Dudu Mimran Blog

WHAT IS PROACTIVE CYBER DEFENSE?

It?s not hard to understand the concept of proactive cyber defense: acting in anticipation of an attack against a computer or network. The goal is getting in front of attacks by evading, outwitting, or neutralizing them early instead of waiting for the damage to start like reactive cyber defenses. It?s also not hard to understand the benefits of being proactive: preventing the negative effects of cyber attacks instead of trying to minimize the damage. The only thing hard to understand is why every company doesn?t practice proactive cyber defense already? To answer that question, we need to dive into the history of cybersecurity. It offers a powerful lesson about what can happen when we?re blind to the flaws in our own methodology. It

November 1, 2020

What is Cloud Workload Protection?

Cloud usage is increasing rapidly. Analysts forecast growth of 17 percent for the worldwide public cloud services market in 2020 alone. This proliferation comes on top of already widespread cloud adoption. In a recent report by Flexera, over 83 percent of companies described themselves as intermediate to heavy users of cloud platforms, while 93 percent report having a multi-cloud strategy. With a growing number of companies planning on doing more in diverse cloud environments, cloud workloads are becoming more common. Over 50 percent of workloads already run in the cloud. This figure is predicted to increase by a further 10 percent within the next 12 months. As users shift their on-premises workloads into the cloud and transform legacy applications into cloud-native technologies, they?re

September 13, 2020

Solving Data Privacy Once and For All

The way online services are setup today implies that the only technical means to provide a more personalized experience to customers is to collect as much as possible personal data into a server and then to put it into some machine that offers recommendations. Personalization is convenient, and we all want convenience, even at the price of compromise of our personal lives. This line of thought started with Amazon, Google, and Facebook, and today it seems that every other online service is operating under the same modus operandi. A situation that is irrational in terms of consumer privacy having hundreds of copies of our most intimate online and demographic data in the hands of thousands of employees and systems in

December 24, 2019

Digital Transformation Is Hard and Existential

There is no large corporation on the planet which does not have digital transformation as one of the top three strategic priorities, and many have already deep-dived into it without necessarily understanding the meaning of success. Digital transformation is highly strategic, and many times existential due to the simple fact that technology changed everyone’s life forever and kept on doing that. A change that gave birth to a new breed of companies with technological DNA enabling them to create a superior substitute to the many services and products catered by the “old” world companies. Furthermore, these “new” companies catch up on customers’ changing preferences and adapt very efficiently. The agility of the new world puts a shining spotlight on the

December 23, 2019

Unpredictions for 2020 in Cyber Security

The end of the year tradition of prediction is becoming a guessing game as the pace of innovation is increasing towards pure randomness. So I will stop pretending I know what is going to happen in 2020, and I want to write on areas that seem like the most unpredictable for 2020. Below you can find an honest review of my?2019 predictions. 2020 Unpredictions 5G A much talked about topic in 2019 with billions poured on rollouts across the globe. However, it is still unclear what are the killer use-cases, which is usually one step before starting to think about threats, security concepts, and the supply chain of cybersecurity vendors meant to serve this future market. I think we will

December 20, 2019

The ACCEPTABLE Way to Handle Data Breaches

LifeLabs, a Canadian company, suffered a significant data breach. According to this statement, the damage was “customer information that could include name, address, email, login, passwords, date of birth, health card number and lab test results” in the magnitude of “approximately 15 million customers on the computer systems that were potentially accessed in this breach”. It is an unfortunate event for the company, but eventually, the ones hurt the most are the customers who entrusted them with their private information. It is also clear that the resources that were allocated by this company to defend the private information were not enough. I don’t know the intimate details of that event. Still, from my experience, usually, the cyber defense situation in

December 19, 2019

Spanning the Chasm: The Missing Link in Tech Regulation – Part 1 of 2

Mark Zuckerberg was right when he wrote in his op-ed to the Washington Post that the internet needs new rules ? though naturally, his view is limited as a CEO of a private company. For three decades governments across the globe have created an enormous regulatory vacuum due to a profound misunderstanding of the magnitude of technology on society. As a result, they neglected their duty to protect society in the mixed reality of technology and humanity. Facebook is the scapegoat of this debate due to its enormous impact on the social fabric, but the chasm between governments, regulation and tech affect every other tech company whether it is part of a supply chain of IT infrastructure or a consumer-facing

April 21, 2019

What Will Happen When Machines Start Lying to Us

The mere thought of a computer lying to you about something has boggled my brain ever since I heard it from a friend professor on a flight as an anecdote on what could happen next in AI. That one sentence took me on a long trip in a rabbit hole of a wide range of implications. I did not want to write on it first, not to be the one which saws that idea in the brain of people with bad intentions, but today I saw that (The AI Learned to Hide Data From Its Creators to Cheat at Tasks They Gave It) and I felt as if the cat was out of the bag. So here I go. An

