The E.U. Cyber Resilience Act was enacted on Dec. 10. This legislation impacts all manufacturers, distributors, and tech importers that connect to other devices or networks operating in the bloc. Examples of applicable products include smart doorbells, baby monitors, alarm systems, routers, mobile apps, speakers, toys, and fitness trackers. Those that comply with the legislation will have a CE label, which indicates the device meets E.U. standards for health, safety, and environmental protection, allowing consumers to consider security in purchasing decisions. The Act aims to clarify and cohesively enforce existing cyber security regulations so that all devices sold in the E.U. meet a baseline level of protection. It obligates tech manufacturers, importers, and distributors to provide security support and updates. “Digital hardware and software products constitute one of the main avenues for successful cyberattacks,” the official Act website reads. “In a connected environment, a cybersecurity incident in one product can affect an entire organisation or a whole supply chain, often propagating across the borders of the internal market within a matter of minutes.” Examples of incidents where the security of products with digital elements have been exploited include the WannaCry ransomware, Pegasus mobile phone spyware, and Kaseya VSA supply chain attack. “Before the European Cyber Resilience Act, the various acts and initiatives taken at Union and national levels only partially addressed the identified cybersecurity related problems and risks, creating a legislative patchwork within the internal market,” the Act’s website reads. The legislation includes security requirements for all stages of a product’s lifecycle, from its design and development to production, deployment, maintenance, and eventual disposal. While the Act has now entered force, many obligations will apply in stages, with the majority being required by Dec. 11, 2027. SEE: NIS 2 Compliance Deadline Arrives: What You Need to Know The Product Security and Telecommunications Infrastructure Act, which came into force in April, holds internet-of-things device manufacturers, importers, and distributors in the U.K. to a similar standard. In the country, devices must each come with a unique password, the duration of its security support, and a way of reporting security issues, at minimum. Who must comply with the Cyber Resilience Act? Any company that manufactures, distributes, or imports products with digital components must comply with the Act. These include: Security and access management systems: privileged access management software and hardware, password managers, biometric readers, etc. Software applications: browsers, VPNs, etc. Network and security systems: firewalls, security information, event management systems, etc. Core hardware and components: routers, modems, microprocessors, etc. Operating systems and virtualisation: operating systems, boot managers, hypervisors, etc. Public key and certificate management: public key infrastructure, digital certificate issuance software, etc. Smart devices and IoT products: smart assistants, smart door locks, baby monitors, alarm systems, internet-connected toys with interactive features such as location tracking or filming, wearables for children, health monitoring, etc. Hardware with advanced security functionalities: hardware with security boxes, smart meter gateways, smartcards, etc. These are considered “critical” products so they will be subject to more frequent security updates and enhanced vulnerability management measures. They must also have a European cybersecurity certificate at an assurance level at least “substantial.” Exceptions may be made for devices that are subject to cybersecurity requirements in other legislation, such as medical devices, aeronautical devices, and cars. For a full list, see Annex III and IV of the Act. SEE: Data (Use and Access) Bill: What Is It and How Does It Impact UK Businesses? Must-read security coverage What are the requirements of the Cyber Resilience Act? For manufacturers Patch vulnerabilities in the product for at least five years or its lifespan, whichever is shorter. Maintain technical files that prove compliance at every stage, including designs (security must be “by design and by default”), manufacturing details, and conformity assessments. Affix the CE mark to compliant products and ensure accurate instructions are available in the target markets’ languages. Exploited vulnerabilities must be reported to the European Union Agency for Cybersecurity, ENISA, and designated Incident Response Team within 24 hours of discovery. A vulnerability notification must also be sent out within 72 hours and a final report within either 14 days or a month. Notify users and market surveillance authorities if the company ceases operations. For importers Ensure products comply with regulations by verifying the manufacturer’s documentation. Keep technical documentation and declarations of conformity available