Archive for ‘Misc’


What is Apache Hadoop?

Apache Hadoop is an open source framework for distributed storage and processing of large sets of data on commodity hardware. Hadoop enables businesses to quickly gain insight from massive amounts of structured and unstructured data.

Enterprise Hadoop: The Ecosystem of Projects

Numerous Apache Software Foundation projects make up the services required by an enterprise to deploy, integrate and work with Hadoop. Each project has been developed to deliver an explicit function and each has its own community of developers and individual release cycles.


Data Management. Store and process vast quantities of data in a storage layer that scales linearly.

Hadoop Distributed File System (HDFS) is the core technology for the efficient scale out storage layer, and is designed to run across low-cost commodity hardware. Apache Hadoop YARN is the pre-requisite for Enterprise Hadoop as it provides the resource management and pluggable architecture for enabling a wide variety of data access methods to operate on data stored in Hadoop with predictable performance and service levels.

Apache Hadoop YARN
Part of the core Hadoop project, YARN is a next-generation framework for Hadoop data processing extending MapReduce capabilities by supporting non-MapReduce workloads associated with other programming models.

Hadoop Distributed File System (HDFS) is a Java-based file system that provides scalable and reliable data storage that is designed to span large clusters of commodity servers.

Data Access. Interact with your data in a wide variety of ways – from batch to real-time.

Apache Hive is the most widely adopted data access technology, though there are many specialized engines. For instance, Apache Pig provides scripting capabilities, Apache Storm offers real-time processing, Apache HBase offers columnar NoSQL storage and Apache Accumulo offers cell-level access control. All of these engines can work across one set of data and resources thanks to YARN and intermediate engines such as Apache Tez for interactive access and Apache Slider for long-running applications. YARN also provides flexibility for new and emerging data access methods, such as Apache Solr for search and programming frameworks such as Cascading.


MDS UAE acquires eHosting DataFort

MDS UAE has acquired managed services company, eHosting DataFort, from Tecom Investments to offer its customers an enhanced portfolio of solutions.

“eHosting DataFort will be able to help us in providing hybrid solutions to our customers. We can build and host private and public cloud; and simultaneously we can continue doing on-premise installation and implementation for our customers. And this is within our role as a SI, we don’t want to be a co-location only or just hosting, we want to have a full IT service provider capabilities along with systems integration,” Sami Abi Esber, President, Board Member, Midis Group.

Over the next couple of months, the SI will integrate the newly acquired business to provide complete hybrid solutions to the customers seamlessly.

“Managed services is an important avenue of growth for systems integrators. Some of our customers prefer someone to take over the IT infrastructure and manage it, so that they can focus more and more on the core business. They outsource all the IT infrastructure and this is what we are doing now through eHosting DataFort – we are managing the hardware, storage, managing the full IT infrastructure for many of our customers,” he explains.

MDS Gulf has entities in UAE, Qatar, Oman and it has most recently opened up office in Kuwait two months ago.


Think your good? Prove it – IT security exams on the fly



Click and select


US govt issues advice on iOS Masque vulnerability

US govt issues advice on iOS Masque vulnerability

The US government’s cyber security experts this week issued an online notice warning Apple users of the recently discovered Masque Attack vulnerability resident in iOS that could allow malicious parties to steal sensitive data.

The National Cybersecurity and Communications Integration Centre and the US Computer Emergency Readiness unit posted the alert following a week in which the first known exploitation of the flaw in the wild was reported by Palo Alto Networks. The campaign, known as WireLurker, mainly affected Chinese Apple users and according to Ryan Olson, intelligence director, Unit 42, Palo Alto Networks, compromised data was limited to address book contacts and messaging IDs.

But “they could just as easily take your Apple ID or do something else that’s bad news,” he added.

Later, FireEye revealed it had discovered the underlying Masque Attack vulnerability earlier this year, and had informed Apple in July. The flaw taints trusted apps installed on iDevices from the App Store, by tricking users into installing malware disguised as updates, via malicious text messages, emails and Web links. Once the installed malware has hijacked the apps, it has access to a range of sensitive information, including login credentials for services such as email and banking.

“It is a very powerful vulnerability and it is easy to exploit,” said Tao Wei, senior staff research scientist, FireEye.

