Security trends to pay attention to in 2019 and beyond

January 3, 2019 | 77 views

Software security requires good hygiene and constant diligence to protect your organization and users from known threats; it also requires working proactively to identify and address emerging risks. Here at Google Cloud, we help you do both. We build products that make security easy—from automatic protections that keep you safe behind the scenes, to tools and recommendations that help you tailor your security posture to your organization’s specific needs (check out our “taking charge of your security” posts for some best practices). We’re always hunting for, and thinking about, how to protect against new and emerging threats, as demonstrated by the “Spectre” and “Meltdown” CPU vulnerabilities that our Project Zero team revealed earlier this year.

Spotlight

Innosoft Corporation

Innosoft is a leading IT services organization providing innovative solutions spanning the breadth of the Information technology spectrum including Data Management, Software Development, Cloud Engineering, Identity &Access Management, and IT Management Services. Focused on delivering quality and reliability, Innosoft solves complex problems for both government and commercial clients.

OTHER ARTICLES
SOFTWARE

The Revolutionary Power of 5G in Automation and Industry Digitization

Article | August 8, 2022

Fifth-generation (5G) mobile phone networks that can carry data up to 50 times faster than major carriers' current phone networks are now rolling out. But 5G promises to do more than just speed up our phone service and download times. The mobile industry's fifth-generation (5G) networks are being developed and are prepared for deployment. The expansion of IoT and other intelligent automation applications is being significantly fueled by the advancing 5G networks, which are becoming more widely accessible. For advancements in intelligent automation—the Internet of Things (IoT), Artificial Intelligence (AI), driverless cars, virtual reality, blockchain, and future innovations we haven't even considered yet—5 G's lightning-fast connectivity and low-latency are essential. The arrival of 5G represents more than simply a generational shift for the tech sector as a whole. Contributions by 5G Networks For a number of reasons, the manufacturing sector is moving toward digitalization: to increase revenue by better servicing their customers; to increase demand; to outperform the competition; to reduce costs by boosting productivity and efficiency; and to minimize risk by promoting safety and security. The main requirements and obstacles in the digitization industry were recently recognized by a study. Millions of devices with ultra-reliable, robust, immediate connectivity. Gadgets, which are expensive with a long battery life. Asset tracking along the constantly shifting supply chains. Carrying out remote medical operations. Enhancing the purchasing experience with AR/VR. Implementing AI to improve operations across the board or in various departments. The mobile telecommunications requirements of the Internet of Things cannot be met by the current 4G and 4G LTE networks. Compared to current 4G LTE networking technologies, 5G can also offer a solution to the problem and the quickest network data rate with a relatively low cost and greater communication coverage. The 5G network's quick speeds will lead to new technical developments. The upcoming 5G technology will support hundreds of billions of connections, offer transmission speeds of 10 Gbps, and have an extremely low latency of 1 ms. Additionally, it makes rural areas' services more dependable, minimizing service disparities between rural and urban areas. Even though the 5G network is a development of the 4G and 4G LTE networks, it has a whole new network design and features like virtualization that provide more than impressively fast data speeds.

