Monthly Archives: December 2015

Facebook Gets An Offline Mode

Facebook this week said it will begin rolling out new technology that allows users on slower mobile connections to still see new stories in their News Feed, even when on a poor connection or when they’re unable to reach Facebook’s servers. In addition, users will be able to comment on posts when they’re offline, and those comments will be posted to the app when your connection returns.

The company explains that the goal with these changes is to better aid those in developing markets, where they primarily access the social network via phones on slower 2G connections.

The way Facebook’s News Feed was originally designed didn’t take into account how these users would struggle when trying to view new content on the network over these lagging connections, however.

Since the News Feed is arguably the most important destination on Facebook’s app, the company has devised a way to make the content users see appear fresh without forcing users to wait for new stories to load. Starting now, Facebook is testing an update where it will look at all the previously downloaded stories present on your phone (those that you hadn’t yet viewed), then rank them based on relevance. This ranking algorithm will also factor in whether or not images are available, the company says.

Then, the app will show you these “new” stories – which are, in reality, those you already download but hadn’t yet reached by scrolling further down your News Feed. The end user experience will be greatly improved by this process, as instead of seeing a spinner while waiting for content to load, they’ll just see posts.

When your connection returns, Facebook will resume downloading and ranking stories normally.

It will also test other improvements to download new stories throughout the day when you have a good connection, so that you’ll always have relevant things to read when the connection is lacking.


You’ll also now be able to interact with these stories and posts as if you were online, Facebook also says.

While in the past, you could like and share posts when you were offline, the new update will allow you to comment on posts, too. These comments won’t technically post until you’re back online, of course, but they do at least give you a way to prepare your comments for that time, as well as feel as if you’re using Facebook normally, despite your lack of connection.

Though the changes are largely aimed at helping those in emerging markets have a better Facebook experience, there are benefits to those in developed regions, too. For example, if you’re in places where your connection is bad, or even missing entirely – like a subway tunnel or at crowded events – you’ll also be able to take advantage of these features.

Facebook says it’s currently testing these new features and rolling them out “over time” in order to gather feedback. That means you may or may not see these changes immediately in your own Facebook app.

The move Facebook is making here is notable – and one other large internet companies (and small ones!) should think about mimicking themselves.

The majority of the world does not yet have access to the internet – instead, only 2.7 billion people are online, or a little more than one-third of the world. Facebook, Google and other tech giants are working to address this problem with far-out initiatives like drones and high-flying balloons to deliver internet access in areas where it’s lacking. But the increasing availability of internet connections combined with the lowered cost of devices means people are joining the web at rapid rates.

As new markets connect they’re skipping the PC era altogether, and instead joining the internet by way of mobile devices. But they will not necessarily have the same, robust connections that developed regions do – which is why it makes sense to design for flaky internet connections as part of a company’s product roadmap.

Via: techcrunch

Google for Work Debuts Gmail Data Loss Prevention Tool

Data security is top of mind for every CIO, CTO — and anyone else who reads technology news stories about multimillion-dollar security breaches. Knowing this, Google for Work is making moves to beef up Gmail security.

Dubbed Data Loss Prevention for Gmail, the tool adds yet another layer of protection to keep important information out of the hands of people who have no business seeing it in the first place.

Suzanne Frey, director of security, trust, and privacy at Google Apps, issued a warning for every company that has data, whether large enterprises or small businesses and whether that data is about strategic plans, sensitive HR issues or confidential inventions: Organizations need to keep data safe from accidental leaks and targeted hacks in ways that are simple and reliable.

“Google for Work already helps admins manage information security with tools such as encryption, sharing controls, mobile device management and two-factor authentication,” Frey said in a blog post. “However, sometimes user actions compromise the best of all of these controls. For example, a user might hit ‘reply all’ when meaning to send a private message with sensitive content.”

Applying Security Rules

Frey offered an example of how Data Loss Prevention for Gmail could work. Let’s say your organization has a policy against the sales department sharing customer credit card information with third-party vendors. In this case, the IT admin can set up a data loss prevention policy to keep the information safe by choosing “credit card numbers” from a predefined content detector library.

