Traduttore automatico - Read this site in another language

lunedì 10 giugno 2019

AppDynamics Launches New Integration Partner Program Aimed at Accelerating Enterprises' AIOps Journeys

News release 04 June 2019

SAN FRANCISCO, Calif. – June 4, 2019 – AppDynamics, a Cisco company and leader in application intelligence, today announced the AppDynamics Integration Partner Program, a new partnership program that simplifies the rapidly expanding technology ecosystem for enterprises through strategic collaboration with leading technology companies. AppDynamics has curated joint innovations geared toward empowering IT teams with an extended view of their applications, network, infrastructure and business, and providing AI-powered insights for automated remediation and optimization.
As IT systems continue to grow more complex and distributed, many companies are turning to AIOps to help alleviate the increasing resources needed for manual management. With the AIOps market projected to rise to $11 billion by 2023*, the challenge of figuring out how to efficiently incorporate AIOps into existing systems and realize its full value is daunting for many enterprises.
“We’re reaching a tipping point where the chaos and complexity in modern IT operations has become too much to manage without AI and automation,” said Thomas Wyatt, chief marketing and strategy officer, AppDynamics. “An ecosystem of technology partners collaborating with an AIOps mindset is a must for enterprises adopting a more automated approach. The Integration Partner Program brings AppDynamics together with industry leading technology providers to help businesses create systems of intelligence that power amazing experiences for their users."
Every vendor in the Integration Partner Program has been carefully assessed to ensure integrations answer enterprises’ most critical needs. The methodology for partner selection is based on AppDynamics and Cisco’s Central Nervous System for IT, which empowers IT professionals in their AIOps journey by providing broad visibility into complex environments, real-time insights and the ability to automatically trigger targeted actions. Partners in this new program have strategically integrated with AppDynamics in support of this AIOps-focused vision. Founding members include Apica, Atlassian Opsgenie, BigPanda, Evolven, Harness, Moogsoft, PagerDuty, Turbonomic, Virtual Instruments and xMatters.
“Jobvite is a leader in talent acquisition innovation, helping companies engage candidates with meaningful experiences at the right time,” said Ron Teeter, chief architect, Jobvite. “Because we leverage automation and intelligence to increase the speed, quality and cost-effectiveness of talent acquisition, the Jobvite platform is essential to our clients. By leveraging AppDynamics and Harness, we’re able to optimize the performance and availability of our services and deliver meaningful outcomes to our customers every day.”
Members of the Integration Partner Program gain access to a collaborative support network during the development cycle to ensure high quality integrations are built and positioned as integral to AppDynamics and Cisco’s Central Nervous System vision. If you’re interested in joining the program, please apply here.
*MarketsandMarkets, AIOps Platform Market by Component, Service (Implementation, Consulting, and Managed Services), Application (Real-time Analytics, Infrastructure Management, and Application Performance Management), Vertical, and Region - Global Forecast to 2023
Additional Information
https://newsroom.cisco.com/press-release-content?type=webcontent&articleId=1991536

(ISC)² Study Reveals a Third of Businesses are Boosting Diversity in IT/ICT and Cybersecurity to Attract and Retain Top Staff

Press release 04 june 2019

Study uncovers that 74% of businesses took action on diversity in the last 2-5 years in an effort to create a more appealing and inclusive workplace across age, gender and ethnicity

Infosecurity Europe – London, UK, June 4, 2019 – (ISC)² – the world’s largest nonprofit association of certified cybersecurity professionals – today released headline findings from its forthcoming study into workplace and hiring diversity in IT/ICT and cybersecurity roles. The independent blind study of employees in 1,000 organizations in the U.K. and 250 in the Netherlands reveals that workplace diversity in IT and security has become a key operational concern, as organizations broaden their efforts to encourage diversity and inclusivity amid the impact of the sector’s skills shortage on IT and cybersecurity recruitment and staff retention.