for at least ten years after the product’s release. Report non-compliant or risky products to manufacturers or relevant authorities. For distributors Verify the manufacturer’s or importer’s documentation before putting products on the market to ensure compliance with regulations. Ensure storage and transportation conditions do not compromise product compliance. Maintain records of suppliers and customers to facilitate recall or other safety actions. Report non-compliant or risky products to the manufacturer or importer. If the importers or distributors place the product on the market under their own name or trademark, or if an individual makes substantial modifications and then makes it available on the market, they will also be subject to manufacturer-level obligations. How will the Cyber Resilience Act be enforced? The E.U. Cyber Resilience Act will primarily be enforced through conformity assessments and market surveillance. Most assessments can be performed in-house, while critical products should be assessed by accredited third parties. Procedures also vary by product risk level. National Market Surveillance Authorities will monitor compliance through inspections, testing, and checking documentation. What are the penalties for non-compliance? Manufacturers that do not comply with the Act shall be subject to administrative fines of up to €15,000,000 or up to 2.5% of its total worldwide annual turnover for the preceding financial year, whichever is higher. Importers and distributors that do not comply with the Act shall be subject to administrative fines of up to €10,000,000 or up to 2% of its total worldwide annual turnover for the preceding financial year, whichever is higher. Recalls and bans may also be used as corrective actions. Criticism of the Cyber Resilience Act Not everyone is content with the Cyber Resilience Act. In 2023, 34% of global CISOs

By Xiumei Dong ( December 11, 2024, 4:33 PM EST) — Morrison Foerster LLP is expanding its emerging companies and venture capital practice on the East Coast, announcing Wednesday it is bringing in a group of seven lawyers from Goodwin Procter LLP in New York…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

Traditional managed services have long been caught in a fundamental dilemma: achieving high-quality service delivery while maintaining cost-effectiveness. After offshore and cloud, managed services are being reshaped by AI at a fundamental level, introducing a new services paradigm that blends performance-based models, automation, and human-centric refinement. This shift is happening across industries, from HR and supply chain to help desk and manufacturing operations. AI-led services represent the next wave, potentially replacing or significantly augmenting human capital. Contact Centers As The Tip Of The Spear Consider the contact center, a historically manual, low-margin cost center. Enter the AI-powered model: An AI platform handles the lion’s share of interactions and continuously learns from every engagement. AI-first providers such as Crescendo are delivering managed services as software that flip the economics and the value proposition of traditional business process outsourcing. Crescendo’s platform promises to leverage advanced large language models and proprietary IP to handle 50–70% of interactions seamlessly. The rest — complex, high-touch cases — go to top-tier human experts. Knowledge engineers use customer interactions to constantly refine and improve the AI models, ensuring that the system gets smarter and more effective over time. Complexity doesn’t vanish overnight, but the reliance on large manual operations decreases as the AI becomes better at understanding context, maintaining accuracy, and adhering to brand voice. The Economics Of AI-Powered Services Perhaps the most revolutionary aspect of AI-powered managed services is their economic model. Rather than charging for labor hours or headcount, these services are increasingly moving toward outcome-based pricing. This approach aligns provider incentives with customer success metrics, fundamentally changing the dynamics of service delivery. Key advantages of this model include: Predictable costs tied directly to successful outcomes. Reduction of traditional staffing and training overheads. Reduced operational complexity. Scalability without proportional cost increases. The Learning Organization What sets advanced AI-powered managed services apart is their ability to learn and improve continuously. Unlike traditional services where knowledge often remains siloed within individual agents, AI systems can systematically capture and apply insights from every interaction. Knowledge engineers play a crucial role in this ecosystem. This knowledge loop creates a virtuous cycle: Each interaction provides data for model improvement. Enhanced models deliver better customer experiences. Improved experiences generate more positive interaction data. The system becomes increasingly effective over time. The Road Ahead: Fully Managed, Always