James Maguire, Author at eWEEK https://www.eweek.com/author/jmaguire/ Technology News, Tech Product Reviews, Research and Enterprise Analysis Thu, 20 Jun 2024 15:18:53 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.3 AWS’s Ankur Mehrotra on Building Generative AI Models https://www.eweek.com/artificial-intelligence/aws-building-generative-ai-models/ Thu, 20 Jun 2024 15:18:52 +0000 https://www.eweek.com/?p=225782 Ankur Mehrotra, GM of SageMaker at AWS, discussed key trends in generative AI, and offered advice on how companies can build better gen AI models.

The post AWS’s Ankur Mehrotra on Building Generative AI Models appeared first on eWEEK.

]]>
As companies dive headlong into AI model building, they’re spending massive amounts of money on a very new, very complex technology that—at least so far—presents as many questions as it answers. Trying to find the right model among the many currently available can be challenging.

“What we’re seeing is that no one model is sufficient to solve or address all use cases,” said Ankur Mehrotra, GM of SageMaker at AWS. “Customers are finding that one model may be better at building a particular kind of user experiences—let’s say a chat-based application—while another generative AI model may be better at assisting with coding or software development.” 

As the executive in charge of a platform that many companies use to build their generative AI models, Mehrotra understands the AI sector as well as anyone. Watch my extended interview with him to hear his thoughts about how companies are strategizing to build better AI models, along with a range of other AI-related topics.

Watch the full interview or jump to select interview highlights below.

AI Models Require Major Compute and Major Support

The long list of companies that have used AWS SageMaker to train and deploy their generative AI models includes AI pioneers like Perplexity AI, Hugging Face, and AI21 Labs. These companies come to AWS (and other top cloud companies) because they need massive compute power to train their AI models. On the AWS platform, an AI model training task gets distributed across a large number of compute instances, which are powered by Nvidia GPUs or AWS’s own silicon, Tranium.

As the model building process has evolved, more professionals are now required to create advanced models. “A few years ago, AI was mostly a data scientist activity, but over the years the number of personas involved in building AI-based solutions has really increased,” Mehrotra said. “We now have machine learning engineers get involved; they became responsible for taking these models and deploying them into production. And then other business stakeholders get involved to help convert a business problem into an ML problem, and then data engineers get involved to help prepare the data.”

This evolution has prompted SageMaker to continually evolve its toolset. “We’re really focused on ‘working backwards’ from our customers – understanding the need and building the right tool for the right job and the right persona.”

Shifting From Models to Model Systems

There’s a major trend developing in the world of artificial intelligence model building: even as many generative AI models are getting larger and more powerful, there are also plenty of smaller, highly focused models being created. Companies are thinking less about a one-size-fits-all model and more about niche business scenarios.

“When I talk to customers, what I hear is that they now foresee having to use multiple models,” Mehrotra said. “Some may be task-specific and others are more generalized, working together to achieve their goals. And the ability to do that quickly and safely and securely is very important to them.”

In essence, the development of AI models is turning into the process of building AI model systems.

“For example, one of our customers is deploying a set of different models where one model is responsible for redacting PII from text, then another model is taking that text and summarizing it,” he said. “So we are going to see that customers will think of these systems as model systems and use a combination of different models that are deployed together. We are also seeing trends where customers want the data to be co-located with these models [to help] create these model systems they’re using in production.”

(These comments have been edited for length and clarity.)

For more information about generative AI providers, read our in-depth guide: Generative AI Companies: Top 20 Leaders

The post AWS’s Ankur Mehrotra on Building Generative AI Models appeared first on eWEEK.

]]>
eWEEK TweetChat, June 18th: Mid-Year Forecasts for Tech’s Future https://www.eweek.com/artificial-intelligence/eweek-tweetchat-mid-year-predictions-on-techs-future/ Fri, 07 Jun 2024 21:59:48 +0000 https://www.eweek.com/?p=225321 On Tuesday, June 18th at 11 AM PST, eWeek will host its monthly TweetChat. The focus will be a mid-year look to the future of tech, and it will be moderated by James Maguire, eWEEK’s Senior Editor. In this TweetChat, held on the X platform, experts will share their insight on where today’s emerging technology […]

The post eWEEK TweetChat, June 18th: Mid-Year Forecasts for Tech’s Future appeared first on eWEEK.

]]>
On Tuesday, June 18th at 11 AM PST, eWeek will host its monthly TweetChat. The focus will be a mid-year look to the future of tech, and it will be moderated by James Maguire, eWEEK’s Senior Editor.

In this TweetChat, held on the X platform, experts will share their insight on where today’s emerging technology is heading. We’ll talk about AI and generative AI, of course, and we’ll also look at the other major technologies that are reshaping business, from cloud computing to data analytics to cybersecurity.

