CSOonline: SOAR buyer’s guide, 11 products compared

Posted on by
Reply

The class of products called SOAR, for Security Orchestration, Automation and Response, has undergone a major transformation in the past few years. Features in each of the four words in its description that were once exclusive to SOAR have bled into other tools. For example, responses can be found now in endpoint detection and response tools. Orchestration is now a joint effort with SIEM tools. Many of these features are now found in managed security products that go by other names, such as threat and incident response or cloud security posture management (CSPM). And many of the SOAR tools are no longer just focused on security but have expanded to cover the wider context of how an enterprise infrastructure operates.

In this review for CSOonline, I cover some of the major issues for enterprises that are looking for a SOAR tool and briefly mention 11 vendors (out of dozens that offer such products). Be warned that these products are pricey, and finding true price transparency is almost impossible without engaging the vendors’ sales teams.

Book review: The Perfect Home

Posted on by
Reply

The Perfect Home by Daniel KenitzThe novel The Perfect Home by Daniel Kenitz centers on a power couple who are behind a leading shelter reality TV show and what could go wrong. If you are a fan of such shows you might enjoy the novel, which chronicles the decline of their relationship when the husband plans on getting rid of his family in the quest to garner more fame, more power, and more money on his own. Twin babies are involved, an affair happens, and the wife reunites with her long estranged father, all in the quest to figure out the shifting reality — in this case, their actual lives — rather than what is depicted on screen as they renovate various homes around the country as the cameras and scripted witty banter roll. Having been through a divorce from my own cheating spouse, I still found this novel interesting and engaging, and the exploration of the shifting understanding of marital trust worthy of the author’s treatment.

How to best disconnect from Twitter

Posted on by
1

Last month, I suggested that it is time to remove ourselves from Twitter. There are several ways to do this. You’ll see my process and you can make your own decisions. TL:DR is:

  • I stopped posting more than a year ago, but still kept my account to protect my brand as a placeholder.
  • I downloaded an archive of my tweets in multiple ways, and will tell you why this is necessary.
  • I then deleted all my tweets, using the Windows software from Cyd.social.
  • I also deleted the other digital effluvia of my account, including retweets, likes and follows).

Before we go down this journey, I would urge you all to read how to backup all of your social data, a blog that I wrote many years ago and have tried to keep current. If you haven’t ever done this, now is the time to create and download these archives. This should be a part of your regular backup processes of your data.

Backing up your social network data

That post will direct you to a particular link where you can prepare and then download an archive of each of your accounts. For Twitter, it might take a day or two to gather it together, but Twitter will send you an email when it is ready, and then you have a few days to download it. The others have somewhat different processes and schedules. You can pick and choose various options and data types to include in your archive: for example Google has dozens of services that may or may not be meaningful to save periodically.

But, and this is important: the archive of your tweets depends on having a working Twitter account. There is a page of HTML that will bring up a summary of your archive, but the tweets and follows and so forth have to exist online. It is a somewhat half-solution. I had a small hiccup with my archive that I will get to in a moment.

A better solution is to use one of the dedicated archive/deletion tools, and as I said, I ran Cyd.social, which logs into your Twitter account and then creates a complete offline archive. The hiccup was that Cyd didn’t like the very long file name that Twitter created, so I renamed it and that passed muster. Cyd uses this archive as a starting point to seek out and delete your content history.

There are two versions, as you can see from the screenshot: the free one will archive and delete all of your tweets. The paid version (which you can purchase an annual subscription initially for $36) will also allow you to be more selective and keep some of your tweets, and also delete other aspects of your account, such as followers, likes, and DMs.

I upgraded to the premium version so I could delete everything. I liked the design of the software, which tells you in advance what it is about to do to your account. Because Twitter has put in place rate limits to prevent these mass deletion operations, Cyd has to work around them and sometimes pauses during its housekeeping to foil these limitations.

One content type you might notice is not covered by Cyd is list management. I have quite a few lists, and ideally would like to convert them to followers on LinkedIn before I delete them, but I haven’t found a tool to do that.

