Welcome!

Microservices Expo Authors: Liz McMillan, Pat Romanski, Elizabeth White, Mehdi Daoudi, Yeshim Deniz

Related Topics: Containers Expo Blog, Mobile IoT, Microservices Expo, @CloudExpo, Cloud Security, SDN Journal

Containers Expo Blog: Blog Feed Post

Targets of Opportunity

Overall, the report covers 47,000 reported security incidents

…Is one of the findings in #Verizon’s 2013 Data Breach Investigations Report, which is chuck full of interesting data.  75% of the attack victims were selected because they had a weakness that an attacker knew how to exploit rather than being specifically chosen.  The difficulty of the initial compromise was low for 68% of the breaches meaning the attackers used basic methods or automated tools and scripts.  It also means that there are sloppy configurations, needless services and exposed vulnerabilities that are bringing this attention.

Overall, the report covers 47,000 reported security incidents, of which, there were 621 confirmed data breaches.  This is important since they focus on the 621 confirmed data loss incidents rather than the 47,000 reports.  There will probably be a ton of articles reporting the results but a good place to start is securosis.com with their How to Use the 2013 Verizon Data Breach Investigations Report.  This is a great primer for the document.

There is a pretty even distribution of industries hit from financial to retail and restaurants to manufacturing, transportation and utilities to government and defense contractors.  The overwhelming majority of attacks are perpetrated by outsiders at 92% of the confirmed data breaches with insiders at 14%.  Interestingly, for all reports (the 47,000 not just the 621 confirmed) insiders accounted for 69% of the incidents.  Typically this was due to carelessness rather than criminal misuse.  76% of the network intrusions exploited weak or stolen credentials and most often, the attack was driven by financial motives at 75%.

Some other interesting data for me was that 66% of the breaches remained undiscovered for months or more and 69% of those were discovered by outside entities.  So organizations are in the dark about their intrusions, and it takes an outsider to point it out.  It’s like those people who drive away with the gas hose still hooked to their tank.

I was also curious about breaches as a result of BYOD.  Not many.  In 2011 they only saw 1 breach that involved personally owned devices and only a couple more in 2012.  They will keep watching and do expect that it may increase but for now, so far so good.  Could be because while BYOD is a hot topic, most surveys indicate that only around half the organizations are digging in.

There is a ton more valuable data in the report and it is an easy, fun read for 63 pages of stats.  Right on page 2 they say, ‘Some organizations will be a target regardless of what they do, but most become a target because of what they do.  If your organization is indeed a target of choice, understand as much as you can about what your opponent is likely to do and how far they are willing to go.’  Put it on your list.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1] o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]


Read the original blog entry...

More Stories By Peter Silva

Peter is an F5 evangelist for security, IoT, mobile and core. His background in theatre brings the slightly theatrical and fairly technical together to cover training, writing, speaking, along with overall product evangelism for F5. He's also produced over 350 videos and recorded over 50 audio whitepapers. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.

Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.

Writer, speaker and Video Host, he's also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others.

Microservices Articles
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session we'll describe best practices for "configuration as code" in a Kubernetes environment. We will demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure ...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
The now mainstream platform changes stemming from the first Internet boom brought many changes but didn’t really change the basic relationship between servers and the applications running on them. In fact, that was sort of the point. In his session at 18th Cloud Expo, Gordon Haff, senior cloud strategy marketing and evangelism manager at Red Hat, will discuss how today’s workloads require a new model and a new platform for development and execution. The platform must handle a wide range of rec...
"DivvyCloud as a company set out to help customers automate solutions to the most common cloud problems," noted Jeremy Snyder, VP of Business Development at DivvyCloud, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"Outscale was founded in 2010, is based in France, is a strategic partner to Dassault Systémes and has done quite a bit of work with divisions of Dassault," explained Jackie Funk, Digital Marketing exec at Outscale, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Adding public cloud resources to an existing application can be a daunting process. The tools that you currently use to manage the software and hardware outside the cloud aren’t always the best tools to efficiently grow into the cloud. All of the major configuration management tools have cloud orchestration plugins that can be leveraged, but there are also cloud-native tools that can dramatically improve the efficiency of managing your application lifecycle. In his session at 18th Cloud Expo, ...
Containers, microservices and DevOps are all the rage lately. You can read about how great they are and how they’ll change your life and the industry everywhere. So naturally when we started a new company and were deciding how to architect our app, we went with microservices, containers and DevOps. About now you’re expecting a story of how everything went so smoothly, we’re now pushing out code ten times a day, but the reality is quite different.
Gone are the days when application development was the daunting task of the highly skilled developers backed with strong IT skills, low code application development has democratized app development and empowered a new generation of citizen developers. There was a time when app development was in the domain of people with complex coding and technical skills. We called these people by various names like programmers, coders, techies, and they usually worked in a world oblivious of the everyday pri...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addres...