Improving While the market is in its early stages, venture capital and investment firms are betting heavily on these AI-powered services. They anticipate adoption rates that could surpass the SaaS revolution, driven by clear ROI and immediate operational benefits. Contact centers are proving to be the perfect testing ground, but this model will expand across IT services, HR, supply chain, and other domains of operation where service quality and cost efficiency matter. This is what the future looks like: managed services that aren’t merely offshored or outsourced but are continuously optimized, AI-infused, and laser-focused on business results. Organizations can leverage these AI-powered managed services in two complementary ways: Transform delivery of mission-critical but nondifferentiating capabilities. Customer service, IT support, and back-office operations can be optimized through AI-powered managed services, freeing resources for strategic initiatives. Use these partnerships as learning laboratories. Understanding how AI models operate in managed services will provide valuable insights for future applications in core, differentiating business capabilities. Read our recent report to learn more about how generative AI is disrupting professional services. source

At NetApp, we recognize that AI is not merely a technological tool—it’s a transformative mindset that can reshape organizations and industries. To harness its full potential, it is essential to cultivate a data-driven culture that permeates every level of your company.  Our company is not alone in adopting an AI mindset. Notably, hyperscale companies are making substantial investments in AI and predictive analytics. Their role is crucial in assisting businesses in improving customer experiences and creating new revenue streams through AI-driven innovations. However, each cloud provider offers distinct advantages for AI workloads, making a multi-cloud strategy vital.  AWS provides diverse pre-trained models for various generative tasks, including image, text, and music creation.  Google is making strides in developing specialized AI models, such as those tailored for healthcare applications like ultrasound image interpretation.  Azure’s generative AI solutions integrate seamlessly with Microsoft’s ecosystem, offering a cohesive experience for organizations heavily invested in their products.  NetApp’s first-party, cloud-native storage solutions enable our customers to quickly benefit from these AI investments. For example, NetApp BlueXP workload factory for AWS integrates data from Amazon FSx for NetApp ONTAP with Amazon Bedrock’s foundational models, enabling the creation of customized retrieval-augmented generation (RAG) chatbots. This integration allows organizations to leverage their proprietary data in generative AI applications, enhancing the relevance and accuracy of AI-generated responses. By using a multi-cloud approach, businesses can take advantage of each cloud provider’s unique strengths and choose the best platform for each GenAI RAG-based project, without being limited to just one provider’s ecosystem. Moreover, multi-cloud data solutions are essential for complying with regulatory frameworks like the Digital Operational Resilience Act (DORA) from the European Union, which goes into effect this January. DORA security requirements apply to a wide range of financial institutions, including banks, investment firms, payment service providers, asset managers, and crypto-asset service providers. Additionally, it encompasses third-party information and communications technology (ICT) service providers who deliver critical services to these financial organizations, such as data analytics platforms, software vendors, and cloud service providers. DORA requires financial firms to have strategies in place to manage risk related to their third-party service providers, such as AWS and Microsoft Azure. Whether it’s a managed process like an exit strategy or an unexpected event like a cyber-attack. By using intelligent data infrastructure from NetApp, financial institutions can securely end contracts with third-party providers and seamlessly transfer training and inferencing data to a new cloud platform. This ensures uninterrupted business operations during the transition, maintains service quality for clients, and adheres to regulatory requirements. In addition, they can actively detect and safeguard the data, enabling rapid recovery in the event of an attack. NetApp believes that, even though many businesses will choose public cloud services for AI, there are compelling reasons why specific organizations may decide to run AI workloads in their private data centers or use a hybrid cloud model. For particular industries, such as healthcare, defense contracting, government, and finance, the sensitivity of their business data makes cloud-based data preparation, model training and fine-tuning, and inferencing unsuitable. Our data solutions support companies that opt for a do-it-yourself (DIY) approach with proprietary or open-source models, leverage a turn-key Converged AI solution like NetApp AIPod with Lenovo or FlexPod for AI, or adopt a hybrid model that combines data center resources with cloud-based services. NetApp data solutions support a hybrid, multi-cloud strategy  AI has advanced rapidly, with models increasing in complexity, data sets expanding in size, and the demand for real-time insights becoming more crucial. Organizations can use hybrid, multi-cloud strategies to distribute their AI workloads across on-premises and different cloud environments, optimizing performance, cost, and resource allocation. NetApp has the tools necessary to make your hybrid, multi-cloud AI deployments a success: Unified data management: It is no secret that data silos slow down AI projects. NetApp’s intelligent data infrastructure unifies access to file, block, and object storage, offering configurations ranging from high-performance flash to cost-efficient hybrid flash storage. It is available in data centers, colocation facilities, and through our public cloud partners. As the only provider offering first-party, cloud-native storage solutions on all three major public clouds—Amazon FSx for NetApp ONTAP, Microsoft Azure NetApp Files, and Google Cloud NetApp Volumes—NetApp enables organizations to easily move, manage, and protect their data across various cloud platforms, reducing the strain of moving data and minimizing data silos. Integrated AI service capabilities: To leverage the unique strengths of each cloud platform with industry-specific knowledge or business-specific information, organizations need to integrate proprietary enterprise data with custom task-based models. This can be a challenging task. NetApp has developed a variety of integrated toolkits that are helping to solve this problem. Our AWS customers can deploy and manage RAG pipelines with the launch of the GenAI capability in BlueXP workload factory. With this new capability, customers can securely connect data in ONTAP with Amazon Bedrock to develop GenAI applications without having to copy it to Amazon S3. The GenAI toolkit, which supports Google Cloud NetApp Volumes, speeds up the implementation of RAG operations while enabling secure and automated workflows that connect data stored in NetApp Volumes with Google’s Vertex AI platform.  NetApp’s GenAI toolkit is also in preview in Azure NetApp Files in Microsoft Azure. To have GenAI RAG-based applications that can provide the most relevant results, companies need the ability to seamlessly connect custom models from any cloud partner to their business data. Data governance: Data classification involves categorizing data based on its sensitivity, value, and regulatory requirements across multiple clouds. Our comprehensive set of features goes beyond basic data cataloging. Leveraging AI, machine learning, and natural language processing technologies, we categorize and classify data by type, redundancy, and sensitivity, highlighting potential compliance exposures. NetApp offers a range of data classification strategies tailored to the unique challenges posed by Generative AI: Data Estate Visibility: Improve the cleanliness of your data and gain knowledge about sensitive information with complete visibility of your entire NetApp data estate, both on-premises and in the public cloud Discover Personal and Sensitive Data: Our classification capabilities can

LinkedIn Email Facebook Twitter WhatsApp The post 行業研究報告: 生成式人工智能將如何改變策略遠見 appeared first on VeriMedia. source

Routers and firewalls are network security devices, sometimes grouped into business and home network packages or sold separately as dedicated hardware. Though the two are closely linked, routers and firewalls are very different devices. Router: Exchanges data between networks or gateways. Firewall: Blocks traffic from protected networks. Put simply, routers connect networks and move data efficiently, while firewalls protect networks by controlling and securing the flow of data. For home networks, most people already have a router with a built-in firewall. Under normal circumstances, they don’t need to get an extra firewall to keep their network safe. Businesses, on the other hand, typically have more than one router and benefit from having a discrete firewall device or application. Thoughtful deployment of both elements is an important part of securing a business network. 