Disaster Recovery Journal

Today's spear-phishing campaigns are localized, small and can slip through typical spam filters. As a result, detection practices have to evolve, says researcher Gary Warner of the University of Alabama at Birmingham.

"The important thing to realize is that the average attacker is going to keep coming back until that institution puts in an effective countermeasure," says Warner, director of research for computer forensics at the university. "So how do we learn from the past incidents? We have to log the data, analyze it and recognize the indicators."

...

http://www.bankinfosecurity.com/interviews/using-big-data-to-fight-phishing-i-1909

A common theme during this week's SAS and FICO user conferences was how to use Big Data to make fraud decisions faster, more accurately and without impacting the customers in any negative way.

Big Data is basically about 3Vs: Volume, Velocity and Variety of data to gain veracity and value in fraud management. Volume and Velocity are nothing new: fraud management products have long been capable of analyzing terabytes of data in billions of transactions - in real time.

...

http://blogs.forrester.com/andras_cser/13-05-01-adding_geolocation_iam_logs_and_text_analytics_big_data_to_the_arsenal_of_fraud_management

Not all CIOs are jumping on board with the Bring-Your-Own-Device (BYOD) approach to deploying tablets, smartphones and other technologies inside their businesses.

Just ask Tony Young, the CIO at Informatica, a Silicon Valley-based cloud and on-premises data integration software vendor. He believes that BYOD often caters more to employees than to their employers and stockholders, which end up paying the costly bills for the strategy.

Essentially, says Young, BYOD can create costly new needs, such as mobile device management (MDM) systems and other products that are necessary to maintain privacy, security, and data protection for a business when workers want to use their own devices.

...

http://www.citeworld.com/mobile/21803/informatica-cio-on-byod

Data breaches are becoming more commonplace, causing millions of dollars in damages for companies that have personally identifiable information (PII) hacked by cybercriminals.

“Think about all of the losses you can incur. Not only do you have to hire a security expert to find what happened, you may be assessed fines or penalties by the merchant’s acquiring bank or payment card brand. In addition, you could be responsible for credit card charges made by the criminals and lose business because no one trusts you anymore,” says William M. Goddard, CPCU, principal, Insurance Advisory Services at Brown Smith Wallace.

Smart Business spoke with Goddard and Lawrence J. Newell, CISA, CISM, QSA, CBRM, security and privacy manager, about protecting companies from cybercrime.

...

http://www.sbnonline.com/2013/05/how-to-protect-your-company-from-cybercriminals/

A minority of UK small and medium enterprises (SMEs) are giving high priority to cyber threats, research has revealed.

Although cyber threats are gaining recognition among SMEs, there is a clear need to raise awareness and protection, according to the Institution of Engineering and Technology (IET).

Threats to systems are increasing and new vulnerabilities are emerging daily, said Hugh Boyes, the IET’s cyber security expert. 

...

http://www.computerweekly.com/news/2240182946/Most-UK-SMEs-ill-equipped-to-deal-with-cyber-threats-study-finds

Since the bird markets were closed in affected cities the numbers have slowed however the disease remains a significant threat.  For those of you keeping track we now have a total of 126 cases and 24 deaths reported from 10 provinces in China and Taiwan.

...

http://emssolutionsinc.wordpress.com/2013/04/30/h7n9-126-cases-24-deaths-10-chinese-provinces-and-taiwan/

As discussed in our prior installment, while there is no “one-size fits all” path to cloud infrastructure adoption, a roadmap can ease and simplify the transition to cloud while minimizing IT disruption. More importantly, a phased approach (as shown in the figure below) enables organizations to take advantage of on-demand infrastructure sooner than later, leveraging scalability, cost advantages and rapid deployment capabilities of cloud.

...

http://blog.twinstrata.com/2013/04/30/a-roadmap-to-high-value-cloud-infrastructure-data-storage-expansion/

New version of Excelsior's product also provides support for generation of 64-bit Windows binaries

NOVOSIBIRSK, Russia -- Excelsior LLC, a well-established vendor of compliant Java technology implementations, has announced today the general availability of Excelsior JET 8, a major new release of its flagship product that helps developers of Java applications protect their intellectual property and improve the end user experience.

