Blog posts by Alexei Balaganski

Blog

The Best Security Tool Is Your Own Common Sense

Earlier this week, Germany’s Federal Office for Information Security (popularly known as BSI) has released their Digital Barometer 2019 (in German), a public survey of private German households that measured their opinions and experience with matters of cybersecurity. Looking at the results, one cannot but admit that they do not look particularly inspiring and that they probably represent the average situation in any other developed country… According to the study, every fourth respondent has been a victim of cybercrime at least once. The most common types of those...

Blog

Facebook Breach Leaves Half a Billion Users Hanging on the Line

It seems that there is simply no end to a long series of Facebook’s privacy blunders. This time, a security researcher has stumbled upon an unprotected server hosting several huge databases containing phone numbers of 419 million Facebook users from different countries. Judging by the screenshot included in an article by Techcrunch , this looks like another case of a misconfigured MongoDB server exposed to the Internet without any access controls. Each record in those databases contains a Facebook user’s unique ID that can be easily linked to an existing profile along with...

Blog

Security Vendor Imperva Reports a Breach

Imperva , a US-based cybersecurity company known for its web application security and data protection products, has disclosed a breach of their customer data. According to the announcement , a subset of the customers for its cloud-based Web Application Firewall solution (formerly known as Incapsula) had their data exposed, including their email addresses, password hashes, API keys, and SSL certificates. Adding insult to injury, this breach seems to be that of the worst kind: it happened long ago, probably in September 2017, and was unnoticed until a third party notified Imperva a week...

Blog

VMware to Acquire Carbon Black and Pivotal, Aims at the Modern, Secure Cloud Vision

Last week, VMware has announced its intent to acquire Carbon Black, one of the leading providers of cloud-based endpoint security solutions. This announcement follows earlier news about acquiring Pivotal , a software development company known for its Cloud Foundry cloud application platform, as well as Bitnami , a popular application delivery service. The combined value of these acquisitions would reach five billion dollars, so it looks like a major upgrade of VMware’s long-term strategy with regards to the cloud. Looking back at the company’s 20-year history, one cannot...

Blog

Passwordless for the Masses

What an interesting coincidence: I’m writing this just after finishing a webinar where we talked about the latest trends in strong authentication and the ways to eliminate passwords within an enterprise. Well, this could not have been a better time for the latest announcement from Microsoft, introducing Azure Active Directory support for passwordless sign-in using FIDO2 authentication devices. Although most people agree that passwords are no longer an even remotely adequate authentication method for the modern digital and connected world, somehow the adoption of more secure...

Blog

API Security in Microservices Architectures

Microservice-based architectures allow businesses to develop and deploy their applications in a much more flexible, scalable and convenient way – across multiple programming languages, frameworks and IT environments. Like with any other new technology that DevOps and security teams started to explore in the recent years, there is still quite a lot of confusion about the capabilities of new platforms, misconceptions about new attack vectors and renewed discussions about balancing security with the pace of innovation. And perhaps the biggest myth of microservices is that their security...

Blog

Oops, Google Did It Again!

Like many people with a long career in IT, I have numerous small computer-related side duties I’m supposed to perform for my less skilled friends and relatives. Among those, I’m helping manage a G Suite account for a small business a friend of mine has. Needless to say, I was a bit surprised to receive an urgent e-mail alert from Google yesterday, telling me that several users in that G Suite domain were impacted by a password storage problem. Turns out, Google has just discovered that they’ve accidentally stored some of those passwords unencrypted , in plain text....

Blog

Artificial Intelligence in Cybersecurity: Are We There Yet?

Artificial Intelligence (along with Machine Learning) seems to be the hottest buzzword in just about every segment of the IT industry nowadays, and not without reason. The very idea of teaching a machine to mimic the way humans think (but much, much quicker) without the need to develop millions of complex rules sounds amazing: instead, machine learning models are simply trained by feeding them with large amounts of carefully selected data. There is however a subtle but crucial distinction between “thinking like a human” (which in academic circles is usually referred as...

Blog

Oslo, We Have a Problem!

As you have certainly already heard, Norsk Hydro , one of the world’s largest aluminum manufacturers and the second biggest hydropower producer in Norway, has suffered a massive cyber attack earlier today. According to a very short statement issued by the company, the attack has impacted operations in several of its business areas. To maintain the safety and continuity of their industrial processes, many of the operations had to be switched to manual mode. The details of the incident are still pretty sparse, but according to the statement at their press conference, it may have...

Blog

Building Trust by Design

Trust has somehow become a marketing buzzword recently. There is a lot of talks about “redefining trust”, “trust technologies” or even “trustless models” (the latter is usually applied to Blockchain, of course). To me, this has always sounded… weird. After all, trust is the foundation of the very society we live in, the key notion underlying the “social contract” that allows individuals to coexist in a mutually beneficial way. For businesses, trust has always been a resulting combination of two crucial driving forces –...


KuppingerCole Select

Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.

Stay Connected

Subscribe to our Podcasts

KuppingerCole Podcasts - listen anywhere


How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00