether initial implementation or a replacement, are generally considered complicated and time-consuming. But they certainly don’t have to be.

Siemens and IBM announce new solution designed to optimize the SLM of assets

Expanding on their long-term partnership, Siemens and IBM announce the availability of a new solution designed to optimize the Service Lifecycle Management (SLM) of assets by dynamically connecting real-world maintenance activities and asset performance back to design decisions and field modifications.

This new solution establishes an end-to-end digital thread between equipment manufacturers and the owner/operators of that equipment by leveraging elements of the Xcelerator portfolio from Siemens Digital Industries Software and IBM Maximo.

“The combined capabilities of IBM and Siemens can help companies create and manage a closed-loop, end-to-end digital twin that breaks down traditional silos to service innovation and revenue generation,” said Peter Bilello, President & CEO of industry research and consulting firm CIMdata.

“Only by closing the loop between product design and development decisions, accurate product configurations and service operations, can companies hope to run a profitable and effective product-as-a-service business model.”

OEMs and owner/operators can struggle to improve the performance and reliability of an asset over its operating lifecycle, due to inefficient data sharing between engineering, operations, and maintenance processes.

This joint solution from Siemens and IBM creates a single source of information designed to help OEMs and equipment owner/operators improve many aspects about how they design, maintain, and service their assets. In addition, the solution enables OEMs to now provide valuable after-market services to their clients.

“This new collaboration combines two industry-leading offerings into a unique solution for the industry,” said Kareem Yusuf Ph.D., General Manager, IBM AI Applications Business. “OEM’s and owner/operators can leverage the new solution to help them reduce operational costs and increase up time of their equipment.”

The integration of asset management and product lifecycle management (PLM) technology can help owner/operators to stay up to date. The solution also enables OEMs to receive critical data about asset performance, maintenance and failures in the field.

Leveraging IoT technology, manufacturers can gain insights on wear and tear, operating conditions, parts failures, and other patterns that lead to design or manufacturing updates. This data can be used to help manufacturers lower maintenance costs, reduce risks, and improve asset resiliency.

“IBM’s Maximo Enterprise Asset Management software provides key technology to further extend the capabilities of the Xcelerator portfolio,” said Tony Hemmelgarn, CEO for Siemens Digital Industries Software.

“By leveraging the world-class product configuration management capability within Teamcenter, companies can bring product design, manufacturing and service together to maximize their software investment, while also minimizing downtime, improving quality and reducing inventory costs.”

Wipro and IBM collaborate to assist customers embark on a secure hybrid cloud journey

Wipro announced a collaboration with IBM to assist Wipro customers embark on a seamless and secure hybrid cloud journey. Through this alliance, Wipro will develop hybrid cloud offerings to help businesses migrate, manage and transform mission-critical workloads and applications, with security across public or private cloud and on-premises IT environments.

Wipro IBM Novus Lounge, located at Wipro’s Kodathi campus in Bengaluru, is a dedicated innovation center. It will offer a comprehensive suite of solutions leveraging cloud, artificial intelligence, machine learning and Internet of Things capabilities to foster innovation for enterprises, developers and start-ups.

Customers will have remote access to IBM and Red Hat solutions, designed to help them scale their technology investments for improved experience and business agility with connected insights.

Additionally, Wipro will leverage IBM Cloud offerings and technologies alongside in-house services to develop industry solutions for clients in Banking and Financial Services, Energy and Utilities, Retail, Manufacturing and Healthcare space.

Ramesh Nagarajan, Senior Vice President – Cloud Services, Wipro Limited said, “Wipro empowers customers across industries to re-imagine their cloud journey with its business-first strategy and industrialized solutions approach.

“Wipro IBM Novus Lounge will allow us to showcase hybrid multi-cloud and open source solutions even more comprehensively and support our customers’ continuous business transformation journey.”

Gaurav Sharma, Vice President – Cloud and Cognitive Software, IBM India said, “As companies across the world continue to drive digital transformation, decision-makers must rethink radically on how to leverage the combined power of data, cloud and open source technologies to become industry leaders.

