The Latest

Quantum announces the DXi9200, the latest generation of its flagship DXi9000 Series hybrid (flash + dense disk) data protection appliances, designed for scalable, efficient backup and recovery services for large organizations.

With the continuing threat of ransomware attacks, organizations need to take a comprehensive and proactive approach to secure their data and data copies, continuously validate recovery operations, and quickly recover in case of attack. As the industry’s most scalable, feature-rich, and efficient data protection appliance, the DXi9200 meets these challenges head on.

“The DXi9200 is a powerful new solution for strengthening any organization’s cyber resilience,” says Sanam Mittal, VP, DXi. “Coupled with highly optimized data reduction, replication, and cloud tiering, plus all-inclusive software, capacity-on-demand licensing, and Flexible as-a-Service subscription service options, the DXi9200 dramatically lowers costs and increases IT efficiency. DXi9200 is the ideal choice for enterprise backup and recovery services, consolidation of offsite immutable copies for disaster recovery and long-term retention, and as the central hub of modern edge-core-cloud data protection fabrics.”

Flexible scalability. The DXi9000 Series is well recognized for its flexible deployment options, providing small capacity entry points with the ability to expand with capacity-on-demand licensing and incremental upgrades as needs grow, up to 20 times initial capacity. The solution features a 110 TB entry capacity that can easily scale in 55 TB increments up to 2.2 PB usable. Plus, with up to 70x data reduction rates and bundled DXi Cloud Share tiering to public and private clouds, the DXi9200 achieves logical capacities of up to 462 PBs under management to ensure that organizations can stay cyber resilient as their data volumes grow.

Security-rich feature set. The DXi9200 strengthens every customer’s cyber resilience to protect against cyberattacks with a hardened architecture consistent with the NIST Cybersecurity Framework 2.0 (CSF 2.0) designed to help organizations to manage and reduce their cybersecurity risks. The DXi9200 features:

  • Protection against unauthorized access with secure connectivity to backup software, replication partners, and cloud tiering destinations based on at-rest and in-flight data encryption, secure multi-factor authentication, and role-based access control.
  • Offsite protection of data copies through bundled replication, cloud tiering to public and private clouds, cooperating DXi virtual and physical appliances, and Direct-to-Tape capabilities, for seamless disaster recovery within minutes.
  • More than 30% faster ingest and restore performance* for increasing service levels including more frequent backups, continuous validation of data sets and recovery processes, and instant data access for rapid recovery of large, critical workflows, to minimize downtime after an incident and achieve better recovery time objectives (RTO) and recovery point objectives (RPO).
  • Extensive system monitoring and alerting capabilities including real-time status and anomaly detection of critical events or irregularities, helping prevent data breaches or system failures.
  • Backup data integrity against alteration, deletion or corruption with offline immutable snapshot data copies, frequent native data integrity health checks, parity-protected RAID, and a compatible ecosystem of data protection and malware scanning software, including Veeam, Veritas, and Commvault.

Density and efficiency. With the advent of Quantum’s all-flash DXi T-Series appliances setting a new standard for ultra-fast ransomware recovery, the role of hybrid appliances is quickly evolving to key use cases where cost efficiency is a primary concern. By integrating both fast NVME flash and dense hard disks, the DXi9200 doubles price/performance compared to prior generations, achieving up to 68% denser packaging (2.2 PB usable in only 12 rack units), and 25% less power consumption, enabling organizations to aggressively improve the cyber resilience of their infrastructure at a reasonable cost.

DXi9200 appliances are available immediately. All DXi products are flexibly available as a capital purchase or via Quantum GO, Quantum’s pay-as-you-go subscription offering.


from Help Net Security https://ift.tt/Y26qNJz

The internet's disinformation merchants are, for some reason, focusing their energy and algorithms on one man this week: Elon Musk. In real life, Musk is the richest man in the world and has been tapped to head the newly created Department of Government Efficiency (DOGE) during the upcoming Trump administration, so it makes sense that people are talking about him. But why so many people are telling such elaborate lies about the guy is mysterious.