1 RingCentral RingEx Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Medium, Large, Enterprise Features Hosted PBX, Managed PBX, Remote User Ability, and more 2 Talkroute Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Call Management/Monitoring, Call Routing, Mobile Capabilities, and more Key differences between routers and firewalls Here is a quick breakdown of the key differences between routers and firewalls: Network Role: Routers and firewalls serve different purposes in a network. A router connects networks and ensures data travels efficiently between them, like a VoIP router for voice traffic. A firewall, on the other hand, is like a security checkpoint, inspecting and filtering data to block potential threats. Traffic Management: Routers focus on directing traffic based on IP addresses, determining the best path for data to reach its destination. Firewalls control traffic by applying security rules, deciding what data is allowed to pass through or be blocked based on factors like source, destination, and content. Default Behavior: By default, routers allow all data to pass unless specific restrictions are added. Firewalls take the opposite approach: they block most traffic unless explicitly allowed, prioritizing security over openness. Placement: Routers are typically positioned at the edge of the network to connect it to the internet or other networks. Firewalls can be placed at the edge or internally within the network to control access between segments, adding extra layers of protection. Customization and Control: Firewalls are built for granular control, letting you enforce security policies based on specific applications, users, or behaviors. Routers, while configurable, prioritize speed and efficiency over detailed filtering. Why router vs firewall doesn’t matter on a home network Most routers have a built-in firewall that offers basic protection for homes and very small offices. Typically it is a stateful firewall capable of inspecting traffic flows and performing basic perimeter security. Because the router already has a firewall installed, the average home network does not need a separate or additional firewall. These simple networks tend to have a handful of devices connected to a single router, and the integrated firewall is enough to keep the network safe from unwanted traffic and prevent unauthorized users from gaining access to the network. On top of this, modern devices have built-in firewalls of their own. Windows Defender and Android Firewall are two common examples. From the moment your ISP turns on the internet at your house, every device connected to the router is already shielded from the public internet by multiple firewalls. If you are doing something out of the ordinary at home — like running a business with sensitive information or hosting a game server — more advanced software or hardware firewall protections will be important to set up. People with a lot of IoT (Internet of Things) devices on a home network might also consider additional firewall protections as one of the ways to reduce IoT attack surface. But outside the edge-cases, you really don’t have to compare router versus firewall at all — you probably have both already. Why router vs firewall matters a lot for business On business networks, tons of devices are logging in and out constantly, using cloud applications and potentially connecting to offices at other locations over a Wide Area Network (WAN). Unlike simple home networks, business networks have multiple routers (and a host of other elements) that connect physical and virtual resources to users. Routers play a key role in setting up an effective network security architecture, and while they may have built-in firewall functionality, businesses most often have dedicated hardware and/or software firewalls. Organizations need to protect their connected devices from virus and malware threats, but also from sophisticated security concerns that would never impact a home network. Business-grade firewalls offer granular control over the traffic, which means that managers can regulate access separately for different users and applications. This is important when you have protected resources on the network that you need to make available to the public, remote workers, or third-parties. This access control is centralized in a business’s firewall security policy, which a network manager can view and control. Many businesses also deal with payment information flowing in and out of their networks, either for customer purchases or employee salaries, so their systems are required to be HIPAA and PCI-DSS-compliant — which isn’t always possible with consumer-grade firewall tech. Businesses have other considerations as well, such as whether their routers or firewalls should be placed at the network edge. Edge routers are typically used to give access to remote workers so they can connect to the corporate network. In fact, the terms “edge routers” and “firewalls” are often used interchangeably to describe a network security device that protects the LAN from a point “between” networks. Can a router and firewall be on the same device? Certain software-defined networks and routers come equipped with software firewalls already installed. Some businesses prefer this because of the simplicity of having the two integrated. It just doesn’t make much sense to have multiple devices that need to be configured and managed separately, especially

