Category Archives: Enterprise IT news

Enterprise IT news

Microsoft Dynamics 365 AI going hard after Salesforce

Microsoft and Salesforce are attacking each other again. Microsoft Dynamics 365 AI tools are coming that will beef up sales, marketing and — most of all — service and support, unveiled the day after Salesforce announced Quip Slides, a PowerPoint competitor.

Salesforce appears to be annexing Microsoft’s business-productivity territory, while Microsoft is rolling its forces deeper into Salesforce’s CRM domain by more tightly connecting Teams collaboration with its CRM suite, freshened up with new AI capabilities.

“You’ve got Salesforce announcing Quip Slides, and you’ve got Microsoft doing a whole bunch of integration between Teams and Dynamics … who’s going after whose market?” said Alan Lepofsky, analyst at Constellation Research.

In a media briefing ahead of its Ignite user conference, the tech giant took some direct shots at rival Salesforce in introducing Microsoft Dynamics 365 AI tools that buttress CRM processes. Of particular note was Dynamics 365 AI for Customer Service, which adds out-of-the-box virtual agents.

Assistive AI for contact centers

Who’s going after whose market?
Alan Lepofskyanalyst, Constellation Research

Virtual agents can take several forms, two of which include chatbots that do the talking on behalf of humans, or assistive bots that prompt humans with suggested answers for engaging live with customers either on voice or text channels.

New Microsoft bots, built on Azure Cognitive Services, won’t require the code-intensive development or consultant services that other vendors’ CRM tools do, claimed Alysa Taylor, Microsoft corporate vice president of business applications and global industry. She singled out Salesforce as a CRM competitor in her comments.

“Many vendors offer [virtual agents] in a way that is very cumbersome for organizations to adopt,” Taylor said. “It requires a large services engagement; Salesforce partners with IBM Watson to be able to deliver this.”

Either way, the bots will require training. Microsoft Dynamics 365 AI-powered bots can be trained by call center managers, asserted Navrina Singh, Microsoft AI principal product lead, during a demo.

Microsoft CEO Satya Nadella
Microsoft CEO Satya Nadella’s taking on Salesforce with new CRM AI tools

The bots can tap into phone log transcriptions, email and other contact center data stores to shape answers to customer problems and take some of the workload off of overburdened contact center agents, Singh said.

The virtual agent introductions were significant enough that Microsoft brought out CEO Satya Nadella for a cameo with Singh during the briefing.

“The thing that’s most exciting to me,” Nadella said, “… is that [Microsoft] can make every company out there an AI-first company. They already have customers, they already have data. If you can democratize the use of AI tools, every company can harness the power of AI.”

Other Dynamics 365 AI tools for CRM

Sales and marketing staffs get their own Dynamics 365 AI infusion, too.

Microsoft brings Dynamics 365 AI for Sales in line with Salesforce Einstein tools that use AI to prioritize lead pipelines and sales-team performance management.

Microsoft Dynamics 365 AI for Market Insights plumbs marketing, social media and other customer engagement data to improve customer relations and “engage in relevant conversations and respond faster to trends,” Taylor wrote in a blog post announcing the new system.

While the Microsoft moves appear effective, industry observers questioned whether they can Microsoft make an impression in Salesforce’s massive market footprint, even if they are easier to use, more economical and more intuitive than Salesforce’s.

Lepofsky said he isn’t sure, because of the sheer numbers. The 150,000-strong Dreamforce user conference is at the same time as Ignite, and the latter will likely draw only about a sixth of the Dreamforce crowd. And Salesforce likely won’t be resting on its AI credentials either.

“I think you can speculate that Salesforce will also be talking about AI improvements at Dreamforce, so perhaps it’s not that differentiating for Dynamics,” Lepofsky said.

While Microsoft announced no release date for its AI tools, a preview site will go online this fall, Singh said.