Below are 25-odd lies about Elon Musk.

Elon Musk did not buy Ford

This rumor is more than a one-off tweet. It comes by way of YouTube, where a channel called WealthUp has posted a nearly 40-minute video describing the merger of Ford and Tesla`. The vid breaks down the numbers and speculates as to what the merger would mean to the stock market and consumers, just like a real newscast. It's backed up with tweets and news reports too. But it's all bullshit. The video is entirely AI, based on nothing, and produced to generate traffic. It's working, too: it's been viewed 22,000 times as I post this.

WealthUp seems to only post AI-produced videos about Elon Musk, including the story of Elon Musk helping a homeless woman, giving his first class seat on a plane to a "Black elderly," confronting Oprah Winfrey, Ellen Degeneres, Robert DeNiro, Jimmy Kimmel, Michelle Obama, and Meghan Markle.

Elon Musk did not reunite a lost girl on a bus with her mother and buy them a house

Videos about the good deeds of Elon Musk aren't only on YouTube. Over on Facebook, an account called Elon Videos is busily posting completely fake videos about Saint Elon. This one is about the time that Musk was riding a public bus (seriously) and he noticed a lost little girl holding a tattered teddy bear. Musk found her mother and bought them a house. Heartwarming, touching and 100% fake. This heroic act had been attributed to Keanu Reeves, Eminem, and others previously, and it's partially based on a real story, but it didn't really take off until Musk was cast as the hero.

Elon Musk is not going to release the Epstein files and the Diddy files

The version of Elon Musk covered by Facebook page SpaceX Fanclub isn't into spontaneous charity to "Black elderly" or anyone else. He's a vengeful Musk, who is going to release "Bombshell Diddy and Epstein Client List" on Jan. 20, block "pride content" on Twitter, and bring down Dreamworks for being too woke. This Musk is pure get-back-at-the-damn-liberals-style Musk.

Elon Musk is not buying CNN

The rumor that Elon Musk is buying CNN comes from Musk's own X. A simple community note reading "this is not true" is included, so that's good. But Argentine President Javier Milei doesn't seem to have read the note, since he mentioned the rumor in front of the Argentine Chamber of Commerce on Nov. 7. and the largest Argentinian newspaper reported on it as well.

Elon Musk did not "storm a small town" to help a bullied teenager

This fake video from YouTube channel The Crow has been viewed 760,000 times. It gives an origin story to Fake-News Elon. When Alex, a promising student at "Tesla STEM high school" is bullied for his interest in rockets, Elon shows up at the school to tell Alex that he too was bullied as a teen. This inspires Alex to "present his work at a regional science fair," where he won first prize, a scholarship to a top-tier engineering student, and an internship at Tesla!

More things Elon Musk did not do

Elon Musk did not buy McDonalds, ABC, or Disney World. Elon Musk did not ban Stephen King from X, not has he developed robots to carry human babies.

So why all the Musk-related fake news?

It's tempting to think that the downpour of Musk fan fiction is Elon using bots to improve his image among the nation's mouth-breathers (it's not like the guy's a stranger to spreading misinformation) but I think it's more basic than that. The deluge of fake news about Elon Musk probably comes down to engagement. For cultural reasons beyond easy understanding, enough of the dumbest people you went to high school with want fake news about Elon Musk to support a cottage of industry of AI sites to churn it out.

But they don't want just any stories about Elon Musk. Tthe most popular fake-Musk news stories aren't the ones where he visits vengeance on cultural enemies like Jimmy Kimmel; they're the ones where a billionaire with a heart of gold sweeps in to save the day and change a waitress's life at Waffle House (Musk always eats at Waffle House) or reunite a lost child with their mother. That one has over 1.4 million views on YouTube alone. The people want a hero, and for reasons that resist logic, they've chosen Elon fucking Musk to fill the role.

