May 12, 2022
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
SD-WAN is a natural extension of NGFWs that can leverage these devices’ content/context awareness and deep packet inspection. The same classification engines used by NGFWs to drive security decisions can also determine the best links to send traffic over. These engines can also guide queueing priorities, which in turn enables fine-grained quality-of-service (QoS) controls. ... Centralized cloud management is key to enabling incremental updates of these new features. Further, flexible policy-driven routing enables service chaining of new security features in the cloud rather than building these features into the SD-WAN customer premises equipment (CPE). For example, cloud-based services for advanced malware detection, secure web gateways, cloud-access security brokers, and other security features can be enabled via the SD-WAN platform, seamlessly bringing these and other next-gen security functions across the enterprise. The coordination between the cloud-based SD-WAN service and the on-premises SD-WAN CPE allows new security applications to benefit from both the convenience and proximity of an on-site device and the near-infinitely scalable computing power of the cloud.
As organizations modernize their database estates in the cloud, many struggle to eliminate their dependency on legacy database engines. In particular, enterprise customers are looking to standardize on open systems such as PostgreSQL to eliminate expensive, unfriendly licensing and the vendor lock-in that comes with legacy products. However, running and replatforming business-critical workloads onto an open source database can be daunting: teams often struggle with performance tuning, disruptions caused by vacuuming, and managing application availability. AlloyDB combines the best of Google’s scale-out compute and storage, industry-leading availability, security, and AI/ML-powered management with full PostgreSQL compatibility, paired with the performance, scalability, manageability, and reliability benefits that enterprises expect to run their mission-critical applications. As noted by Carl Olofson, Research Vice President, Data Management Software, IDC, “databases are increasingly shifting into the cloud and we expect this trend to continue as more companies digitally transform their businesses. ...â€
If you understand your cloud infrastructure, you can more confidently ensure your customers can rely on your organization. With the ability to constantly meet your workload demands and quickly recover from any failures, your customers can count on you to consistently meet their service needs with little interruption to their experience. A great way to increase reliability in your cloud infrastructure is to set key performance indicators (KPIs) that allow you to both monitor your cloud and alert the proper team members when something within the architecture fails. Using a cloud visualization platform to filter your cloud diagrams and create different visuals of current, optimal and potential cloud infrastructure allows you to compare what is currently happening in the cloud to what should be happening. ... Many factors can impact cloud performance, such as the location of cloud components, latency, load, instance size and monitoring. If any of these factors become a problem, it’s essential to have procedures in place that result in minimal deficiencies in performance.?
领英推è
Don’t get me wrong, the concept of trusting the perimeter is fairly old-school/outdated and does come into conflict with more modern “cloud native†approaches. Remote users will also have issues with latency, especially if you require the users to VPN to your on-premises network and finally establish connectivity with the cloud. The theoretical modern approach is to not trust that perimeter. This doesn’t mean you have to get rid of it, but rather it’s not the default, since increasingly the perimeter is becoming more porous and ill-defined. This is as opposed to when moving to a “zero-trust†model, where everything needs to be proven for both the user identity and device prior to any data, application, assets and/or services (DAAS) being permitted to communicate to any services. Going further down memory lane, back in the day the perimeter used to mean that everything was located within your “castle†and perimeter-based system access was “all or nothing†by default. Once users were in, they were in, which also applies to any other type of actor, including malicious actors. Once the perimeter was breached, the malicious actor effectively had unlimited access to everything within the perimeter.
There are two big risks associated with pulling back, says Ken Englund, technology sector leader at business advisory firm EY Americas. Pulling back on projects may increase the risk of IT talent turnover, he warns. “Pausing or changing priorities for tactical, short-term reasons may encourage talent to depart for opportunities on other companies' transformational programs.†Also, given current inflationary pressure, “the cost to restart a project may be materially more expensive in the future than it is to complete today.†There's no doubt that pulling back on IT spend saves money over the short term, but short-sighted savings could come at the cost of long-term success. “If an organization must look to cut budgets, start with a strategic review of all projects, identifying which have the greatest possible impact and least amount of risk,†Lewis-Pinnell advises. Examine each project's total cost of ownership and rank them by cost and impact. Strategic selection of IT initiatives can help IT leaders manage through inflationary challenges. “Don’t be afraid to cut projects that aren’t bringing you enough benefit,†she adds.
CrowdStrike's analysis shows the modules are designed to run only in-memory to reduce the malware's footprint on an infected system — a tactic that adversaries often employ in long-running campaigns. The framework also has several other detection-evasion techniques that suggest the adversary has deep knowledge of Internet Information Services (IIS) Web applications. For instance, CrowdStrike observed one of the modules leveraging undocumented fields in IIS software that are not intended to be used by third-party developers. Over the course of their investigation of the threat, CrowdStrike researchers saw evidence of the adversaries repeatedly returning to compromised systems and using IceApple to execute post-exploitation activities. Param Singh, vice president of CrowdStrike's Falcon OverWatch threat-hunting services, says IceApple is different from other post-exploitation toolkits in that it is under constant ongoing development even as it is being actively deployed and used.?