Our goal is to provide businesses with advice and guidance on how to best navigate today’s constantly shifting tech landscape.

See below for the resources you need to participate in the eWeek TweetChat.

Expert Panelists

The list of experts for this month’s TweetChat currently includes the following – please check back for additional expert guests:

TweetChat Questions: Mid-Year Tech Predictions

The questions we’ll tweet about will include the following:

  1. First, be honest: what tech development has most surprised you so far this year? From cloud to AI to data, what’s a development you weren’t expecting?
  2. Because it’s 2024, let’s talk AI. What do you see in the future of generative AI over the next 6-12 months?
  3. Cloud doesn’t get as many headlines, but it’s bigger than ever. What about the future of cloud over the next year or so?
  4. Cybersecurity has only grown in importance. Your view on the near term evolution of security?
  5. What’s a major worry you have about tech, and/or a challenge that deserves more attention?
  6. Winner and losers over the next year or so in the tech sector? Not companies, but technologies, trends, industry efforts?
  7. How about the fortunes of the average tech professional? How does the next 6-12 months look for the careers of tech pros?
  8. What advice would you give to companies struggling to keep pace with today’s rapid tech changes?
  9. What’s one last key point that executives and managers need to know about the near term future of technology?

How to Participate in the TweetChat

The chat begins promptly at 11 AM PT on June 18th. To participate:

  1. Open Twitter in your browser. You’ll use this browser to Tweet your replies to the moderator’s questions.

2. Open Twitter in a second browser. On the menu to the left, click on Explore. In the search box at the top, type in #eweekchat. This will open a column that displays all the questions and all the panelists’ replies.

Remember: you must manually include the hashtag #eweekchat for your replies to be seen by that day’s TweetChat panel of experts.

That’s it — you’re ready to go. Be ready at 11 AM PST to participate in the TweetChat.

NOTE: There is sometimes a few seconds of delay between when you tweet and when your tweet shows up in the #eweekchat column.

TweetChat Tentative Schedule for 2024*

January 16: Governing Generative AI
February 13: Data Analytics Best Practices
March 12: How Tech Pros Get the Most From AI
April 16: Managing Multicloud Computing
May 14: Optimizing Generative AI
June 18: Mid-Year Look Ahead: Future of Tech

*all topics subject to change

The post eWEEK TweetChat, June 18th: Mid-Year Forecasts for Tech’s Future appeared first on eWEEK.

]]>
MicroStrategy CEO Phong Le on Generative AI and Business Intelligence https://www.eweek.com/news/microstrategy-generative-ai-and-business-intelligence/ Tue, 04 Jun 2024 23:05:18 +0000 https://www.eweek.com/?p=225175 I spoke with Phong Le, CEO at MicroStrategy, about how the new combination of generative AI and business intelligence can produce a powerful new solution. Certainly some industry observers see these two technologies as an unusual marriage. Business intelligence has a long legacy as a steady platform to rely on for critical data analysis. Major […]

The post MicroStrategy CEO Phong Le on Generative AI and Business Intelligence appeared first on eWEEK.

]]>
I spoke with Phong Le, CEO at MicroStrategy, about how the new combination of generative AI and business intelligence can produce a powerful new solution.

Certainly some industry observers see these two technologies as an unusual marriage. Business intelligence has a long legacy as a steady platform to rely on for critical data analysis. Major financial decisions are made based on the insights derived from BI applications.

By comparison, generative AI is brand new emerging technology. It offers vast potential – creative output based on mere text prompts – yet sometimes slips into hallucinations. Is this new player a good fit for the starchy world of business intelligence?

Indeed, Phong Le said, the combination of generative AI and BI is nascent. In contrast, “MicroStrategy has been doing business intelligence for over 30 years. We invented the sector as you know it, and there haven’t been that many major innovations in the space in the last 10 years.

“Generative AI has, in my opinion, breathed new life into the BI space and redefined what’s important.” Generative AI’s ability to answer in natural language is useful in both consumer and business contexts, he said. “When you get into the core of what businesses need, they need the answers to numerical data.”

“What I want to know when I ask a question to anyone, an analyst or eventually a gen AI bot…I don’t want a predictive answer – I want the answer. And that’s what gen AI plus BI starts to do – and it solves a problem that isn’t solved today.”

Watch the full interview or jump to select interview highlights below.

Interview Highlights: Phong Le on How Generative AI Improves Business Intelligence

These interview highlights have been edited for length and clarity. 

Adding generative AI is “the biggest change, the biggest additive change to business intelligence that we’ve seen in decades. And look, gen AI has done that for every sector of software, but BI especially. So I am really excited about what the future portends.”