Despite starting with Elon Musk riding a public bus, a dead giveaway that it's fake, people (or AI agents anyway) on YouTube seem to be swallowing it. Highly upvoted comments include, "We love our cute Elon sir. He is friend of all children," and "Wow, sir Elon, you are the ANGEL GABRIEL who has brought good news to Maddies' World!! Thax." Thax indeed.

Elon Musk: troubling Messiah

My favorite subset of fake Musk stories are the ones that seem designed to paper over the difference in values between the actual Elon Musk and the kinds of people who consume fake media.

Elon is a bit of tough sell to the "your MAGA aunt on Facebook" crowd. No matter what you think of him, he's a weird guy. He's said publicly he's a "cultural Christian" but is wishy-washy about whether he believes in God. He's had 12 children with three different women and he gives them names like Techno Mechanicus. He's not the middle-American family man the people want. But that's OK, because you can just whip up some AI videos to make Elon into whatever you like. Like this story about Musk attending church in Las Vegas (ha!) and witnessing a miracle that caused him to convert to Christianity. Not "cultural Christianity," either; the real thing. At least one of Musk's children doesn't speak to him and his ex-partners have not been kind about his interest in parenting. But that's cool, because here's a video about how Elon Musk is a great parent and all of his many children love him very much.

The Musk virus infects us all

It's not just right-wing types that traffic in Musk-glurge: Left-wing dummies have their own version of Musk to read about. Dark Musk isn't helping handicapped dogs cross the street; he's using his vast network of satellites to rig the 2024 election. He's paying for Donald Trump's extravagant inauguration bash. He's fat, too—a corpulent, James-Bond-level super-villain who's bringing down the United States.


from LifeHacker https://ift.tt/8aFeXEj

Tanium unveiled new AI-powered autonomous innovations that transform how IT and Security teams execute change safely and reliably in their IT environments – at scale and in real-time.

Tanium Autonomous Endpoint Management (AEM) enhances and extends the Tanium platform with a set of autonomous capabilities across the industry’s most comprehensive real-time platform, which includes asset discovery and inventory, vulnerability management, endpoint management, incident response, and digital employee experience.

“Tanium AEM leverages real-time insights from millions of Tanium cloud-managedendpoints to recommend and automate changes on endpoints within a customer’s environment, giving IT and Security teams a safe, scalable and automated platform to deliver increasingly efficient operations and an improved security posture,” said Matt Quinn, CTO, Tanium. “Tanium AEM provides customers the confidence to take the right action at the right time, giving them the power of certainty based on real-time data at scale.”

With organizations already stretched too thin and budgets not keeping up with the demands of the business, it has become imperative for IT and security operations teams to enhance efficiency by automating the numerous time-consuming, often mundane and repetitive tasks they handle daily. Knowing what tasks to prioritize and automate is a challenge, however, and, without the benefit of real-time data, automation can become unreliable in highly dynamic environments, leading to operational issues, disruptions, security risks and a lack of confidence.

Tanium has developed three key foundational technologies to support Tanium AEM:

  • Real-time cloud intelligence: Tanium AEM measures and analyzes impact of changes across millions of endpoints in real-time to confidently predict the impact of change on similar endpoints via confidence scores.
  • Automation and orchestration: Tanium Automate allows system-wide, endpoint-level automation playbooks for IT and security workflows to be created with low and no code experiences. Tanium Automate leverages the power of Tanium’s real-time data by continually evaluating the current state of the IT environment, radically improving the reliability and accuracy of playbook execution.
  • Deployment templates and rings: EnablesIT operations to phase deployments across endpoint groups to match the cadence of the business with the criticality of the change itself. Deployment rings support entry and exit criteria for change execution which makes deployments well-managed and repeatable, effectively lowering risk and cost.