“Wipro IBM Novus Lounge brings together Wipro’s expertise across industries and IBM’s open source technologies, designed to be secure and scalable across hybrid cloud, Data and AI, all running on Red Hat OpenShift promoting the journey to Cloud and journey to AI.”

Economic impact and perceptions around the cybersecurity gender gap

If the number of women working in cybersecurity in the United States equalled that of men, the economic footprint of the U.S. cybersecurity industry would increase by $30.4 billion, according to Tessian.

cybersecurity gender gap

Furthermore, an additional $12.7 billion would be added to the economy if women’s salaries were equal to their male colleagues, a pay gap that currently represents a 17% difference.

The firm surveyed 200 female cybersecurity professionals in both the U.S. and UK and interviewed more than one dozen practitioners from some of the world’s largest organizations about their personal experiences. The report highlights the potential impact of expanding gender diversity in cybersecurity as well as current perceptions around gender bias in the field.

Key findings

  • 82% of female cybersecurity professionals in the U.S. believe that cybersecurity has a gender bias problem, compared with 49% of those in the UK.
  • The cybersecurity gender pay gap in the U.S. is 17%. In the UK, it’s 19%.
  • U.S. respondents are three times as likely (68%) to believe that a more gender-balanced workforce would be an effective tool for recruiting more women to work in cybersecurity than UK respondents (22%).
  • 45% of U.S. respondents say equal pay would help with recruitment, compared with just 10% of UK respondents.
  • 61% of U.S. respondents cite lack of qualified talent as a reason why 4 million cybersecurity jobs will be left unfulfilled by 2021, while only 33% of UK women cite lack of qualified talent as a barrier.

Factors discouraging women from joining the cybersecurity industry

  • 42% of respondents (U.S. and UK) believe a cybersecurity skills gap exists because the industry isn’t considered ‘cool’ or ‘exciting’. This opinion was most commonly shared by millennials (46%) compared with 22% of 45-54-year-olds.
  • A lack of awareness or knowledge of the industry was the top challenge female professionals faced at the start of their career, with 43% citing this as a barrier.
  • 43% of women said that a lack of clear career development paths was another challenge at the start of their cybersecurity career, while nearly a quarter (23%) cited a lack of role models.
  • Just 53% say their organization is doing enough to recruit women into security roles.

cybersecurity gender gap

Perspectives from women in the industry

Sabrina Castiglione, senior executive at Tessian said, “For organizations to successfully recruit more women into security roles, they need to understand what’s discouraging them from signing up beyond just gender bias. We need to make women in cybersecurity more visible.

“We need to tell their stories and raise awareness of their roles and experiences. And once through the door, managers need to clearly show women the opportunities available to them to progress and develop their careers.”

Shamla Naidoo, former CISO at IBM, said, “To many people, cybersecurity equates to – and is limited to – someone in a hoodie bent over a keyboard in a dark room. That’s not the case at all. If we don’t expand beyond that, we’ll lose out on even more people in the industry.”

Castiglione added, “The future of cybersecurity needs diversity. 2019 was the worst year on record for data breaches, with 61% of organizations reporting a breach as a result of human error or malicious activity.

“With data breaches rising year on year, and with cyber threats continually evolving, we need different ideas and approaches to solving security problems if we are going to keep people and data safe.”

IBM and the University of Tokyo partner to advance quantum computing

IBM and the University of Tokyo announced an agreement to partner to advance quantum computing and make it practical for the benefit of industry, science and society.

IBM and the University of Tokyo will form the Japan – IBM Quantum Partnership, a broad national partnership framework in which other universities, industry, and government can engage.

The partnership will have three tracks of engagement: one focused on the development of quantum applications with industry; another on quantum computing system technology development; and the third focused on advancing the state of quantum science and education.

Under the agreement, an IBM Q System One, owned and operated by IBM, will be installed in an IBM facility in Japan. It will be the first installation of its kind in the region and only the third in the world following the United States and Germany.

