Monday, March 21, 2011

Deloitte identifies 10 most disruptive and emerging technologies for CIOs to consider over the next 18 months

NEW YORK, USA: Deloitte has issued a new report identifying 10 disruptive and emerging technologies that are expected to play a crucial role in how businesses will operate globally over the next 18 months.

"With 2011 well underway, CIOs should be evaluating the progress made on their New Year's resolutions and taking full advantage of technologies that have the ability to dramatically improve and advance their business operations and decision-making," said Mark White, principal, Deloitte Consulting LLP and a co-author of the report. "We have evaluated, industry-wide, what is working and what is not when it comes to IT and have identified 10 technologies that are likely to transform the enterprise over the next 18 months."

Deloitte's report, "Tech Trends 2011: The Natural Convergence of Business and IT," groups the technologies into two categories: "(Re)emerging Enablers," which is described as five technologies that many CIOs have spent time, thought and resources on in the past, and "Disruptive Deployments," five additional technologies that showcase new business models and transformative ways to operate. The 10 technologies are:

(Re)Emerging Enablers:
Almost Enterprise Applications: Quick and agile solutions like the cloud and Software- and Platform-as-a-Service (SaaS, PaaS) appeal to the business, but are they "enterprise enough" for IT? Almost enterprise applications are being eagerly embraced by many business leaders, and CIOs should get in front of this democratization and self-service trend.

CIOs as Revolutionaries: With the cloud, social computing and mobility shaking up business models and transforming how business is done, the technology agenda should be considered as tantamount to the business agenda—and CIOs are the executives positioned to pull them into alignment.

Cyber Intelligence: While it still may be necessary to build a rapid detect-and-respond cyber security function, organizations should consider going beyond adding tools to learn and adapt, protect against upstream threats, and connect the internal and external dots to assess probable risks, and in the process move from reactive to proactive.

End of Death of ERP: ERP can be an enabler of tomorrow's innovations, not a fading footnote of yesterday's legacy. Organizations are still able to tap ERP applications to transform processes with reduced risk — at a lower cost and at a quicker pace.

Visualization: Visualization deserves a fresh look given the evolution of the underlying tools and the rich potential represented by unstructured data. It can provide a new way to tap into millions of internal emails, instant messages and documents, as well as trillions of social media objects, Twitter tweets, text messages, blogs and other content of potential concern or opportunity for the enterprise.

Disruptive Deployments:
Applied Mobility: New mobile solutions are being designed to serve the full spectrum of transactional, analytical and social computing capabilities, and present the opportunity for organizations to define real and lasting value in applied mobility solutions and business enablement. This could be the year that businesses will truly begin harnessing these features into rich, yet simple and intuitive applications to solve real business problems.

Capability Clouds: Capability clouds have the potential to move beyond the building blocks of capacity clouds to deliver finished services that can address business objectives and enterprise goals. CIOs should be prepared to answer how they leverage the ecosystem of capabilities, services and value networks delivered by the cloud.

Real Analytics: As the economy resets, analytics can offer improved visibility to help companies drive operational efficiencies. Analytics can also offer an opportunity for growth by helping companies in their efforts to address heart-of-the-business questions that can guide decisions, yield new insights and help predict what's next.

Social Computing: As more of our personal and professional lives are transacted via technology, rich trails of preferences, opinions and behaviors are being created. Beyond the immediate benefits of empowering stake-holders, this "digital exhaust" can be mined, providing a rich source of insight on market positioning.

User Engagement: The proliferation of consumer and Internet technologies has raised expectations for IT tools at work, and can empower employees to find new insights and improve how business occurs. Enterprises should seek to learn and understand how to turn newly-connected consumers into new revenue channels and identify ways they can empower employees to better connect dots and improve efficiency and effectiveness.

"It's evident that the next 18 months will be pivotal for widespread adoption of technologies such as cloud, social computing, analytics and mobile technologies," said Bill Briggs, director, Deloitte Consulting LLP and co-author of the report. "Whether they are re-emerging enablers that are already somewhat at play at large among enterprises or disruptive deployments that offer new, transformative ways for organizations to operate, CIOs should keep ahead of these trends to help generate top returns not just of IT, but the business of the business."

Monday, March 14, 2011

Don't help cybercriminals exploit Japan tragedy

INDIA: Several countries and international organisations have offered to assist with relief efforts from last Friday's earthquake and tsunami in Japan. Three days after the earthquake and tsunami that rocked Japan, the rest of the world is still trying to make sense of what's happening. Citizens around the world are also looking to extend assistance in their own way.

