Tips, Expertise, Articles and Advice from the Pro's for Your Website or Blog to Succeed
TIBCO recently held its annual TIBCO NEXT conference, outlining its product roadmap and strategy for modernizing its pioneering integration and analytics platform. As a trusted integration anchor for over 25 years, TIBCO aims to simplify connecting systems and data across today's complex hybrid technology landscapes.
Several key themes indicate how TIBCO is adapting to emerging needs:
Legacy integration and analytics provider TIBCO is at an inflection point. Founded in 1997, the company built its reputation as a leader in on-premises enterprise messaging and event processing. But today's era of cloud, containers, and pervasive APIs requires a new approach.
At the recent TIBCO NEXT conference, I sat down with Matt Ellis, Senior Director of Product Management, and Rajeev Kozhikkattuthodi, VP of Product, to learn how TIBCO is adapting its connected intelligence platform and product portfolio to meet modern customer needs.
Business source licensing (BSL) has recently emerged as an alternative software licensing model that aims to blend the benefits of both open-source and proprietary licensing. For developers and IT professionals evaluating solutions, understanding what BSL is and its implications can help inform licensing decisions.
Like open-source licensing, BSL makes source code viewable and modifiable. This allows a community of developers to collectively improve the software. However, BSL applies restrictions on how the software can be used commercially. This provides revenue opportunities for the company publishing the software, similar to proprietary licensing.
September marks National Insider Threat Awareness Month (NITAM), an annual campaign dedicated to shedding light on the risks posed by trusted insiders. Whether employees, contractors, partners, or collaborators, these authorized individuals have the potential to intentionally or accidentally cause significant damage through data theft, system sabotage, fraud, and more. As technology leaders on the front line of your organization's cyber defenses, it's critical to understand your role in insider threat mitigation. Use this month as an opportunity to re-evaluate controls and strengthen vulnerabilities.
Access lies at the heart of insider risk — broad privileges provide openings for abuse. Scrutinize the access rights of users across your systems and data. Are permissions overly permissive based on actual needs? Tighten controls by implementing the least privilege and separation of duties policies. Leverage tools like access management platforms to streamline provisioning and revocation. For highly sensitive resources, enforce multi-factor authentication and monitor for suspicious activity.
Developing secure APIs is crucial, but testing them thoroughly can be time-consuming and difficult without the right tools. A new offering called CodeSec from application security provider Contrast Security aims to make robust API security testing quick, accurate, and accessible to all developers for free. I had the opportunity to catch up with Jeff Williams, CTO at Contrast at Black Hat 2023. Here's what I learned.
CodeSec provides an easy command-line interface to scan APIs and serverless functions written in Java, JavaScript, Python, and .NET. It leverages Contrast's patented demand-driven analysis to deliver results up to 10 times faster than competitors. This allows developers to rapidly identify vulnerabilities in their code before those flaws reach production.
At Black Hat 2023, Kemba Walden, Acting National Cyber Director at the White House, outlined a new national cybersecurity strategy aimed at strengthening defenses through workforce development and technology initiatives.
For developers and technology professionals, this strategy has major implications, validating the importance of cybersecurity skills while offering expanded career pathways. Let’s explore the key announcements and what they mean for IT talent.
I recently had the opportunity to speak with Renen Hallak, Founder and CEO of VAST Data, about their new unified data platform for AI. VAST made waves in 2019 with the release of their VAST DataStore, a highly performant and scalable all-flash storage system. However, as I learned from Renen, storage was only the opening act in VAST's grander vision to become an AI data platform.
With the hype and investment around AI reaching astronomical levels, the demands on infrastructure are greater than ever. VAST aims to eliminate common compromises around performance, scale, geography, and ease of use to unlock AI's potential. On August 1st, VAST unveiled its expanded data platform, comprising a new database and compute capabilities alongside its flagship VAST DataStore.
The software supply chain has emerged as a prime target for cyberattacks in recent years, as evidenced by major incidents like SolarWinds and Log4Shell. To understand how IT teams can get ahead of supply chain threats, I spoke with two founders of Chainguard – Ville Aikas and Kim Lewandowski, at BlackHat 2023. While at Google, Aikas, and Lewandowski were co-creators of two really popular open-source technologies (Sigstore and SLSA, aka “Salsa”).
Supply chain attacks have driven home the risks of third-party software dependencies. But as Chainguard's founders explained, solutions like Sigstore and the SLSA framework are bringing discipline to securing code provenance and integrity.