Excelsior JET is a complete implementation of the Java technology, enhanced with an ahead-of-time (AOT) compiler and deployment toolkit. Version 8 introduces native support for 64-bit Windows platforms and improves throughput and robustness of the memory management subsystem compared to the previous releases.

To Excelsior, however, version 8 is more than yet another major release.

"It is a culmination of two and a half years of our engineers' hard work on the second generation of Excelsior JET core technologies," said Vitaly Mikheev, CTO of Excelsior. "We have thoroughly reviewed and re-written our Java runtime, designed and implemented the key components of the new optimizing compiler from the ground up, and covered everything with specifications and tests like never before."

Excelsior JET 8 Highlights:

- Support for generation of 64-bit Windows executables and DLLs enables the compiled applications to allocate over 4GB heaps and integrate with 64-bit native libraries.

- Compared to the previous version, memory-intensive Java applications exhibit 15-20% better performance and up to 50% shorter garbage collection pauses when optimized down to 32-bit x86 code.

To learn more about Excelsior JET 8 and try it free for 90 days, please visit www.excelsiorjet.com.

For pricing and licensing information, please visit http://www.excelsior-usa.com/jetpricing.html

About Excelsior LLC

Excelsior LLC provides advanced Java-compatible solutions and software development services with particular focus on optimizing compilers, high performance runtime environments, and the Java technology. Excelsior is a Java Authorized Licensee. The company's flagship product, Excelsior JET, is a complete solution for acceleration, protection, and deployment of Java applications. Founded in 1999, Excelsior is headquartered in the Novosibirsk Scientific Center, Russia, and is on the web at www.excelsior-usa.com.

NEWARK, Calif. – Virtualized server environments have made major progress in enabling shared network storage. But even technologies such as VMware’s vStorage APIs for Array Integration (VAAI) come up short in providing enterprise customers with the tools needed to optimize their storage infrastructure. What’s required is a new class of storage array called Virtualization-Aware Storage, according to Tegile Systems (www.tegile.com), a leading
provider of hybrid storage arrays for virtualized server and virtual desktop environments.
Virtualization-aware storage enables enterprise customers to discover hidden performance details about their virtual machines so that they can answer questions such as:
•	Which virtual machine is demanding the most I/Os per second (IOPS) out of the shared storage?
•	Which virtual machine is achieving the best cache hit ratio?
•	Which virtual machine has the best deduplication rate? 
The answers to these questions won’t be found in vCenter or in traditional storage arrays that aren’t VM-aware. However, answers to these questions are critically important and will help users in their ongoing efforts to maintain a system that meets performance expectations.
Here are five reasons why users need virtualization-aware storage in their company’s environment:

Connect your storage and your virtual infrastructure to correlate VM and storage data
No IT environment runs perfectly 100% of the time. Outages and performance issues will arise from time to time and it becomes the job of the systems administrator to determine the root cause for these issues and to take appropriate action. However, troubleshooting requires an administrator to be able to determine cause and effect. With VM-aware storage, administrators gain the ability to correlate virtual machine and storage performance, which can greatly aid in troubleshooting.

Learn IOPS per virtual machine that will allow you to solve problems and plan capacity
As an administrator moves mission-critical workloads to the virtual environment, worries over the ability for shared storage to keep pace may arise. With VM-aware storage, administrators know right down to the virtual machine and LUN how many IOPS are being consumed by specific workloads, greatly streamlining what can be a chaotic troubleshooting process.

Plan long-term capacity so you will know the total I/O utilization of the virtual infrastructure
Ongoing capacity planning often goes by the wayside. After all, capacity planning for many is a “would be nice if” undertaking that can require a great deal of monitoring and tracking in order to determine the current workload both right now and over time. With VM-aware storage, administrators gain at-a-glance dashboards that provide immediate insight into this metric, making capacity planning a breeze. Administrators are able to immediately determine whether or not the current storage system is keeping up with environment needs.

Understand deduplication and compression rates on a per-VM basis
It’s a fact that storage performance is extremely important, but capacity is generally important to people, too. Running out of disk space makes for a really bad day. Today, prime players in the storage space include powerful deduplication technologies that help customers extend the life of one of their most expensive data center assets. Through the use of deduplication and compression, organizations can achieve usable storage gains orders or magnitude beyond raw capacity.
But, it’s still important to know just how much disk space each asset is using. This is a critical component of ongoing capacity planning. For storage, capacity and IOPS are the critical metrics that require monitoring and planning. With VM-aware storage, an administrator knows instantly exactly how much benefit deduplication and compression are bringing to each individual virtual machine. This is important information to understand for backup and disaster recovery purposes or just to gain an understanding for how much actual raw capacity is in use.