Talent acquisition and retention is the leading operational reason that companies have been ramping up their diversity initiatives, according to (32%) of respondents. Meanwhile, nearly one in three (29%) added that diversity is important to their organization because the workforce should represent the demographics in society.

The study, which looked at the diversity of age, gender, ethnicity and origin, revealed that nearly three quarters of organizations surveyed (74%) instituted a stated diversity value or program in the last 2-5 years. On top of this, a further 16% have followed suit in the last 12 months.

“Workplace diversity encompasses multiple factors including gender, ethnicity, age, origin and much more. While it is important to spotlight changes and improvements in individual areas such as gender diversity, the wider diversity make-up of the IT department, cybersecurity teams and the organization as a whole can speak volumes about the realities of inclusiveness, forward-thinking and openness to new ideas and approaches in the workplace,” said Deshini Newman, Managing Director EMEA at (ISC)².

“The cybersecurity challenge of combating threats with the right people and the right skills is a relentless one. It is just one reason why organizations must maximize their ability to entice and keep talented and qualified individuals from all corners of society. Bringing new ideas, experience, alternative thinking and approaches to the table, as part of a broad selection of skills, experience and backgrounds can inspire, motivate and help organizations to find innovative solutions to today’s IT and security concerns.”

Diversity Being Driven by HR, Not the Board
Overall, 40% of survey respondents stated that the HR department is the primary driver of diversity and inclusivity efforts, including measuring employee diversity goals. This compares to just under one quarter (23%) who said it was the senior management team and just 10% that said it was the C-suite driving diversity initiatives.

Amid the demand for skilled and qualified cybersecurity personnel, the study confirmed that efforts to improve the hiring prospects for these roles are helping overall efforts to recruit While diversity in hiring is prevalent across the organizations surveyed, IT and cybersecurity constitute a major part of the overall diversity hiring push.

Nearly two-thirds (60%) of respondents said that up to 20% of the current vacancies in their organizations are IT and/or cybersecurity-based. A further quarter (26%) said these roles constituted between 21-50% of their workforce.

Hiring Cyber Roles
Over three quarters (77%) of respondents said that cybersecurity roles were recruited for in their organizations in the last 12 months. The number of roles filled ranged from 1 to 31 across the responses, although nearly 55% of the respondents said that up to 10 cybersecurity personnel were hired by their organization over the last 12 months. Meanwhile, 18% said that between 11 and 30 roles were hired in the last year.

Over a third of respondents (37%) say just 6-20% of their IT department employees are aged 18-21, while an additional third (35%) say none of their IT department employees are aged 18-21. This indicates a struggle to bring enough new talent into the department that can learn from their experienced peers. This is critical when considering that the IT department has an age diversity profile weighted towards older employees. One quarter (24%) said that up to half the IT department staff in their organization were aged 31-40, with 20% of respondents suggesting that up to 35% were aged 41-50.

(ISC)2 will release its full IT and Cybersecurity Diversity whitepaper in July. For more research on the Cybersecurity workforce, please visit www.isc2.org/research.

About the Report Methodology
(ISC)2 commissioned Opinion Matters to conduct an independent blind study of employees in 1,000 organizations in the U.K. and 250 in the Netherlands. The study gathered insights from those responsible for hiring IT roles in organizations employing 500+ people. The sample was not exclusively focused on those in dedicated HR roles, but widened to include others outside of the HR department that would routinely have a hand in the hiring process for IT professionals. Respondents included IT department heads, team leads, IT directors, CIOs and CISOs. The aspect of diversity explored focused on factors such as gender, ethnicity, age and country of origin, as well as how organizations operationalize their hiring methods.

About (ISC)²
Celebrating its 30th anniversary this year, (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our membership, more than 140,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education™. For more information on (ISC)², visit www.isc2.org, follow us on Twitter or connect with us on Facebook and LinkedIn

https://www.isc2.org/News-and-Events/Press-Room/Posts/2019/06/04/ISC2-Study-Reveals-a-Third-of-Businesses-are-Boosting-Diversity


sabato 8 giugno 2019

I router CISCO sono a rischio ?