Apple’s strict security layers make its OS platforms more difficult to compromise than Android and Windows systems. According to David Richardson, iOS product manager at mobile security firm Lookout, the Masque Attack sidesteps Apple’s security by exploiting a toolkit deployed by the Cupertino firm to allow developers to roll out software without having to first upload it to the App Store.

According to the US government’s alert bulletin, users can protect themselves by not clicking “Install” on any pop-up messages while surfing the Web. If iOS displays an “Untrusted App Developer” warning, users are advised to click on “Don’t Trust” and immediately uninstall the app.

The precise identity and motives of Wirelurker’s creators is unknown, but Palo Alto said the infection started in a third-party Chinese apps store, where more than 400 infected apps were downloaded over 350,000 times onto Mac computers, mostly in China.


Cyberoam Central Console CCC

The Cyberoam Central Console (CCC) appliances enable Enterprises and MSSPs to centrally manage Cyberoam network security appliances deployed across branch offices or customer offices. Providing flexibility of hardware and virtual platforms, CCC appliances simplify centralized security management, reduce administrative overhead and aid compliance reporting for distributed enterprises and MSSPs as required for their growing networks.

Next-Generation Management series of CCC appliances (CCC NM) deliver high performance from underlying powerful new hardware and fulfill demanding processing needs to support security policy enforcement in large, complex and dispersed networks.

With effective centralized controls, CCC NM appliances give IT Managers and MSSPs the confidence to centrally manage multiple sites while allowing adequate flexibility and manageability. In addition, CCC NM appliances offer a range of features that help simplify security management for actions like rapid deployment of organization-wide security policies and updates, intelligent grouping of Cyberoam appliances on various meaningful criteria, role-based administration, template-based configuration and more to better protect dispersed networks, resulting in benefits of reduced cost, complexity and time.


Gartner’s Magic Quadrant for Security Information and Event Management SIEM

The security information and event management (SIEM) market is defined by the customer’s need to analyze security event data in real time for internal and external threat management, and to collect, store, analyze and report on log data for incident response, forensics and regulatory compliance. The vendors included in our Magic Quadrant analysis have technologies that have been designed for this purpose, and they actively market and sell these technologies to the security buying center.
SIEM technology aggregates event data produced by security devices, network infrastructures, systems and applications. The primary data source is log data, but SIEM technology can also process other forms of data, such as NetFlow and packet capture. Event data is combined with contextual information about users, assets, threats and vulnerabilities. The data is normalized, so that events, data and contextual information from disparate sources can be correlated and analyzed for specific purposes, such as network security event monitoring, user activity monitoring and compliance reporting. The technology provides real-time security monitoring, historical analysis and other support for incident investigation and compliance reporting.
SIEM is a $1.5 billion market that grew 16% during 2013 — with an expected growth rate of 12.4% during 2014. For exclusion, Gartner considers revenue and relative visibility of vendors in the market. The revenue threshold is $13.5 million per year for 2013 (net new license revenue plus maintenance). Visibility is calculated from the following factors: presence on Gartner client shortlists, presence on vendor-supplied customer reference shortlists, mentions as a competitor by other SIEM vendors and search references on
The following criteria had to be met for vendors to be included in the 2014 SIEM Magic Quadrant:
  • The product must provide SIM and SEM capabilities.
  • The product must support data capture from heterogeneous data sources, including network devices, security devices, security programs and servers.
  • The vendor must appear on the SIEM product evaluation lists of end-user organizations.
  • The solution must be delivered to the customer environment as a software- or appliance-based product (not a service).
SIEM technology provides:
  • SIM — Log management, analytics and compliance reporting
  • SEM — Real-time monitoring and incident management for security-related events from networks, security devices, systems and applications
SIEM technology is typically deployed to support three primary use cases:
  • Threat management — Real-time monitoring and reporting of user activity, data access and application activity, in combination with effective ad hoc query capabilities
  • Compliance — Log management and compliance reporting
  • A deployment that provides a mix of threat management and compliance capabilities


