Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Building a Safe, Efficient, Cost-Effective Security Infrastructure
Threaded  |  Newest First  |  Oldest First
PaulChau
50%
50%
PaulChau,
User Rank: Strategist
7/12/2018 | 10:59:12 PM
hi
Right now, the most important commodity in the world is the ability for swift and efficient communication. Not just amongst people but amongst things to, and that's why this whole internet of things thing has come about isn't it? I'm sure that people will figure out a way to get better at collecting data from different points in a system and when that happens, you'll be surprised at what we can achieve with everything moving smoothly from process to process.
OtherKen
50%
50%
OtherKen,
User Rank: Author
7/16/2018 | 2:25:10 PM
Re: hi
Paul

Thank you taking time to read my article. You are right that IoT is all about communication between things, people and the data. The challenge is how to manage all this new data and to determine what is important and what is not. I do not beleive we have that figured out yet but I am excited about the future of machine to machine communications and the edge compute architectures that it drives. This combined with 5G should make for an exciting time in tech over the next 10 years. 

Thanks again for the reply.

Ken
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
7/13/2018 | 4:10:36 AM
Real-Time Video/Audio Scanning w/Shape Detection & Adaptive Pattern Recognition
One of the things we see often in suspense thrillers is the "eye in the sky" concept. In fact, IoT is absolutely at the heart of what is possible in terms of securing public and private safety. By putting focus on Internet and Cellular infrastructure to increase bandwidth, accessibility and interoperability, security specialists utilizing specialized software can bring a true sense of real-time security not based on intel (a slow process often taking years to gather, months to analyze and response times to events often too late) but based on shape detection and pattern recognition, for a start, that suggest or conclusively identify risk. Putting AI behind access to real-time video feeds may reveal illegal activities not obvious to the naked eye, or hidden from view to human eyes but captured in cell and camera video feeds or even audio feeds.

Such an infrastructure meets the 1) "safe" and 2) "efficient" criteria. Such technology is no longer just in the hands of the military or agencies like the CIA. One need only scan papers written in 2017 and 2018 on IEEE or Springer, for instance, to see the technology is already here, in some cases in piece-meal spread across different projects and disciplines, but ready to bring together. Often only policies and laws are keeping such a fully realized security system from coming to fruition. However, one element that could be preventing it is the "cost-effective" factor. For, even if privacy laws were adjusted and put into effect to allow such a system to be properly designed and implemented, cost could delay it.  A good portion of that cost would be divided between hardware (of course) and security - yes, such a system would need to be incredibly secure to prevent it from being turned from a safeguard into a weapon.

There are options, of course. One of the early projects I admired related to the "Internet anywhere" idea was FreedomBox. Acting as a wireless access point, you could theoretically plug this in anywhere and give access to anyone to WiFi for free. Imagine a distribution of video/WiFi access point units strategically placed throughout cities and camouflaged such that 90% of the boxes would remain untouched annually. These would then be accessible to AI-driven apps that would scan live video and in real-time perform the functions previously described. Add to that scans of live news broadcasts, Facebook and Instagram live feeds, and so on. Here would be one component of a security infrastructure that could become essential to future public security.

Now, how to solve the myriad privacy concerns that would slow down such a project?


News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23347
PUBLISHED: 2021-03-03
The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user.
CVE-2021-25315
PUBLISHED: 2021-03-03
A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 ...
CVE-2021-27921
PUBLISHED: 2021-03-03
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
CVE-2021-27922
PUBLISHED: 2021-03-03
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
CVE-2021-27923
PUBLISHED: 2021-03-03
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.