But, as the death and injury tolls continue to rise, there are some malicious people who attempt to exploit such situations, under the guise of charitable institutions and governmental organizations. Emails marked URGENT, requesting for help by appealing to the humanity in every internet user, or urging consumers around the world to offer donations to those affected, are doing the rounds.

Symantec observed more than 50 domains with the names of either “Japan tsunami” or “Japan earthquake” within the first few hours of this unfortunate event. These domains are either parked, available for sale, or are linked to earthquake sites. Don’t be surprised if you see these domains been used in phishing and spam attacks. Below are a few of the samples:
3-11-2011-[removed].com
3-11[removed].com
earthquake-[removed].com
earthquaketsunami[removed].com
earthquakerelief[removed].com

Symantec has also observed a classic 419 message targeting the Japanese disaster. The message is a bogus "next of kin" story that purports to settle millions of dollars owing to an earthquake and tsunami victim.

Previously, when such disasters occurred, Symantec observed a sudden surge in virus attacks in the form of nasty attachments and .zip files embedded in spam sent from such predatory attackers. Do not open them, especially if you don’t know the source! Use caution when opening forwarded messages related to the Japan earthquake and tsunami, and any other tragedy or event that stirs international news coverage, legitimate and otherwise. Nefarious attackers may be sending malicious Java scripts and other threats that could compromise both your personal data and your computer.

Other methods that the cyber mafia uses during such events include search engine poisoning. With several internet users searching for earthquake-related news and information online, cybercriminals can poison search results for malicious websites to appear at the top of the results. Users who click on these links assuming that the information will help them make sense of the tragedy, may end up downloading malware instead.

Symantec has witnessed a rise in malicious websites of late. The recent Symantec report on Attack Toolkits and Malicious Websites revealed that Symantec observed more than 310,000 unique domains that were found to be malicious. On average, this resulted in the detection of more than 4.4 million malicious Web pages per month. It is likely that attackers will use Japan-related terms in order to attract people on to these websites.

While our hearts go out to those grappling with this unprecedented catastrophe, we at Symantec want to urge users to be cautious about unscrupulous elements. Symantec recommends that our readers reach out to the affected through legitimate and secure channels so that the help sent by you reaches the intended recipients.

Tuesday, February 15, 2011

Don’t let cybercriminals stump you online!

INDIA: The upcoming cricket World Cup 2011 has generated huge excitement not only among fans in India and across the world, but cyber criminals as well. Symantec has observed that big-ticket sporting events open up a vast playing field for attackers and the cricket world cup is no exception.

What’s different this time, however, is that we anticipate more sophisticated and targeted attacks, particularly against Indian users since the tournament will take place in the subcontinent.

With Internet usage in India growing rapidly (McKinsey estimates that the number of Internet users in India will grow fivefold by 2015 to 350 million), and the fact that tickets to matches are selling out very fast, cybercriminals are focusing their efforts on luring Indians with attractive ticket offers. Tactics used include spam campaigns, black hat search engine optimization (SEO), the injection of code into
legitimate websites, and malicious advertisements.

Watch out for fake tickets in PDF: These tricks, however, are likely to be “blended” threats, where spam emails and fake websites promoting cricket-related goodies can cause users to download malware on their systems. For example, emails with PDFs of tickets attached are a common vector.

Symantec’s Internet Security Threat Report XV revealed that the top web-based attacks involved applications that process PDF files, accounting for nearly half of the total attacks. This was a sizeable increase from just 11 percent the previous year. This attack is popular due to the common use and distribution of PDF files on the Web, and also because they can be executed across PCs, laptops and smartphones.

Search, and a cybercriminal may find you: Once the tournament begins, Indians are also likely to closely follow the matches online, searching for scores and updates. Cybercriminals know this; watch out for search engine results for terms like “World Cup”, “Cricket”, “Score” or “Cricket Schedules” that throw up malicious sites which can infect a user without his knowledge.

Rise in malicious websites: Websites that are set up for phishing attacks or to deliver malware, luring users by mimicking legitimate sites with a high degree of accuracy, may also increase. Symantec detects almost 4.4 million malicious web pages per month, according to the latest Attack Toolkits and Malicious Websites report. Symantec also observed more than 310,000 unique domains that were found to be malicious. Expect an increase in these sites using cricketing terminologies during the period of the world cup.

