OCP spec for silicon security could help reduce vendor lock-in

A new specification from the Open Compute Project could mean more choices for IT pros when it comes time to replace server cards. The spec defines a block of code that, when used in processors, establishes root of trust (RoT) boot security. Because the spec is open, any chip maker can use it, and it will provide interoperability with chips made by other chip makers that also use it. This can help eliminate being locked into a single vendor because of proprietary RoT code. By standardizing on OCP hardware, for example, it’s possible to replace a bad smartNIC from one vendor with one from another vendor, says Bill Chen, general manager of server product management at Supermicro, an OCP member. To read this article in full, please click here
http://dlvr.it/Sc1ZWk

Engineering workstation attacks on industrial control systems double: Report

Some of the biggest challenges faced in securing industrial control systems involve integrating legacy and aging operational technology with modern IT systems.
http://dlvr.it/Sc1Fbx

How Cisco's Cloud Control Framework helps it comply with multiple security standards

Its open-source Cloud Control Framework gives Cisco a common template to meet security standards and regulatory requirements across the globe.
http://dlvr.it/Sc0rfP

Cisco issues fixes for active exploits of its Windows VPN clients

Cisco is offering software updates for two of its AnyConnect for Windows products it says are actively being exploited in the field. AnyConnect for Windows is security software package, in this case for Windows machines, that sets up VPN connectivity, provides access control and supports other endpoint security features. Cisco said AnyConnect products for MacOS, Linux are not affected. Cisco said its Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability, which is described in this advisory. To read this article in full, please click here
http://dlvr.it/SblmXB

IoT security strategy from those who use connected devices

Freeman Health System has around 8,000 connected medical devices in its 30 facilities in Missouri, Oklahoma, and Kansas. Many of these devices have the potential to turn deadly at any moment. "That’s the doomsday scenario that everyone is afraid of," says Skip Rollins, the hospital chain's CIO and CISO. Rollins would love to be able to scan the devices for vulnerabilities and install security software on them to ensure that they aren't being hacked. But he can't. "The vendors in this space are very uncooperative," he says. "They all have proprietary operating systems and proprietary tools. We can't scan these devices. We can't put security software on these devices. We can't see anything they're doing. And the vendors intentionally deliver them that way." To read this article in full, please click here
http://dlvr.it/SbTFJT

SolarWinds’ Observability offers visibility into hybrid cloud infrastructure

SolarWinds, the maker of a well-known and widely used suite of IT management software products, announced this week that it’s expanding to the cloud, with the release of Observability, a cloud-native, SaaS-based IT management service that is also available for hybrid cloud environments. The basic idea of Observability is to provide a more holistic, integrated overview of an end-user company’s IT systems, using a single-pane-of-glass interface to track data from network, infrastructure, application and database sources. The system's  machine learning techniques are designed to bolster security via anomaly detection. To read this article in full, please click here
http://dlvr.it/SbRmJ5

Cisco launches 10-year plan to train 25 million people in IT skills

As Cisco celebrates the 25th anniversary of Cisco Networking Academy, the company on Tuesday announced two new certifications and a plan to provide networking, cybersecurity and general IT  training to 25 million people over the next 10 years. The training will be done through the company's networking academy, an IT skills-to-jobs program that provides IT courses, learning simulators, and hands-on learning opportunities, supporting instructors and learners in 190 countries. To date, Cisco says more than 17.5 million global learners have taken Cisco Networking Academy courses to gain IT skills, with 95% of students attributing their post-course job or education opportunity to Cisco Networking Academy. To read this article in full, please click here
http://dlvr.it/SbJwPs

Portnox adds IoT fingerprinting to network access control service

The IoT fingerprinting feature will allow companies to fully identify IoT devices that don't have the storage or processing capabilities to communicate complete identifying information such as model number, or even device type.
http://dlvr.it/SZzRCC

Google Cloud adds networking, security features for enterprises

Google Cloud is rolling out new network and security features, including a service that provides Layer-7 security. The new offerings announced at Google Cloud Next also include firewall and web application-protection options aimed at advancing existing cloud connectivity and ensuring the security of cloud-based resources. “We are fundamentally enhancing our network fabric—which includes 35 regions, 106 zones and 173 network edge locations across 200-plus countries—and making it simpler and easier for organizations to migrate their existing workloads and modernize applications all while securing and making them easier to manage,” said Muninder Sambi, vice president and general manager of networking for Google Cloud. To read this article in full, please click here
http://dlvr.it/SZvqrL

The astronomical costs of an asset disposal program gone wrong

As Morgan Stanley Smith Barney has learned, an information technology asset disposal program can protect a company against the potential catastrophe of data leaks from gear you’re getting rid of.
http://dlvr.it/SZYZ63