HP’s ArcSight line of SIEM solutions resides within HP’s Enterprise Security Products (ESP) business unit, which also includes HP TippingPoint and HP Fortify. ArcSight Enterprise Security Manager (ESM) software is oriented to large-scale, SEM-focused deployments. ArcSight Express is an appliance-based offering for ESM that is designed for the midmarket with preconfigured monitoring and reporting. ArcSight Logger appliances and software provide log data collection and management functions that can be implemented stand-alone or in combination with ESM.
During 2013, ArcSight remained among the most visible SIEM competitors on Gartner client shortlists, but the introduction of competitive SIEM technologies within large ArcSight accounts continued, with customers citing ESM complexity and cost as inhibitors to expansion. With ArcSight ESM version 6, HP replaced the ESM Oracle Database with the Correlation Optimized Retention and Retrieval Engine (CORR-Engine) and implemented a simplified events per second (EPS)-based pricing model. We have validated significant improvements in event-handling capacity on the same hardware with reference customers. In late 2013, HP introduced ArcSight Risk Insight for ESM, which provides risk rating and management dashboards for security event data. HP also introduced ArcSight Application View, which enables application activity monitoring that is not dependent on log data. HP also released enhancements to ArcSight Express to simplify deployment and customization. Development plans include further integrations with HP’s Vertica Analytics Platform and additional improvements in ease of deployment.
ArcSight Express should be considered for midsize SIEM deployments. ESM is appropriate for larger deployments, as long as sufficient in-house support resources are available.
  • ESM provides a complete set of SEM capabilities that can be used to support a security operations center.
  • ArcSight Express provides a simplified option for midsize SIEM deployments.
  • ArcSight Logger can provide an inexpensive log management capability for two-tier deployment architectures that require long-term event archiving.
  • Optional modules provide advanced support for user activity monitoring, IAM integration and fraud management.
  • ArcSight continues to be very visible in competitive evaluations of SIEM technologies.
  • ArcSight provides real-time statistical correlation, but profiling and anomaly detection operate against historical data only.
  • While the CORR-Engine has eliminated a major source of deployment and support complexity, customers will still find ESM to be more complex than other leading solutions.

IBM Security

IBM Security’s QRadar SIEM technology provides log management, event management, reporting and behavioral analysis for networks and applications. QRadar can be deployed as appliance or software (running on Red Hat Enterprise Linux Server appliances) in an all-in-one solution for smaller environments, or it can be horizontally scaled in larger environments using specialized event collection, processing and console appliances. A distinguishing characteristic of the technology is the collection and processing of NetFlow data, DPI, full packet capture, and behavior analysis for all supported event sources.
Enhancements to QRadar during the past 12 months included the introduction of QRadar Incident Forensics, which extends flow analysis, adding DPI and full packet capture capabilities. In addition, IBM Security introduced integrated vulnerability scanning via QRadar Vulnerability Manager (using technology licensed from Critical Watch), as well as new graphing/charting capabilities, improved search performance and API enhancements. IBM has developed two-way integration between QRadar and IBM’s InfoSphere BigInsights, and also with IBM’s analytics and data visualization technologies. IBM also provides additional connectors to Hadoop instances.
IBM offers a co-managed service option for QRadar, which combines an on-premises QRadar deployment with remote monitoring from IBM’s managed security services operations centers. QRadar is a good fit for midsize and large enterprises that need general SIEM capabilities, and also for use cases that require behavior analysis, NetFlow analysis and full packet capture.
  • QRadar provides an integrated view of the threat environment using NetFlow DPI and full packet capture in combination with log data, configuration data and vulnerability data from monitored sources.
  • Customer feedback indicates that the technology is relatively straightforward to deploy and maintain in both modest and large environments.
  • QRadar provides behavior analysis capabilities for NetFlow and log events.
  • QRadar provides less-granular role definitions for workflow assignment compared with competitors’ products.
  • QRadar’s multitenant support requires a master console in combination with distributed QRadar instances. The number of third-party service providers that offer QRadar-based monitoring services is limited when compared with vendors that lead in this area.
  • McAfee