Nuage Networks, Talari SD-WAN tack on multi-cloud connectivity

Software-defined WAN vendors are rushing to enhance their SD-WAN platforms with multi-cloud support, as more enterprises and service providers migrate their workloads to the cloud. This week, both Nuage Networks and Talari made multi-cloud connectivity announcements of their own.

Nuage Networks, a Nokia company, updated its SD-WAN platform — Virtualized Network Services — to better support SaaS and multi-cloud connectivity.

The platform enhancement moves to address three specific pain points among customers, according to Hussein Khazaal, Nuage’s vice president of marketing and partnerships. The three points, multi-cloud connectivity, value-added services and end-to-end security, are already available to customers.

“It’s a single platform that you can deploy today and get connectivity to software as a service,” Khazaal said. “We support customers as they send traffic directly from the branch to the SaaS application.”

In addition to multi-cloud connectivity, Nuage VNS offers customers the option to add value-added services — or virtual network functions (VNFs) — that can be embedded within the SD-WAN platform, hosted in x86 customer premises equipment (CPE) or through service chaining (a set of network services interconnected through the network to support an application). These VNFs are available from more than 40 third-party partners and can include services like next-generation firewalls, voice over IP and WAN optimization, Khazaal said.

While many service providers are leaning toward the VNF and virtual CPE approach, the process isn’t simple, according to Lee Doyle, principal analyst at Doyle Research.

“Many service providers are finding the vCPE and VNF approach side to be challenging,” Doyle said. “Those with the resources can, and will, pursue it, and that’s where Nuage could be a piece of the puzzle.”

When it comes to enterprise customers, however, the VNF approach is less attainable, both Doyle and Khazaal noted.

“Nuage is one piece of the puzzle that a customer might add if they’re able to do it themselves,” Doyle said. “But most customers don’t want to piece together different elements.”

For smaller enterprise customers, Khazaal recommended using the option with embedded features, like stateful firewall and URL filtering, built into the SD-WAN platform.

Although Nuage has more than 400 enterprise customers, according to a company statement, its primary market is among service providers. Nuage counts more than 50 service providers as partners that offer managed SD-WAN services — including BT, Cogeco Peer 1, Telefónica and Vertel — and has been a proven partner for service providers over the years, Doyle said.

“Nuage is a popular element of service providers’ managed services strategies, including SD-WAN,” he said. “These enhancements will be attractive mainly to the service providers.”

Nuage VNS is available now with perpetual and subscription-based licenses, and varies based on desired features and capabilities.

Talari launches Cloud Connect for SaaS, multi-cloud connectivity

In an additional multi-cloud move, Talari updated its own SD-WAN offering with Talari Cloud Connect, a platform that supports access to cloud-based and SaaS applications.

Talari also named five accompanying Cloud Connect partners: RingCentral, Pure IP, Evolve IP, Meta Networks and Mode. These partners will run Talari’s Cloud Connect point of presence (POP) technology in their own infrastructure, creating a tunnel from the customer’s Talari software into the cloud or SaaS service, according to Andy Gottlieb, Talari’s co-founder and chief marketing officer.

“The technology at the service provider is multi-tenant, so they only have to stand up one instance to support multiple customers,” Gottlieb said. Meantime, enterprises can use the Cloud Connect tunnel without having to worry about building infrastructure in the cloud, which reduces costs and complexity, he added.

Talari’s partner list reflects the demands of both customers and service providers, he said. Unified communications vendors like RingCentral, for example, require reliable connectivity and low latency for their applications. Meta Networks, on the other hand, offers cloud-based security capabilities, which enterprises are increasingly adding to their networks. Talari SD-WAN already supports multi-cloud connectivity to Amazon Web Services and Microsoft Azure.

Talari Cloud Connect will be available at the end of October. The software comes at no additional charge for Talari customers with maintenance contracts or with subscriptions, Gottlieb said. Also, Cloud Connect partners can use the Cloud Connect POP software free of charge to connect to Talari SD-WAN customers, he added.