Over the past decade or so, companies have worked to distribute access to BI insights out to the “edge” workers in the corporation, the retail managers, the sales people on the go.

“That came in the form of dashboards and applications,” Le said. “And what people have found is the further you go away from the corporate core, the less likely people are to be comfortable consuming that information in a traditional dashboard or a grid report.”

In other words, a finance person in corporate is comfortable using a BI program, while a retail store manager typically isn’t.

“The store manager is going to use instinct rather than consume the data in a grid report. So what we tried to do over the last three years is [figure out]: how do we get the edge workers to use BI more and more?

“They’re not really reading their emails. So let’s give it to them in the web where they can self-serve. Well, they don’t really go to the web, so let’s give it to them in a mobile device. Now we’re moving somewhere.

“What gen AI does, for the retail store worker, rather than all of these consumption paradigms that they don’t use now, it just lets them ask a question. Natural language: what’s my inventory at this particular point?

“So the employee at the front line can now use BI and data to make decisions. And I think gen AI solves that last mile problem.”

To see a list of the leading generative AI apps, read our guide: Top 20 Generative AI Tools and Apps

The post MicroStrategy CEO Phong Le on Generative AI and Business Intelligence appeared first on eWEEK.

]]>
Sectigo CEO Kevin Weiss on Certificate Lifecycle Management https://www.eweek.com/news/sectigo-certificate-lifestyle-management/ Fri, 31 May 2024 20:04:02 +0000 https://www.eweek.com/?p=224945 I spoke with Kevin Weiss, CEO of Sectigo about the major trends driving today’s certificate lifecycle management (CLM) market, including the pressing need for certificate automation as these digital assets proliferate. Sectigo issues certificates that enable customers to encrypt traffic between websites and users, among other purposes. “So we not only issued 255 million certificates […]

The post Sectigo CEO Kevin Weiss on Certificate Lifecycle Management appeared first on eWEEK.

]]>
I spoke with Kevin Weiss, CEO of Sectigo about the major trends driving today’s certificate lifecycle management (CLM) market, including the pressing need for certificate automation as these digital assets proliferate.

Sectigo issues certificates that enable customers to encrypt traffic between websites and users, among other purposes. “So we not only issued 255 million certificates last year, we moved into the certificate lifecycle management space where we help people automate certificates,” Weiss said.

The company’s automation service includes managing SSL certificates issued by both Sectigo and other certificate vendors, on both the public and private side of the market, ranging from web sites to servers to enterprise workloads.

“When you think about all the servers and hardware that are out there, there are probably 10 times as many machines as there are people. And then when you think about workloads, it’s infinitely greater than the number of machines. So the proliferation of certificates and the need to encrypt traffic and transactions – inside the firewall and outside the firewall into servers – has gone up exponentially over the last five to ten years. It’s really exploded.”

Watch the full interview or jump to select interview highlights below.

Interview Highlights: Kevin Weiss on Key Trends in CLM

This interview took place at the recent RSA Conference in San Francisco. The comments below have been edited for length and clarity. 

The Need for Automation

“The certificate lifecycle management business has been around for probably 10 years,” Weiss said. The problem is that as new certifications have proliferated, certificate management hasn’t kept up. Plenty of companies are still trying to manage their certs using Excel spreadsheets.

“Good old Excel still works very, very well,” he said. “But as you get more and more certificates and as people change jobs or somebody leaves the business, the ability to access the spreadsheet and know when a certificate is going to expire becomes a real challenge. We see this every day.

“If you look at last year, for example, Starlink went offline and it was offline for maybe three or four hours. And the next day Elon [Musk] tweeted that, ‘apologies, we had an expired certificate. We’ll do better.’

“So expired certificates can be very, very problematic for making your services available. Certificates are left out there in an environment and aren’t focused on. And if a bad actor gets a hold of it and begins to compromise your environment, that’s a problem. So the need to know where all of your certificates are in an environment, both on the public facing side and inside the firewall, is critical. And that’s what is really driving the need for this automation.”

Sectigo and SCM Pro  

“What I like to say is: perfection is the enemy of the good enough. And so what Sectigo is trying to do is tackle 80 to 90 percent of what most enterprises need and then help them fill in the gaps later on. For us, the real goal is to continue to make [service] available.

“We just announced a product recently for the small end of the market, which we call SCM Pro, and it’s a certificate lifecycle management solution for small businesses. And basically we automate the entire lifecycle of that certificate. Once you sign up for the service, we’ll manage it forever for you.”

The post Sectigo CEO Kevin Weiss on Certificate Lifecycle Management appeared first on eWEEK.

