• Search for:
    13Dec, 2023
    Scaling Security Operations with Automation

    In an increasingly complex and fast-paced digital landscape, organizations strive to protect themselves from various security threats. However, limited resources often hinder security teams when combatting these threats, making it difficult to keep up with the growing number of security incidents and alerts. Implementing automation throughout security operations helps security teams alleviate these challenges by streamlining repetitive tasks, reducing the risk of human error, and allowing them to focus on higher-value initiatives.

    While automation offers significant benefits, there is no foolproof method or process to guarantee success. Clear definitions, consistent implementation, and standardized processes are crucial for optimal results. Without guidelines, manual and time-consuming methods can undermine the effectiveness of automation.

    This blog explores the challenges faced by security operations teams when implementing automation and the practical steps needed to build a strong foundation for successful implementation.

    The Automation Challenge

    Organizations often struggle with automation due to a lack of well-documented processes and limited resources. With constant alerts and fires to put out, security teams are often spread thin, and only have time to focus on the task in front of them. This leaves them little to no time for proper documentation of processes and procedures. This, along with other factors such as maturity and process monitorability, contributes to the challenges security teams face when implementing automation. Successful automation requires a pragmatic approach, where teams identify and prioritize processes that are feasible and provide the greatest impact on efficiency and risk reduction.

    When considering the feasibility of automation, it becomes crucial to assess whether the processes and procedures in place can be seamlessly automated from start to finish. Not all tasks are suitable for complete end-to-end automation. The decision to automate certain processes should be based on factors like the organization’s maturity level, the available time and resources, and the ability to monitor and ensure the feasibility of the automation efforts. It requires careful evaluation to determine if automation makes sense and can effectively streamline security operations.

    Identifying Automation Maturity

    To reach effective security automation, organizations must assess their readiness and maturity level. A comprehensive assessment involves evaluating three critical investigation processes.

    Evidence Gathering

    This process involves querying information across the organization’s technology environment. Historically, the biggest problem with this process is that it has been manual. Organizations usually have a multitude of different technologies, all of which speak their own different languages, resulting in extensive amounts of time spent pivoting from tool to tool gathering data for any given investigation.

    Automation can greatly enhance this stage by unifying and simplifying queries, thereby eliminating the complexities associated with different logging systems and query nomenclatures. A security orchestration, automation, and response (SOAR) solution can prove to be extremely useful here. However, the main hurdle with implementing SOARs lies in integration, maintenance, and upkeep. If organizations are already facing resource constraints, attempting to set up a SOAR becomes even more challenging as they may not have sufficient people available to handle incidents effectively while also maintaining a SOAR.

    Analysis

    Once evidence is gathered, the analysis stage takes the output of evidence gathering and analyzes it against internal and external. Automation can help extract insights, identify patterns, and accelerate the detection of potential threats, but it is important to note that the analysis process often requires human intervention to ensure accuracy and effectiveness.

    Depending on what is being analyzed, human involvement may be necessary. For instance, when dealing with critical assets, vulnerability scanning, or identifying all the root and admin accounts within a system, it’s essential to have internal human intelligence reviewing and verifying the information.

    Remediation

    This process involves responding effectively to true-positive alerts within an environment. Remediation greatly depends on the efficacy of everything built before that. It’s going to be extremely difficult to have confidence in your remediation process if you don’t have all the data, you need or if there are gaps in your internal or external intelligence.

    Practical Automation Development

    It’s crucial to understand what processes and procedures are in place when responding to threats. Depending on where an organization is in their maturity journey, it might be hard to know where to start with implementing automation. Building a solid foundation for automation involves following a systematic and iterative approach. Below are five steps organizations can use to better implement automation:

    1. Interview Security Teams: Engage with security teams about their existing processes and identify use cases suitable for automation.
    2. Identify Use Cases: Identify automation use case opportunities based on those interviews. Prioritize high-volume, repetitive tasks or those with significant human effort. Focus on one process at a time to avoid complications caused by rushing through multiple processes without proper understanding and development.
    3. Document Findings: During the documentation phase, analyze actions in consoles and compare them with the corresponding API endpoints. Changing technologies and unexpected variables can disrupt processes. To mitigate any disruptions, it’s crucial to have a solid understanding of the APIs being used and document the findings thoroughly. By integrating this documentation into the overall workflow, any deviations from the initial assumptions can be identified and addressed promptly.
    4. Develop a Feedback Loop: Incorporate the security operations team’s insights, suggestions, and expertise throughout the development process to ensure the automation solution aligns with the organization’s needs and enhances productivity.
    5. Measure and Assess: After implementing automation, measure its effectiveness and efficiency. Continuously assess the impact and gather feedback from the security team. Use these insights to fine-tune the automation techniques and address any emerging edge cases.