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More IP Copilot, a startup using artificial intelligence to modernize intellectual property management, announced today it has raised $4.2 million in seed funding led by Salesforce Ventures and Preface Ventures, with participation from NextGen Ventures and Notation. The San Francisco-based company, founded by AI experts with over 1,000 patents between them, aims to streamline how enterprises discover and protect innovative ideas by analyzing internal communications and documents in real-time. “Everyone is an inventor,” said Austin Walters, CEO of IP Copilot, in an exclusive interview with VentureBeat. “Engineers are busier than ever and our goal is to minimize friction between ideas and patents, helping more innovators become inventors.” Unlike other AI tools focused on patent drafting, IP Copilot emphasizes early discovery by integrating with platforms like Slack and Jira to identify potentially patentable ideas as they emerge in everyday work conversations. How AI supercharges IP legal teams’ workflow “At a large company, one IP counsel might be responsible for 10,000 employees. You can’t possibly read all the Slacks available to you every day, all your Jira tickets, and all the confluence pages that change,” explained Jason Harrier, who recently joined as founder and general counsel after serving as Head of IP at Plaid. “Our tool gives patent teams the superpowers to actually read everything available to them and automatically categorize the best patent candidates.” The company’s approach combines traditional machine learning with large language models, prioritizing accuracy over pure automation. “About 60% is traditional machine learning,” said Harrier. “We use what I think is the best AI for what it does well, and then use large language models where they work really well.” To address privacy concerns, the system only monitors public channels and can be deployed within an enterprise’s own cloud environment. “Everything is a first-party system with us,” Walters emphasized. “We’re not sending communications to a third party.” Enterprise IP management faces AI transformation The funding comes at a critical time for enterprise IP management. As AI innovation accelerates, companies are struggling to identify and protect intellectual property effectively. While most AI startups in the space focus on automating patent drafting, IP Copilot’s emphasis on early discovery could reshape how companies build their patent portfolios. The startup’s roadmap suggests broader ambitions. Plans include expanding into trade secret management and introducing natural language interfaces for portfolio analysis. These moves could position IP Copilot to become a comprehensive IP intelligence platform rather than just another legal tech tool. But perhaps the company’s most striking innovation isn’t technological – it’s philosophical. In a landscape crowded with AI companies promising to replace human expertise, IP Copilot has chosen a different path. “AI isn’t going to take your job,” says Harrier, “but an attorney that’s using AI could take your job.” For patent professionals watching the AI revolution unfold, that distinction might make all the difference. source

LinkedIn Email Facebook Twitter WhatsApp The post 行業研究報告: 人工智能造福人類（Deloitte_ITU） appeared first on VeriMedia. source

CrowdStrike and Palo Alto Networks are the top providers in the endpoint security industry today. The CrowdStrike Falcon XDR platform has stood as a community favorite for years, bringing high-quality protection, fast investigations, and an easy-to-use console to its service. Meanwhile, Palo Alto’s Cortex XDR delivers a robust service in its own right. It offers ML-powered behavioral analytics and powerful malware analysis sandbox capabilities that keep organizations safe from advanced threats. In this article, I give you a rundown of some of the main differences between CrowdStrike and Palo Alto in 2024. Recommended Alternative: CrowdStrike CrowdStrike offers the most complete CNAPP to stop breaches from code to cloud. Unified Platform and Agent: CrowdStrike Falcon® Cloud Security simplifies cloud protection with a single-agent, single-platform model, offering seamless workload security across the enterprise. In contrast, Palo Alto’s Prisma Cloud is an entirely separate console from Cortex XDR, increasing complexity and reducing analyst efficiency. Elite Threat Intelligence: Falcon Cloud Security seamlessly integrates in-depth threat intelligence with context-aware indicators, delivering unmatched visibility into the relationships between IOCs, cloud workloads, and adversaries across a comprehensive, real-time threat landscape. Unlike Prisma Cloud, which relies on threat intel detections powered by its AutoFocus product, CrowdStrike uniquely provides adversary profiles and attribution, offering a deeper understanding of threats and the actors behind them. Pre-Built Detections and Alert Correlation: Falcon Cloud Security delivers advanced runtime detections powered by on-sensor machine learning and integrated threat intelligence, all within a unified console. This enables SOC analysts to investigate