Once this is in place, Google’s tech will check every single outgoing e-mail from the sales department automatically and execute the actions IT has required. That could mean holding the e-mail for review, asking the user to modify the e-mail’s content, or letting the salesperson know that the e-mail has been blocked.

“These checks don’t just apply to e-mail text, but also to content inside common attachment types — such as documents, presentations and spreadsheets,” Frey said, noting that Data Loss Prevention for Gmail is the first step in a long-term investment to bring rules-based security across Google Apps. “And admins can also create custom rules with keywords and regular expressions.”

Technical Controls

Frey then offered a laundry list of efforts Google has made on the security front in 2015, from inviting an independent auditor to check out its privacy practices for Google Apps for Work and Google Apps for Education to introducing security keys to make two-step verification more convenient to launching a cloud security scanner and more.

We contacted Ken Westin, a senior security analyst at advanced threat detection firm Tripwire, to get his take on the state of security. He told us the challenge for security leaders is that no matter how much they train their staff members about security, there always seems to be those few employees who download porn apps directly from untrusted third-party Web sites to their phones.

“To our horror, those individuals are then connecting their devices to the corporate Wi-Fi, accessing corporate e-mail and documents from that same infected phone,” Westin said. “It is important to not only have clear security policies established, but also have the technical controls in place to detect and mitigate when there is a policy break or threat that touches your network.”

Via: enterprise-security-today

Mozilla Shuts Down Firefox OS for Smartphones

The Firefox mobile operating system, rolled out by Mozilla in 2013, was intended as a lower-cost alternative aimed at mobile carriers in developing markets. However, Firefox OS-powered smartphones failed to have much of an impact on the market, leading Mozilla to announce this week that it will no longer offer such devices through carrier partners.

Over the two-plus years that Mozilla promoted the mobile OS, it announced more than 50 launches across 29 countries and partnered with 14 carriers, including Orange, Telefónica and Verizon. Telefónica, for instance, offered several Firefox OS-powered devices, including the ZTE Open II and the Alcatel OneTouch Fire C (pictured).

Critics, however, have noted that Mozilla was a latecomer to the mobile OS/device party, and that its execution was in some ways lacking. However, yesterday’s announcement — made at the Mozlando 2015 developer conference taking place this week in Orlando — does not mean that Firefox OS is completely dead: Mozilla said the operating system continues to offer potential for the smart-device ecosystem.

Not ‘Best User Experience Possible’

“Firefox OS proved the flexibility of the Web, scaling from low-end smartphones all the way up to HD TVs. However, we weren’t able to offer the best user experience possible and so we will stop offering Firefox OS smartphones through carrier channels,” according to a brief online post attributed to Mozilla’s senior vice president for connected devices Ari Jaaksi.

Until now, Mozilla appeared to have high hopes for Firefox OS-powered smartphones, even announcing several major launches in different markets over the past year. In May, for instance, Mozilla partner Orange began selling the Orange Klif in Senegal and Madagascar, and planned to expand availability across other parts of Africa.

Mozilla said such programs “deliver on the promise of putting the mobile Web within reach of millions more people, not previously addressed by mobile offers.” It described Firefox OS as “the first truly open mobile platform built entirely on Web technologies.”

Smart TV, IoT Potential

On Reddit’s Linux subreddit yesterday, user jringstad highlighted a number of Mozilla’s “most egregious flaws” in its Firefox OS smartphone initiative. The list of shortcomings included “no thoughts put into monetization,” poor communication about the benefits of an open/free platform and “no usable browser.”

Another Reddit user agreed. “It was a cool idea, but having too much layers of abstraction on less powerful devices sealed the fate of FxOS. Maybe one day, in the future, when the hardware is more powerful,” user markole noted.

“We are proud of the benefits Firefox OS added to the Web platform and will continue to experiment with the user experience across connected devices,” Jaaksi noted in the Mozilla blog post. “We will build everything we do as a genuine open source project, focused on user experience first and build tools to enable the ecosystem to grow.”