Another thing that I noticed browsing my archive is how few of my words of wisdom were retweeted or liked. Almost all of them had no engagement whatsoever. You would think with all the years of using Twitter and various analysis tools I would have noticed this before now. Sigh.

I came across a free analysis tool from Cleve.AI that does summarize my LinkedIn activity. You can see an excerpt from my report below, which has a nice summary of my words of wisdom, shown below.

Best wishes and happy new year to you!

How IT can learn from Target and Walmart

Posted on by
Reply

With all the holiday shopping happening around now, you probably have visited the websites at Target and Walmart, and maybe that prime Seattle company too. What you probably haven’t visited are two subsidiary sites of the first two companies that aren’t selling anything, but are packed with useful knowledge that can help IT operations and application developers. This comes as a surprise because:

  • they both contain a surprising amount of solid IT information that while focused on the retail sector have broader implications for a number of other business contexts
  • they deal with many issues that are at the forefront of innovation, (such as open source and AI) not something normally associated with either company
  • both sites are a curious mixture of open source tool walkthroughs, management insights, and software architecture and design.
  • many of the posts on both sites are very technical deep dives into how they actually use the software tools, again not something you would ordinarily think you could find from these two sources

Let’s take a closer look. One post on Target’s site is by Adam Hollenbeck, an engineering manager. He wrote about their IT culture: “If creating an inclusive environment as a leader is easy for you, please share your magic with others. The perfect environment is a challenge to create but should always be our north star as leaders.” Mark Cuban often opines on this subject. Another post goes into details about a file analysis tool that was developed internally and released on open source. It has a user-friendly interface specifically designed to visualize files, their characteristics, and how they interconnect.

Walmart’s Global Tech blog site goes very heavy into its AI usage. “AI is eliminating silos that developed over time as our dev teams grew”, Andrew Budd wrote in one post, and GenAI chatbot solutions have been rolled out to optimize Walmart’s Developer Experience, a central tool repository. There are also posts about other AI and open source projects, along with a regular cyber report about recent developments in that arena. This is the sort of thing you might find on FOSSForce.com or something like TheNewStack, both news sites.

Another Walmart article, posted on LinkedIn, addresses how AI is changing the online shopping experience this season with more personalized suggestions and predictive content, (does this sound familiar from another online site?) and mentions how all Sam’s Club stores have the “just walk out” technology that was first pioneered by Amazon. (I wrote about my 2021 experience here.)

One other point: both of these tech sub-sites are not easily found: tech.target.com (not to be confused with techtarget.com) and tech.walmart.com — have no link from either company’s home pages. ” I’m not sure these pages should be linked from the home pages,” said Danielle Cooley, a UX expert whom I have known for decades. “As cool as this stuff is for people like you and me and your readers, it’s not going to rise to home page level importance for a company with millions of ecommerce visitors per day.” But she cautions that finding these sites could be an issue. “I did a quick google of ‘programming jobs target’ and ‘cybersecurity jobs target’ and still didn’t get a direct link to tech.target.com so they aren’t aiming at job openings. But also, the person interested in cybersecurity will not also the person interested in an AI shopping assistant for example.” Given their specificity, even if a visitor lands on them, they still might go away frustrated because the content is pretty broad.

You’ll notice that I haven’t said much about Amazon here. It really isn’t fair to compare the two tech sites to what they are doing, because of Amazon’s depth in all sorts of tech knowledge. And to be honest, in my extended family, we tend to shop more at Amazon than either Target or Walmart. But it is nice to know that both Target and Walmart are putting this content out there. I welcome your own thoughts about their efforts.

A very practical business book to help spur innovative thinking

Posted on by
Reply

The Imagination Emporium by Duncan Wardle is an interesting business book. Unlike many books that fall flat after a solid first chapter full of suggestions on how to improve your workaday life, Wardle’s book is a solid construction that is chock full of real tools to help you figure out new ideas, sort and rate them and act on the best after building a consensus from various stakeholders. It is a “What Color is Your Parachute” reimagined for the digital, collaborative age, and like Parachute contains some simple but very effective ideation exercises. The trick is to actually stop reading and work through them to generate the ideas yourself.