Read More
FUTURE TECH

AI's Impact on Improving Customer Experience

Article | July 26, 2022

To enhance the consumer experience, businesses all over the world are experimenting with artificial intelligenace (AI), machine learning, and advanced analytics. Artificial intelligence (AI) is becoming increasingly popular among marketers and salespeople, and it has become a vital tool for businesses that want to offer their customers a hyper-personalized, outstanding experience. Customer relationship management (CRM) and customer data platform (CDP) software that has been upgraded with AI has made AI accessible to businesses without the exorbitant expenses previously associated with the technology. When AI and machine learning are used in conjunction for collecting and analyzing social, historical, and behavioral data, brands may develop a much more thorough understanding of their customers. In addition, AI can predict client behavior because it continuously learns from the data it analyzes, in contrast to traditional data analytics tools. As a result, businesses may deliver highly pertinent content, boost sales, and enhance the customer experience. Predictive Behavior Analysis and Real-time Decision Making Real-time decisioning is the capacity to act quickly and based on the most up-to-date information available, such as information from a customer's most recent encounter with a company. For instance, Precognitive's Decision-AI uses a combination of AI and machine learning to assess any event in real-time with a response time of less than 200 milliseconds. Precognitive's fraud prevention product includes Decision-AI, which can be implemented using an API on a website. Marketing to customers can be done more successfully by using real-time decisioning. For example, brands may display highly tailored, pertinent content and offer to clients by utilizing AI and real-time decisioning to discover and comprehend a customer's purpose from the data they produce in real-time. By providing deeper insights into what has already happened and what can be done to facilitate a sale through suggestions for related products and accessories, AI and predictive analytics are able to go further than historical data alone. This increases the relevance of the customer experience, increases the likelihood that a sale will be made, and increases the emotional connection that the customer has with a brand.

Read More
SOFTWARE

The Evolution of Quantum Computing and What its Future Beholds

Article | July 14, 2022

The mechanism of quantum computers will be entirely different from anything we humans have ever created or constructed in the past. Quantum computers, like classical computers, are designed to address problems in the real world. They process data in a unique way, though, which makes them a much more effective machine than any computer in use today. Superposition and entanglement, two fundamental ideas in quantum mechanics, could be used to explain what makes quantum computers unique. The goal of quantum computing research is to find a technique to accelerate the execution of lengthy chains of computer instructions. This method of execution would take advantage of a quantum physics event that is frequently observed but does not appear to make much sense when written out. When this fundamental objective of quantum computing is accomplished, and all theorists are confident works in practice, computing will undoubtedly undergo a revolution. Quantum computing promises that it will enable us to address specific issues that current classical computers cannot resolve in a timely manner. While not a cure-all for all computer issues, quantum computing is adequate for most "needle in a haystack" search and optimization issues. Quantum Computing and Its Deployment Only the big hyperscalers and a few hardware vendors offer quantum computer emulators and limited-sized quantum computers as a cloud service. Quantum computers are used for compute-intensive, non-latency-sensitive issues. Quantum computer architectures can't handle massive data sizes yet. In many circumstances, a hybrid quantum-classical computer is used. Quantum computers don't use much electricity to compute but need cryogenic refrigerators to sustain superconducting temperatures. Networking and Quantum Software Stacks Many quantum computing software stacks virtualize the hardware and build a virtual layer of logical qubits. Software stacks provide compilers that transform high-level programming structures into low-level assembly commands that operate on logical qubits. In addition, software stack suppliers are designing domain-specific application-level templates for quantum computing. The software layer hides complexity without affecting quantum computing hardware performance or mobility.

Read More
FUTURE TECH

Language Models: Emerging Types and Why They Matter

Article | July 7, 2022

Language model systems, often known as text understanding and generation systems, are the newest trend in business. However, not every language model is made equal. A few are starting to take center stage, including massive general-purpose models like OpenAI's GPT-3 and models tailored for specific jobs. There is a third type of model at the edge that is intended to run on Internet of Things devices and workstations but is typically very compressed in size and has few functionalities. Large Language Models Large language models, which can reach tens of petabytes in size, are trained on vast volumes of text data. As a result, they rank among the models with the highest number of parameters, where a "parameter" is a value the model can alter on its own as it gains knowledge. The model's parameters, which are made of components learned from prior training data, fundamentally describe the model's aptitude for solving a particular task, like producing text. Fine-tuned Language Models Compared to their massive language model siblings, fine-tuned models are typically smaller. Examples include OpenAI's Codex, a version of GPT-3 that is specifically tailored for programming jobs. Codex is both smaller than OpenAI and more effective at creating and completing strings of computer code, although it still has billions of parameters. The performance of a model, like its capacity to generate protein sequences or respond to queries, can be improved through fine-tuning. Edge Language Models Edge models, which are intentionally small in size, occasionally take the shape of finely tuned models. To work within certain hardware limits, they are occasionally trained from scratch on modest data sets. In any event, edge models provide several advantages that massive language models simply cannot match, notwithstanding their limitations in some areas. The main factor is cost. There are no cloud usage fees with an edge approach that operates locally and offline. As significant, fine-tuned, and edge language models grow in response to new research, they are likely to encounter hurdles on their way to wider use. For example, compared to training a model from the start, fine-tuning requires less data, but fine-tuning still requires a dataset.