In May, for example, Mozilla announced the availability in Europe of the first Panasonic VIERA Smart TVs powered by Firefox OS, with worldwide availability to follow. In the spring, U.S.-based Monohm also showcased its Firefox OS-powered Runcible “personal electronic” device, an IoT-focused hybrid of a wearable and a mobile phone.

Via: enterprise-security-today

Automated Threat Detection Helps Fulfill Critical Security Controls

SANS Institute Reveals That Automated Threat Detection Helps Fulfill Protection Goals of Critical Security Controls — SANS Report States Data Science and Machine Learning Complement and Improve Traditional Security Methods to Meet Security Goals Defined within the Critical Security Controls

SAN JOSE, Calif., Dec. 8, 2015 — Vectra® Networks, the leader in real-time detection of in-progress cyber-attacks, today with the SANS Institute, announced that recent findings by SANS reveal that automated network threat detection using data science, machine learning and behavioral analysis can complement or improve traditional security methods to fulfill goals defined within the Critical Security Controls (CSCs).

“Automated threat detection is making inroads to identify new patterns, detect events that may not match a specific signature, and determine behavioral abnormalities,” wrote Barbara Filkins, senior SANS analyst, in the white paper, “The Expanding Role of Data Analytics in Threat Detection.”

The CSCs were developed through federal and community efforts, coordinated by the SANS Institute and are maintained by the Center for Internet Security (CIS). Designed to mitigate modern attack profiles, they provide recommended actions for cyber defense to stop today’s most pervasive and dangerous attacks. A principle benefit of the CSCs is their prioritization and focus on a small number of actions that offer high payoff results.

“The Critical Security Controls enable organizations to develop a best-in-class security strategy and architecture,” said Sean O’Connor, assistant chief information officer at Worcester Polytechnic Institute. “It is good to see innovative solution providers like Vectra collaborate with SANS to enable security architects to integrate their technology.”

“The Critical Security Controls enable organizations to ensure they implement essential hygiene to manage risks,” said Jane Lute, CEO of the Center for Internet Security. “What I like about Vectra is that it has the ability to sit within the network and look for anomalous behavior — not just dependent on what it’s seen before but looking at how the network is operating, recognize it in real time, and allow mitigation to proceed in real time.”

The SANS white paper, titled “The Expanding Role of Data Analytics in Threat Detection,” is available for download at http://info.vectranetworks.com/data-analytics-in-threat-detection.

The Vectra automated threat management software delivers real-time detection and analysis of active network breaches. Vectra uses a patent-pending combination of data science, machine learning and behavioral analysis to detect malicious behavior inside networks. Its technology picks up where perimeter security leaves off by providing deep, continuous analysis of both internal and Internet-bound network traffic to automatically detect all phases of a breach as attackers attempt to spy, spread, and steal within a network.

Via: enterprise-security-today

Failing To Find Users, Dropbox Will Shut Down Mailbox In February 2016 And Carousel In March

Dropbox, the file hosting and cloud storage company with 400 million users, has been struggling to hold up its $10 billion valuation in the face of scrutiny from investors and observers, and now it looks like the other shoe is dropping as the company streamlines its business. The company is shutting down Mailbox and Carousel, its email and photo apps. Sources tell us the plan will be to focus on its core product and developing other new productivity tools, such as its still-private collaboration app, Paper.

Mailbox will shut down in Februrary 26, 2016, and Carousel will stop working in March 31. The reason for the month extension on Carousel is in part because of a feature that is being built: an export tool that gives existing Carousel users a way to move conversations and content from existing shared albums into Dropbox. Also it will give time for users to migrate their photos. Mailbox was a client that sat on Gmail so shutting it will not affect your data on the service.

We’d been tipped off to the closures by a source close to the company, and also saw murmurs of Mailbox getting shut down elsewhere, and Dropbox now finally confirmed the news with a blog post with details this morning.

“Building new products is about learning as much as it’s about making,” Dropbox co-founders Drew Houston and Arash Ferdowsi write in the blog post. “It’s also about tough choices. Over the past few months, we’ve increased our team’s focus on collaboration and simplifying the way people work together. In light of that, we’ve made the difficult decision to shut down Carousel and Mailbox.”