January 10, 2019

Why Privacy Will Remain an Open Issue Unless

2018 was a year of awakening to the dear side effects of technological innovation on privacy. The news from Facebook’s mishandling of users’ data has raised concerns everywhere. We saw the misuse of private information for optimizing business goals and abuse of personal data as a platform to serve mind-washing political influencers posing as commercial advertisers. Facebook is in a way the privacy scapegoat of the world but they are not alone. Google, Twitter, and others are on the same boat. Adding to the fiasco were the too many examples of consumer services that neglected to protect their customer data from cyber attacks. 2018 was a year with rising concerns about privacy breaking the myth people don’t care for privacy

December 28, 2018

My Ten Cyber Security Predictions for 2019

Well, 2018 is almost over and cyber threats are still here to keep us alert and ready for our continued roller coaster ride in 2019 as well. So here are some of my predictions for the world of cybersecurity 2019: IoT IoT is slowly turning into reality and security becomes a growing concern in afterthought fashion as always. This reality will not materialize into a new cohort of specialized vendors due to its highly fragmented nature. So, we are not set to see any serious IoT security industry emergence in 2019. Again. Maybe in 2020 or 2021. DevOps DevOps security had a serious wave of innovations in recent three years across different areas in the process as well as in

December 21, 2018

How to Disclose a Security Vulnerability and Stay Alive

In recent ten years, I was involved in the disclosure of multiple vulnerabilities to different organizations and each story is unique and diverse as there is no standard way of doing it. I am not a security researcher and did not find those vulnerabilities on my own, but I was there. A responsible researcher, subjective to your definition of what is responsible, discloses first the vulnerability to the developer of the product via email or a bug bounty web page. The idea is to notify the vendor as soon as possible so they can have time to study the vulnerability, understand its impact, create a fix and publish an update so customers can have a solution before weaponization starts. Once

December 18, 2018

The Emerging Attention Attack Surface

A well-known truth among security experts that humans are the weakest link and social engineering is the least resistant path for cyber attackers. The classic definition of social engineering is deception aimed to make people do what you want them to do. In the world of cybersecurity, it can be mistakenly opening an email attachment plagued with malicious code. The definition of social engineering is broad and does not cover deception methods. The classic ones are temporary confidence building, wrong decisions due to lack of attention, and curiosity traps. Our lives have become digital. An overwhelming digitization wave with ever exciting new digital services and products improving our lives better. The only constant in this significant change is our limited

March 16, 2018

The First Principle of Security By Design

People create technologies to serve a purpose. It starts with a goal in mind and then the creator is going through the design phase and later on builds a technology-based system that can achieve that goal. For example, someone created Google Docs which allows people to write documents online. A system is a composition of constructs and capabilities which are set to be used in a certain intended way. Designers always aspire for generalization in their creation so it can serve other potential uses to enjoy reuse of technologies and resources. This path which starts at the purpose and goes through design, construction, and usage, later on, is the primary paradigm of technological tools. The challenge arises when technological creations

November 2, 2017

Risks of Artificial Intelligence on Society

Random Thoughts on Cyber Security, Artificial Intelligence, and Future Risks at the OECD Event – AI: Intelligent Machines, Smart Policies It is the end of the first day of a fascinating event in artificial intelligence, its impact on societies, and how policymakers should act upon what seems like a once in lifetime technological revolution. As someone rooted deeply in the world of cybersecurity, I wanted to share my point of view on what the future might hold. The Present and Future Role of AI in Cyber Security and Vice Verse Every new day we are witnessing new remarkable results in the field of AI and still, it seems we only scratched the top of it. Developments that reached a certain

October 27, 2017

Accountability – Where AI and Blockchain Intersect

Recently I?ve been thinking about the intersection of blockchain and AI. Although several exciting directions are rising from the convergence of these technologies, I want to explore a specific one: accountability. One of the hottest discussions on AI is whether to constraint AI with regulation and ethics to prevent an apocalyptic future. Without going into whether it is right or wrong to do so, I think that blockchain can play a crucial role if such future direction materialize. There is a particular group of AI applications, mostly including automated decision making, which can impact life and death. For example, an autonomous driving algorithm can decide that will eventually end with an accident and loss of life. In a world where

October 24, 2017

Thoughts on The Russians Intervention in the US Elections. Allegedly.

I got a call last night on whether I want to come to the morning show on TV and talk about Google?s recent findings of alleged Russian sponsored political advertising. Advertising that could have impacted the last US election results, joining other similar discoveries on Facebook and Twitter and now Microsoft is also looking for clues. At first instant, I wanted to say, what is there to say about it but still, I agreed as a recent hobby of mine is being guested on TV shows:) So this event got me reading about the subject quite a bit later at night and this early morning to be well prepared, and the discussion was good, a bit light as expected from

October 10, 2017

Will Artificial Intelligence Lead to a Metaphorical Reconstruction of The Tower of Babel?