Website owners need protection too: This poses a threat not only to users, but also legitimate businesses that sell tickets and other World Cup gear online. Website that sell tickets and ask for financial or personal information should also be protected by SSL certificates and provide visible trust marks to verify their authenticity.

Wednesday, January 19, 2011

Cyber attack toolkits dominate Internet threat landscape

BANGALORE, INDIA: Symantec Corp. announced the findings of its report on Attack Toolkits and Malicious Websites. The study reveals that as attack kits become more accessible and relatively easier to use, they are being utilized much more widely. This has attracted traditional criminals who would otherwise lack the technical expertise into cybercrime, fueling a self-sustaining, profitable, and increasingly organized global economy.

Attack toolkits are software programs that can be used by novices and experts alike to facilitate the launch of widespread attacks on networked computers. These kits enable the attacker to easily launch numerous pre-written threats against computer systems. They also provide the ability to customize threats in order to evade detection, as well as automating the attack process.

Attack kits control landscape
The relative simplicity and effectiveness of attack kits has contributed to their increased use in cybercrime— these kits are now being used in the majority of malicious Internet attacks. For example, one major kit called Zeus poses a serious threat to small businesses. The main objective of Zeus is to steal bank account credentials; unfortunately, small businesses have fewer safeguards in place to guard their financial transactions, making them a prime target for Zeus.

The profitability of malicious code attacks using Zeus was recently illustrated by the September 2010 arrests of a ring of cybercriminals who allegedly used a Zeus botnet in the theft of more than $70 million from online banking and trading accounts over an 18-month period.

As cyberattacks have become more profitable, the popularity of attack kits has dramatically increased. This in turn has led to increasingly robust and sophisticated kits. These kits are now often sold on a subscription-based model with regular updates, components that extend capabilities, and support services.

Cybercriminals routinely advertise installation services, rent limited access to kit consoles, and use commercial anti-piracy tools to prevent attackers from using the tools without paying.

Faster proliferation of attacks
The speed at which new vulnerabilities and their exploits spread around the globe has increased due to innovations that attack kit developers have integrated into their products. Attack kits are now fairly easy to update, which allows developers to quickly add exploit code for new vulnerabilities. The result is that some exploits are in the wild just days after the associated vulnerability becomes public. Attackers who can easily update their attack kits with recent exploits are able to target potential victims before they apply necessary patches.

A new entry into underground economy
Since attack kits are becoming easier to use, cybercrime is no longer limited to those with advanced programming skills. Participants now include a mix of individuals with computer skills and those with expertise in traditional criminal activities such as money laundering. Symantec expects that this much larger pool of criminals entering the space will lead to an increase in the number of attacks.

“In the past, hackers had to create their own threats from scratch. This complex process limited the number of attackers to a small pool of highly skilled cybercriminals,” said Shantanu Ghosh, VP, India Product Operations, Symantec. "Today’s attack toolkits make it relatively easy for even a malicious novice to launch a cyberattack. As a result, we expect to see even more criminal activity in this area and a higher likelihood that the average user will be victimized.”

Additional facts:
* Popularity and demand has driven up the cost of attack kits. In 2006, WebAttacker, a popular attack toolkit, sold for $15 on the underground economy. In 2010, ZeuS 2.0 was advertised for up to $8,000.

* Secondary services have emerged to direct unsuspecting users to malicious websites, where their computers can be compromised. Tactics used include spam campaigns, black hat search engine optimization (SEO), the injection of code into legitimate websites, and malicious advertisements.

* Symantec observed more than 310,000 unique domains that were found to be malicious. On average, this resulted in the detection of more than 4.4 million malicious Web pages per month.

* Of the Web-based threat activity detected by Symantec during the reporting period, 61 percent was attributable to attack kits.

* The most prevalent attack kits are MPack, Neosploit, ZeuS, Nukesploit P4ck, and Phoenix.

* The search terms that most commonly resulted in malicious website visits were for adult entertainment websites, making up 44 percent of the search terms.

Mitigating attacks
* Organizations and end users should ensure that all software is up-to-date with vendor patches. Asset and patch management solutions may help to ensure systems are compliant and deploy patches to systems that are not up-to-date.

* Organizations should create policies to limit the use of browser software and browser plug-ins that are not required by the users of the organization. This is especially prudent for ActiveX controls, which may be installed without the knowledge of the user.