alerts quickly and in context. Palo Alto’s reliance on static baselines for newly deployed containers requires manual tuning, leaving new workloads vulnerable. Learn More About Falcon Cloud Security. ESET PROTECT Advanced Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Advanced Threat Defense, Full Disk Encryption , Modern Endpoint Protection, and more ManageEngine Desktop Central Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Activity Monitoring, Antivirus, Dashboard, and more CrowdStrike Falcon vs Palo Alto Cortex XDR: Comparison table CrowdStrike Falcon Palo Alto Cortex XDR Starting price $184.99 per device, billed annually Contact sales for pricing Magic Quadrant for Endpoint Protection Platforms Leader Leader Machine learning Yes Yes Behavioral analysis Yes Yes Ease of use (Gartner rating) 4.6 4.7 CrowdStrike Falcon vs Palo Alto Cortex XDR: Pricing CrowdStrike Falcon pricing CrowdStrike’s EDR software is available through its Falcon Enterprise and Falcon Elite subscription tiers. Below is an overview of pricing and features for both: Falcon Enterprise: $184.99 per device, billed annually; EDR, XDR, managed threat hunting, and integrated threat intelligence. Falcon Elite: Contact sales for pricing; all Enterprise features plus, identity protection, Falcon Discover IT Hygiene, and Falcon Identity Protection. You can avail of a 15-day free trial for the CrowdStrike Falcon through their online form. This includes their Falcon platform, plus its Falcon Prevent next-generation antivirus and Falcon Device Control services. Personally, I recommend going this route to get hands-on time with their software and whether it fits your business’ needs. Palo Alto Cortex XDR pricing Compared to CrowdStrike, Palo Alto’s Cortex XDR unfortunately doesn’t have transparent pricing on its product page. It has two main subscription options: Cortex XDR Prevent and Cortex XDR Pro. Below is an overview of the feature differences between both: Cortex XDR Prevent: Contact sales for pricing; NGAV, endpoint protection. Cortex XDR Pro: Contact sales for pricing; all Prevent features plus EDR, and optional add-ons for managed detection and response, identity threat detection and response, host insights, and forensics. Interested customers can contact Palo Alto to arrange a 30-minute product demo of their Cortex XDR solution. In my view, this is the first step to take if you’re considering their Cortex XDR software for your business. The demo can be requested via an online form on their official website. CrowdStrike Falcon vs Palo Alto Cortex XDR: Feature comparison Threat detection and mitigation With CrowdStrike, you get consolidation of cloud, identity, endpoint, data protection, IT automation, and other attack surfaces into a single, unified console. This provides IT teams with a comprehensive threat detection tool that’s both effective in its deployment and user-friendly in its management. CrowdStrike’s Charlotte AI query dashboard. Image: CrowdStrike Its Falcon Insight XDR also includes its new Charlotte AI generative AI cybersecurity analyst. Through Charlotte AI, security professionals are able to cut hours in threat investigation time and prioritize high-level incidents via automated workflows and your traditional query writing. On the flipside, Palo Alto Cortex XDR prioritizes accurate threat detection using a blend of machine learning and behavioral analytics. With their platform, endpoints are secured through NGAV, host firewalls, USB device controls, among others, to make sure no cracks or possible vulnerabilities can be exploited by threat actors. MITRE ATT&CK Framework within Cortex XDR. Image: Palo Alto Cortex XDR’s behavior analytics are also crucial in finding hidden threats such as credential attacks, insider threats and abuse, and data exfiltration techniques. More cloud security coverage Independent assessments Both CrowdStrike and Palo Alto have garnered positive recognition from key independent firms looking at endpoint protection and extended detection and response providers. In Gartner’s Magic Quadrant for Endpoint Protection Platforms report for 2024, both providers were considered Leaders in the EPP space. This means they both offered balanced services, extensive EDR capabilities, and integrated workspace security functionality, per Gartner’s criteria. Magic Quadrant for EPP published in September 2024. Image: Gartner In the report, CrowdStrike was praised for its suitability towards a “broad range of organizations worldwide” and companies requiring cloud-delivered EPP deployment. Meanwhile, Cortex XDR was said to be a good choice for organizations with “mature, well-staffed security operations teams” and those seeking security vendor consolidation. Similarly, Forrester also declared CrowdStrike and Palo Alto Networks as Leaders in their Forrester Wave Extended Detection And Response Platforms for Q2 2024. This is impressive since they’re two of only three providers labeled as Leaders, with Microsoft being the last of the set of three.