Users will interact with Tanium AEM through three primary Autonomous Controls:

  • Tanium Guide globally benchmarks and analyzes a customer’s dynamic IT environment in real-time to recommend the next best actions and changes for their endpoints. These recommendations are coupled with a confidence score that distills the probability of the action or change succeeding on targeted endpoints.
  • Tanium Adaptive Actions leverages intelligent automation informed by Tanium Guide’s benchmarks and analysis to significantly reduce response and remediation times. Recommendations provided by Tanium Guide are linked to Tanium Adaptive Actions, an automation playbook, to implement the recommendations using deployment rings.
  • Tanium Action Oversight puts the user firmly in control of all aspects of the platform’s autonomous functions. It provides visibility, remediation and control at the right level of detail. Every system is tied into this centralized governance component. Tanium Action Oversight provides both real-time system reporting and visibility for understanding the current state of autonomous activity.

These new controls build on or enhance previously announced capabilities of Tanium AEM including:

  • Tanium Ask, an AI-powered natural language interface, queries data from millions of endpoints in seconds, eliminating the need to understand complex syntax and significantly reducing the time to action for even the most sophisticated query.
  • Tanium Guardian, whichoperates as a special express lane for zero-day or time critical issues, combining real-time global endpoint analytics and human intelligence to provide Tanium operators with critical information through the Guardian notifications.

In addition to leveraging AI natively within its own platform to deliver many of the autonomous functions, Tanium fuels partner AI tools with real-time data. Tanium has seamless solutions with Microsoft and ServiceNow, powering these platforms and their AI capabilities with real-time data and broad actionability.

Tanium AEM delivers organizations numerous benefits including operational resilience, assured compliance, enhanced security posture, scaling IT and security and reduced IT support costs.


from Help Net Security https://ift.tt/hCnFWm2

Onapsis announced the Onapsis Secure RISE Accelerator, helping organizations execute their RISE with SAP transformation with confidence.

The new offering reduces security and compliance obstacles with a structured, bundled solution that simplifies and accelerates an organization’s project planning and execution with SAP-endorsed technology, threat insights and comprehensive SAP cybersecurity expertise and best practices.

As companies increasingly choose the RISE with SAP program to move to the cloud and modernize their SAP environments, security and compliance are frequently perceived to be potential roadblocks in these significant, multi-year projects. However, neglecting or deferring security and compliance until post go-live can result in significant regulatory, reputational and financial risk.

With a focused scope to streamline security, simplified procurement and a ramped rollout that aligns with each phase of the RISE with SAP and SAP Activate methodologies, this offering saves SAP customers time, money and effort, while ensuring their business-critical digital transformations are protected. Onapsis-certified partners further facilitate the delivery of this new solution, integrating it into their standard SAP project delivery methodologies.

“RISE with SAP transformations are business-critical initiatives, and securely accelerating them is a strategic priority to all stakeholders. Based on the cloud shared responsibility model, SAP is accountable for securing the cloud infrastructure, but we are still responsible for the security of our SAP data and applications in the cloud,” said Jason Nations, Director of Enterprise Security at OGE Energy Corp.

“During our RISE project, Onapsis’ SAP security solutions and expertise have given us the capabilities we needed to lower risk and reduce security and compliance challenges. With the volume of decisions to make, having Onapsis in our corner throughout the process has been crucial to our success, helping us make better decisions and go faster. SAP security is a collaborative effort, and we have found our partnership with Onapsis to be invaluable as we continue to benefit from their industry-leading platform and deep knowledge, strengthening our security posture at every stage of our RISE with SAP transformation,” added Nations

The Onapsis Secure RISE Accelerator streamlines security elements of modern SAP deployments, while also automating previously-manual processes and future-proofing the RISE with SAP transformation. The offering accelerates the discovery process, supporting the risk assessment of legacy environments and the scope definition of the future state of the RISE landscape with automation, expert help and best practices. It also helps unite cybersecurity and SAP teams early on with a comprehensive framework that embeds security into the project more easily, mitigating potential unplanned project delays or security and compliance issues later on.

“Many CIOs find themselves struggling to reconcile how to deliver their SAP transformation on time and on budget, while avoiding slowdowns due to security and compliance requirements they can’t ignore. It doesn’t have to be this way, and now we are empowering them to innovate faster with increased confidence,” said Mariano Nunez, CEO of Onapsis. “We are giving CIOs, cybersecurity and transformation executives a RISE with SAP security ‘easy button’, so they don’t need to choose between security or go-live. We understand that delivering the SAP transformation project successfully on time and on budget is a strategic priority, and we’ve minimized the main barriers to make that happen securely.”