Qualche giorno fa, su Wired, è stato pubblicato un articolo dal titolo inquietante: "A Cisco router bug has massive global implication".
Secondo quanto riportato alcuni ricercatori di sicurezza hanno scoperto delle vulnerabilità gravi in diversi modelli di router Cisco, il problema sembra essere relativo al controllo che i router effettuano per verificare la bontà degli aggiornamenti che ricevono dalla casa madre. In particolare diversi modelli di router Cisco della serie 1001-X sembrano essere affetti dalla vulnerabilità scoperta. La Cisco, da parte sua, ha annunciato che sta lavorando alla soluzione del problema.
I ricercatori della Red Balloon Security hanno sfruttato due vulnerabilità dei router:
- un bug del Cisco IOS (il sistema operativo dei router Cisco), vulnerabilità che consente a persone non autorizzate l'accesso al router a livello root (massimo livello di accesso) e la possibilità di modificare qualunque parametro (in particolare le rotte);
- la seconda vulnerabilità consente, una volta ottenuto l'accesso di root, di bypassare il sistema di sicurezza fondamentale dei router, il cosiddetto "Trust Anchor", implementato praticamente in tutti i router Cisco a partire dal 2013.
Nell'articolo di Wired si allude alla possibilità che, con delle modifiche più o meno attagliate ai router delle diverse famiglie, si possano hackerare potenzialmente centinaia di milioni di router sparsi nel mondo, router di società come di organizzazioni pubbliche civili e militari.
Il CEO e fondatore della Red Balloon Security, Ang Cui, ha affermato che la sua società ha mostrato che è possibile disabilitare in modo permanente il Trust Anchor e quindi modificare in modo arbitrario i dati dei router Cisco facendo si che il sistema continui a segnalare di funzionare correttamente.

C'è da dire che Ang Cui non è nuovo a queste scoperte, già anni addietro aveva dimostrato che era possibile hackerare i telefono digitali di Cisco. Cisco rispose con una patch che Ang Cui dimostrò essere inefficace. Con un altro lavoro di ricerca dimostrò che era possibile hackerare le stampanti di rete HP.
Ang Cui ha affermato di aver ricevuto finanziamenti da varie organizzazioni US (tra cui la DARPA) per il suo lavori di ricerca ed è da anni alla guida della sua società che tra l'altro ha prodotto un sistema capace di mettere in sicurezza, teoricamente, qualunque sistema IoT (Internet of Things) che si chiama Symbiote Defence System.
Per chiudere con qualcosa di utile, agli amministratori di rete e sistema raccomandiamo l'applicazione delle patch indicate da Cisco. Come abbiamo fatto altre volte invitiamo tutti a studiare attentamente la propria rete, convinti che la conoscenza di ciò che si amministra sia alla base della sicurezza, e ad applicare le patch.
Agli amministratori Delegati e ai consigli di amministrazione diamo invece un suggerimento al loro livello, invitandoli a fare ogni sforzo possibile per invogliare il proprio personale a sposare la cultura della sicurezza e ad investire il giusto per gestire il rischio legato alla sempre maggiore pervasività della tecnologia.
Una cosa è certa, ogni giorno che passa rende sempre più chiaro che il mondo a cui ci siamo affidati non è quello che pensavamo. Sempre più "complesso" e tutt'altro che sicuro fa pensare ad un vecchio film statunitense del 1999, Matrix, in cui era possibile entrare ed uscire dalla rete a causa dei bachi di programmazione. Un mondo nel quale, per assurdo, all'agente Smith era possibile prendere il posto di una persona attraverso una qualche "magia digitale". 
Bene, quel mondo fantastico è ora intorno a noi...  