But even as late as today, Dropbox was sending out messages to users claiming that no decision had been made:

“Thanks for reaching out to us. I understand how frustrating it can be when you aren’t able to receive updates about a product that you feel passionate about using,” said a note sent this morning to a reader. “Mailbox hasn’t been abandoned. It is still being developed while we determine which direction is best. As our developers don’t share there roadmaps with support, I’m unable to share them with you. If there is anything else I can help you with please let me know.”

Even without official confirmation, there were a lot of signs that the products were going the way of the dodo bird.

Mailbox had not been updated since July, and if you dig through Dropbox’s support forums, a lot of questions from frustrated users were going unanswered. Carousel actually had an update a bit more recently, in September, but essentially saw very little development soon after its initial release in 2014.

Neither app, according to App Annie, were seeing anything like sustained popularity beyond their initial releases. Mailbox currently ranks 233 in the “productivity” category in the U.S. iTunes store and is not popular enough to make the general rankings. Carousel is ranked at 271 in the photos category in the same store.

Dropbox started life as a place to store and access files in the cloud, but for years now it has been looking for traction around other services to grow usage — and paying users — on its platform, whose business model is based on offering free storage tiers and upselling people to pay for more space.

As part of that, Dropbox has been making a gradual shift to focus increasingly on sectors that are more likely to pay, such as enterprises. In November, it honed its pitch to business users in an event where it disclosed 150,000 paying business users.

Businesses are a minimum of five individuals, and sometimes many more, but still the proportion out of 400 million users underscores the uphill battle ahead for Dropbox in converting more business users, or building out the business with new customers.

It’s a sad ending for both. When Mailbox first launched in 2013, it was with a huge amount of hype, in part because of the scarcity created by a million-plus people desperate to get off the app’s waiting list, and in part because the app created a simple (and, at the time, unique) interface for reading email (initially on mobile) with gestures to quickly dismiss or archive items in your inbox.

Carousel, meanwhile, was the product of multiple startup acquisitions of promising mobile photo apps. Mailbox co-founder Gentry Underwood has already left Dropbox and Scott Cannon, the other co-founder, is staying on as an advisor for a short period of time.

Via: techcrunch

Microsoft Surprises With New Windows 10 Mobile Build

Microsoft recently released an updated Windows 10 Mobile build, numbered 10586.29. Microsoft’s Gabe Aul calls the new edition of the company’s smartphone operating system a “Cumulative Update” for the preceding build, 10586.

The build was a slight surprise to your humble servant, dropping in the early evening on a Friday.

Before we dig into what’s new, Microsoft noted that its two new smartphones — the Lumia 950 and 950 XL — will be ‘onboarded’ in the next week, thus becoming eligible for the new code.

So, what is in the .29 build? Microsoft states that it has improved the performance of its new Edge browser, which will eventually supplant Internet Explorer.

Moving ahead, the new set of code will help people upgrade their phones with less hassle and contain what Microsoft calls “[i]mproved application backward compatibility for Windows Phone 8.1 Silverlight applications.” I’m not sure how large the demand is for the latter update there, but I presume it was executed for a reason.

Remember Silverlight? Perhaps not.

Today’s update isn’t the largest set of new capabilities, but in the same announcement, the company included an interesting tidbit on how it intends to continue to update Windows 10 Mobile in the coming “few weeks and into next year.” Here’s Aul:

As our partners and Microsoft ship new Windows 10 mobile devices and existing devices are upgraded to Windows 10, all of our users will start to see more updates coming through Windows Update. These will be addressing feedback we receive from our Windows Insiders and new Windows 10 users.

I take that to mean as the pace of updates accelerates, the expected scale or size of each should decrease. That seems reasonable enough: If you’re going to do something more frequently, you may want to shrink your per-build scale.

So, that’s where the company is. If you’re a Windows 10 Mobile user, expect quite a lot of polishing on the way. Now, go outside and lay in the sun.