    McAfee, part of Intel Security, provides McAfee Enterprise Security Manager (ESM), which combines security information management (SIM) and SEM functions, and is available as a stand-alone, all-in-one, virtual appliance and delivered as a managed service by partners. Capabilities can be extended and enhanced with a range of specialized add-on products, such as Database Event Monitor (DEM), which provides database activity monitoring and analysis, Application Data Monitor (ADM) for application monitoring, and Global Threat Intelligence (GTI). McAfee is further developing integration of ESM with its wider security portfolio to enable context about vulnerabilities, endpoint state and threats, and to enable automated response and blocking.
    Among the enhancements released in the past 12 months were a new suite of regulatory compliance reports, the capability to use flow data and statistical anomaly tracking in correlation rules, and big data connectors for Hadoop integration. Data obtained via the Hadoop connectors can be used to populate watchlists for correlation and to enrich SIEM data. Plans for the next 12 months include deeper integrations with McAfee’s own portfolio to enable autoresponse capabilities such as policy changes on end-user devices, the quarantining and blacklisting of malicious activity, a software development kit (SDK) for external data queries and system management, enhanced threat detection utilizing Data Exchange Layer and Threat Intelligence Exchange, and additional data obfuscation for enhanced compliance in privacy laws.
    McAfee Enterprise Security Manager is a good choice for organizations that require high-performance analytics under high-event-rate conditions, as well as organizations with advanced requirements for monitoring database applications and industrial control systems.
    • Some of the highest event ingest rates and query performance levels that we have been able to validate have been with McAfee Enterprise Security Manager customers.
    • Database and application monitoring, as well as network-based packet inspection, are provided for via McAfee Enterprise Security Database Event Monitor and Application Data Monitor.
    • McAfee Enterprise Security Manager has strong industrial control system (ICS) and supervisory control and data acquisition (SCADA) device support.
    • Users have indicated that vendor support is good, but it can be difficult reaching the right point of contact.
    • McAfee’s advanced SIEM features and capabilities in areas such as endpoint intelligence and automated response require integrations with, or further investments in, other McAfee portfolio products.
    • NetFlow filtering and alerting capabilities are limited. For example, there is no easy way to include all the packet data from an event that caused an alert in an email notification.


    During 2013, NetIQ focused on completing the consolidation of NetIQ Sentinel (acquired from Novell) with its existing SIEM technology, as well as with its Change Guardian host monitoring. NetIQ’s SIEM offering is based primarily on the Sentinel platform, in combination with agent technology and content from Security Manager. NetIQ Sentinel is composed of three packages: Sentinel, Sentinel Log Manager and Change Guardian. Optional host monitoring agents are also available. Sentinel and Change Guardian are offered both as software and virtual appliance deployments. NetIQ Sentinel integrates with other core NetIQ technologies (AppManager, Identity Manager, Access Manager, Directory and Resource Administrator, and Secure Configuration Manager). Enhancements in 2013 included a common administration interface for Sentinel and Security Manager components, initial support for NetFlow analysis, initial support for user import of threat intelligence feeds, and visualizations and point improvements in other areas. Development plans include improvements in scalability, usability and MSSP support.
    Sentinel is a good fit for organizations that require large-scale security event processing in highly distributed environments (such as retail). and is an especially good choice for organizations that have deployed NetIQ IAM infrastructure and need security monitoring with an identity context.
    • Sentinel and Sentinel Log Manager are appropriate for large-scale deployments that are focused on SEM and threat monitoring.
    • The Change Guardian product line provides policy-based privileged, user activity monitoring and change detection for Active Directory, Windows, Unix and Linux, as well as file integrity monitoring for host systems.
    • NetIQ agent technology can provide guaranteed delivery mechanisms over and above native platform audit functions or agentless methods for use cases that require user and data access monitoring for servers.
    • NetIQ Sentinel has relatively low visibility in competitive evaluations of security monitoring technology.
    • There are no specific integrations with IP reputation or other external threat intelligence feeds, although the vendor indicates the intention to release initial support during 2014.
    • Remote monitoring services for Sentinel are provided by a smaller number of third-party service providers when compared with major competitors.
    • Sentinel lacks the ability to replay historical event data against current correlation rules for threat detection use cases.