Alessandro RUGOLO

Per approfondire:
- https://www.wired.com/story/cisco-router-bug-secure-boot-trust-anchor/;
- https://www.bbc.com/news/technology-48269600?intlink_from_url=https://www.bbc.com/news/topics/cz4pr2gd85qt/cyber-security&link_location=live-reporting-story
- https://www.redballoonsecurity.com/;
- https://www.enterpriseai.news/2015/09/22/from-hacker-to-iot-security-hero-red-balloon-floats-new-solution/;
- https://www.extremetech.com/computing/145371-your-worst-office-nightmare-hack-makes-cisco-phone-spy-on-you;
- https://arstechnica.com/information-technology/2011/11/hp-printers-can-be-remotely-controlled-and-set-on-fire-researchers-claim/;
- https://www.cyberscoop.com/cisco-router-vulnerabilities-future-prevent-software-updates/;
- https://www.cisco.com/c/en/us/products/collateral/security/cloud-access-security/secure-boot-trust.html


martedì 4 giugno 2019

Rapid7 Achieves AWS Security Competency Status

Press release

Company’s vulnerability management solution helps organizations manage security risk in both hybrid and cloud environments 

Boston, MA — May 7, 2019
Rapid7, Inc. (NASDAQ: RPD), a leading provider of security analytics and automation, today announced that it has achieved Amazon Web Services (AWS) Security Competency status for its flagship vulnerability management solution, InsightVM. This designation recognizes that Rapid7 has demonstrated proven technology and deep expertise that helps customers achieve their cloud security goals.
Achieving the AWS Security Competency differentiates Rapid7 as an AWS Partner Network (APN) member that offers specialized software designed to help organizations adopt, develop and deploy complex security projects on AWS. To receive the designation, APN partners must possess deep AWS expertise and deliver solutions seamlessly on AWS.
Cloud adoption presents numerous benefits, including speed of development and cost savings. However, it also requires organizations to transform their business and assess how to advance to the cloud securely. Rapid7’s flagship vulnerability management product, InsightVM, is designed to address this by providing visibility, security analytics, orchestration, and automation to help organizations prioritize and remediate where there is the greatest risk across their hybrid and cloud environments.
“It’s no longer if, but when, organizations move all or parts of their business to the cloud,” said Lee Weiner, Chief Product Officer at Rapid7. “With that, organizations must change the way they approach security, ensuring their vulnerability management programs evolve as well. To address this, we are leveraging the power of AWS and Rapid7's vulnerability management capabilities to provide visibility across modern networks, prioritize risk using attacker analytics and contain and mitigate threats.”
AWS is enabling scalable, flexible and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify consulting and technology APN Partners with deep industry experience and expertise.
For more information about Rapid7’s InsightVM solution, visit: https://www.rapid7.com/products/insightvm/

sabato 1 giugno 2019

259 milioni di dollari a Tapestry Solution (Boeing) per il Weapons Planning Suite

Tapestry Solution, una società del gruppo Boeing, si è vista aggiudicare dal DoD americano un contratto decennale per lo sviluppo, l'evoluzione e il supporto del software della US Air Force "Weapons Planning Suite" (WPS). Il WPS è un componente del più complesso "Joint Mission Planning Software" (JMPS).
La società aggiudicataria dovrà impegnarsi per i prossimi 10 anni in tutto per tutto ciò che concerne il software (design, sviluppo, architettura, migrazione, integrazione, miglioramenti, upgrade, test e documentazione) utilizzando una metodologia flessibile (tipo Agile sprint/release process).
L'assegnazione del contratto è avvenuta attraverso una competizione aperta alle società americane, mentre la partecipazione alle società straniere era esplicitamente proibita.

Ma a cosa serve il WPS ?
Il WPS consente la pianificazione collaborativa di missioni e la condivisione di dati capacitivi tra servizi militari, con particolare riguardo al munizionamento guidato di precisione impiegato dai velivoli militari A-10, B-1, B-52, F-15E, F-16, F-22, F/A-18 ed F-35.

