Friday, January 24, 2014

How can companies prevent cyber attacks like that of Dec 2013 Target credit card data theft ?

1//24/2014 By: Arvind Jain

By now we all know that passionate hackers are very smart and they will always have a edge over whatever known systems we can create (Firewall, IPS etc). Even the best SIO (Security Intelligence Operations) team cannot possibly know of each and every malware in advance so a traditional approach of IPS or Malware detection based on signature is so stone age thing now.

So what could have been done at Target? I am sure many experts are pondering over it but here is my simple thinking. A combination of proactive people, process and tools would have prevented it.


We need people for behavior analysis or analytics.  BlackPOS creators and Hackers in general know what a Firewall can do. So they timed data transfer to normal business hours, merged it with FTP traffic and used internal dump servers in Targets own network. This is what I gathered from iSight comment in the WSJ article today.

"ISight, hired by the Secret Service and Department of Homeland Security to help with the investigation, said the bug had a "zero percent antivirus detection rate," meaning even updated security software couldn't tell it was harmful.  So a endpoint security system or antivirus software would also have been ineffective to detect the malware.

This is where you need a joint effort on part of system, people, and process to detect anomalies.  Something like a Cyber Threat Defense solution (like the one offered by Cisco) is a good way to detect patterns and flag them.

The hack involved several tools, a Trojan horse scanned the point-of-sale system's memory for card data which was stored unencrypted in memmory. Another logged when the stolen data was stashed inside Target's network. Yet another sent the stolen data to a computer outside the company. The coordination of those functions was complex and sophisticated, but could have been easily seen as an anomalous pattern.



Like if there is traffic jammed up in freeway you know something is wrong ahead. For that matter if all traffic goes to a different side than normal for that route then also you know something is not right. To detect anomalous activity, you have to look at traffic timing, volume, direction etc. to detect activity.

These are good indicator that something has happened and potentially it requires immediate attention from people and processes. You could then take the traffic flow (using a tool like NetFlow) and look for anomalous traffic patterns.  You would have encountered something that is never before seen and that would have triggered deep packet inspection of dump files.

Typically Malwares siphoned data and stored it in local Intranet (to disguise it as internal traffic over a temporary NetBIOS share to an internal host inside the compromised network) and then attempt to send the data to the attacker over a legitimate call like via FTP or HTTP.  Compromised data was collected in .DLL files (in this case, track data, which includes all of the information within the magnetic strip) and is periodically relayed to an affected “dump” server over a temporary NetBIOS share drive.  In this particular case the DLLs weren't malicious (they just contained normal data so no system could have tracked it without insight from people or Target IT staff).

Tools like Lancope StealthWatch help you detect such anomaly. The dump server was not a host that the POS systems were required to communicate with. So when POS systems attempt to communicate to one another or to a unidentified server a Host Lock Violation alarm is generated. Similarly once the data started to be sent to the dump server, it could have triggered a Relationship High Traffic or potentially a Relationship New Flows alarm.

Internet Control Message Protocol (ICMP) is one of the main protocols of the Internet Protocol Suite used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP anomalies can be detected using network-monitoring tools provided by companies like Cisco or its recent acquisition

So you do have all the tools at your disposal, all that was needed was a good brain with commonsense to do correlation between the series of activities that were happening anomalously and could have been detected by monitoring tools.



 

Of course if you do not have time for all these or the tools or the in-house security expertise, Cisco Advanced Services for Managed Cyber Security is at your service. Feel free to reach out to me for recommendations.


Arvind

Tuesday, January 14, 2014

What is behind these recent acquisitions by Palo Alto Networks and FireEye ? Domain Talent and Virtualization


Security is a red hot fascinating sector right now, acquisitions are happening left and right and I have stopped trying to do a financial valuation, there is something else happening. When money is cheap, I see these acquisitions happening as a race to get ahead with talent and new technology. But payoff will come for those who are first with economies of scale.

The two outstanding reasons for these acquisitions in my opinion are Virtualization in Security and Talent with domain expertise. Many security startup are focusing on use of in-situ virtual sandboxes to investigate suspicious files to detect malware before letting them loose in the main network.