Simplify virtualization storage configuration
As more vendors bring virtualization awareness to their storage, they are also bringing to the environment new and powerful tools that greatly simplify the storage management paradigm. This includes adding storage management features right into the vCenter or the vSphere Web Client. From these newly-integrated tools, administrators can get full one-stop-shop administration of the full environment, from the highest-level cluster to the lowest level LUN. With this deep integration comes additional ease of use, quicker problem resolution, and a lower total cost of ownership.
Virtualization-aware storage is becoming an increasingly important part of the modern data center. Administrators need the powerful tools and information that VM-aware storage brings. Through the inclusion of per VM statistics and a powerful add-in for the vSphere web client.

About Tegile Systems
Tegile Systems is pioneering a new generation of enterprise storage arrays that balance performance, capacity, features and price for virtualization, file services and database applications. With Tegile’s Zebi line of hybrid storage arrays, the company is redefining the traditional approach to storage by providing a family of arrays that is significantly faster than all hard disk-based arrays and significantly less expensive than all solid-state disk-based arrays.
Tegile’s patent-pending MASS technology accelerates the Zebi’s performance and enables on-the-fly de-duplication and compression of data so each Zebi has a usable capacity far greater than its raw capacity. Tegile’s award-winning technology solutions enable customers to better address the requirements of server virtualization, virtual desktop integration and database integration than other offerings. Featuring both NAS and SAN connectivity, Tegile arrays are easy-to-use, fully redundant, and highly scalable. They come complete with built-in auto-snapshot, auto-replication, near-instant recovery, onsite or offsite failover, and virtualization management features. Additional information is available at www.tegile.com. Follow Tegile on Twitter @tegile.

Caversham, UK -- Following the recent launch of the Good Practice Guidelines (GPG) 2013 in March this year during Business Continuity Awareness Week (BCAW) 2013, the BCI is pleased to announce the release of the new BCI Good Practice Guidelines Training Course.

The BCI Good Practice Guidelines Training Course has been completely revised to ensure its full alignment to GPG 2013, the independent body of knowledge for Business Continuity (BC) and to ISO 22301:2012, the international standard for Business Continuity Management (BCM).

This course is intended for professionals working in the field of Business Continuity, Risk Management, Emergency Management, Disaster Recovery, Resilience, Security, Operations or who have BC as part of their role and are seeking to complement their practical experience through some formal BC training based on the Good Practice Guidelines 2013.

Combined with the Certificate of the BCI Examination (CBCI), this new training course provides the complete package for professionals seeking to become a fully certified BC professional. Successful passing of the Examination leads to an internationally recognised credential in BC that is awarded by the BCI, the leading global membership and certifying organization for BC professionals and entitles individuals to use the post-nominal designation CBCI for three years. It also provides the launching pad for Statutory membership of the BCI, which provides unequivocal evidence of both professional and technical competency in BC and gives internationally recognised professional status.

Delivered in an interactive classroom environment or as a live, online training experience, the training course offers a solid description of the methods, techniques and approaches used by BC professionals worldwide to develop, implement and maintain an effective BCM programme, as described in GPG 2013. Students are taken step by step though the BCM Lifecycle, which sits at the heart of good BC practice and provided with practical insights into good BC practice through the use of case studies and examples drawn from real-life experiences.

The BCI Good Practice Guidelines Training Course is delivered by BCI Licensed Training Partners only, all of whom are experienced BC professionals bringing a wealth of industry experience and expertise to the table.

Deborah Higgins MBCI, Technical and Learning Manager at the BCI:

“A lot of highly experienced and well-respected BC professionals from all over the world contributed to creation of the Good Practice Guidelines (GPG) 2013. The training course has been built entirely around the GPG and is delivered only by experienced BC practitioners. We are confident that this course provides the best possible BC learning experience.”

To find out more about the new BCI Good Practice Guidelines Training Course >>

Download the new BCI Good Practice Guidelines Training Course Brochure >>

To find out more about BCI membership >>