The Q System One will be used to advance research in quantum algorithms, applications and software, with the goal of developing the first practical applications of quantum computing.

IBM and the University of Tokyo will also create a first-of-a-kind quantum system technology center for the development of hardware components and technologies that will be used in next generation quantum computers.

The center will include a laboratory facility to develop and test novel hardware components for quantum computing, including advanced cryogenic and microwave test capabilities.

IBM and the University of Tokyo will also directly collaborate on foundational research topics important to the advancement of quantum computing, and establish a collaboration space on the University campus to engage students, faculty, and industry researchers with seminars, workshops, and events.

“Quantum computing is one of the most crucial technologies in the coming decades, which is why we are setting up this broad partnership framework with IBM, who is spearheading its commercial application,” said Makoto Gonokami, the President of the University of Tokyo.

“We expect this effort to further strengthen Japan’s quantum research and development activities and build world-class talent”.

Developed by researchers and engineers from IBM Research and Systems, the IBM Q System One is optimized for the quality, stability, reliability, and reproducibility of multi-qubit operations.

IBM established the IBM Q NetworkTM, a community of Fortune 500 companies, startups, academic institutions and research labs working with IBM to advance quantum computing and explore practical applications for business and science.

“This partnership will spark Japan’s quantum research capabilities by bringing together experts from industry, government and academia to build and grow a community that underpins strategically significant research and development activities to foster economic opportunities across Japan”, said Dario Gil, Director of IBM Research.

Advances in quantum computing could open the door to future scientific discoveries such as new medicines and materials, improvements in the optimization of supply chains, and new ways to model financial data to better manage and reduce risk.

The University of Tokyo will lead the Japan – IBM Quantum Partnership and bring academic excellence from universities and prominent research associations together with large-scale industry, small and medium enterprises, startups as well as industrial associations from diverse market sectors.

A high priority will be placed on building quantum programming as well as application and technology development skills and expertise.

Half an operating system: The triumph and tragedy of OS/2

Half an operating system: The triumph and tragedy of OS/2

Update: It’s the day after Thanksgiving in the US, meaning most Ars staffers are on the lookout for deals rather than potential stories. With folks off for the holiday, we’re resurfacing this consumer tech classic from the archives—a look at why we’re not all trying to buy an IBM PS/10 today and updating to OS/12, perhaps. This story first ran in November 2013, and it appears unchanged below

It was a cloudy Seattle day in late 1980, and Bill Gates, the young chairman of a tiny company called Microsoft, had an appointment with IBM that would shape the destiny of the industry for decades to come.

He went into a room full of IBM lawyers, all dressed in immaculately tailored suits. Bill’s suit was rumpled and ill-fitting, but it didn’t matter. He wasn’t here to win a fashion competition.

Read 103 remaining paragraphs | Comments

New infosec products of the week: November 22, 2019

CyberSaint Governance Dashboard empowers CISOs to communicate compliance and risk posture in real-time CyberSaint Security announced significant updates to its Governance Dashboards that empower CISOs to communicate their organizations’ unique compliance and risk posture in real-time. The enhancements enable C-suite executives and Board members to instantly drill down into their compliance and risk posture across business units, asset types, projects and regions. Nubeva Cloud Tool templates simplify cloud security and application monitoring Nubeva Technologies released … More

The post New infosec products of the week: November 22, 2019 appeared first on Help Net Security.

IBM Cloud Pak for Security hunts threats across security tools and clouds without moving data

IBM announced Cloud Pak for Security, featuring industry-first innovations to connect with any security tool, cloud or on-premise system, without moving data from its original source. The platform includes open-source technology for hunting threats, automation capabilities to help speed response to cyberattacks, and the ability to run in any environment. Cloud Pak for Security is the first platform to leverage new open-source technology pioneered by IBM, which can search and translate security data from a … More

The post IBM Cloud Pak for Security hunts threats across security tools and clouds without moving data appeared first on Help Net Security.