Blue Coat Systems acquired Norman Shark, which had developed a sandboxing technology platform for malware analysis.  Palo Alto network acquired Morta Security  (CEO Raj Shah) a Silicon Valley-based security startup to bolster its cloud-based WildFire malware inspection technology. Aim was to get NSA talent as well as the virtualization technology. A week earlier FireEye acquired Mandiant which provides endpoint security software and is well known for its threat intelligence research and incident response services.

So what next ….. I am waiting to see some big - Bigdata plus Security related acquisitions and they are coming sooner than you will expect ….


Safe Surfing …

Sunday, November 17, 2013

A day in Kunming China

Kunming is a important location for transit passengers traveling via China Eastern.

I had a unplanned 24 hour stay and I am glad that I found a reasonable accommodation. 

So for those that are looking for simple, straightforward transit stay in Kunming,  Dhaka Hotel Ph# 135 2933 2392 is a good option if you are within a budget. They have WiFi, Airport Transfer and South Asian food options.


Monday, May 27, 2013

Complete Gross Margin improvement framework


Posted above is a time tested framework for significant gross margin improvement to your business unit's overall gross margin.

Simple but very powerful. If you can deploy these buckets wisely then GM savings can be anywhere in thousands or millions .. depending on your operations scale.

 

Wednesday, May 01, 2013

Pricing strategies for services


How can a services provider (Advanced Services, Technical Services or Professional Services) make sure it has priced its services just right?
There are three ways to do pricing
1)      Cost Plus
2)      EVC (Economic Value to Customer)
3)      Competitive Marketplace

Just going by Cost Plus, you leave money on table. EVC is theoretically best pricing but you cannot price case by case (so you set list price and give discounts to adjust for case by case basis). Competitive Marketplace is what most people do but then you are treating your services as commodity.

I suggest that you follow a more methodical approach about pricing strategies for services.
1)      Creating a pricing model, which takes into account your fixed costs and business strategy.  A baseline formula would let you know what price range is NOT feasible.  Say your prices will not be less than this amount so that you maintain your Gross Margin and survive in the industry.

2)      Break down your costs into buckets (Server, support, manpower, gas, commute, task time, delivery model and expertise) and then have a variable formulae based on weightage to what you have in plenty and what is scarce for you.

3)
     
Research your industry (business cycle, technology trend)

4)
     
Research your customers (segment the market, are you their strategic partner, long term potential).

There is a constant pressure on services to invest in new practice areas, either because these investments would help meet business unit sales quotas or because the business units need more people/partners out there, evangelizing new sort of technologies. Evaluate those opportunities so as to keep your costs low.
 

Monday, April 22, 2013

Five pillars of Gross Margin Improvement


When growth comes to standstill or products start to become commodity …nothing else matters as much as maintaining your Gross Margin.

A company can have stagnant revenue but Wall Street will still reward it's shares if it show profitability growth and how do you do it? Look no further than Gross Margin.




Essentially the five pillars of Gross Margin improvement are:

  1. Financial Planning
  2. Operational Effectiveness
  3. Pricing Optimization
  4. Product Management
  5. Sales Effectiveness
Want to know more? I am working on a Gross Margin play book. Drop me a note and will be glad to share.

Operational effectiveness as a Gross Margin tool

Effective Operations can help your company move in the right direction w.r.t. Gross Margin.

The 8 top most things that come to my mind when we look at GM in high-tech industry from an operations perspective are (in no order of importance).

Operational Effectiveness
NMS - (Fixed + variable) Others
Portfolio Alignment
NMS - Freight Savings
Over Head
Transformation Savings
Supplier Savings
Product and Theater Mix
Royalty Management


We will drill down into each some other day in a white paper.

Monday, February 22, 2010

How is SaaS Product Management different from traditional Product Management?

As Enterprise Architects we are inclined to always question that how a particular technical architecture is going to benefit business strategy of my company. In the same thoughts I had a debate with my colleague that Product Management for a SaaS or Cloud based product is very different than a traditional approach to product management.