WannaMine cryptojacker targets unpatched EternalBlue flaw

New research detailed successful cryptojacking attacks by WannaMine malware after almost one year of warnings about this specific cryptominer and more than a year and a half  of warnings about the EternalBlue exploit.

The Cybereason Nocturnus research team and Amit Serper, head of security research for the Boston-based cybersecurity company, discovered a new outbreak of the WannaMine cryptojacker, which the researchers said gains access to computer systems “through an unpatched [Server Message Block, or SMB] service and gains code execution with high privileges” to spread to more systems.

Serper noted in a blog post that neither WannaMine nor the EternalBlue exploit are new, but they are still taking advantage of those unpatched SMB services, even though Microsoft patched against EternalBlue in March 2017.

“Until organizations patch and update their computers, they’ll continue to see attackers use these exploits for a simple reason: they lead to successful campaigns,” Serper wrote in the blog post. “Part of giving the defenders an advantage means making the attacker’s job more difficult by taking steps to boost an organization’s security. Patching vulnerabilities, especially the ones associated with EternalBlue, falls into this category.”

It is fair to say that any unpatched system with SMB exposed to the internet has been compromised repeatedly and is definitely infected with one or more forms of malware.
Jake Williamsfounder and CEO, Rendition Infosec

The EternalBlue exploit was famously part of the Shadow Brokers dump of National Security Agency cyberweapons in April 2017; less than one month later, the WannaCry ransomware was sweeping the globe and infecting unpatched systems. However, that was only the beginning for EternalBlue.

EternalBlue was added into other ransomware, like GandCrab, to help it spread faster. It was morphed into Petya. And there were constant warnings for IT to patch vulnerable systems.

WannaMine was first spotted in October 2017 by Panda Security. And in January 2018, Sophos warned users that WannaMine was still active and preying on unpatched systems. According to researchers at ESET, the EternalBlue exploit saw a spike in use in April 2018.

Jake Williams, founder and CEO of Rendition Infosec, based in Augusta, Ga., said there are many ways threat actors may use EternalBlue in attacks.

“It is fair to say that any unpatched system with SMB exposed to the internet has been compromised repeatedly and is definitely infected with one or more forms of malware,” Williams wrote via Twitter direct message. “Cryptojackers are certainly one risk for these systems. These systems don’t have much power for crypto-mining (most lack dedicated GPUs), but when compromised en-masse they can generate some profit for the attacker. More concerning in some cases are the use of these systems for malware command and control servers and launching points for other attacks.”

Remote monitoring and management: Netgear Insight Pro debuts

Netgear has launched Insight Pro, a cloud-based remote monitoring and management platform that the company said will bring managed service providers more network management capabilities, as well as attractive revenue opportunities when they resell the service.

Netgear executives said Insight Pro is a multi-tenancy platform designed for MSPs that want to manage numerous customers remotely. This is a change from the previous version of the product, called Insight, which was designed to manage the network ecosystem of only one small or medium-sized business.

The networking company, based in San Jose, Calif., introduced Netgear Insight Pro in August in North America and Asia, and it featured the product earlier this month at the CEDIA Expo conference in San Diego.

John McHugh, general manager and senior vice president for Netgear’s commercial business unit, said Insight Pro can help MSPs and their customers build a better business relationship. The aim is to help those parties gain transparency, greater efficiency and control over network operations.

Remote monitoring and management reporting

Once an MSP buys a Netgear Insight Pro subscription at $15 per device, per year, and resells the subscription service, customers that sign on can see a read-only view of their network. The remote monitoring and management offering generates reports that give users details on power usage, data consumption and storage utilization, among other usage statistics that show the health and vulnerabilities that exist across the network. 

“Insight will detect a hardware failure, bandwidth or loading issues and configuration problems,” McHugh said. “It will also help the MSP determine what the ‘peak’ loading is, which is critical to provide customers with guidance on where they might need additional capacity either now or in the future.”