As a strategic SAP partner and SAP-endorsed solution, Onapsis is positioned to deliver this comprehensive combination of technology, threat insights, and deep SAP security expertise to RISE customers. The Onapsis Secure RISE Accelerator can reduce security obstacles and provide faster understanding and resolution of key issues and potential pitfalls to accelerate the delivery of a secure RISE transformation project.

SAP customers who partner with Onapsis, and Onapsis-certified partners, gain the assurance that their RISE with SAP deployments are secure-by-design and clean core ready with the confidence that their internal supporting teams are knowledgeable and well-prepared to protect their new RISE with SAP landscapes on day 1.


from Help Net Security https://ift.tt/NdpKwRh

ReasonLabs launched Online Security platform for Android and iOS, available for download on the Google Play Store and Apple App Store.

This marks a significant milestone in ReasonLabs’ mission to deliver a comprehensive security platform that empowers over 25 million users with protection for their devices, identities, and privacy.

ReasonLabs’ platform, already recognized for its identity and device protection delivered on desktops, now extends its availability to mobile devices. Americans lost more than $12.5 billion to online scams in 2023, and the Online Security platform allows users to fight back against this widespread issue. Built to enterprise standards, the Online Security platform protects users from identity theft, online scams, cybercrime, and advanced attacks like ransomware, cryptojacking, and more.

“Our new mobile apps represent a significant step forward in our mission to deliver top-tier cybersecurity solutions to consumers of all ages,” said Kobi Kalif, CEO of ReasonLabs. “Our more than 25 million users have utilized our security platform to protect their devices, identities, and privacy, and we’re excited to give them even more ways to manage their protection. Equally, we want to reach as many new users as we can, so they too can benefit from our platform, no matter where they are in the world.”

Some key features of the platform include:

Identity theft protection: Online Security protects users’ most sensitive information, such as their social security or credit card numbers.

Real-time alerts: Users will be notified and can take immediate action when problems occur, such as unauthorized bank account activities, new account applications, and more.

$1,000,000 cyber insurance: Identity Theft insurance coverage can help recover lost funds and restoration-related expenses.

Anti-scam: Anti-Scam features guard users against deceptive schemes and online fraud that can harm the lives of all family members.

Credit and SSN monitoring: A credit score simulator and SSN monitoring service can estimate how financial actions may affect your credit score and alert you to suspicious activity.

Dark web monitoring: Online Security routinely scans the dark web for any signs of leaking personal information involved in large-scale data breaches.

Privacy enhancement: Privacy features ensure that personal data like passport numbers, email, phone numbers, and more remain private and protected.

Password manager: Online Security’s password manager lets users access their passwords anytime, share securely with family, and generate new safe passwords in seconds.


from Help Net Security https://ift.tt/RYpiowx

In Apple's great 2024 software refresh—specifically iOS 18, iPadOS 18, and macOS 15 Sequoia—a new tool called Math Notes was added to the Calculator and Notes apps. It's essentially a calculation canvas you can use to work out equations and draw graphs, and if you know how to get the best out of it then it can be incredibly useful.

Whether you've come across Math Notes yet or not, it's a good idea to make yourself aware of everything it can do—because it's not immediately obvious what's possible when you first open it up and are faced with an empty screen.

The main way to get to Math Notes is through the Notes app on your iPhone, iPad, or Mac. You can also access it through the Calculator app: Tap or click the calculator icon in the lower left corner, then choose Math Notes. You'll see all of your previous math notes listed, with the option to edit them or create new ones.

Simple calculations

Math Notes on the Mac
Basic equations in Math Notes Credit: Lifehacker

An easy way to get started with Math Notes is to try some simple calculations: If you type in anything like "4+4" or "8x8" followed by an equals sign, the answer will automatically pop up. Hit Enter or Space on the keyboard, and the calculation gets finished for you.