As SOA Architect I can see some of the challenges with reuse or creating global services. So here are some of the key differences between traditional product management vs SaaS product management, that I can think of. Please comment your thoughts or elaborate more.

In Saas product management you have to worry about all these additional things,

1) Data Management of customer data (Backup, recovery, export, migration)
2) Additional security around Access & Authorization
3) You earn your money every day and every moment, so it is not a traditional sell once and forget till the next new producty is available. If you fail customers may not and will not renew the subscription. So you have to develop SaaS with some stickiness feature like creating a website with lowest bounce rate and higher CTR (click through rate). so that there is highest probability of customers renewing.
4) Special considerations for On Demand / Multi Tenacy of the product / solution.
5) Much higer emphasis on Disaster Recovery, Peak Load and High Availablity.
6) One size does not fit all, so how would you provide innovation in cloud? How to empower customers in cloud so that they can maintain their cuttting edge by intelligent customizations.

I am thinking there will be additional issues like Multi Tenant Pricing that will be of concern (based on usage pattern, product differentiation etc.) so please comment your thoughts or elaborate more if you can.

Monday, February 08, 2010

MIT South Asian Alumni Association - MBA Panel Discussion

MIT South Asian Alumni Association had invited me to a panel discussion at the Stanford University campus to share my MBA experience and guide future business school applicants. It was a good debate and most importantly I belive the assosciation is doing a great service to public. More details can be found here

http://alumweb.mit.edu/upload/AS/MBA_event_flyer_26414.pdf

Sunday, January 24, 2010

Some very interesting Web 2.0 Links that can help in Smart Marketing & positioning


This page contains links to some very interesting websites that I use as part of my Product Marketing SEO tasks, they help you gain strategic edge using IT (information technology). Anyone interested in Search Engine Marketing (SEM) must pay attention to these tools:

LINKS
  • Google Trends - find temporal trends in search word usage on the internet
  • Google Insights for Search - estimate relative importance of search terms with trends by geographical regions

  • Google Analytics - web analytics solution that gives insight into your website traffic and marketing effectiveness

  • Quantcast - monitor website traffic and effectiveness of marketing communications to customers. This give Demographics info of Visitors. You can also use Microsoft AdCenterLabs to analyze demographics.
     
  • Hitwise - ISP data, can be used to analyze how people get to, spend time in and depart from websites, large sample size

  • Alexa - web traffic metrics based on voluntary anonymous tracking of people who have signed up for free, large sample size
     
  • Comscore - web traffic metrics based on voluntary tracking of people who have signed up for a fee, gives much more detailed information but sample size is small

  • CrazyEgg - Click density analysis, find out where people are clicking on your webpage (is your design driving people to the right place?)  
When you use Google AdWords be sure to use Ad Preview Tool at
https://adwords.google.com/select/AdTargetingPreviewTool?hl=en_US





Monday, November 02, 2009

Landmark achievement for my team - Cisco announced as overall winner for SOA implementation award by CIO magazine and SOA Consortium.

Landmark achievement for my team - Cisco announced as overall winner for SOA implementation award by CIO magazine and SOA Consortium.




Cisco SOA Team Wins SOA Consortium / CIO Magazine Award


Cisco has been selected as the overall winner of the 2009 CIO Magazine “SOA Case Study Competition“ organized by the SOA Consortium. Please see detailed news article here.

Cisco was recognized by industry experts for its SOA initiatives, platform and implementation successes.
The SOA Case Study Competition highlights business success stories and lessons learned to provide proof points and insights for other organizations considering or pursuing SOA adoption. The contest was open to organizations of all sizes, including government agencies that have successfully delivered business or mission value using an SOA approach.
CIO Magazine, launched in 1987, produces award-winning content and community resources for information technology executives. The SOA Consortium is a group of renowned industry experts and practitioners, who through the years honor companies for outstanding achievement with this award.