In celebration of the 100th anniversary of the discovery of quantum mechanics, United Nations has declared 2025 as the International Year of Quantum Science and Technology. If that milestone catches you off guard, don’t be surprised, as much of the activity and focus around quantum computing happens with little fanfare. Progress is steadily being made with quantum research, but the day when somebody can truly “master” quantum mechanics and release its true potential has remained elusive. When that does happen, the good news is that quantum computers will potentially be able to solve in seconds extremely complex tasks that currently take years. The bad news is that quantum computers could also solve the data “puzzles” that are at the heart of encryption protection, leaving all systems and data immediately vulnerable. “The advent of quantum computing is a double-edged sword, offering unparalleled compute power while posing unprecedented cybersecurity challenges. The transition to post-quantum cryptography may seem daunting, but with the right resources, strategic planning, and trusted partnerships, enterprises can ensure the protection of sensitive data against future quantum cyberattacks,” says Heather West, Ph.D., research manager, quantum computing research lead, IDC. Where quantum development is, and is heading In the meantime, the United Nations designation recognizes that the current state of quantum science has reached the point where the promise of quantum technology is moving out of the experimental phase and into the realm of practical applications. “Quantum computing is at an exciting stage, where active collaboration between academia and industry is leading to rapid innovation,” explains Mohit Pandey, a quantum computing scientist who has extensive experience using quantum computing for drug discovery while working in the biotechnology industry. “Before the 2010s, quantum computers were an exotic concept [and] were confined to the isolated academic discussions. But in the last 10 years, we have seen an accelerated pace of the use of quantum technology in business optimization problems, drug discovery, communication, and encryption,” Pandey explains. These advances have been made possible due to extensive availability of quantum computers to the public, Pandey says. There are now scores of quantum hardware companies, including large technology companies such as Google, Microsoft, and IBM and startups such as QuEra, IonQ, and Kipu Quantum. In addition, many organizations can now access quantum computers through cloud platforms such as Amazon Web Services’ Amazon Braket, Pandey explains. This widespread access opens the opportunity for organizations to investigate the ways in which quantum computing can solve challenging problems. A campaign to make quantum better understood Rather than commemorate a particular event or development in quantum research, the United Nations designation is more intended to make quantum science more approachable and understandable, explaining what quantum computing means for everyday life in simple terms, says Arthur Tisi, founder of Hunova and co-founder of BaseForge, an advanced technology advisory that deals with quantum computing, artificial intelligence, and machine learning strategies. “‘Quantum for everyone’ might be a tagline,” Tisi says. “The campaign will promote how advancements in quantum require international cooperation — similar to climate change — showing that breakthroughs in this field could benefit the entire world, impacting entire industries, not just a few nations or corporations.” The UN messaging needs to be that quantum technology comes with lots of challenges still, but it can be a catalyst for helping solve previously insurmountable problems, Tisi says. Global challenges come with hard work and alignment around internet protocols, national security, and regulation — especially around ethics. But it could have a huge impact on such things as drug discovery, setting aside the bureaucracy within government agencies, he says. Quantum computers will potentially be able to solve problems that include enormous databases and complex algorithmic challenges and do it with lightning speed, says Thomas Vartanian, executive director of the Financial Technology & Cybersecurity Center. What is not clear is that they will be able to function any better in a lot of areas that computers function today. Quantum benefits aren’t for every organization What will the full benefit be for organizations when the quantum challenge is resolved? For smaller organizations, probably not much. For large organizations, probably plenty, says Vartanian. Taking into account just the sector that he tracks — financial services — the impacts would be game-changing. “The G7 Cyber Expert Group [an intergovernmental group chaired by the U.S. Department of Treasury and the Bank of England] just put out a report basically highlighting the good, the bad, and the ugly of quantum computing,” Vartanian says. “The good is it will exponentially change the speed at which financial institutions can do market trading. It will facilitate enormously alternative investment strategies. It will enhance risk management. It will provide them greater capabilities to make more reliable predictions. It will change payment processing throughout the world in very dynamic ways, and it will make communications different and more secure.” These promised benefits have led to an arms race, of sorts, as organizations — and even nations — try to be the first to break the quantum barrier. “Supercomputing facilities and government entities worldwide are experimenting with the installation of a variety of quantum processing units to better identify the specifications needed for the integration of a gate-based quantum computer with a classical supercomputer. IBM specifically expects to deliver a quantum-centric supercomputer capable of executing 1 billion gates across 2,000 qubits by 2033,” IDC’s West says in her research report IBM Quantum: 156-Qubit Heron, Qiskit Functions, and the Future of Quantum Development. Also driving the race is the potential to control the bad and the ugly of quantum. Data encryption is based on the need to solve extremely complex mathematical equations in order to get past the encrypted “firewall.” The equations are so complex that a standard computer would need years to solve the puzzle. Being able to quickly do so could be a technological tipping point. “That depends on who gets quantum computing first and how they use it,” Vartanian explains. “Everything will either be more secure, or less secure.” Toward that eventuality, Vartanian