Read More

Spotlight

Innosoft Corporation

Innosoft is a leading IT services organization providing innovative solutions spanning the breadth of the Information technology spectrum including Data Management, Software Development, Cloud Engineering, Identity &Access Management, and IT Management Services. Focused on delivering quality and reliability, Innosoft solves complex problems for both government and commercial clients.

Related News

SOFTWARE

Cure, The Industry's First Self-Repairing Software, Is Released By Whitesource

WhiteSource | July 30, 2021

WhiteSource Cure, the first-ever security auto-remediation programme developed for bespoke code, was released today. This ground-breaking release enables enterprises to increase the speed with which safe software is delivered at scale. Today's software developers and security professionals are struggling to resolve an ever-growing backlog of security vulnerabilities while adhering to ambitious delivery timetables. Indeed, according to WhiteSource customer feedback, the average developer effort for a single security repair is about half a day, which can lead to significant delays in product deliveries. WhiteSource Cure functions as a developer's personal security specialist, accelerating delivery while decreasing workload. "While corporations demand developers to become security experts, we believe they don't have to," stated Vered Shaked, Executive Vice President, Strategy & Incubation at WhiteSource. "With the launch of WhiteSource Cure, we are bringing security and speed together in a way that was previously unthinkable." Today's application security testing methods are too often focused on detecting vulnerabilities rather than resolving them, resulting in a never-ending stream of security alarms that overwhelm enterprises. Meanwhile, mechanisms for determining which security vulnerabilities to address first and then resolving them are manual and time-consuming. This also necessitates security understanding that even experienced developers at the forefront of the shift left revolution may lack, let alone novices. WhiteSource Cure automates the application security workload, providing developers with code they can rely on. The WhiteSource Cure Community Edition is a free-for-ever development tool developed for the open source community that is currently limited to public projects only. WhiteSource will demonstrate the solution at the forthcoming Black Hat event, which will be held at the Mandalay Bay Convention Center in Las Vegas from July 31 to August 5, booth number 1276. About WhiteSource WhiteSource assists enterprises in accelerating the development and deployment of secure software at scale. We deliver automated technologies that bridge the security knowledge gap by seamlessly integrating into the software development life cycle and going beyond detection with a remediation-first approach. WhiteSource is based on the industry's most comprehensive vulnerability database, which provides the most comprehensive coverage for threats and attack vectors. Our solution assists organisations such as Microsoft, IBM, Comcast, Philips, and others in reducing security risk and increasing the efficiency of their security and development teams.

Read More

SOFTWARE

BlackBerry Jarvis 2.0 Is Released to Address the Expanding Global Embedded Cybersecurity Landscape