If you are interested in the case study then please contact me offline at arjain@cisco.com

Monday, January 26, 2009

How to configure Standalone Fuego BEA Aqualogic Oracle BPM Studio to work with Secure Web Services?

While evaluating BEA BPM Studio I had to struggle a bit with how to configure Standalone Fuego BEA Aqualogic Oracle BPM Studio .... I am trying to give credit to all companies here :) to work with Secure Web Services?
Now I have secured web services orchestrated and also using encryption in my BPM Processes. Here is the meat of the matter ...
In order to communicate with secured webservices using SSL encryption (those with WSDL end point starting as https:// ) you need to have certificates from those servers installed in your keystore.
For BPM Standalone these are the steps. And before you begin set JAVA_HOME to C:\OraBPMStudioHome\eclipse\jre if you have not done so already.
1. Download the .cer file from server. (One way is you can use IE browser to get that file and export it from browser to a local directory)
2. Put this file in %JAVA_HOME%\jre\lib\security. You can put it anywhere you want.
3. Run the following command at a command prompt:
C:\Program Files\Java\jre1.6.0_02\bin>keytool -import -trustcacerts -alias <CERT ALIAS NAME> -keystore ..\lib\security\cacerts -file ..\lib\security\gd_<cert file name>.cer
4. You will be prompted for a password. If you have not changed the password, it will be "changeit".
5. You will then get the following message if all is successful - "Certificate was added to keystore".
6. Restart Tomcat (inbuilt server in BPM Studio).
This should solve your problem.
Pls note that if you have not configured your keyStore then first do so. you will find this document handy to do so.
Quick tip: To see a list of keys in keystore
%JAVA_HOME%\bin\keytool -list -keystore ..\lib\security\cacerts
Arvind

Wednesday, December 03, 2008

Switched from Oracle BEA BPM Enterprise Version (on Weblogic) to the Standalone Version for Evaluation Purposes.

Last week was a very short week during which I tried to install an Enterprise BEA BPM on Weblogic. There were a lot of configurations needed for Enterprise WebLogic Edition (Directory Server, Database, Deployment within the WebLogic JVM etc). I have listed the steps below.
It was taking too much time and was not very straightforward. I had to ensure that I have installed and configured the BEA WebLogic application server properly even before I could debug & play with the BPM engine.

At end of last Tuesday I made a call to switch to Enterprise Standalone but the efforts put in were good learning and useful for Standalone Installation as well. So for the purpose of proceeding with evaluation going forward I have shifted to Enterprise Standalone Version as my focus is BPM.

Some learnings or observations .... On the Oracle website they refer to downloading Oracle BPM Enterprise Administration Guide.pdf but in real scenario there was no such file name. I realized that it was same as Oracle BPM Admin Guide.pdf and the same goes for configuration guide as well. So will not get confused in future :)

Ok so with the ultimate aim being to Deploying and Publishing a New BPM Project I had to go through a series of steps. (For standalone I needed a much smaller set but the practice and drill was worthwhile learning in terms of infrastructure and operationalization of product.

The whole list of steps:

  1. Creating Directory Service ( need to configure Directory Database Schema)
  2. Creating a Process Execution Engine ( need to configure a separate Execution Engine Database Schema)
  3. Configuring Weblogic Server
  4. Creating Weblogic Server Domain
  5. Create Oracle BPM Deploy User
  6. Installing Oracle BPM Deployer
  7. Creating JDBC Data Sources on BEA Weblogic Server
  8. Creating JMS Server, Module & Resources
  9. Configuring the Deployer and Deployment Targets
  10. Enabling Clustering
  11. Building and Deploying Application EAR Files
  12. Deploying and Publishing a New BPM Project

As of now I have Standalone Enterprise BEA BPM configured with Directory (Oracle 10g DB). Engine DB configuration has some issues due to privileges. Make sure you have a friendly DBA to help out.

I am trying to come up with a set of use cases to test out different features.

More next week as I try to put together a list of features .. dully prioritized that I will like to test out.