]]>
OpenText’s Paul Reid on Preventing Next Generation Cyberthreats https://www.eweek.com/news/opentext-preventing-next-generation-cyberthreats/ Fri, 31 May 2024 15:35:31 +0000 https://www.eweek.com/?p=224941 I spoke with Paul Reid, Global Head of Threat Intelligence at OpenText, about strategies for thwarting cyberattacks that are highly coordinated and use sophisticated technologies. The problem with today’s rapid tech innovation, of course, is that hackers also benefit from the advances. “As we’ve seen companies move to the cloud, leverage supply chains more, and […]

The post OpenText’s Paul Reid on Preventing Next Generation Cyberthreats appeared first on eWEEK.

]]>
I spoke with Paul Reid, Global Head of Threat Intelligence at OpenText, about strategies for thwarting cyberattacks that are highly coordinated and use sophisticated technologies.

The problem with today’s rapid tech innovation, of course, is that hackers also benefit from the advances. “As we’ve seen companies move to the cloud, leverage supply chains more, and look at federated identity, the threat actors have paid attention to that,” Reid said.

These threat actors “are really thinking about it more holistically: how can we focus on you and the type of business you do, the type of things you use in your business?

“For example, if I can compromise your supply chain, then I can indirectly influence your ability to do business or conduct operations. The type of threats they’re using are very different than what we saw before. They’re a lot more coordinated. They’re spending more time doing reconnaissance. They’re spending more time doing open source intelligence on you to understand [what solution] you’re using.”

Watch the full interview or jump to select interview highlights below.

Interview Highlights: Paul Reid on Navigating Today’s Cyberthreats

This interview took place at the recent RSA Conference in San Francisco. The comments below have been edited for length and clarity. 

Improve Cybersecurity by Understanding Global Signals

“One of the things we’ve done a great job on, especially most recently, is we always recognize the importance of the endpoint, the laptops, the desktops, the servers, because that’s where the attackers want to get to.

“What we’re seeing now in these next generation threats is that we need to start looking at global adversary signals. So we’re looking at the concept of adversary signal threat intelligence a little bit differently than traditional threat intelligence. Traditional threat intelligence says here’s what the adversaries are doing, here’s the type of TIPs (threat intelligence platform) they’re using, here’s where they’re operating, here’s the verticals they’re focusing on.

In contrast, with the OpenText solutions, “we tell you what’s happening to you now. So you don’t have to guess, am I being attacked by this adversary or a different one? We’re saying: this is the adversary that is attacking you today.

“So when we do that, we give you additional visibility. The big thing is that we want to look beyond our borders, right? So again, EDR does a great job at looking inside. Now we’ve got to look out, and so what we’re asking companies to do is work with us to define what we call a covered space, a protected area of their company that encompasses not just their main corporate, but also things like, do we have content in a content delivery network? Do we have content in a hyperscaler? That’s where the attackers are looking to attack you.

“Now they’re going after all your presences, just not your corporate presences. So with our new product, cyDNA, we define a covered space that encompasses all that. So we can see the incoming and outgoing adversary signals. You have a good idea of what’s taking place.”

The Future of Cybersecurity

It’s likely that cybersecurity will remain challenging into the future, Reid said. “I think that as long as we have adversaries and the adversaries want to harm us, we’re never going to get to that perfect point.”

However, “I think we can make it a lot harder for our adversaries by doing some fundamental things, right? Patch, separation of duty, credential management, all the fundamental things we’ve talked about, encryption at rest, encryption in motion, things like that.

“But also, get yourself the visibility you need to see those threats coming. Use things like adversary signal analysis to understand what your adversaries are doing. It’s still important to have your threat intelligence. You absolutely need that, but you also need to know exactly what’s happening to you. The more visibility you provide yourself, the better chance you have of being protected.”

The post OpenText’s Paul Reid on Preventing Next Generation Cyberthreats appeared first on eWEEK.

]]>
Intel 471’s Brandon Hoffman on Operationalizing Threat Intelligence https://www.eweek.com/news/intel-471-operationalizing-threat-intelligence/ Thu, 30 May 2024 22:57:37 +0000 https://www.eweek.com/?p=224864 I spoke with Brandon Hoffman, Chief Strategy Officer at Intel 471, about the challenges and advantages of operationalizing threat intelligence. A core focus for Intel 471 is providing threat intelligence. “We’re specifically focused on closed sourced, or what some people call ‘dark web threat intelligence,’ which means it’s not so easy to get,” Hoffman said. […]

The post Intel 471’s Brandon Hoffman on Operationalizing Threat Intelligence appeared first on eWEEK.