BlackBerry | July 27, 2021

BlackBerry Limited today announced the availability of BlackBerry Jarvis 2.0, the company's premier software composition analysis tool. BlackBerry Jarvis 2.0 introduces a SaaS version of the original Jarvis capabilities, providing developers and integrators with a more user-friendly, focused feature set centred on the three most important areas that those developing mission-critical applications must validate to ensure the quality of their multi-tiered software supply chain: Open-source Software (OSS), Common Vulnerabilities, and Exposurability. BlackBerry Jarvis 2.0, designed to address the increasing complexity and growing cybersecurity threats among multi-tiered software supply chains in the medical, automotive, and aerospace industries, enables OEMs to inspect the provenance of their code and every single software asset that comes into their overall supply chains to ensure their products are both secure and updated with the most reliant software. With over 150,000 publicly reported vulnerabilities as of mid-July 2021, creating software for a contemporary automobile is significantly easier said than done. Hundreds of third-party software modules may be included in a complicated piece of software for a vehicle entertainment system. Failure to examine and update each piece of software leaves vulnerabilities accessible for hackers to exploit. BlackBerry Jarvis 2.0 addresses the requirement to discover and remediate vulnerabilities by recognising them and then offering meaningful actionable insights in minutes - something that would otherwise need human scanning, which would require a huge number of experts and an inordinate amount of time. "A number of cybersecurity legislative developments and standards, such as UNECE WP.29 and SBOM, are on the horizon, which will allow authorities to charge penalties or shut down operations totally for noncompliance." "As a result, the moment has come for OEMs to get control of their whole code base," stated Adam Boulton, Chief Technology Officer, BlackBerry Technology Solutions. "Don't stand by and watch as a bad actor exploits a vulnerability that could have far-reaching implications." With the release of BlackBerry Jarvis 2.0, embedded software developers and integrators now have an easy-to-use and dependable software composition analysis tool to assist them in meeting their cybersecurity objectives with efficiency and confidence. "Securing embedded devices at the firmware layer is becoming an essential aspect of device security management as software supply chains get more complicated and cyberattacks become more sophisticated. BlackBerry has transformed years of knowledge and experience in embedded device security into an excellent, feature-rich tool for software binary analysis with Jarvis 2.0." - Hiten Shah, Senior Analyst, Frost & Sullivan's TechVision About BlackBerry BlackBerry is a global provider of sophisticated security software and services to businesses and governments. The company protects over 500 million endpoints, including 195 million cars. The company, based in Waterloo, Ontario, uses AI and machine learning to create new solutions in the fields of cybersecurity, safety, and data privacy, and is a leader in endpoint security, endpoint management, encryption, and embedded systems. BlackBerry's aim is simple: to ensure a connected future you can rely on.

Read More

AI TECH

Dynatrace Improves Application Security by Using AI-Powered Vulnerability Prioritization

Dynatrace | June 18, 2021

Dynatrace announced today the release of its new Davis® Security Advisor, an AI-powered enhancement to the Dynatrace Application Security Module that automatically surfaces, prioritizes, and details the software libraries and open-source packages that pose the greatest risk to an organization. This enables DevSecOps teams to make more informed, real-time decisions and fix the most important vulnerabilities first, allowing them to minimize the risk confronting their company with more confidence and efficiency while freeing up time to drive innovation. According to Principal Analyst Sandy Carielli’s Forrester Research research, “Applications remain a top cause of external intrusions, and the ubiquity of open source, API, and containers further adds complexity to the security team.” This is supported by a recent Dynatrace study, which found that 89% of CISOs believe cloud-native architectures and container runtime environments have made detecting and managing software vulnerabilities more difficult. The new Davis Security Advisor addresses these issues. It automatically monitors all software libraries used in preproduction and production and eliminates false positives. It is optimized for cloud-native settings and driven by the Dynatrace AI engine, Davis. Furthermore, Davis Security Advisor combines vulnerability data in real-time and prioritizes repair based on several risk factors, such as: • Number of vulnerabilities caused by each software library. • Vulnerability severity is based on the standard vulnerability scoring system (CVSS) rating of each vulnerability and whether the relevant code is used at runtime. • Threat context, which reflects whether there is a known public exploit for each vulnerability. • Asset exposure, which indicates whether the vulnerable code is communicating with the internet. • Potential business impact determines whether the processes that include the vulnerable library are connected to sensitive data. Davis Security Advisor will be available within the next 30 days. About Dynatrace Dynatrace provides software intelligence to simplify cloud complexity and accelerate digital transformation. With automatic and intelligent observability at scale, our all-in-one platform delivers precise answers about the performance and security of applications, the underlying infrastructure, and the experience of all users to enable organizations to innovate faster, collaborate more efficiently, and deliver more value with dramatically less effort. That’s why many of the world’s largest enterprises trust Dynatrace® to modernize and automate cloud operations, release better software faster, and deliver unrivaled digital experiences.