Via: techcrunch

AT&T Raises Price of Grandfathered Unlimited Data Plans

While AT&T hasn’t offered unlimited data wireless plans for several years, it still has customers who have been grandfathered into those plans. Beginning in February, however, they’ll be charged $5 more — $35 instead of $30 — per month to keep those plans.

AT&T announced the price change this week, noting that it is the first such increase in seven years. It added that customers who choose to cancel their services because of the increase will not be charged any early termination fee as long as they canceled within 60 days of the price increase.

The unlimited data plan is currently available only to subscribers who had such service on or before October 31, 2009, and is offered only for as long as customers continue to use the same smartphones they had at the time. Once customers change either their phones or their plans, the unlimited data offering ends.

Unlimited Data Plans on the Way Out

Unlimited data plans have become increasingly hard to find — or more expensive — in recent years. For example, Verizon Wireless, which has grandfathered support for unlimited data plans since 2011, last month raised the price of that service by $20 per month.

Both Sprint and T-Mobile have also recently increased prices for customers who continue to hold onto unlimited data plans. T-Mobile plans went from $30 to $45 per month in November, while Sprint’s prices rose by $10 per month in September.

While continuing to offer unlimited data plans in some circumstances, carriers have also imposed other limits on holdout customers. Sprint, T-Mobile and AT&T have enacted various throttling policies that slow connection speeds for some unlimited data customers after they’ve reached certain data thresholds. However, AT&T was slapped with $100 million in fines for that practice by the Federal Trade Commission in June for “failing to sufficiently inform customers” about data speed limits.

Rising Network Demands

AT&T said it is imposing the $5 price increase in part because of “significant investments” it has made to accommodate rising network traffic demands. The company said it has also increased average speeds on its network as consumer demands have grown.

“Consumers and businesses are using mobile data at record levels and the trend is expected to continue,” the company said in a statement.

Customers who continue with their existing unlimited data plans will also be subject to throttling of network speeds if they exceed 22 GB of data during any one billing cycle and “are in a congested area,” AT&T said.

We asked AT&T how many customers might be affected by the coming price hike, but a spokesperson told us that the company doesn’t “break out customer numbers by their respective plans.”

Via: enterprise-security-today

Threat Intelligence Advancements Evolve To Deliver Cyberattack Early Warnings

Advancements in Threat Intelligence Evolve to Deliver Early Warning of Imminent Cyber Attacks — BrightPoint Security Delivers Industry’s First Security Command Platform with Dynamic Insight to Predict Current Threats and Threat Changes Across Digital Ecosystems

BrightPoint Security™, a leading Threat Intelligence Platform provider for automation, curation and sharing of threat intelligence to fight cyber attacks, today introduced a new release of its Sentinel™ platform that provides immediate evidence-based predictive insight with risk-prioritized threat scoring. The new release enables enterprises to advance their threat intelligence programs and gain visibility into the cyber threats in their IT infrastructure and of their partner ecosystem.

Already the leader in threat intelligence sharing for detecting and reporting known threats across business ecosystems, today’s announcement is a natural evolution of BrightPoint’s innovative, patented Security Command Platform (SCP) technology. Now with the newest release of Sentinel, and with new add-on modules, organizations have insight into attacks that are emerging in their digital ecosystem through Sentinel Trusted Circles™ to proactively take remediation steps to protect their environments and enforce security controls.

“Organizations are understanding that protecting their business requires them to extend beyond their own virtual perimeters and across their cyber ecosystems into communities for greater threat intelligence sharing,” said Jon Oltsik, Sr. Principle Analyst at Enterprise Strategy Group. “To help organizations gain relevant threat intelligence within their digital ecosystem, they need a solution that makes it easy to support anonymous sharing and analytics to leverage these communities for faster protection in today’s world filled with cyber attacks. BrightPoint has delivered a solution that takes cyber sharing to a new level with their predictive insights.”