The story of the Tower of Babel (or Babylon) has always fascinated me as God got seriously threatened by humans if and only they would all speak the same language. To prevent that God confused all the words spoken by the people on the tower and scattered them across the earth. Regardless of the different personal religious beliefs of whether it happened or not the underlying theory of growing power when humans interconnect is intriguing and we live at times this truth is evident. Writing, print, the Internet, email, messaging, globalization and social networks are all connecting humans ? connections which dramatically increase humanity competence in many different frontiers. The development of science and technology can be attributed to communications

June 11, 2017

Softbank eating the world

Softbank acquired BostonDynamics, the four legs robots maker, alongside secretive Schaft, two-legged?robots maker. Softbank, the perpetual acquirer of emerging leaders, has entered a foray into artificial life by diluting their stakes in media and communications and setting a stronghold into the full supply chain of artificial life. It starts with chipsets (ARM), but then they divested a quarter of the holdings since Google (TPU) and others have shown that specialized processors for artificial life are no longer a stronghold of giants such as Intel. The next move was acquiring?a significant stake in Nvidia. Nvidia is the leader in general-purpose AI processing workhorse, but more interesting for Softbank are their themed vertical endeavors?such as the package for autonomous driving. These moves

June 9, 2017

Random Thoughts About Mary Meeker’s Internet Trends 2017 Presentation

Random thoughts regarding Mary Meeker’s?Internet Trends 2017 report: Slide #5 The main question that popped into my mind was, where are the rest of the people? Today there are 3.4B internet users where the world has a population of 7.5B. It could be interesting to see who are the other non-digital 4 billion humans. Interesting for reasons such as understanding the growth potential of the internet user base (by the level of difficulty of penetrating the different remaining segments) and identifying unique social patterns in general. Understanding the social demographics of the 3.4B connected ones can be valuable and a baseline for understanding the rest of the statistics in the presentation. Another interesting fact is that global smartphone shipments grew

June 8, 2017

The Not So Peculiar Case of A Diamond in The Rough

IBM stock was hit severely?in recent month, mostly due to the disappointment from the latest earnings report. It wasn’t a real disappointment, but IBM had a buildup of expectations from their ongoing turnaround, and the recent earnings announcement has poured cold water on the growing enthusiasm. This post is about IBM’s story but carries a moral which applies to many other companies going through disruption in their industry. IBM is an enormous business with many product lines, intellectual property reserves, large customers/partners ecosystems, and a big pile of cash reserves. IBM has been disrupted in the recent decade by various megatrends, including cloud, mobile computing, software as a service, and others. IBM started a?turnaround which became visible to the investors’

May 24, 2017

Artificial Intelligence Is Going to Kill Patents

The patents system never got along quite well with software inventions. Software is?too fluid for the patenting system, built a long time ago for creations with?physical aspects. The material point view perceives software as a big pile?of electronically powered bits organized in some manner. In recent years the patenting system was bent to cope with software by adding into patent applications artificial additions containing linkage into?physical computing components such as storage or CPU so the patent office can approve them. But that is just a patch and not evolution. The Age of Algorithms Nowadays, AI has become the leading innovation frontier ? the world of intellectual property is about to be disrupted and let me elaborate. Artificial intelligence, although a

May 23, 2017

Some Of These Rules Can Be Bent, Others Can Be Broken

Cryptography is a serious topic ? a technology based on a mathematical foundation posing an ever-growing challenge for attackers. On November 11th, 2016, Motherboard wrote a piece about the FBI?s ability to break into suspects? locked phones. Contrary to the FBI?s constant complaints about going dark with strong encryption, the actual number of phones they were able to break into was relatively high. The high success ratio of penetrating locked phones in some way doesn?t make sense – it is not clear what was so special with those devices they failed to break into. Logically similar phone models have the same crypto algorithms, and if there was a way to break into one phone, how come they could not break

May 21, 2017

Searching Under The Flashlight of Recent WannaCry Attack

Random thoughts about WannaCry Propagation The propagation of the WannaCry attack was massive and mostly due to the fact it infected computers via SMB1, an old Windows file-sharing network protocol. Some security experts complained that Ransomware has been massive for two years already and this event is only a one big hype wave though I think there is a difference here and it is the magnitude of propagation. There is a big difference when attack distribution relies solely on people unintentionally clicking on a malicious link or document and get infected vs. this attack propagation patterns. This is the first attack as far as I remember where an attack propagates both across the internet and inside organizations using the same

May 19, 2017

Presentation at the Netexplo Observatory 2017 Event at Unesco

I had the privilege to present at the Netexplo Observatory event at Unesco with a presentation about the danger of AI if and when it will be adopted by cyber attackers. You can download my presentation here.

May 11, 2017

A Cyber Visit to London

CDA I had a super interesting visit to London for two cyber-related events. The first was a meeting of the CDA which is a new collaboration effort among the top European banks headed by Barclays Global CISO and the CDA themselves. The Israel Founders Group assembled top experts from the world of cyber security and gathered them as an advisory board to the CDA. CDA Group of Seven British Government The second part of the trip was no less interesting, I was invited by the Israeli embassy to participate in a thinking tank of the British government about how to build a strong cyber capability in the UK. That’s a picture taken at the Royal Society, no faces;)

February 28, 2017