How Lastline has better breach detection capabilities

The Internet is a nasty place, and getting nastier. Current breach detection products using traditional anti-malware sandbox technologies can’t keep up with advanced persistent and hyper-evasive threats that pummel enterprise networks on an hourly basis. Malware authors encode their exploits with a number of operational vectors, so in case one entry point doesn’t work they can still find a way into your network to do their dirty work. And as more businesses hire more outsourced consultants, part-time workers, and employ mobile devices, they open up additional mechanisms for malware to enter their corporate networks.

Some traditional AV and endpoint protection vendors have responded to these threats by adding features to their security products to do a better job of anticipating badly behaving packets coming through their detectors. They make use of limited virtual machines or operating system emulators to view how a piece of malware operates. That is great, but it isn’t enough. Many malware authors can detect when these simulated environments are active and can evade detection accordingly. For example, some exploits such as W32.DelfInj can literally go to sleep for several days to avoid any detector that will just scan an infected system for the first several minutes.

1aWhat is needed is a next-generation sandbox that can correlate a series of particular breach events add IP and object based reputation analysis and do this in near real-time. This is what the Lastline Breach Detection Platform does.  What makes them unique is their range of discovery, the way they can effectively mimic actual PC or smartphone endpoints to examine malware behavior, and how they can scale up to handle very large networks with their modular and SaaS-based tools.

Download my review of their system here.

ITWorld: Maximizing your online training

1112Training is an investment, and building and sharpening an IT team’s skill set
is critical to the well-being of every enterprise. The good news is that there are lots of options out there, from expensive in-person seminars and trade shows to online classes. The bad news is that there are lots of options out there. Finding the right mix of training for your team isn’t a simple undertaking.

In this white paper for ITWorld, I talk about the ROI of online training, point out some resources to consider, whether or not to consider a certification program, and ways to assess your personal learning style.

ITworld: The enterprise mobility management journey

Enterprise mobility management (EMM) is a marathon, not a sprint, so you must be thinking about what you need today with the tools available, and be planning for the future. At the core, enterprises need stability and scale, so how do they choose the right solution?  Analysts say this is the year to review your EMM strategy or develop one if you haven’t already. There are a lot of companies vying for the enterprise business with tools that have varying degrees of functionality. I wrote a white paper for ITworld that explores the journey as you manage this moving target.

You can download the paper here, reg. is required.

Gigaom paper: Customer-driven infrastructure: building future-ready consumer applications

The days when IT could tell end users what kinds of computing gear to purchase and use ended sometime in the 1990s, but for many years afterwards IT retained a stranglehold on the deployment and maintenance of enterprise infrastructure, corporate-wide applications, and building data centers. Those days are quickly becoming another memory for IT departments, who have seen the evolution of customer-facing applications and the Web- and cloud-based worlds that have arisen. These apps are changing the way that IT delivers its services, builds its enterprise architectures and selects its systems.

In a paper that I wrote for GigaOM,, I suggest ways to evaluate technology decisions from the perspective of customer experience and suggest metrics that can help businesses justify and benchmark the success of their future IT investments.

The Well-Connected Restaurant: a new research report

The days when restaurants could rely exclusively on good food, an enjoyable ambiance, and word-of-mouth advertising are quickly coming to an end. More and more restaurants are discovering that they must use consumer-facing connected technologies such as websites, social networks, and mobile apps just to stay competitive.

Connected technology empowers restaurant customers. Consumers can locate restaurants, make reservations, browse menus and nutrition information, order food for delivery or pickup, pay for meals, and instantly redeem rewards. Connected technology can also free consumers from having to carry around an assortment of credit cards, debit cards, loyalty cards, gift cards, and printed coupons.

Connected technology empowers restaurant merchants. Owners and managers want to keep in touch with customers, accept online and mobile orders and payments, increase sales and tips, and respond quickly and effectively to complaints. With competitors constantly showing up on their customers’ screens, they can’t afford not to use connected technology.

There is a lot more that Ira Brodsky and I have to say on the subject:

ITworld: Virtual storage roadmap

Tintri-per-VM-latency-end-to-endWhen you have a lot of virtual machines, managing your storage needs and ensuring that your environment is optimized to deliver sufficient performance and reliability is a challenge. VMs can greatly increase storage by several orders of magnitude, and specialized VM storage repositories (such as this one from Tintri, the console shown at left) are needed to keep things under control and increase productivity. There are several interesting directions and technology advances in this market, including so-called storage hypervisor software tools, new storage appliances that are VM-centric, and better storage management features from the traditional ecosystem vendors.

Here is the paper that I wrote on the topic.

ITworld: Your Strategic Guide to VDI

If you have not looked at VDI technology in a while, you will find that its changed. Faster, cheaper technology has made it an interesting option for some companies seeking a way to support flexible, work-from-anywhere environments. In fact, some CIOs say BYOD is driving new interest given that virtualized desktops can help keep corporate data on corporate servers, not on client devices.

In this PDF download (registration required) for ITworld, I wrote several of the articles talking about how to become more effective with deploying virtual desktops.

Integrating single sign-on across the cloud

Single sign-on isn’t new: it has been around for more than a decade to help enterprises manage multiple passwords. And given the number of leaked passwords as of late it is becoming increasingly important as a security tool. What is new however is that an SSO tool can secure both local server and cloud-based ones.

You can read more of my thoughts for a custom white paper I wrote for McAfee here.And here is a link if you would like to read my review of 8 different SSO tools that I did for Network World earlier this year, including McAfee’s and Okta’s products.

InfoSec Mag: Next-gen firewalls play by new rules

Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced, many IT security experts are still stuck with the original firewalls that handle ports and protocols.

You can read the full article (with registration) here in the September issue of Information Security magazine.

There is also an accompanying video/slidedeck with copious screenshots of the various products and a more specific article about how to manage application access policies. All three can be found here.

ITworld: Optimize your cloud apps: How to create a great user experience

In a perfect world you would design your apps from the very beginning to operate in the cloud to offer the best experience possible. Unfortunately, not every company has that luxury, and many often deal with an “accidental cloud”. But there’s a lot riding on getting it right: 61% of IT leaders said their companies have at least one application, or a portion of their computing infrastructure in the cloud, and the average investment in cloud-based services during the next 12 months will be $1.5 million. Are your users happy with the cloud experience you currently offer? In this Owner’s Manual white paper, IT pros share hard-earned insights from their own cloud deployments, and provide tips on how to improve the overall experience.

ITworld_HP Owners Manual Link