    To have a successful automation foundation, it’s not enough to simply create and deploy automation solutions. It’s also important to integrate automation into existing security operations workflows. This process of operationalization ensures that automated processes and human decision-making can work together seamlessly.

    Conclusion

    Implementing automation is crucial for organizations to combat the increasing security threats in today’s digital landscape. It streamlines tasks, reduces human errors, and enables security teams to focus on higher-value initiatives. However, success in automation requires clear definitions, consistent implementation, and standardized processes. Organizations should assess feasibility, readiness, and maturity level, and follow a systematic approach for practical automation development. By integrating automation into existing workflows and identifying relevant use cases, security teams can maximize the benefits and leverage the expertise of professionals. A solid foundation for automation can reduce response times, improve accuracy, minimize errors, and enhance threat detection in various security processes for organizations.

    Resource : https://thehackernews.com/2023/12/scaling-security-operations-with.html

    15Mar, 2023
    Digital twins could be the key to successful automation

    Automation has delivered significant benefits for organizations that have taken the necessary steps to adopt it, but let’s face facts: The journey to successful automation typically isn’t an easy one. Despite best-laid plans, barriers and pain points continue to plague automation programs, creating bottlenecks, stifling scale and throttling better returns.

    Given the challenges of automation — for instance, heavy maintenance burdens can eat away at ROI, and a lack of visibility on automation estates can result in redundancies and inflated costs — it is little wonder that digital twinning and its innate ability to successfully address issues is beginning to resonate.

    Tracing its origins to NASA’s space program in the 1960s, digital twinning in automation can best be defined as a digital copy of an automated process that resides in a separate repository to the robotics process automation (RPA) platform where the actual automation is developed, deployed and orchestrated.

    Advantages of digital twins

    The primary advantage of the digital twin is that it evolves as automation evolves. As a result, if any changes are applied to the automation in the RPA platform, those same changes are reflected in the twin, ideally in real-time or at least near real-time.

    Operational metrics (including runs, last time run, number of issues, utilizations, and success rates) are also accessible and displayed where the twin resides so that it can be monitored and continuously improved.

    Beyond changes and operational metrics, a digital twin in automation enables an organization to compile accurate documentation and detailed audit trails for the entire automation estate and maintain it in a single, centralized repository. Doing so not only addresses the problem of misplaced or lost process design documents, but also solves one of the major pain points of automating: An inability to visualize and understand how automations have changed over time.

    Maintaining digital twins for all automations in a central location — regardless of the RPA platform in which they are designed, deployed and orchestrated — vastly improves automation standardization, governance and visibility. Particularly for companies that employ a multi-platform automation strategy, a single repository allows for greater visibility into the complexity of all processes, as well as the systems and applications with which they interact.

    This not only vastly improves oversight of the entire automation estate, but allows for faster recognition of potential issues and redundancies and identification of automations that can be retired to lower costs and increase returns.

    Less maintenance required

    Digital twinning also reduces the need for maintenance. By serving as a canvas for automation, a digital twin can be quickly reviewed to identify where an error has occurred and how it can be corrected, saving both time and money.

    It also flips the change management process. Rather than waiting for an automation to fail before taking corrective action, digital twins enable proactive steps to be taken as soon as a potential malfunction is detected or in advance of a regulatory change or application update.

    Finally, digital twins enable accelerated and simplified RPA platform migrations because the feasibility assessments to evaluate the effort needed to switch destination platforms can be more easily performed. Because a digital version of up-to-date automation exists, exporting automation with a mapping engine that requires only minor modifications dramatically reduces the effort needed and removes manual recoding.

    Forging new partnerships

    This will prove to be particularly important in the year ahead as more organizations look to migrate from their legacy RPA platforms to next-generation intelligent automation solutions.

    Migrations will be further complicated as new partnerships are being formed among well-established solution providers using information from Internet of Things (IoT). At least three digital twin-focused industry standards groups have already emerged to assist in guiding the technology forward.

    While there can be little doubt that digital twins in automation provide a palpable source for understanding what is delivering value (and what isn’t), implementing digital twins is likely to get more complicated as parameters, design principles and even basic assumptions change.