* Organizations can also benefit from using website reputation and IP black listing solutions to block outgoing access to sites that are known to host attack toolkits and associated threats.

* Antivirus and intrusion prevention systems can be deployed to detect and prevent exploitation of vulnerabilities and installation of malicious code.

Wednesday, January 12, 2011

Cloud.com, Kumoya to bring open source cloud computing technologies to Japanese IT market

CUPERTINO USA & TOKYO, JAPAN: Cloud.com, Inc., a leading provider of open source cloud computing software for public and private cloud environments, and Kumoya Inc. announced a strategic partnership granting rights to distribute Cloud.com’s technology and products to the Japanese IT channel market.

This is also the official launch of Cloud.com’s cloud computing platform solutions into the Japanese market, where cloud computing is emerging as the fastest growing IT segment in the industry.

“There is a tremendous amount of interest and excitement around cloud computing technologies in Japan, yet there is a wide gap between what is offered today in Japan and what is needed to deliver a truly automated cloud environment,” said Yosuke Shindo, CEO of Kumoya. “We believe that CloudStack and the Cloud Portal architecture effectively resolve this gap. With Cloud.com’s tremendous success in helping companies build large scale cloud environments, we are excited to be representing them in Japan.”

Through this agreement, Kumoya, will actively market and promote Cloud.com’s technology in Japan, working with the increasing number of cloud computing-focused SI and VAR channels in Japan. Kumoya will be hosting a series of training sessions, promotional events and evangelism activities to deliver true cloud computing value in the Japanese market.

“Japan is a very promising market for Cloud.com, and we are excited to partner with Kumoya, which truly understands the user-driven nature of cloud computing solutions and has a successful track record of bringing cloud technologies to the Japanese market,” said Shannon Williams, VP of Business Development at Cloud.com.

Cloud.com solutions are available immediately, and a series of promotional activities for potential resellers are planned for 2011.

Thursday, January 6, 2011

S&P Equity Research issues tech sector predictions for 2011

NEW YORK, USA: S&P Equity Research is looking for slower growth in the technology sector in 2011, compared to 2010, but still believes the growth will be healthy. The S&P tech equity analysts and strategists have a positive fundamental outlook and overweight recommendation on the sector.

"We expect notable developments regarding new products, international activity, and M&A deals," said Scott Kessler, Information Technology analyst and tech sector group head at S&P Equity Research.

Following are select predictions for the tech sector from industry analysts at S&P Equity Research for 2011.

1. We think Intel will finally gain some traction in the handset and tablet markets.

2. We forecast that global solar system installations will increase at least 20 percent in 2011, well below our 2010 estimated growth rate of a two-fold increase.

3. We expect solar manufacturers that have a greater proportion of sales devoted to the US to outperform peers.

4. We project 2011 to show a continuation of the computer hardware recovery since the deep cyclical trough of 2009. We project global PC unit shipments to rise 14 percent in 2011, after an estimated rise of 17 percent for 2010.

5. Computer hardware should continue to make inroads into new markets such as self-serve kiosks in the transportation, healthcare and retail areas, based on an ongoing desire to automate transactions and offer consumers more ways to handle business.

6. We see the wide-spread emergence of visualization and cloud infrastructures requiring improved integration of datacenter switches and servers with more advanced delivery functionality. We believe companies with strong application delivery and WAN optimization capabilities, such as F5 Networks and Riverbed Technology will be attractive acquisition candidates for 2011.

7. We believe Microsoft will continue to lose market share in smartphones, as Windows Phone 7 fails to capture the interest of consumers.

8. We expect sales in the video game industry will be slightly up in 2011, after declining for the two prior years, driven by strong sales of Microsoft Kinect.

9. Consolidation in the data storage industry should continue in 2011, by our analysis, with most of the M&A activity being centered on storage software, as opposed to hardware.

10. We expect sales of tablet computers to surge and begin to cannibalize sales of netbooks and mini notebooks.

11. Despite having less functionality than tablet computers, sales of e-book readers will continue to surge in 2011, in our view. We see unit sales increasing from 7 million in 2010 to 11 million in 2011, led by Amazon.com's Kindle.

12. We expect to see at least one major strategic move from an IT services company that caters to the Department of Defense. Companies in this category include ManTech and SAIC.

13. Despite continuing revenue growth, the major India-based IT outsourcers, including Infosys and Wipro should experience margin declines in 2011.