Privileged access management (PAM) is critical for securing sensitive systems and data, especially with remote work's expanded attack surface. However, recent research by Keeper Security reveals significant barriers still inhibit broad PAM adoption. Cost and complexity top the list of challenges.
A survey of 400 IT and security leaders found 58% have not deployed PAM because it was too expensive. And 56% attempted PAM deployment but failed to fully implement due to excessive complexity. This indicates an appetite for robust PAM, but solutions remain out of reach for many.
APIs are the digital fabric connecting companies, partners, and customers. But increased reliance on APIs also introduces new security risks. I recently spoke with Michelle McLean, VP of Marketing at API security provider Salt Security during Black Hat 2023 about the current challenges and future outlook for API security.
McLean says API awareness has grown due to high-profile breaches like the Optus leak in Australia. Such incidents underscore that APIs are an easy yet lucrative target. Attackers increasingly focus on APIs to steal valuable data, carry out fraud, and more.
A recent interview with Island’s founding team member Brian Kenyon at Black Hat 2023 sheds light on how the enterprise browser is poised to become a powerful platform for secure remote work. Island offers a version of the Chromium open-source browser customized for the needs of enterprises. According to Kenyon, the enterprise browser holds enormous promise as the interface through which companies distribute software, apply access controls, generate usage analytics, and enable productivity.
Kenyon explains that browsers entered the workplace mainly as a portal for personal tasks like online shopping between meetings. Enterprises tried to limit liability by restricting certain sites but otherwise did little to manage browser usage. However, browsers now access critical cloud applications and sensitive corporate data. Despite this shift, employees still use the same consumer products like Chrome and Safari.
The urgency of securing vulnerable software infrastructure is at the heart of an ambitious new DARPA program — the AI Cyber Challenge (AIxCC). Through competitions engaging top security talent, AIxCC aims to spur innovative tools that automatically detect and patch flaws at scale.
As highlighted in Perri Adams, DARPA AIxCC Program Manager's announcement at BlackHat 2023, modern life increasingly depends on software, yet this vast codebase represents a prime attack surface for malicious actors. Recent years exposed the pressing need for advanced capabilities to lock down our software foundations.
In an increasingly interconnected world, the need for robust cybersecurity infrastructure resilience is now more critical than ever. Cyberattacks pose significant threats to nations, businesses, and individuals alike, with potentially devastating consequences. It is in this context that we can learn valuable lessons from Ukraine's cyber defenders, who have faced and overcome significant challenges during the Ukraine War. By examining their experiences and strategies, we can gain insights into building a more resilient future.
This was the second keynote at Black Hat 2023 titled Phoenix Soaring: What we can learn from Ukraine's cyber defenders about building a more resilient future.
I wrote What is Persistent Data in 2016 based on research I conducted for DZone’s Data Persistence Research Guide. A lot has changed since then. Here’s an update.
Data persistence refers to the ability to retain data in a durable and recoverable form, even as hardware, software, and devices change around it. As our world becomes increasingly digital, having reliable methods of data persistence is more crucial than ever.
Software supply chain security is a threat area that was popularized by SolarWinds and Log4j. For the first time there was widespread awareness of how exploiting popular software artifacts (libraries, frameworks, etc.) can give hackers entry, where they can then pivot to all sorts of mischief.
It's become the next buzzword in cybersecurity and the intersection of DevSecOps. As the latest evolution of the so-called "shift left" security trend, it's really about baking the concept of provenance (who created software, who has touched it, ensuring that it has not been tampered with) into the build process, up through production applications.
Synthetic data is data that is artificially created. It is often used in machine learning and artificial intelligence (AI) applications, where it can be used to augment existing datasets or to create new datasets altogether.
There are two main types of synthetic data:
AI is already preventing the most common types of cyberattacks in several ways. Here are four examples:
Malware detection: AI detects malware by analyzing its code or behaviour. For example, AI can be used to identify known malware signatures or to detect anomalous behaviour that is indicative of malware.
Preparing for Black Hat 2023, it seems like API security will be a key issue. Here’s what you need to know.
An API, or application programming interface, is a set of definitions and protocols for building and integrating application software. An API defines how two pieces of software can interact with each other. It specifies the methods, functions, and data structures that are available for use, as well as the rules for how those methods and functions can be used.