    Some digital twins still rely on older simulations and monitoring, while others have built-in AI solutions that rely on evolving data to keep parameters up-to-date.

    All of this suggests that while their benefits will likely vary from one organization to the next, digital twins undoubtedly will see even wider use in the future. With compound annual growth rates generally projected to approach 40% annually, some analysts are already predicting 2023 as a banner year for the digital twin.

    Spurred by new developments — including the ability to proactively search for and harvest data — expect the digital twin market to grow from its current level of $6.9 billion to more than $73.5 billion by 2027. More organizations will recognize the persistent problems digital twins can address and the benefits, from increased efficiency to greater ROI that they offer.  

    Resource : https://venturebeat.com/automation/digital-twins-could-be-the-key-to-successful-automation/

    9Dec, 2022
    Can You Double CPU Performance by Cooling It With a Chip Instead of a Fan?

    A four-year-old company is coming to market soon with an unexpected technology to cool CPUs and SoCs. Frore Systems has developed a cooling chip it calls AirJet that sits on top of a heat-generating chip and cools it without the need for mechanical fans. It’s 2.8mm thick and uses pulsating inlets to suck air into it and exhaust it out the sides. The company claims its “solid-state” cooling solution allows for double the CPU performance compared with using traditional methods. It’s secured $100 million in funding and is now partnering with Intel to bring its technology to the company’s Evo line of laptops.

    The AirJet is designed to deal with the ever-shrinking nature of our electronic devices. As phones, tablets, and laptops get smaller, cooling them becomes more difficult. When insufficient cooling is applied, a CPU will throttle, lowering its clock speeds to reduce temps. This naturally results in decreased performance. Frore Systems claims its AirJet tackles this problem better than a fan, without taking much room inside the device. The heart of the issue is how long a CPU can maintain its maximum clock speed with peak power consumption.

    CPUs typically have a “tau value” that indicates how long they can boost at maximum power consumption. This is known as the PL2 state, compared with PL1, which is stock power consumption. Once a CPU hits PL2, it can’t maintain that state forever unless there’s adequate cooling. For example, Intel’s Core i9-10900K CPUs can maintain tau for 56 seconds before throttling down. Frore Systems says with AirJet, the tau state can be maintained to infinity in some scenarios. This is how the company arrives at its claim of boosting CPU performance 2X. According to CEO Dr. Seshu Madhavapeddy in an interview with PCWorld, a 1.8GHz ARM processor with four AirJet Minis will be able to run at 3.5GHz “forever.” An AirJet Pro that’s made for x86 could run at PL1 at 2.1GHz instead of 1.4GHz with a fan. Additionally, the AirJet in a 15-inch laptop would produce just 29 dBA of sound, instead of 42 dBA with a fan.

    The AirJet is still considered a heatsink, and it’s a solid-state device like any type of copper heatsink. However, they include membranes inside that vibrate at ultrasonic frequencies. This vibration sucks air into inlets at the top of the AirJet. Once inside the device, air is then transformed into “pulsating jets” as the air removes the heat from the heat spreader. It is eventually exhausted out of the sides via integrated spouts. From there, it’s up to the device maker to find a way to get the heat out of the system entirely.

    For now, the company also is targeting slim, portable devices with its Mini product, including tablets,  laptops, and VR headsets. The AirJet Mini looks like a credit card, and measures 41.5mm long by 27.5mm wide and 2.8mm thick. It can remove 5.25W of heat while consuming just 1W with a very quiet 21 dBA of noise. The AirJet Pro for x86 is a bit larger, naturally. It measures 71.5 mm by 31.5mm at the same 2.8mm thickness. It can exhaust 10.75W of heat while using just 1.75W.

    Frore Systems has also begun working with Intel on an “engineering collaboration.”  This means no money has exchanged hands, but Intel is using its vast resources to assist Frore in getting its product to market, which could happen in 2023. In return, the company has been giving Intel input on changes it could make to the CPU socket area on the motherboard to adopt the technology. It’s been giving Frore engineering targets to work with and invited the company’s members to its Bangalore facility for debugging work. Intel has also been giving Frore Systems guidance on how to work with other companies to integrate its products.

    This concept sounds amazing, at least in theory. The founders of the company have seemingly come up with a clever solution to a big real-world problem. But like every other bit of new-generation technology that comes along with high hopes, we’ll be curious to see if it ever materializes in the real world. Maybe one day we’ll have an AirJet Ultra Extreme attached to our single-slot RTX 5090.