    SolarWinds packages its Log and Event Manager (LEM) software as a virtual appliance. LEM has integrations with SolarWinds’ other products for operations monitoring to support activities such as change detection and root cause analysis. SolarWinds’ development road map is focused on increasing ease of deployment and ease of ongoing operations for resource-constrained security groups. SolarWinds LEM is a good fit for small or midsize companies that require SIEM technology that is easy to deploy and those that use other SolarWinds’ operations monitoring components.
    • SolarWinds LEM is easy to deploy and provides extensive content in the form of dashboards, predefined correlation rules and reports.
    • The technology is also well-suited for organizations that have already invested in the vendor’s other technology solutions.
    • An agent for Windows systems can be used to exert endpoint control, including USB devices, and network quarantine functions in response to events observed by the SIEM offering.
    • SolarWinds LEM is optimized for small to midsize deployments, while other SIEM solutions are a better fit for large-scale deployments.
    • SolarWinds LEM provides basic statistical and behavior analytics, but has no integration with data warehouse technologies.
    • Customers requiring more extensive user and application or Web monitoring must acquire other SolarWinds products to extend the capabilities available in LEM.
    • Although LEM includes a native flow capture and display capability, flow data is not available for real-time correlation in LEM.

SolarWinds SIEM Log & Event Manager (LEM)


Gartner’s top 10 technology trends for 2015: All about the cloud


Since 2007, Gartner has been predicting the top strategic technology trends for the coming year — not an easy task considering the volatility of the IT market. David Cearley, Gartner vice president and fellow who analyzes business and technology trends, has been involved with this research project from the beginning. “We have identified the top ten technology trends that organizations cannot afford to ignore in their strategic planning processes,” he said. “This does not necessarily mean adoption and investment in all the trends at the same rate, but companies should look to make deliberate decisions about them during the next two years.”

In this year’s report, Gartner Identifies the Top 10 Strategic Technology Trends for 2015, the analysts describe their focus this way: “Factors that denote significant impact include a high potential for disruption to the business, end users or IT, the need for a major investment, or the risk of being late to adopt. These technologies impact the organization’s long-term plans, programs and initiatives.”

Cearley suggests that three overarching themes surfaced in the 2015 report:

  • Merging real and virtual worlds
  • Advent of intelligence everywhere
  • Technical impact of the digital business shift

There is an interesting long-term trend forming as well. Inspecting Gartner’s picks for the past three years and its choices for 2015 (links to each year’s report are at the bottom of this article), one notices that every year cloud services play an increased role in which trends are selected.

Table A

In fact, a fair assumption might be that all 10 of the 2015 trends rely on some type of interaction with cloud services. See if you agree; here are Gartner’s top 10 strategic technology trends for 2015.

1: Computing everywhere (first year on list)

Mobile-device proliferation is an obvious trend. Gartner thinks there will be a shift of focus from devices to how the user and device interact in different environments and contexts.

2: Internet of Things (fourth year on list)

Gartner has chosen to reemphasize its four basic “usage” models: Manage, Monetize, Operate, and Extend. It also reiterates: Do not focus too closely on the IoT, but take in the entire picture. Hung LeHong, vice president and Gartner fellow said, “This expanded and comprehensive view of the internet is what Gartner calls the Internet of Everything.”

3: 3D printing (second year on list)

Gartner believes that 3D printing will continue to grow at an incredible rate for the foreseeable future. Businesses must be alert and reevaluate their market position based on what impact 3D printing will have on their products and cost structure.

4: Advanced, pervasive, and invisible analytics (first year on list)

Gartner said that embedded systems (IoT) will only add to the crush of structured and unstructured data already filling company databases. The amount and variety of data will demand more advanced analytics than are currently available. A Gartner researcher said, “The value is in the answers, not the data.”

5: Context-rich systems (first year on list)

Gartner thinks the next step will be to ingrain intelligence into IoT devices that will interact with the advanced analytics mentioned earlier, resulting in systems that will not only report, but also respond to environmental conditions. According to Gartner, “Context-aware security is an early application of this new capability, but others will emerge.”

6: Smart machines (second year on list)

The combination of advanced analytics and context-rich embedded systems will evolve into smart machines. Prototypes of autonomous vehicles, advanced robots, and the like will bring in the most disruptive smart-machine era in the history of IT.