]]>
I spoke with Brandon Hoffman, Chief Strategy Officer at Intel 471, about the challenges and advantages of operationalizing threat intelligence.

A core focus for Intel 471 is providing threat intelligence. “We’re specifically focused on closed sourced, or what some people call ‘dark web threat intelligence,’ which means it’s not so easy to get,” Hoffman said. “We have researchers all around the world who collect information and we process that information into a usable format. We share that with our customers through our platforms.”

Watch the full interview or jump to select interview highlights below.

Interview Highlights: Brandon Hoffman on Operationalizing Threat Intelligence

This interview took place at the recent RSA Conference in San Francisco. The comments below have been edited for length and clarity. 

The Various Flavors of Threat Intelligence

Traditionally, the challenge of threat intelligence is that it comes in a couple of different flavors, Hoffman explained. “There’s malware-related threat intelligence, like indicators. Those are somewhat easier for customers to operationalize because it’s a technical component that you can put in another technical system.

“But real adversary-focused threat intelligence, which is one of the things that we specialize in, is difficult because it generally comes in a report format. So customers need a group of analysts or threat intelligence experts on their side, on their bench, so to speak, working inside the company who know how to dissect that information, process it, and use it and apply it to the problems inside the company itself,” he said. “As opposed to something like a technical indicator, which you could put into a SIEM or a SOAR or a firewall, and it would just do what it needs to do. So that becomes the challenge.

“There’s a lot of rich data available inside of threat intelligence and unlocking the power of it into an operational system is where we’re focused because that’s one of the biggest challenges we see today in the market.”

Selecting a Threat Intelligence Solution

The first hurdle for customers in selecting a threat intelligence platform is selecting what type of solution is best for them, Hoffman said.

“It depends on the problems the customers are facing. So we have things like open source intelligence, we have vulnerability intelligence, there’s malware intelligence, there’s adversary intelligence.

“Depending on the problem that the company is trying to solve and how integrated security operations and threat intelligence itself is into the business fabric, that will help you decide what you need.

“Now on the operational system side, you have things like TIPs, you have SIEMs, you have SOARs, you have EDR. There are a variety of different operational systems. These are the systems that customers run in their network or on their systems that help them enforce security controls.

“So the type of intelligence you have, the problem you’re trying to solve, will tell you what systems you want to apply the problem to.”

The Titan Offering

“Our classic offering is a product we call Titan,” Hoffman said. “That’s a threat intelligence portal where customers can go and set their requirements, what they’re looking for, the things that are important to them. Like, we’re looking for this type of threat actor, or we’re concerned about this type of attack. What information do you have inside of that portal?

“There are a variety of different ways that the information is delivered. Some of it’s just raw information that somebody could consume and use on their side. Some of it’s finished reporting that might go to the executive level. Some of it’s very technical that people will consume through a programmatic interface, an API. That’s our classic offering – there are lots of different types of intelligence in there.”

The post Intel 471’s Brandon Hoffman on Operationalizing Threat Intelligence appeared first on eWEEK.

]]>
Ping Identity’s Patrick Harding on Preventing Identity Fraud https://www.eweek.com/news/ping-identitys-patrick-harding-on-preventing-identity-fraud/ Wed, 29 May 2024 22:56:14 +0000 https://www.eweek.com/?p=224887 I spoke with Patrick Harding, Chief Product Architect at Ping Identity, about how companies can prevent identity fraud in today’s AI-driven enterprise environment. As an identity and access management vendor, Ping Identity focuses on providing authentication, verification, and authorization technologies to enterprises for both their workforce and their customers. As Harding explained, the need for […]

The post Ping Identity’s Patrick Harding on Preventing Identity Fraud appeared first on eWEEK.

]]>
I spoke with Patrick Harding, Chief Product Architect at Ping Identity, about how companies can prevent identity fraud in today’s AI-driven enterprise environment.

As an identity and access management vendor, Ping Identity focuses on providing authentication, verification, and authorization technologies to enterprises for both their workforce and their customers.

As Harding explained, the need for these authentication and verification services has increased exponentially as artificial intelligence has allowed attackers a far greater sophistication.

“Traditionally, scams might have involved phone calls or emails to make you believe something,” he said. “Deepfakes and generative AI have made those scams even harder to detect and easier to implement.

“Now, rather than getting an email, you might get a phone call or a voicemail with a deepfake voice that you recognize, or you might see a video with a deepfake face that you recognize. Or even phishing emails that are now so targeted and written in the flavor of the person being imitated.” Stopping these attacks requires smart and thoughtful strategies that are fully current with today’s most advanced technologies.

Watch the full interview or jump to select interview highlights below.