If you have a challenge for me ...Bring it ON :)

Friday, November 21, 2008

Currently evaluating Oracle BPM 10gR3

For the next one month I want to be critically evaluating Oracle BPM 10gR3. 

 

Yes this is the new face and name of  BEA Aqualogic BPM 6.5 , now with Oraclelization it is called as Oracle BPM 10gR3. Too early to make a comment.

 

My aim is to see how well Oracle has leveraged and integrated the BEA Aqua logic BPM products with its other products to offer a complete suite.

 

Getting started was easy .... Installed Oracle BPM Studio 10.3.0.0.0  from the link below. To get started

Please visit: http://www.oracle.com/technology/products/bpm/index.html

Here you will find download link – for initially getting your feet wet purposes, download of studio should suffice. Also, there is a tutorial and link to docs.

 

Installation was smooth, took around 60 Minutes. I referred to this site for the product documentation

http://download.oracle.com/docs/cd/E13154_01/bpm/docs65/index.html

 

One glitch ....

It took me 20 minutes to figure out why the "Launch Workspace" icon was disabled. Figured out that after designing the process I had unfortunately clicked on either "outline" or the "Log Pane" that exist below and clicking on those panes dynamical change the Menu and disable certain icons.

 

More later

 

Arvind

Saturday, November 15, 2008

Finished Half Marathon of my pursuit of MBA

I have been quite busy last few months with double MBAs. One one side
was the collaboartion, group study, projects, assignments and homeworks
for CMU MBA. The other side was my younger one growing up. That was
another MBA (Managing Baby Administration)

Things are finally getting easier as I am approaching the final year of
my MBA. This was a perfect time for me to learn about "Marketing
Management", "Financial Accounting", "Production & Operations
Management" , "Macroeconomics", "Corporate Finance" & "Marketing
Research". With the current ecomonic situation I feel that every day I
use my Business & Financial learnings to analyze situations.

Here is a recent picture from one of the CMU social networking events.

Arvind

Wednesday, April 16, 2008

Carnegie Mellon Tepper School of Business - Part Time MBA Program

Quite many people have contacted me about the Carnegie Mellon part time MBA Program since I started the same in 2007. After having been through the experience for a year now, I can see direct applications of many of the Business School teachings to SOA world.
After all ... SOA & BPM is mostly about Business & IT alignment within an organization and in its partner eco system. So I though that it will be a good idea to write a summary about the CMU MBA program here in this blog.

Program Overview: I have been fortunate that the CMU MBA program is offered at Cisco Campus apart from their West Coast campus ( CMU West - http://west.cmu.edu/ ) in the Moffet Field (you can see signs on 101 north near Moffet Field exit). This is very handy at times when I need to hop out of meetings and join the class within minutes of getting out of office. It is first time at Cisco but the program itself was started in 1996.
It is delivered to corporate campuses in real-time via video-conferencing technologies and CISCO is leading the way with its TelePresence technology which is as real life as it can get. Others in the MBA class are from companies like Lockheed Martin, Goldman Sachs, United Technologies, Oracle, Intel, Applied Materials, Pitney Browns etc.

Tepper MBA program is highly known in Financial & Operations Research area due to its stress on analytical approach to problem solving and decision making in complex and dynamic business environments. CMU Tepper is ranked 3rd in Wall Street Journal Rankings.

Part Time program has same admission/graduation criteria as it exists for Full/Part-time students in CMU Pittsburg Campus. More info at: http://www.tepper.cmu.edu

If you need more information please feel free to get in touch.

Arvind
arvindDOTjainATyahooDOTcom

Disclaimer: Opinions expressed are my own and CISCO does not sponsor or endorse this program.

Friday, March 07, 2008

SOA on SOA !! - Bring the discipline of SOA to service development and creation in your organization.

SOA on SOA!!

It was difficult to put the most appropriate words to my thoughts but what I am trying to bring out is that SOA implementation should not burden the service providers and consumers to go through the burden of learning all the latest standards, tools & technologies.

They should just worry about their business logic and there should be a framework which transparently takes care of making that business logic a service as in SOA world while adhering to their company's enterprise policies, processes and standards.