Alcune brevi considerazioni:
- interessante notare che la partecipazione alla gara era esplicitamente proibita alle società straniere. Niente di strano se si considera la necessità da parte del governo americano, di avere il massimo controllo possibile sia sulla società aggiudicataria sia sul personale che vi lavora. Lo sviluppo di un software di pianificazione militare necessita infatti la profonda conoscenza delle procedure operative ma anche la conoscenza dei sistemi delle piattaforme con cui deve interagire, parliamo dunque di sistemi certamente classificati. In un secondo tempo è stata concessa la possibilità di partecipare alla gara anche alle società iscritte al "Joint Certification Program" mentre le società americane della categoria FOCI (Foreign Ownership, Control or Influence) non potevano partecipare. Ciò non toglie che tale procedura sia anche indice del protezionismo americano. Mi viene da pensare alla regola di reciprocità normalmente impiegata nel mondo diplomatico ed economico...
- il contratto prevede la fornitura di tutte le attività legate al software. Tale procedura è l'unica possibile in un ambiente operativo in cui una qualunque incomprensione può causare ritardi inaccettabili. Allo stesso modo la metodologia scelta è quella "agile", considerata la più veloce per lo sviluppo del software e la correzione continua.

Alessandro Rugolo


- https://defence-point.com/2019/05/29/u-s-air-force-selects-boeing-to-provide-weapon-planning-software/;
- https://www.defenseworld.net/news/24851/USAF_Awards_Boeing__259M_Contract_for_Weapon_Planning_Software#.XPLDvvZuKas;
- https://www.govcb.com/government-bids/WEAPON-PLANNING-SOFTWARE-WPS-NBD00159557221405876.htm;
- https://www.avatarpartners.com/solutions/software-development;
- https://www.epicos.com/tender/FA8681-18-R-0006;
- https://www.dla.mil/HQ/LogisticsOperations/Services/JCP/DD2345Instructions/;




U.S. Air Force Selects Boeing to Provide Weapon Planning Software

Press release

WPS contract, awarded under competitive acquisition, is potentially valued at $259 million over a 10-year period

SAN DIEGO, May 28, 2019— Boeing [NYSE: BA], through its subsidiary Tapestry Solutions, received a 10-year contract from the U.S. Air Force to provide Weapon Planning Software (WPS) for numerous aircraft and weapons platforms used by U.S. military and allied forces. The mission planning software is designed to help military customers plan every detail of a mission, including routes, threats and points for weapons launches.

The award, potentially valued at $259 million, includes the development, enhancement and support of the WPS suite – a core component of the Joint Mission Planning System (JMPS) architecture, which enables collaborative mission planning and data sharing capabilities between military services. The WPS suite supports JMPS requirements related to precision-guided munition planning for A-10, B-1, B-2, B-52, F-15E, F-16, F-22, F/A-18 and F-35 operational units worldwide.

“We are looking forward on building on our partnership with the U.S. Air Force as we help to fulfill their mission planning needs with the WPS suite,” said Debbie Churchill, vice president, Mission Products and Services, Tapestry Solutions. “It will ensure our customers have the critical data they need to get from mission plan to execution more efficiently with the use of faster, more powerful and intuitive weapons planning capabilities.”

Tapestry, which is part of Boeing’s services business, brings decades of experience developing mission planning software solutions for military aircraft including the F-15, F/A-18, F-22 and T-38, as well as weapons systems software for the Tomahawk missile and Boeing’s Joint Direct Attack Munition (JDAM) program.

Boeing is the world’s largest aerospace company and leading provider of commercial airplanes, defense, space and security systems, and global services. As the top U.S. exporter, the company supports commercial and government customers in more than 150 countries. Boeing employs more than 150,000 people worldwide and leverages the talents of a global supplier base. Building on a legacy of aerospace leadership, Boeing continues to lead in technology and innovation, deliver for its customers and invest in its people and future growth.