While current threat intelligence feeds and platforms focus on the most popular and volume-based threat tracking, BrightPoint focuses on the actual observed sightings within the virtual perimeter of an organization’s Trusted Circles. Leveraging this composite view, Sentinel delivers the industry’s first and only relevancy-focused predictive “weather-map” of threat trends within a business digital ecosystem. Organizations now have deep visibility into the possible attacks that have been crafted for a certain industry, peer group or company. Only BrightPoint delivers early warning indications of threat trends by leveraging knowledge of the velocity, timing and frequency of attacks via machine learning, and provides visibility into the robustness of campaigns through multiple attack vectors from across organizations’ unique digital ecosystem.

This latest release delivers additional integration of threat data and remediation steps. For example, BrightPoint’s new integration with Carbon Black broadens the types of internal threat intelligence that the BrightPoint platform can consume to give real-time awareness to threats within the perimeters and at the endpoints of the organization.

“Working with BrightPoint’s evidence-based solution enhances our support across customers’ ecosystems and infrastructures with predictive insights into risk-prioritized actions for remediation,” said Brian Hazzard, Bit9 + Carbon Black VP of Technical Alliances. “Adding the endpoint into the mix of threat vectors deepens organizations’ overall view of the threat landscape of their organization and those with whom they share information in their ecosystems.”

BrightPoint’s easy-to-use threat trending dashboard with the ability to drill-down into detailed data allows security personnel to view and compare their organization to others in their digital ecosystem to identify who is being targeted, and to proactively remediate to protect or enforce security controls. Additionally, the capabilities within the predictive analytics provide deeper context, resulting in the highest quality of relevant threat intelligence.

“An industry first, this predictive insight and threat trending dashboard gives organizations the solution to determine the urgency of response needed to protect themselves,” said Rich Reybok, BrightPoint CTO. “Today’s offering helps customers drive security strategy and get the most out of their security investments and resources by now having the ability to respond to the most immediate and relevant impending threats and to mitigate exposure fast.”

Availability and Pricing

The newest release of Sentinel is currently available. For more information, including pricing details, please email Contact@BrightPointSecurity.com.

Via: enterprise-security-today

Google Turns Image Search Into Pinterest With New “Collections” Feature

Watch out, Pinterest, you’ve got new competition. Google has now rolled out a new feature on its search engine that offers users an easy way to save to save images they find to collections they can reference at a later time. The search giant suggests you could use the feature for saving things like hairstyle examples to show your stylist, or snowman ideas to have some winter fun. Yep – the same sort of “inspirational” content that Pinterest users often collect and pin their many boards on the service.

In Google’s case, however, the new feature is only being made available to mobile users for the time being, and is only rolling out to those in the U.S. The feature will work across all major browsers on both iOS and Android, the company says.


In order to save images, you’ll also have to be logged into your Google Account. That makes sense not only as a way to pull up your saved items from multiple devices, but also because “collections” are one of the new focus areas within Google’s revamped social efforts on Google+.

Instead of trying and failing to take on Facebook, the updated Google+ is now more interested in helping users create and participate in online communities or share groupings containing images, links and more with their circle of friends or the wider public. In other words, Google+ is now aiming to compete with social services like Reddit, perhaps, or Pinterest.

Getting users to build out personal image collections by way of Google Search is actually a fairly clever trick, then. It could kick off users’ participation in the Google+ collections feature in the future, as it presents a practical use case for building an online image collection via Google in the first place.

To be clear, Image Search collections aren’t currently tied to those collections you make on Google+, but an integration looks like a possibility further down the road.

The new image search feature itself is fairly easy to use, if you have it available. But we did encounter a few bugs, which indicate that it’s still something of a test.


After performing a search, you can narrow down your image selection by tapping on buttons to filter the results. For instance, if you searched for “bob hairstyles,” you can filter images by descriptions like “short,” “blonde,” “brown,” “modern,” and more. That also recalls Pinterest’s own search engine, which has, for some time now, offered a “guided search” experience that lets you pull up specific images by helping you find and tap on related terms.

When you locate images you like on Google, you simply star them to save them to your account. You can also organize your starred images into folders by tapping on the pencil-shaped “edit” icon then add them to collections. And when you need to return to view your images later on, you can just tap on the new “view saved” card with the star icon that floats in the bottom-right of the image search page.