Interview Highlights: Patrick Harding on Preventing Identity Fraud

This interview took place at the recent RSA Conference in San Francisco. The comments below have been edited for length and clarity. 

The Importance of Training  

Deep fake technology and other deceptive technologies enabled by AI are only going to get better, Harding said. “It’s going to become a cat and mouse game.”

“To deal with that, we’re going to have to do a lot to educate and train users to say, look, you are not going to recognize and understand these deepfakes. So you need to be aware of them.

“You now need to think, alright, if that message that I get, that voicemail that I get, is asking me to do something with a higher risk type of transaction – move money, reset a password, something like that – I need to verify and establish explicit trust that this is actually occurring and is necessary. So there’s a lot of education that’s going to have to occur, unfortunately.”

Biometrics and Private Keys: Decentralized Identity

There are already a number of techniques available to boost authentication, Harding said, pointing to technologies like one-time passwords and multifactor authentication.

“But those things tend to have sort of a friction. You’re not going to basically take a photo of your driver’s license every time you want to log in or every time you need to interact with a service.”

To enable users who need less friction, there’s an industry move toward decentralized identity, he explained.

“This is where my identity information is actually stored in my smartphone and can only be unlocked by me. It could be a local biometric, like a face ID type of thing. And that information is secured with a private key, like a cryptographic private key that is extremely difficult to reproduce. So no generative AI is going to reproduce that. And now my identity can be shared from my decentralized identity wallet on my smartphone with different services.

“So if I’m talking to you on the phone and I’m not sure it’s you, alright, I might ask you, Hey, ping me a notification through your wallet to prove that this is really you.

“We think that decentralized identity is really going to help deal with a number of these security issues we’re seeing right now. We’re eliminating the implicit trust that we’ve had on some of these channels where deepfakes are being used and replacing it with sort of an out-of-hand, explicit trust, essentially using decentralized identity to verify.”

The post Ping Identity’s Patrick Harding on Preventing Identity Fraud appeared first on eWEEK.

]]>
Forescout CEO Barry Mainz on Operational Technology and Cybersecurity https://www.eweek.com/security/forescout-operational-technology-cybersecurity/ Wed, 29 May 2024 20:28:09 +0000 https://www.eweek.com/?p=224810 I spoke with Barry Mainz, CEO of Forescout, about the key trends impacting security in operational technology (OT), which is the process of using hardware and software to monitor and control industrial equipment. OT primarily interacts with the physical world, in contrast with IT deployments that focus on the software stack. A core part of […]

The post Forescout CEO Barry Mainz on Operational Technology and Cybersecurity appeared first on eWEEK.

]]>
I spoke with Barry Mainz, CEO of Forescout, about the key trends impacting security in operational technology (OT), which is the process of using hardware and software to monitor and control industrial equipment. OT primarily interacts with the physical world, in contrast with IT deployments that focus on the software stack.

A core part of the OT process is, of course, cybersecurity. Mainz explained Forescout’s approach to OT security: “We provide the ability to take a look at what assets are on your network. We can classify them, tell you what they are, what version, and we help people assign risk to that.

“So based on the [network] behavior, is there a risk profile that you prefer and not prefer? We give companies the capabilities to detect and respond, and then we have control. If someone comes on the network and we don’t like what we see, we can block them.

“We do that for not only managed devices, but here’s what’s turning out to be really exciting: we also do that for unmanaged devices without an agent. So that could be OT devices or IoT devices.” This ability to managed a mixed set of devices enables a wider range of OT cybersecurity.

Watch the full interview or jump to select interview highlights below.

Interview Highlights: Forescout CEO Barry Mainz on Operational Technology and Cybersecurity

This interview took place at the recent RSA Conference in San Francisco. The comments below have been edited for length and clarity. 

IT and OT: Working Together

Traditionally, there’s been a separation between the OT staff and IT staff, and Mainz sees this shifting in a positive manner.

“I think there are organizational structure changes that we’re starting to see. Because in a typical organization you have the IT folks, they report up through CISO, and there is an OT division, which often reports up to the COO or something different.

“And we’re starting to see some structural changes based on: we’ve got to bring these [two groups] together a bit. Maybe not completely, but let’s put in some routines that we build upon. Let’s ask, how do we measure risk? How do we do things as a company? Hey, the government has come to us and said, ‘we’ve got to disclose,’ what does that mean?

“And so I think we’re starting to see a lot of the routines change on how [management] looks at the business. I’ve even see one company, I thought it was pretty clever: they’re moving people from IT, moving them into OT.”

This sense of a combined focus on operations offers great potential, Mainz said. Companies are asking, “How should we be thinking about the reporting? What tools and technologies should we use? And that seems to be working. There’s three or four companies I know that are starting to do that.”