Wardle was former head of innovation and creativity for Disney, and the design of the book’s pages show exactly how creative and clever he can be at getting you to use his tools. It starts off by exploring the “river of thinking,” where colleagues shoot down your ideas because that isn’t the Way Things Have Been Done or because There isn’t Any Budget or No, Because types of replies. Sound familiar? We have all been there.

Wardle says that our imaginations began to be stifled the day we went to first grade and told to color between the lines. That attitude creates a river of negative thinking that has lasted all of our lives. Another example — don’t call the person sitting by your office’s front door a receptionist, but as “Director of First Impressions.” See what that does? The person becomes empowered to do something important.

None of us go to work today and say we are going to kill a bunch of ideas, and yet, that is what we all do. Wardle’s book will get you to go to “Yes, and” and become better idea nurturers by building a team of diverse opinions and perspectives, and have naive experts that can stimulate your discussions.

Once again, priceless isn’t a marketing strategy

Posted on by
4

I want to introduce you to one of St. Louis’ premier restaurants, Charlie Gitto’s. It has been around for decades and you can be sure of a great meal, with great service and a quiet place where you can hear your tablemates. So go on over to their website and check out their menu. I’ll wait while you take a look.

 

What don’t you see on their menu? Prices! Now lest you think that this is common among top-tier restaurants, I did a quick check and found many of their competitors have prices listed, some who charge even more than Charlie Gitto’s does.

My interior designer wife reminded me of another example. We have been to one of her lighting supplier stores. There are no printed prices on any of the items in their showroom. Instead, there are QR codes that you can scan for the retail prices. Imagine looking at a dozen lamps or whatnot: this gets tedious really quickly. Far easier to just bring up the Google pages.

This is not a new subject for me. I wrote about this back in 2011 when I said priceless is not a marketing strategy. Back then, I wrote that those vendors who don’t publish prices really are unsure about their pricing strategy, and so have instructed their PR firm or marcom team to just omit this information and see what the reaction is by potential customers and other related parties. Based on this free research, they will come back and adjust the Web pages and add the appropriate pricing.

Well, I was wrong. These priceless vendors never plan to publish anything publicly. Take a look at these two examples which are long on details on how their prices are calculated without providing any actual dollar amounts.

Tines’ page shows you how many degrees of freedom a price depends on: depending on how you count, there are four basic tiers (one of which is free, kudos to them), and seven different add-on tools, and five different usage tiers and you get at least 140 different prices, and then a note saying that older customers are on a different pricing model. Yikes!

I was eventually able to squeeze out a range from Tines, but it took several emails. Another vendor initially refused to name their prices, when I published the article I had the wrong information, gleaned from some online information (which turned to be incorrect). They finally did come clean with the right schedule. Hopefully another lesson learned!

Now I realize that posting a fancy restaurant’s menu and posting a $500,000 or so enterprise security service are different things, but not really. What if when you came into the restaurant, and they presented you with a menu that had different prices for the following

  • If you are going to pay cash, you get a slight discount, since they avoid the credit card processing fee (I have started to see more this situation).
  • If you are going to occupy your table for more than 90 minutes, there will be an add-on per minute charge.
  • If you made a reservation for a certain size party but show up with fewer diners, you will be hit with a surcharge.

You get the point.  Some restaurants are even charging in advance, when you make your reservation. Those are restaurants that aren’t getting my business.

When I first wrote about this situation, I had a lot of comments. One vendor told me they cleaned up their act and thanked me for my POV. One small step for vendorkind. But really folks: the harder you make it for your customers, the fewer customers you will have. And that is something really priceless.

Red Cross blog: The Journey From Intern to Board Member:

Posted on by
Reply

Every Red Cross volunteer has a unique background and reason for volunteering. Recent University of Missouri graduate CJ Nesser is no exception and is proof of the younger generation’s desire to take on heavy levels of responsibility and make a difference in the world around them. This is his story about his volunteer efforts, an impressive young man indeed!

 

Time to move away from Twitter

Posted on by
4

Yes, I know what it is now known as. When the Muskification began two years ago, I wrote that this was the beginning of its demise. I said then, “Troll Tweeting by your CEO is not a way to set corporate (or national) policy.” How true, even now.