If you don't want to use the keyboard, you can scribble out your equations too, if you're using an iPhone or iPad. Again, all you need to do is put in an equals sign, and the answer appears (assuming your writing is relatively legible). This gives you more flexibility in terms of the complexity of your equations.

You can sketch out long division sums, for instance, or write down a long column of numbers that need adding up—as soon as you draw a line under them, you'll get the total. Math Notes even tries to copy your handwriting style, so everything looks consistent.

Math Notes on the Mac
Math Notes can do conversions, too. Credit: Lifehacker

If you see a red line, it means you may have made a mistake in your equation, while a blue line means clarification is needed. Here's a fun feature: Tap on any handwritten number, and a slider appears on top of it. You can swipe left or right on this slider to adjust the number, with the result also changing as you go.

Another clever trick available here is the handling of conversions. If you type out "5 m =" or "5 miles =", Math Notes understands you want to see the equivalents in feet and kilometers, respectively. This works with a whole range of different unit types, and if the right units aren't automatically selected, you can specify them.

There might be times when you don't want results to pop up immediately, and you can change this on an iPhone or iPad. Tap the three dots in the top-right corner of a note, then choose Math Results: You can set this to Insert Results, Suggest Results, or Off.

Variables and graphs

Math Notes on the iPhone
Math Notes lets you make use of variables. Credit: Lifehacker

Math Notes can handle variables, too—so letters can stand in for numbers inside your expressions. Setting variables is as simple as adding a line that says "y=100" or "koala=50", though these lines must be above the expressions that use them.

You can redefine variables as you work your way through a note, so they can be adjusted in different ways for different expressions. They're also able to reference themselves, so something like "y=y+2" would simply increase "y" by two.

When any variables are changed, the results of all the matching expressions are updated immediately—so you can use variables to update a host of expressions at the same time, rather than going through them one by one. Variables can also set variables, so "width x length=area" would work, for instance.

Math Notes on the iPhone
Expressions can be graphed too. Credit: Lifehacker

Variables work with the different units we mentioned earlier—so they can be assigned a value in miles, or in degrees Fahrenheit, or a price in a certain currency. Math Notes understands the full set of trigonometry functions too, so you can use "sin," "cos," and "tan" in your expressions as well.

On the iPhone and the iPad, you're able to build graphs from your expressions, too, if there are two variables on either side of the equals sign. Once you've finished the equation, you'll see a pop-up panel with an Insert Graph option (if it doesn't appear immediately, try tapping on the equals sign).

After a graph has been created, you'll see another option on expressions to Add to Existing Graph, so you can combine multiple expressions together. Graphs can be moved around and resized inside notes, and copied to other apps. Graphs will show up on macOS, but you can't create them.


from LifeHacker https://ift.tt/YeFRKTS

In this Help Net Security interview, Stuart McClure, CEO of Qwiet AI, discusses the evolution of code scanning practices, highlighting the shift from reactive fixes to proactive risk management.

McClure also shares his perspective on the future of AI-driven code scanning, emphasizing the potential of machine learning in threat detection and remediation.

code scanning

How have you observed code scanning practices evolve in recent years, especially with cloud adoption and DevSecOps?

Code scanning has come a long way, and seeing how things have shifted is fascinating. In the beginning, we were often playing catch-up, only being able to fix issues after they popped up—usually by a hacker who had already exploited the vulnerability and shared the data dump with their friends. Now, we’re much more competent and proactive in finding, fixing, and assessing the holistic risk.

What we have today makes that world look like the Pleistocene era. We’ve got these automated checkpoints everywhere throughout the code lifecycle, beginning from when developers write their code in their editors (IDEs—integrated development environments) to when they push to the cloud development environment using Git and all through the integrate, build, test, and deployment pipeline.

The complexity of software components and stacks can sometimes be mind-bending, so it is imperative to connect all these dots in as seamless and hands-free a way as possible. For example, if we spot a vulnerability in a third-party software library or component, we need to understand how that might impact the code that’s calling it.

