• Midsummer Security Indicators: Hot and Gloomy

  August 2, 2023 Alex Woodie

  The hot summer heat is smothering Americans like a tight polyester jacket these days. Also having big impacts on Americans are hackers, security vulnerabilities, spam, and malicious emails, which seem to be peaking with the seasonal fry.

  Security software company Securin scanned 8 million addressable IPs among US state government systems, and discovered 119,000 instances of high-risk services that could be easily exploited, according to a report released yesterday, dubbed “The State of Cybersecurity in America.”

  All told, Securin found 3,700 exposed databases (Db2 among them), 3,400 exposed Secure Shell (SSH) endpoints, 2,780 exposed File Transfer Protocol (FTP) systems, and …

  Read more

• IBM i Backup Provider Storagepipe Snapped Up By Thrive

  June 7, 2023 Alex Woodie

  Storagepipe, a Toronto, Ontario-based provider of backup and recovery services for IBM i and other platforms, has been acquired by Thrive, a Massachusetts-based outsourcing company that provides a range of cloud-based IT services.

  Storagepipe has been backing up IBM i servers since it was founded back in 2001. Back in 2015, the last time we checked in with them, the company was utilizing an appliance-based approach to backing up IBM i servers, and any other Windows or Linux servers that customers wanted backed up.

  The backup would be pushed to the Storagepipe appliance, which would then replicate the backup off-site …

  Read more

• Security Still Top Concern, IBM i Marketplace Study Says

  February 1, 2023 Alex Woodie

  Security continues to be the number one concern of IBM i shops surveyed for the annual IBM i Marketplace Study conducted by Fortra. Application modernization surged ahead from last year’s finish to make the race for number one interesting, while HA/DR and IBM i skills rounded out the top four concerns.

  Fortra (formerly HelpSystems) formally released its 2023 IBM i Marketplace Study last week, making it the ninth straight year that the company has released the study. This year’s study, which you can access here, is based on surveys taken last year by about 300 individuals from the IBM …

  Read more

• HelpSystems Goes on the Security Offensive Again

  October 5, 2022 Alex Woodie

  Just when you thought HelpSytsems had bought enough companies, the Eden Prairie, Minnesota, company cranks up the acquisition machine again and gobbles up a few more vendors. Like with previous acquisitions, its recent targets are in security.

  The most recent buy was completed a month ago, when HelpSystems bought Outflank Security Tooling, which it describes as “an IT security leader with deep expertise in adversary simulation, specialist cyber security trainings, and a unique cloud-based software offering for red teams.”

  Penetration testing has become popular as security vulnerabilities in corporate systems have become more apparent. Adversary simulation, or “red teaming,” …

  Read more

• Software Supply Chain Attacks Are A Growing Threat

  October 3, 2022 Alex Woodie

  There’s a lot going on in the world right now, so you probably don’t need something more to worry about. But the cat-and-mouse world of cybersecurity never sleeps, and one of the threats keeping the good guys up at night right now is the growing risk of software supply chain attacks. Unfortunately, security through obscurity won’t provide as much protection for the IBM i server this time around.

  Just what is a software supply chain attack? According to the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA), a software supply chain attack occurs when “a cyber threat actor infiltrates a …

  Read more

• The Global State of Cybersecurity Is Not Good

  September 14, 2022 Alex Woodie

  “It’s a jungle out there” may be the best way to summarize the state of cybersecurity at the moment, as recent global events coalesce into a melting pot of politically motivated hackers, the criminal underground, foreign scammers, and widespread domestic vulnerabilities.

  Let’s start with everybody’s favorite topic: scams. If you’re longing for the simple days of the Nigerian 419 scams, you’re not alone, as the playing field for scams has evolved considerably in recent years. That’s not to minimize the continued threat of the 419 scam, which sometimes resulted in a physical kidnapping, or worse. But the idea of getting …

  Read more

• Security, Automation, and Cloud Top Midrange IT Priorities, Study Says

  August 3, 2022 Alex Woodie

  Improving cybersecurity continues to be the number one overall priority for IT teams at midsize companies going into the second half of the year, but automation and cloud migrations are not too far behind, according to a recent study from Kaseya. Legacy concerns also are viewed as a drag on productivity.

  Kaseya last month published its 2022 IT Operations Report, in which it surveyed 1,877 IT professionals from around the world in April to learn about the top priorities and challenges where they work. The company surveyed only employees at organizations with fewer than 3,000 employees, which is Kaseya’s cut-off …

  Read more

• IBM i Integration Elevates Operational Query and Analytics

  May 16, 2022 Bill Langston

  Modernization, SQL, RPG, open source, cybersecurity, resilience, compliance, clouds, and AI are the trending topics in enterprise technology. As a result, IT professionals can easily overlook and undervalue software that enables real-time, operational query and analytics.

  In contrast, managers and mid-level staff in accounting, logistics, inventory, sales, customer service, and other departments still place a high value on data access and often wish their IT team could do more to help. Collaboration is the key, because your company isn’t realizing the potential of operational query and analytics if you have narrowly defined it as a dashboard and ad hoc file …

  Read more

• Guru: IBM i Unauthenticated Access

  April 25, 2022 Bruce Bading

  One of the greatest threats to any network, host, or server is unauthenticated access where an attacker can gain local or remote access with no credentials that can lead to a Critical rating with the following descriptions (CVSS v3.1 User Guide (first.org).

  Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.)

  Integrity Impact Complete (There is a total compromise of system integrity, and a complete loss of system protection resulting in the entire system being compromised.)

  Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render …

  Read more

• Guru: SIEM Is Only Part Of IBM i Cybersecurity

  March 28, 2022 Bruce Bading

  Many times, we hear from IBM i business owners that their SIEM – that’s short for Security Information and Event Management – is their cybersecurity solution for the IBM i. But that can’t be true, and I want to explain why it is part of the security shield but certainly not all of it.

  Let’s start with SIEMs and how they fit into cybersecurity frameworks. SIEM is mentioned in the PCI appendix, but not once in the core of the 250+ PCI DSS requirements, likewise, the NIST Cybersecurity Framework lists event monitoring as one of the 100s (1/100s) of NIST …

  Read more

Previous Articles Next Articles