The Challenges of OT Security

“About 10 months ago it started popping up that the embedded operating systems were showing that they were being exploited. And the embedded operating systems are the ones that are in the critical infrastructure in planes, trains, and automobiles, they’re more vulnerable – they’re very vulnerable.

“And they’re hard to fix. Let’s say you have a bunch of PLCs (programmable logic controllers) in a device that’s in a manufacturing plant. You could have 4,000 of those things. How do you update? They’re hard-coded in. So it makes it more complicated and a little more challenging to say, ‘What do we do?’”

The problem, Mainz explained, is that OT staff may not even know the exact location of these compromised devices because they’re built in to a larger structure. “It’s in an industrial robot, for example. That’s a headache,” Mainz said. “It’s like I’ve got to take the thing apart to go find it. So there are some challenges, physical challenges, and I do feel like we’ve got to get our arms around it – let’s put together some solutions. Let’s be smart about it. And the good news is, at Forescout, we have solutions that can help them today.”

The post Forescout CEO Barry Mainz on Operational Technology and Cybersecurity appeared first on eWEEK.

]]>
LevelBlue’s Theresa Lanowitz on New Trends in Cybersecurity https://www.eweek.com/security/levelblues-theresa-lanowitz-cybersecurity/ Fri, 24 May 2024 23:16:55 +0000 https://www.eweek.com/?p=224807 I spoke with Theresa Lanowitz, Chief Evangelist at LevelBlue, about a new report on cybersecurity trends, including statistics about DDoS attacks, changes to security budgets, and the role of generative AI. The report reveals that today’s companies value innovation regardless of the challenges it poses. “As we innovate more, as we start to bring on […]

The post LevelBlue’s Theresa Lanowitz on New Trends in Cybersecurity appeared first on eWEEK.

]]>
I spoke with Theresa Lanowitz, Chief Evangelist at LevelBlue, about a new report on cybersecurity trends, including statistics about DDoS attacks, changes to security budgets, and the role of generative AI.

The report reveals that today’s companies value innovation regardless of the challenges it poses. “As we innovate more, as we start to bring on more of this concept of dynamic computing, bringing in new technology such as IoT, edge computing, and 5G, that just increases the risk,” Lanowitz said. “And organizations are saying, yes, the risk is increasing. Innovation brings increased risk because it’s all new.”

Yet, she explained, even though companies aren’t sure about how to secure their infrastructure in the face of these changes, 74% of survey participants said the benefit of innovation outweighs the risk.

The innovation, Lanowitz said, “gives us better visibility into our supply chain. It delivers better business outcomes, it increases our overall revenues. It gives us a way to collaborate with cybersecurity teams earlier in the lifecycle of a project. So all of these benefits outweigh the risk that is brought in through innovation.”

Watch the full interview or jump to select interview highlights below.

Interview Highlights: Theresa Lanowitz on Key Cybersecurity Trends

This interview took place at the recent RSA Conference in San Francisco. The comments below have been edited for length and clarity. 

Introducing LevelBlue

Lanowitz has long been well known as the Head of Cybersecurity Evangelism at AT&T Business. Just before we spoke, the company underwent a name change:

“Level Blue might be a new name to some of the people out there watching this. What we announced here at RSA was that LevelBlue is an alliance between AT&T and WillJam Ventures. And what LevelBlue offers is a strategic extension of your team, and we do that through our consulting services to help you protect your business intelligence. We do that with our managed security services to help you predict your security investments. And we do that with our LevelBlue threat intelligence teams to help you mitigate risk and really foster innovation.

“And the fourth component of what we do here at Level Blue is the thought leadership research that we’re going to talk about today.”

Increased Budgets vs. Underfunded Security Efforts

The LevelBlue report found that between 2023 and 2024, security spending increased 11%. This significant increase is good news, Lanowitz said.

“However, there’s a downside to that because what we found is that there are these external triggers that say, yes, you can have more funding for cybersecurity. So if there’s a breach, you get more funding for cybersecurity. There are all of these external events to trigger more money released for cybersecurity.

“And what we found out, and this is fascinating because as an industry, we’ve been trying to solve this problem for the past couple of decades: for all the discussion that cybersecurity is now a business requirement, we found out that cybersecurity is still isolated, underfunded, very much a silo, and it’s not part of the strategic business conversations.”

Cybersecurity and Generative AI 

The LevelBlue report asked participants how they are using AI from a cybersecurity perspective, including generative AI, machine learning, and deep learning:

  • 61% said, “We are bringing this on slowly,” Lanowitz explained. “We want to make sure we’re doing the right thing with this.”
  • 35% said they’re using some form of artificial intelligence. “So think about the very basic uses of artificial intelligence.”
  • 21% said they’re engaging with deep learning, “which is more predictive.”
  • 15% said they’re using generative AI. Additionally, she noted, generative AI may be deployed in other parts of the business.