Google didn’t indicate a time frame for when this feature would roll out to other markets around the world, or if it would come to the desktop. And while simply archiving images from Google doesn’t compare with Pinterest’s richer social experience, where you can follow other users and boards, discover products based on recommendations, or even shop from “buyable” pins, its utilitarian nature could have some appeal – especially among those who just want to save ideas without participating in a larger, online community like Pinterest.

That said, Pinterest has staved off a number of attempts from those who tried to copy its image pinboard service. Facebook once tried to develop interest in its own Pinterest-style “collections,” and more recently debuted a fairly weak rival effort with its Shopping Feed. Amazon also tried to clone Pinterest with Amazon Collections – a social effort that fell flat, too. Whether or not Google’s ability to help users save favorite images can make a dent in Pinterest remains to be seen.

Via: techcrunch

Humility, Accountability And Creative Thinking Can Fix IT Security

The state of cybersecurity has reached full-blown systemic failure. The narrative goes something like this: Companies are spending massive amounts of money on technologies that don’t seem to be living up to their marketing messages. According to Gartner, $80 billion will be invested in IT security products in 2015 alone.

Yet breaches persist. Anthem. Ashley Madison. Sony. The U.S. Office of Personnel Management. In most cases, the security teams at these organizations were using products in the upper right corner of the analyst firm’s myriad IT security market Magic Quadrants. They were following industry standard practices.

While it’s always easier to point out the problem — and every vendor is doing it in spades right now — I believe a solution is within reach. Here’s why.

Several psychological, technological and market shifts are now intersecting with a more accountable, collaborative and trustworthy security ecosystem in mind.

Putting A Bullet In “Silver-Bullet Syndrome”

Innovation is central to the solution. But innovation isn’t just about technology. Systemic change requires a mix of new technologies and human creativity. Moving beyond “silver-bullet syndrome” — the notion that any single technology or grouping of products will eliminate all risk — will minimize blind spots by creating a security mindset that’s not in search of a Holy Grail technology.

The most secure businesses in the world have by design built security into their products and trust into their brands, always evolving their offense and defense and dismissing the old adage that nobody ever gets fired for investing in status quo solutions. Boeing. Deloitte. General Electric. Visa. Security is not a feature within these companies’ products, it’s a central brand attribute. It’s in their DNA.

As more companies continue to approach security as a core value versus a bolted-on afterthought, the silver-bullet marketing techniques that are commonplace among product vendors will fall on deaf ears.

Humans Versus Machines

Spend a few minutes on the websites of major security product vendors and upstarts alike and you’ll see much shouting about the promise of machine learning and artificial intelligence (AI). Security providers are employing smart machines to process massive amounts of data from PCs and other devices to recognize patterns of good versus bad behavior.

The irony is that businesses probably need their own pattern recognition experts to weed out the real solutions from the marketing speak. According to IT security expert Simon Crosby, “AI is the security industry’s latest pipe dream.”

This is because cybersecurity will always require humans to hand-pick subtle anomalies that could be most catastrophic. Rather than get pump-faked by the unproven promises of machine learning and AI-based security technologies, Crosby urges businesses to invest in their experts, and tools that enhance their ability to quickly identify and disarm the next attack.

Albeit overly hyped, machine learning represents tremendous promise. But so long as humans are engineering targeted attacks, a human component will be a central part of the solution. Ultimately, smart humans and smart machines will be required to outsmart cybercriminals. This is why FireEye acquired Mandiant’s cybersecurity forensics team for $1 billion.

Newer companies leveraging machine learning and AI worth watching include Exabeam, Securonix, SentinelOne and Sumo Logic, whereas more established players like Lookout, Rapid7 and Palo Alto Networks are also investing heavily in this area (based on their job boards).

Security Needs To Evolve With The Shift To Cloud And Mobility

Cloud usage inside businesses is exploding, yet it’s still in its infancy. The average enterprise used 755 cloud apps in October of this year; more than 1,000 cloud apps for technology, IT services, healthcare and biotech companies. Because employees will continue to access data-laden cloud apps via their mobile devices, both shifts are tightly coupled, and the mobility security problem is about to snowball.