    Resource : https://www.extremetech.com/computing/341252-can-you-double-cpu-performance-by-cooling-it-with-a-chip-instead-of-a-fan

    9Dec, 2022
    What is power over Ethernet?

    Power over Ethernet (PoE) technology allows a twisted-pair Ethernet cable to provide power to electric devices, in addition to data. This is most commonly found in Internet of Things (IoT) devices, like IP security cameras, and greatly simplifies the wiring of any such setup, as it means only one cable is necessary for almost everything. When such devices can be placed in hard-to-reach locations, where running any cabling is cumbersome, it is really handy, not to mention cheaper.

    That’s not everything that makes PoE so useful, though. Here’s everything you need to know about Power over Ethernet.

    What is Power over Ethernet?

    Power over Ethernet is the name given to the overarching technology that facilitates providing power over an Ethernet network connection, as well as data transmission. In reality, PoE is the combination of a device that supports PoE, a standard Ethernet cable, and a network switch with PoE support. It is also possible to use a non-PoE switch, and have a PoE injector between the switch and PoE device, but that injector will require its own main power connection to provide power on the network.

    PoE was initially conceived for use with Voice over Internet Protocol (VoIP phones), allowing them to be powered and connected to a network with a single cable, while also providing the simple ability to remotely shut off such devices when not in use. It has since been extended to provide easier wiring for IP cameras, outdoor radios, IP TVs, network routers, access control points like intercoms and entry card scanners, remote point-of-sale kiosks, and industrial control systems, to name a few.

    Its most common use in most people’s homes, however, is with Wi-Fi access points. This is particularly common on mesh networks, where multiple routers and nodes are required.

    How does Power over Ethernet work?

    All different types of Ethernet cables are made of twisted pairs of copper wires. It’s those pairs that transmit the data and it’s those same pairs that facilitate power transmission down the cable, too. Some of that power is received by the power source device, be that a PoE switch or a PoE injector, and the rest is delivered to any attached PoE devices through the Ethernet cabling.

    There are three standardized techniques for delivering power over Ethernet. They’re known as Alternative A (or Mode A), Alternative B (or Mode B), and 4PPoE. For Alternative A PoE configurations, the power and data are transmitted on the same wires (for 10Mbps and 100 Mbps speeds), while Alternative B transmits the power on separate wires to the data. The 4PPoE standard uses all four pairs of a twisted-pair wiring to transmit power and data. That allows for greater power delivery and network speeds.

    Which Ethernet cables support PoE?

    You don’t need any kind of special cabling to use PoE, but you do need to choose a high enough quality of Ethernet cable that the power and data can be delivered without interference. Although the performance and quality of Ethernet cables can vary dramatically depending on which Ethernet cable you choose, the most recent categories of cables have a minimum quality threshold that ensures you’ll get a reliable PoE connection. With that in mind, Category 5, or Cat 5, Ethernet cables should be considered the minimum cable category used for Power over Ethernet, with more recent generations of cables used for Gigabit Ethernet with PoE or greater bandwidth connections.

    The one caveat with this recommendation is that the cable needs to be made with 100% copper wiring. Some cheaper Ethernet cables are known as CCA, or Copper-Clad Aluminum, and they effectively wrap an aluminum wire in a thin layer of copper. As aluminum is not as good an electrical conductor as copper, it’s recommended not to use CCA Ethernet cables for PoE networking, regardless of the desired bandwidth.

    How much power can PoE provide?

    Although PoE typically provides relatively low-level power for modest connected devices, it can deliver quite a lot of power if necessary, facilitating some more demanding PoE devices. The base Power over Ethernet specification provides up to 15.4 watts of DC power on each port, although that typically reduces to 12.95W at the device, as some power is lost along the length of the cable — and more so in longer cables.

    More recent specifications can provide 25.5W, 51W, or even 71W per port, with each demanding more from the power sourcing equipment, be that a PoE-equipped switch or a PoE injection device.

    How long can PoE cables be?

    Although PoE doesn’t demand any special cabling to work correctly, there are some limitations on cable length. Different Ethernet cables support different data rates at different lengths, but PoE is also limited to 100 meters. However, while you are limited to 100m per Ethernet cable on a PoE network, you can extend that power-delivery mechanism using PoE extenders. You install them on the line between the power source device and the networked device, giving you the option of adding a further 100m of Ethernet cable to the network.