Read More

SOFTWARE

Cure, The Industry's First Self-Repairing Software, Is Released By Whitesource

WhiteSource | July 30, 2021

WhiteSource Cure, the first-ever security auto-remediation programme developed for bespoke code, was released today. This ground-breaking release enables enterprises to increase the speed with which safe software is delivered at scale. Today's software developers and security professionals are struggling to resolve an ever-growing backlog of security vulnerabilities while adhering to ambitious delivery timetables. Indeed, according to WhiteSource customer feedback, the average developer effort for a single security repair is about half a day, which can lead to significant delays in product deliveries. WhiteSource Cure functions as a developer's personal security specialist, accelerating delivery while decreasing workload. "While corporations demand developers to become security experts, we believe they don't have to," stated Vered Shaked, Executive Vice President, Strategy & Incubation at WhiteSource. "With the launch of WhiteSource Cure, we are bringing security and speed together in a way that was previously unthinkable." Today's application security testing methods are too often focused on detecting vulnerabilities rather than resolving them, resulting in a never-ending stream of security alarms that overwhelm enterprises. Meanwhile, mechanisms for determining which security vulnerabilities to address first and then resolving them are manual and time-consuming. This also necessitates security understanding that even experienced developers at the forefront of the shift left revolution may lack, let alone novices. WhiteSource Cure automates the application security workload, providing developers with code they can rely on. The WhiteSource Cure Community Edition is a free-for-ever development tool developed for the open source community that is currently limited to public projects only. WhiteSource will demonstrate the solution at the forthcoming Black Hat event, which will be held at the Mandalay Bay Convention Center in Las Vegas from July 31 to August 5, booth number 1276. About WhiteSource WhiteSource assists enterprises in accelerating the development and deployment of secure software at scale. We deliver automated technologies that bridge the security knowledge gap by seamlessly integrating into the software development life cycle and going beyond detection with a remediation-first approach. WhiteSource is based on the industry's most comprehensive vulnerability database, which provides the most comprehensive coverage for threats and attack vectors. Our solution assists organisations such as Microsoft, IBM, Comcast, Philips, and others in reducing security risk and increasing the efficiency of their security and development teams.

Read More

SOFTWARE

BlackBerry Jarvis 2.0 Is Released to Address the Expanding Global Embedded Cybersecurity Landscape