Most businesses haven’t adapted their security systems at nearly the same pace to address changing IT infrastructures and human behaviors at their organizations. Amazon Web Services, for example, is expected to top $7 billion in revenue this year, further signaling how quickly this shift is taking hold.

And yet, while everyone acknowledges a shift to cloud, we’re still in the very early innings. Consider this: By 2018, only 27.8 percent of enterprise apps will be SaaS-based, according to IDC. As a result, Kevin Mahaffey believes most of the existing IT security systems will be replaced over the next several years.

Forward-looking businesses and investors are banking on technologies to get better visibility and control over the mobile and cloud tsunami that is shaping up. Mahaffey’s company Lookout has raised nearly $300 million. Infrastructure security startup CloudPassage has raised $90 million amid the shift to public and private cloud environments, and endpoint security startup Tanium recently raised $120 million on a $3.5 billion valuation.

According to CB Insights, more than $2.3 billion has been invested in IT security this year (so far), on track to eclipse last year’s $2.5 billion. A new Exchange Traded Fund (ETF) focused on cybersecurity even hit the public markets this year — ticker symbol HACK — and is loaded with public and private investments focused on solving security amid the shift to cloud and mobile computing.

Identity Will Become The Central Layer Of The NewSecurity Stack

As mobility and the cloud make enterprises truly borderless, protecting endpoints, cloud apps, networks or email requires a standard way to manage user data created by the explosion of different devices, systems and human workflows. This situation is changing the role of identity, shifting it away from pure access management to a foundational layer of the modern IT security stack.

While companies like Ping Identity and Okta are leading the way for large enterprises and SMBs, respectively, effective identity-centric security requires the identerati to work together. This is the idea behind the recently launched Identity Defined Security Alliance, created by Ping, Netskope ThreatMetrix and VMWare, “to make identity the linchpin of CIOs’ security strategies, keeping their data safe by making it accessible to the right people at the right time.”

Information Sharing Is The Future

When it comes to searching for a solution to cybersecurity, there’s a lot we can learn from the decades-old open-source movement. While opening up the ecosystem through vulnerability-sharing marketplaces (also known as bug bounty platforms like HackerOne and BugCrowd) exposes the system to bad actors, the collective wisdom and positive will of the security research community is infinitely more scalable than the status quo.

However, well-intentioned policy makers are undermining those efforts. A voluntary arms agreement among 41 participating countries, called the Wassenaar Arrangement, threatens to hold back progress in the security industry’s information-sharing movement. According to Katie Moussouris: “The entire Internet ecosystem and everyone who uses technology will suffer the chilling effect [from legislation like Wassenaar] on research and advances in defense.”

Breach Insurance Is Not Accountability

In the wake of so many exploits, breach insurance is becoming one of the most lucrative segments of the insurance industry. In fact, Warren Buffett entered the market with two new policies earlier this fall. While large corporations need to reduce liability, breach insurance is a very dangerous concept. It signals to top brass and board members that their time in the headlines is inevitable; that it’s okay to get breached, because financial loss will be minimized.

While businesses need to reduce liability, that can’t happen at the risk of dodging accountability.

Companies need to be accountable to shareholders and customers victimized by data breaches. They also should demand accountability from the vendors from whom they buy security products. In a climate in which hundreds of security product vendors are making billions, isn’t it ironic that so few offer money-back guarantees to companies who experience breaches through their technology?

In fact, only one vendor today, White Hat Security, offers a guarantee program like this, offering to refund customers in full if a website using their technology is hacked. In 2016, expect to see those vendors with great technology certify their products with money-back guarantees.

A Brighter Future?

In a world where everyone knows cybercriminals and cyberterrorists are prevailing, and where we have the means to turn the tides — financially, technologically and in sheer numbers — will 2016 look any different?

Only time will tell — but I believe the good guys are well positioned to stage an epic comeback.

Via: techcrunch