Customers don’t want to commit to a cloud model and then get stuck in an arrangement that’s unaffordable.
John McHughgeneral manager and senior vice president for Netgear’s commercial business unit

To guard against network slowdowns, mitigate the impact of outages and protect the network against security breaches, Netgear Insight Pro is supported by a suite of Netgear products that include apps, firmware, wireless LANs, storage devices, network security tools and switches that run on Amazon Web Services’ cloud computing platforms.

As the cloud subscription model continues to reduce the need for value-added resellers to install hardware at customer sites, the Insight Pro product will help VARs transition to a service provider business, according to McHugh. He said many VARs are intimidated by the idea of managing a customer’s network on a 24/7 basis under a subscription model.

“In the case of a VAR who is becoming an IT service provider, they don’t have to purchase any equipment, and they don’t have to stand up a 24-by-7 data center or call centers to manage their customer’s network. All the notifications and alerts go straight to their phone,” McHugh said.

Netgear Insight Pro: Toggling the cloud

Another feature of the remote monitoring and management product: MSPs using Insight Pro can switch access to the cloud on or off. Once an MSP has authenticated itself and started a subscription, McHugh said, the MSP will have the option to choose whether it wants to manage a customer’s network locally or manage it through the cloud.

“Customers don’t want to commit to a cloud model and then get stuck in an arrangement that’s unaffordable,” McHugh said. “Partners and their customers demand that they have this flexibility as they work through their concerns over user experience and the cost of operations. Customers of Insight Pro only pay for what they use.”

DevOps security takes on the dark side of digital transformation

News
Stay informed about the latest enterprise technology news and product updates.

Without better organizational discipline, digital businesses are at risk for massively disruptive data breaches and attacks. Can DevSecOps transform IT in time to avert disaster?


DevOps best practices foster better IT security, at least in theory. But skills gaps and IT industry inertia leave…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

the digital world at serious risk.

The most advanced enterprise DevOps organizations fold IT security experts and their disciplines into application delivery processes. But resource shortages from a lack of skilled employees, as well as a dearth of mature IT security products, threaten to derail DevOps security improvements. If these obstacles aren’t quickly overcome, they could disrupt the digital economy and affect entire industries, from financial services to power utilities, according to experts.

Think Equifax or WannaCry — but much worse.

“The enterprises that power the world we live in have not yet prioritized security to the extent that they should,” said Alex Bekker, vice president of engineering for HackerOne, an IT security platform and outsourcing firm based in San Francisco. “It will take years to build up to the level of security needed to prevent such a catastrophic event.”

The DevOps security ideal

Jeremy Pullen, CEO and principal consultant at Polodis Inc.Jeremy Pullen

IT ops pros may see security as a secondary goal to DevOps, or resist DevOps concepts that contradict ITIL security and other IT service management best practices. But both of those mindsets are dangerously wrong, said Jeremy Pullen, CEO and principal consultant at Polodis Inc., a DevSecOps and Lean management advisory firm in Tucker, Ga., that works with large enterprise clients.

“IT pros that work in ticketing and configuration databases create a separate set of data from version-controlled code and think they’re following best practices,” Pullen said. “But they’re actually following institutionalized incompetence that’s stuck in the dark ages.”

DevOps security is the only viable approach as digital assets become crucial to the enterprise bottom line, Pullen said. Ideally, IT employees should access enterprise production environments only with developers’ version-controlled code, checked in to an automated delivery system — a setup that limits internal security threats, he said. The DevOps practice of small, iterative changes to modular infrastructure also reduces the attack surface of IT systems for outside threats.

However, DevOps proponents are mistaken to emphasize the gatekeeper mentality that relies on human approvals or manual work to deploy production application changes, Pullen said.

“Automated changes to production scares IT folks, but version control should be the gatekeeper,” he said. “Version-control systems are fully auditable, reproducible and traceable.”