Still Unprepared for DDoS: The Need for Business Alignment

The report found that the number one attack type was ransomware. “But then these social engineering types of attacks – email compromise, phishing, stolen credentials, account takeover – come very, very close behind.

“And here’s a really interesting stat. We surveyed seven different industry verticals. We asked them how prepared they felt to remediate these different attack types. Every vertical said they are not prepared to remediate against a DDoS attack or a nation state attack.”

The best strategy for improved security, Lanowitz explained, is better alignment within the business. “The more that cybersecurity team can align their goals with the business and align their budgets as well, the better off we’re going to be from a cyber resilience perspective.

“But it has to start at the top down. The executives have to understand the benefit of cyber resilience. The governance teams have to understand that yes, this is something we need to do. We need to bring in all of the stakeholders.”

The post LevelBlue’s Theresa Lanowitz on New Trends in Cybersecurity appeared first on eWEEK.

]]>
eWEEK TweetChat, May 14th: Optimizing Generative AI https://www.eweek.com/cloud/eweek-tweetchat-optimizing-generative-ai/ Mon, 06 May 2024 19:29:53 +0000 https://www.eweek.com/?p=224582 On Tuesday, May 14th at 11 AM PST, eWeek will host its monthly #eWEEKChat. The topic will be Optimizing Generative AI, and it will be moderated by James Maguire, eWEEK’s Editor-in-Chief. In this TweetChat, held on the X platform, experts will share practical advice about how business users can derive the most competitive advantage from […]

The post eWEEK TweetChat, May 14th: Optimizing Generative AI appeared first on eWEEK.

]]>
On Tuesday, May 14th at 11 AM PST, eWeek will host its monthly #eWEEKChat. The topic will be Optimizing Generative AI, and it will be moderated by James Maguire, eWEEK’s Editor-in-Chief.

In this TweetChat, held on the X platform, experts will share practical advice about how business users can derive the most competitive advantage from generative AI. Clearly, generative AI is a technology with enormous potential, yet also one with considerable challenges and risks. How can businesses navigate the pros and cons of generative AI, even as it constantly changes?

See below for the resources you need to participate in the eWeek Tweetchat.

Participants List: Optimizing Generative AI

The list of experts for this month’s TweetChat currently includes the following – please check back for additional expert guests:

TweetChat Questions: Optimizing Generative AI

The questions we’ll tweet about will include the following – check back for more/revised questions:

  1. First, the big question: do you believe the hype about generative AI? That it will disrupt everything in its path and completely reshape business?
  2. Okay, about you personally: Where are you with your use of generative AI? Occasional use, researching, real work support?
  3. Assuming you don’t use gen AI non-stop, what keeps you from using it more? What’s the biggest weakness in gen AI in your view?
  4. What advice would you give to businesses to get more value from generative AI?
  5. What’s your sense of how receptive companies are to using gen AI more?
  6. What about security and generative AI? Is gen AI the security quagmire it appears to be? How to address these concerns?
  7. Other concerns about generative AI? Accuracy of response, job losses? What’s your advice to companies?
  8. Looking ahead, what business sectors will most immediately be changed/reshaped by gen AI? Any recommendations for these sectors’ managers?
  9. What’s one last big thought that your tech colleagues should know about optimizing the benefit of generative AI?

How to Participate in the TweetChat

The chat begins promptly at 11 AM PT on May 14th. To participate:

  1. Open Twitter in your browser. You’ll use this browser to Tweet your replies to the moderator’s questions.

2. Open Twitter in a second browser. On the menu to the left, click on Explore. In the search box at the top, type in #eweekchat. This will open a column that displays all the questions and all the panelists’ replies.

Remember: you must manually include the hashtag #eweekchat for your replies to be seen by that day’s tweetchat panel of experts.

That’s it — you’re ready to go. Be ready at 8 AM PST to participate in the tweetchat.

NOTE: There is sometimes a few seconds of delay between when you tweet and when your tweet shows up in the #eWeekchat column.

#eWEEKchat Tentative Schedule for 2024*

January 16: Governing Generative AI
February 13: Data Analytics Best Practices
March 12: How Tech Pros Get the Most From AI
April 16: Managing Multicloud Computing
May 14: Optimizing Generative AI
June 18: Mid-Year Look Ahead: Future of Tech

*all topics subject to change

The post eWEEK TweetChat, May 14th: Optimizing Generative AI appeared first on eWEEK.

]]>