7: Cloud/client computing (sixth year on list)

“Cloud is the new style of elastically scalable, self-service computing, and both internal applications and external applications will be built on this new style,” Cearley said. “While network and bandwidth costs may continue to favor apps that use the intelligence and storage of the client device effectively, coordination and management will be based in the cloud.”

8: Software-defined applications and infrastructure (second year on list)

Expanding the digital environment to include the entire physical world will require flexibility — something existing hardware-controlled networks don’t have. Software-defined networks, storage, data centers, and security will be required to make it all work.

9: Web-scale IT (second year on list)

Gartner believes that organizations will start incorporating global-class computing into the company setting. “The first step should be DevOps — bringing development and operations together in a coordinated way to drive rapid, continuous incremental development of applications and services.”

10: Risk-based security and self-protection (first year on list)

Gartner is following the lead of security pundits and reassessing what security means. Rather than working toward complete protection as in the past. Gartner and others suggest security positioning through risk assessments is a more realistic goal — and it won’t impede progress. Gartner also brought up an interesting concept: “Perimeters and firewalls are no longer enough; every app needs to be self-aware and self-protecting.”


ماجيك ليب – شركة ناشئة متخصصة في تقنية الواقع المعزز

These graphics is published with the permission of GRAPHIC NEWS

October 29, 2014 — A little known firm has attracted $542 million of funding from Google and other wealthy backers. The four-year-old visual display company is developing its own eyeglasses-like device, designed to project computer-generated 3D images over real life settings.


Energy University by Shneider Electric


Click on Photo


VMware Feature WalkThrough


Click on Photo


VMware TestDrive Demo Lab


Click on Photo


F5 versus Citrix ? Who is the Leader

According to F5 and Gartners ADC reports:

Web Application Firewalls Competitivness Chart (Gartner 2014)

F5 tend to not talk about competition and let the technology talk about itself but as Citrix “started” this way of selling, F5 prepared the attached presentation to answer these nine points.

F5 and Citrix are both leaders in ADC Gartner reports but you can notice that F5 is better ranked. Also F5 is a specialized company in ADC and security but Citrix main market is Virtualization and Mobility.

Application Delivery Controllers Competitivness Chart (Gartner 2014)

After all, and as any range of products, the choice also may depend on your actual environment, requirements, budget, ease of use and maintenance for your IT team etc…

And to answer this point that citrix is highlighting : F5’s limitations in enabling next-generation cloud infrastructures and cloud-ready enterprise networks.

F5 improved cloud integration with its new management product BIG-IQ ( ; )

And also F5 has recently acquired “ “ wich is one of the leading cloud-based DDoS protection companies :

While Citrix Caliming: Discover 9 ways NetScaler outperforms F5

Today’s enterprises face new requirements for their data centre and cloud architectures, from keeping pace cost-effectively with fast-growing traffic to ensuring optimal application performance no matter how quickly business needs or the enterprise environment evolve. At the same time, IT must reduce costs and data centre sprawl, ensure security and uptime, and prepare for a new generation of cloud computing initiatives.

F5 Networks has traditionally been the leader in ADC market share; however organisations are discovering F5’s limitations in enabling next-generation cloud infrastructures and cloud-ready enterprise networks. At the same time, Citrix® NetScaler®, developed by the leader in cloud networking, has quickly grown market share by giving customers the features and functionality they need to build next generation-infrastructures—with the flexibility, scalability and performance to deliver optimal value even as customer needs evolve.

This paper highlights nine key data centre and cloud architecture challenges that NetScaler helps solve more effectively than F5 to help you:

1. Address surges in traffic quickly and cost-effectively with on-demand elasticity
2. Reduce TCO within the data centre through ADC consolidation
3. Enable network application-awareness through unique third-party integrations
4. Expand hardware seamlessly without downtime
5. Cloud-enable your data centre for greater agility, elasticity and cost efficiency
6. Drastically increase application performance in real-world environments
7. Focus on application delivery—not programming
8. Combine strong security with high performance
9. Achieve the visibility to deliver an outstanding user experience


VMware vSphere with Operations Management: Driving Greater Value From Your Infrastructure (Webcast)



Click on Photo to run the Seminar


Get every new post delivered to your Inbox.

Join 200 other followers