BlackBerry | July 27, 2021

BlackBerry Limited today announced the availability of BlackBerry Jarvis 2.0, the company's premier software composition analysis tool. BlackBerry Jarvis 2.0 introduces a SaaS version of the original Jarvis capabilities, providing developers and integrators with a more user-friendly, focused feature set centred on the three most important areas that those developing mission-critical applications must validate to ensure the quality of their multi-tiered software supply chain: Open-source Software (OSS), Common Vulnerabilities, and Exposurability. BlackBerry Jarvis 2.0, designed to address the increasing complexity and growing cybersecurity threats among multi-tiered software supply chains in the medical, automotive, and aerospace industries, enables OEMs to inspect the provenance of their code and every single software asset that comes into their overall supply chains to ensure their products are both secure and updated with the most reliant software. With over 150,000 publicly reported vulnerabilities as of mid-July 2021, creating software for a contemporary automobile is significantly easier said than done. Hundreds of third-party software modules may be included in a complicated piece of software for a vehicle entertainment system. Failure to examine and update each piece of software leaves vulnerabilities accessible for hackers to exploit. BlackBerry Jarvis 2.0 addresses the requirement to discover and remediate vulnerabilities by recognising them and then offering meaningful actionable insights in minutes - something that would otherwise need human scanning, which would require a huge number of experts and an inordinate amount of time. "A number of cybersecurity legislative developments and standards, such as UNECE WP.29 and SBOM, are on the horizon, which will allow authorities to charge penalties or shut down operations totally for noncompliance." "As a result, the moment has come for OEMs to get control of their whole code base," stated Adam Boulton, Chief Technology Officer, BlackBerry Technology Solutions. "Don't stand by and watch as a bad actor exploits a vulnerability that could have far-reaching implications." With the release of BlackBerry Jarvis 2.0, embedded software developers and integrators now have an easy-to-use and dependable software composition analysis tool to assist them in meeting their cybersecurity objectives with efficiency and confidence. "Securing embedded devices at the firmware layer is becoming an essential aspect of device security management as software supply chains get more complicated and cyberattacks become more sophisticated. BlackBerry has transformed years of knowledge and experience in embedded device security into an excellent, feature-rich tool for software binary analysis with Jarvis 2.0." - Hiten Shah, Senior Analyst, Frost & Sullivan's TechVision About BlackBerry BlackBerry is a global provider of sophisticated security software and services to businesses and governments. The company protects over 500 million endpoints, including 195 million cars. The company, based in Waterloo, Ontario, uses AI and machine learning to create new solutions in the fields of cybersecurity, safety, and data privacy, and is a leader in endpoint security, endpoint management, encryption, and embedded systems. BlackBerry's aim is simple: to ensure a connected future you can rely on.

Read More

AI TECH

Dynatrace Improves Application Security by Using AI-Powered Vulnerability Prioritization

Dynatrace | June 18, 2021

Dynatrace announced today the release of its new Davis® Security Advisor, an AI-powered enhancement to the Dynatrace Application Security Module that automatically surfaces, prioritizes, and details the software libraries and open-source packages that pose the greatest risk to an organization. This enables DevSecOps teams to make more informed, real-time decisions and fix the most important vulnerabilities first, allowing them to minimize the risk confronting their company with more confidence and efficiency while freeing up time to drive innovation. According to Principal Analyst Sandy Carielli’s Forrester Research research, “Applications remain a top cause of external intrusions, and the ubiquity of open source, API, and containers further adds complexity to the security team.” This is supported by a recent Dynatrace study, which found that 89% of CISOs believe cloud-native architectures and container runtime environments have made detecting and managing software vulnerabilities more difficult. The new Davis Security Advisor addresses these issues. It automatically monitors all software libraries used in preproduction and production and eliminates false positives. It is optimized for cloud-native settings and driven by the Dynatrace AI engine, Davis. Furthermore, Davis Security Advisor combines vulnerability data in real-time and prioritizes repair based on several risk factors, such as: • Number of vulnerabilities caused by each software library. • Vulnerability severity is based on the standard vulnerability scoring system (CVSS) rating of each vulnerability and whether the relevant code is used at runtime. • Threat context, which reflects whether there is a known public exploit for each vulnerability. • Asset exposure, which indicates whether the vulnerable code is communicating with the internet. • Potential business impact determines whether the processes that include the vulnerable library are connected to sensitive data. Davis Security Advisor will be available within the next 30 days. About Dynatrace Dynatrace provides software intelligence to simplify cloud complexity and accelerate digital transformation. With automatic and intelligent observability at scale, our all-in-one platform delivers precise answers about the performance and security of applications, the underlying infrastructure, and the experience of all users to enable organizations to innovate faster, collaborate more efficiently, and deliver more value with dramatically less effort. That’s why many of the world’s largest enterprises trust Dynatrace® to modernize and automate cloud operations, release better software faster, and deliver unrivaled digital experiences.

Read More

Events