    PoE extenders are not injectors, so do not require a power connection of their own, but they do make sure the power is maintained throughout the network. However, they don’t fully replicate the power from the original source, with the extender itself requiring some power to operate. This results in the power delivered to the eventual endpoint device being lower than if it were simply attached directly to the power source device over a shorter cable run.

    With this in mind, you can technically use multiple PoE extenders over the length of the network to further extend its reach, but each extender saps more power, leaving less for the eventual PoE device. This is exacerbated if you use an extension splitter, which funnels the Power over Ethernet connection to multiple endpoint devices.

    Resource : https://www.digitaltrends.com/computing/what-is-power-over-ethernet/

    3Dec, 2022
    Raspberry Pi Has New Hi-Fi Audio Boards for Your DIY Project

    Raspberry Pi single-board computers are still wildly popular, with uses ranging from learning programming to DIY electronics. Now there’s an updated lineup of hi-fi audio cards that can turn a Pi into a better media station.

    The company behind Raspberry Pi acquired IQaudio two years ago, which was already producing four external DACs compatible with various Pi boards. The accessories allowed Pi devices to output powerful and higher-quality audio, ideal for home theater setups, music studios, or anywhere else audio quality is a priority.

    Raspberry Pi announced today that it has updated all four boards. The most noticeable change is that they all use green boards, making them “a bit more Raspberry Pi-like” compared to the older black boards. The announcement also mentioned “a few minor layout and connector changes, aimed at making the boards simpler and quicker to manufacture: this sort of continuous design‑for‑manufacturability work is the hallmark of all Raspberry Pi products.”

    The lineup consists of four boards. First is the $20 DAC+, which provides stereo analogue audio and a dedicated headphone amplifier. There’s also the $25 DAC Pro, with a better Texas Instruments chip for a higher signal-to-noise ratio, and the $30 DigiAMP+ has an integrated digital-input amplifier. Finally, the Codec Zero is a $20 board designed specifically for the Raspberry Pi Zero.

    It’s great to see Raspberry Pi invest in better audio support for projects using Pi boards, but the elephant in the room remains — the actual Pi boards themselves are still remarkably difficult to purchase. Demand for Pi boards has outstripped supply for well over a year now, with many people venting their frustration on social media. There’s even a third-party tracking site for finding restocked store listings.

    Resource : https://www.howtogeek.com/852455/raspberry-pi-has-new-hi-fi-audio-boards-for-your-diy-project/

    14Nov, 2022
    Safety Consulting

    Customized machine safety

    Machine safety is a complex, sensitive and cost-intensive topic. Our Safety Consulting service provides tailored answers to your questions and leads you smoothly through a process aimed at ensuring the safety of your machine!

    The European Machinery Directive, international standards, safety controllers and drive technology, Industrie 4.0 – functional machine safety is becoming a more and more time-consuming topic which requires highly specialized knowledge. This is where our Safety Consulting service comes into play: We provide you with experienced specialists who support you on site through the whole process – from risk assessment to technical engineering through to the validation of your machine.

    We thus lead you to a safe machine in three steps:

    Coordinated risk assessment

    In a first step, we identify and evaluate together with you exactly the potential hazard points of your machine and jointly assess possible risks – of course with consideration of the specific applicable standards and guidelines. We examine all potential hazards that may occur in the life phases and operating modes of the machine and determine the probability and extent of damage which may be caused by the identified hazards.

    Tailored risk reduction

    In a next step, we want to minimize the hazardous potential of your machine. Together, we define the necessary technical actions and make you proposals aimed at inherently integrating utmost safety in your machine. We support you in defining, verifying and commissioning the safety functions of your machine and document in detail any possible remaining risks in cooperation with our Solution Partners.

    Appropriate validation

    And, last but not least, we will be glad to support you in validating your machine. We will closely examine the technical requirements for your machine which have been defined beforehand and perform, if necessary, a functional check of your software. Furthermore, we support you in communication with end customers and, if required, external bodies (e.g. the German Technical Inspectorate TÜV). Comprehensive documentation and verification round off our Safety Consultation service.

    Expert know-how ensuring the safety of your machine

    For the Safety Consulting service, we cooperate closely with selected Siemens Solution Partners. Each partner is an acknowledged expert in the field of functional machine safety and has acquired not only the necessary knowledge about functional safety standards, but also comprehensive product and system-specific know-how concerning our portfolio.

    Resource : https://new.siemens.com/global/en/products/automation/topic-areas/safety-integrated/factory-automation/safety-consulting.html