Since then, I haven’t posted there. I still have my account, mainly because I don’t want anyone else with my name to grab it. But I have focused my efforts in content promotion over on LinkedIn. This week I give a more coherent reason why you might do the same and follow in the footsteps of The Guardian, who announced they are moving off the platform earlier this month. They said, “X now plays a diminished role in promoting our work.”

I got a chance to catch up with Sam Whitmore in this short video podcast. We discuss why PR pros should follow my example. Sam and I go way back nearly 40 years, when we both worked as reporters and editorial managers at PC Week (which has since been unsatisfactorily renamed too). Sam takes the position that PR folks need to stick with Twitter because of historical reasons, and because that is where they can get the best results of coverage by their clients and keep track of influential press people. I claim the site is a declining influence, and so toxic to anyone’s psyche, let alone their client’s brand equity.

In January 2023, I wrote a series of suggestions on Twitter’s future, including how hard it will be to do content moderation (well, hard if they actually did it, which they apparently don’t) and how little operational transparency the social media operators now have.

Since then, Twitter has become the platform of outrage. As my colleague Scott Fulton points out, this is different from encouraging engagement.  If I state a point of view on X, the only way I can expect my statements to be amplified is if they can be rebutted or maybe repudiated.” My colleague Tara Calishain pointed me to a post on The Scholarly Kitchen, where several of its contributors point out their own movements away from Twitter.

Is Sam or I right? You be the judge, and feel free to comment here or on LinkedIn if you’d like.

CSOonline: How to pick the best endpoint detection and response solution

Posted on by
Reply

Endpoint detection and response (EDR) security software has grown in popularity and effectiveness as it allows security teams to quickly detect and respond to a variety of threats. EDR software offers visibility into endpoint activity in real time, continuously detecting and responding to attacker activity on endpoint devices including mobile phones, workstations, laptops, and servers.

In this buyer’s guide for CSOonline, I explain some of the benefits, trends, and questions to ask before evaluating any products. I also briefly touch upon six of the more popular tools. One of them, Palo Alto Networks’ Cortex XDR, has a dashboard that looks like the below screencap.

 

How to succeed at social media in this age of outrage

Posted on by
Reply

Samuel Stroud, the British blogger behind GiraffeSocial has posted a column taking a closer look at how TikTok’s algorithm works — at least how he thinks it works. But that isn’t the point of the post for you, dear reader: he has some good advice on how to improve your own social media content, regardless of where it lands, and how it is constructed.

Before I get to his suggestions, I should first turn to why I used the word outrage in my hed. This is because a new Tulane University study shows that people are more likely to interact with online content that challenges their views, rather than agrees with them. In other words, they are driven by outrage. This is especially true when it comes to political engagement, which often stems from anger, and fuels a vicious cycle. I realize that this isn’t news to many of you. But do keep this in mind as you read through some of Stroud’s suggestions.

You might still be using Twitter, for all I know, and are about to witness yet another trolling of the service by turning all user blocks into mutes, which is Yet Another Reason I (continue to) steer clear of the thing. That, and its troller-in-chief. So now is a good time to review your social strategy and make sure all your content creators or social managers are up on the latest research.

Stroud points out several factors to keep track of:

  • Likes, shares and comments: the more engagement from others, the higher a post is promoted. And this also means you should respond to the comments too.
  • Watch time: Videos that are watched all the way through get boosted
  • New followers: posts that generates new followers signing up also get boosted
  • More meta is betta: Captions, keywords, hashtags, custom thumbnails — all of these help increase engagement, which means paying attention to these “housekeeping” matters almost as much as the actual content itself.
  • Your history matters: if you have had previous interactions with this creator, type of content, or other trackable habits

Now, most of this is common sense, and perhaps something you already knew if you have been using any social media platform anytime over the last couple of decades. But it still is nice to have it all packaged neatly in one place.

But here is the thing. The trick with social media success is being able to balance your verisimilitude with your outrage. It is a delicate balance, particularly if you are trying to promote your business and your brand. And if you are trying to communicate some solid info, and not just fuel the outrage fires, then what Stroud mentions should become second nature to your posting strategy.