How to enable this? Enterprise architects should closely watch two upcoming standards - SCA & JBI.

JBI is JSR 208 and called as Java Business Integration. SCA is Service component architecture.

JBI is used by system integrators during physical deployment (customers and end users do not see this). It helps in management & interoperability of your SOA infrastructure.

SCA has a design and composition perspective. It is used by developers to annotate or put notes in their code to describe service and their dependencies.

The aim is to create a virtual container for hosting services. This way services can be plugged into ESB or into an existing Policy Manager. It will be independent of language and will help as a framework for exposing business logic as service.

The other significant benefits I see are
- Consistent deployment & management
- Location Transperancy (Virtualization)
- Policy Enforcement
- Consistent Security Model
- SOA does not means every developer needs to know about WSDL or WS-* or other standards. They need to know the core business logic.
- It might possibly help in transaction coordination.

So let us try to use our own methodology SOA to help in implementation & adoption of SOA.

Arvind

Monday, February 25, 2008

How to take Build vs Buy decision in case of Software Products?

In the world of software development once in a while everyone reaches that crossroad where he needs to decide - Should we build that software or buy it? Build vs Buy !! Deal or No Deal !!

Here are suggestions that will help you. When making a Buy vs Build decision do the following:
  • Consider only the costs that are affected by your decision (example you may or may not decide to buy additionaly 24X7 support)
  • Include all Opportunity Costs (are you going to miss on some other core oppurtunity / project in your own industry)
  • Ignore Sunk Costs, these are costs that have already been incurred (example can be hardware cost as either version of bought or in house build software will require similar hardware)Calculate total costs of each option. Total cost = fixed (avoidable) costs + variable (avoidable) costs
  • Considering "Soft" or "Intangible" cost/benefits, for example future use of product or learning, team reputation or burden (in terms or learning or development), derivative products.

Other Important Hints/Viewpoints
  • A very important consideration is to look at the Marginal cost i.e. the cost for deploying an additional host (cpu) with the same software.
  • For coming up with oppurtunity cost - look at the nature of technology/product and its maturity level - analysis in the Short Run and in the Long Run
  • Look at the service/product provider and its industry - will you be price taker or price chooser? How much can you negotiate? What are hidden benefits/costs of partnership?
  • Evaluate options using the net present value (NPV) & internal rate of return (IRR) approach
  • A little known fact is about the Basic Accounting ... Is it favourable for company's accounting? - This is very important as software bought is a depreciable asset for organization while software built will be treated as an ongoing expense without any balance sheet asset created out of it.
Hope you have some food for thought and solid points to make your case in your next board/council meeting.
Arvind

Sunday, February 24, 2008

Does the best technology & architecture guarantee a successful SOA or BPM?

Have you ever wondered that given best technology & architecture ...Are you guarantee a successful SOA or BPM project?

Answer is a simple and a big NO.
There is much more to a successful SOA or BPM implementation & adoption then just choosing the right tools and technology and architecting the finest blueprints. The best and brightest team of IT architects and engineers definitely help to do the toughest of design & implementation projects .... but that is just half the task.
Embracing SOA or BPM or for that matter any new initiative like WEB 2.0 and Collaboration is a major change for the organization. By nature changes are difficult as people see change with a grain of salt and skepticism.

Hence the Architecture Community has an additional and significant responsibility to be the "Change Agents" in the organization. They need to understand basic human nature & group behavior in order to be successful in their SOA or BPM initiative. They need to understand that shift in attitude seldom comes at once. The rate at which different groups, divisions or individuals will adopt these changes will vary by individual, or the type of change or the organizational context.

They need to identify these stages of change and simultaneously work on those while doing their core IT or Business job.
Understand that it is not sufficient for just you to have adopted this change. You have to guide and lead the larger community through the various stages of change, namely
1) Awareness
2) Interest (people develop curiosity)
3) Trail (skepticism is overcome)
4) Adoption
I will further share my experience about managing change during these various stages in some later blog or if there is an interest in the community.

Arvind