The key to running an efficient, secure software development lifecycle (SSDLC) program is to automate basic or repetitive tasks and track a vulnerability’s lifecycle (from detection to triage) completely—from womb to tomb.

What are some significant challenges organizations face when adopting code scanning tools at scale, and how can these challenges be overcome?

Most legacy code scanning tools are painfully slow, often taking tens of hours to scan a single modern application! And they frequently generate endless alerts, most of which are nothing but false positives. Imagine chasing down phantoms and red herrings all day, with 6 or 7 out of 10 findings being false flags. Exhausting. So now our developers, who are already swamped with actual coding work, have to triage (and typically in a crisis) to figure out which alerts matter.

Even after they’ve sorted through all that noise and identified the real issues, they’ve got to create tickets and track everything they find. This function is often bolted onto the existing responsibility of engineering rather than incentivizing desired behavior to bonuses or recognition. If you’re a developer with a mountain of feature requests and bug fixes on your plate and then receive a tsunami of security tickets that nobody’s incentivized to care about… guess which ones are getting pushed to the bottom of the pile?

Generative AI-based agentic workflows are sparking the flames of cybersecurity and engineering teams alike to see the light at the end of the tunnel and consider the possibility that SSDLC is on the near-term horizon. And we’re seeing some promising changes already today in the market. Imagine having an intelligent assistant that can automatically track issues, figure out which ones matter most, suggest fixes, and then test and validate those fixes, all at the speed of computing! We still need our developers to oversee things and make the final calls, but the software agent swallows most of the burden of running an efficient program. Human + AI is greater than AI alone.

With a wide range of static and dynamic scanning tools available, what critical factors should influence a CISO’s selection of code scanning tools?

In the age of artificial intelligence, the number one critical factor that should be considered is AI ancestry. Do you think the tools and products come from AI-first companies and platforms? If not, move on. If yes, double-click to understand the foundational principles that have governed their roadmaps. How have they implemented AI in its entirety into the workflows of application security, and what sides of the AI landscape have they embraced or shied away from? Both predictive and generative AI models and workflows are essential to being an AI-first application security company, and those without this pedigree will thrash and struggle to evolve into the modern AI solution set.

Second, the speeds and feeds include low latency (time to process), low maintenance costs (SaaS-based in contrast to on-prem), high throughput (enterprise-grade parallelization), and a single glass pane (carrying context across all of these tools is key to running an effective program), among many others.

How can CISOs foster a culture of security-first coding among development teams, and what role do automated code reviews play in this?

The security program should be visible at the board and executive levels. Align yourself with the board member(s) who care and educate them thoroughly. Empower them to demand quantitative (along with qualitative) improvement metrics and remind them of the inevitable risk they expose the company to when ignored.

Another meaningful step a CISO can execute is aligning incentives, rewards, and bonuses to sustain security posture.

How do you see AI and machine learning shaping the future of code scanning, especially with automated threat detection and remediation?

AI’s evolution in code scanning fundamentally reshapes our approach to security. Optimized generative AI LLMs (Large Language Models) can assess millions of lines of code in seconds and pay attention to even the most subtle and nuanced set of patterns, finding the needle in a haystack, which is almost always by humans.

Some of the most compelling developments are:

  • Contextual understanding: Modern AI models are becoming remarkably adept at understanding code in context, not just pattern-matching. They can grasp the semantic meaning of code blocks and their interrelationships, often catching subtle vulnerabilities that legacy static analyzers miss.
  • Predictive analysis: Rather than flagging known vulnerabilities, AI systems are better at predicting potential security weaknesses based on code structure and flow patterns, anticipating threats before they become exploitable.
  • Adaptive learning: Each new vulnerability discovery helps train these systems to become more sophisticated. They learn from real-world attack patterns and evolve their detection capabilities accordingly.
  • AI attack graphs are being developed at compute speed to be used by the bad guys to infiltrate systems and networks.

secure software development ebook

Fill out the form below to get the free eBook:


from Help Net Security https://ift.tt/s3peB5Z