Industries sound alarms for DevOps security

Regulated businesses often cite auditors as the main reason for the gatekeeper approach to production application deployments, because they often don’t understand DevOps and the changes IT pros want to make.

However, legislators, policymakers, and the regulatory and risk management industries are increasingly aware of the market disruption risk tied to IT security, and public policy in the last year reflects a better grasp of cybersecurity. The European Union’s General Data Protection Regulation, for example, specifies a goal to ensure customer digital privacy, rather than a technical method to attain that goal. In the U.S., the Office of the Comptroller of the Currency has started to regulate fintech companies, even if those companies don’t qualify as banks under the OCC’s traditional purview.

The fintech industry has fought this regulation, but some IT security experts believe government policies will drive DevOps security best practices. They cite a pending Ohio law that indemnifies companies against liability for data breaches, provided they comply with certain cybersecurity frameworks.

“[Ohio’s law] shows a thousand-person company with five IT people why they should care about cybersecurity,” because it provides a direct means to avoid the potential costs of data-breach lawsuits, said Ron Gula, former CEO of Tenable and president of Gula Tech Adventures, a venture capital firm that invests in IT security startups.

Meanwhile, risk management firms now embrace the collaborative DevOps organizational style.

“Conversations have begun to shift away from the financial crisis [of 2008], which prompted focus on efficiency of capital and liquidity and financial institutions, to reassess risk management in cybersecurity,” said Marc Saidenberg, co-leader of London-based Ernst & Young’s Global Regulatory Network. “It’s part of the dialogue regulated firms have to have with their auditors.”

IT wrestles with DevSecOps disconnect

Identify everything you do that touches production and determine how you’re going to eliminate that access. Assume that five years from now you won’t have direct access to production systems, and think about how that will change your job.
Jeremy PullenCEO, Polodis

Enterprises that have tried to educate auditors on DevOps security report mixed results, however.

“I don’t think the audit world has caught up to what we’re doing,” said Julie Chickillo, vice president of security at Beeline, a company headquartered in Jacksonville, Fla., which markets workforce management and vendor management software.

The effort to enlighten auditors meant Chickillo and her team spent about 20% more time on audits in the company’s first year of DevOps, she said in a presentation at DevSecCon in Boston this month. But there are also bright spots: In at least one instance, an auditor offered Chickillo valuable insight into DevSecOps best practices and how to document automated security checks.

“No findings [from a testing tool] is not the same as proof that [a check] ran,” Chickillo said. “That’s the important question: How do you know?”

Alex Bekker, vice president of engineering, HackerOneAlex Bekker

It’s unlikely regulators will get ahead of IT security breaches, HackerOne’s Bekker said, but he hopes “it will make dollars and sense” for companies to invest in DevOps security without regulatory intervention. Top levels of enterprise management must impose new security requirements on IT vendors, which already happens more often than in years past, Bekker said.

Beeline has begun to change the way it vets IT security vendors, and now its DevOps engineers evaluate IT security products before its security team looks at them. But this practice has also illuminated a gap in the IT security market, Chickillo said.

“Traditional security vendors that are trying to get into [emerging application deployment methods of] containers and microservices don’t seem to understand the purpose of them,” she said. “Companies that started out in the container environment have good technology, but [their products are] just out of beta.”

Next steps in DevOps security for IT ops pros

So, how do IT operations professionals in the trenches push DevOps security forward? For the long term, Pullen suggested a fourfold strategy, with different approaches to greenfield, brownfield, custom and off-the-shelf applications. The more legacy and vendor-controlled the technology, the more ongoing audits and upgrades are required. With greenfield and custom apps, there are more opportunities to “do it right the first time,” he said.

For the short term, Pullen has two primary recommendations.

“One, identify everything you do that touches production and determine how you’re going to eliminate that access,” he said. “And, two, assume that five years from now you won’t have direct access to production systems, and think about how that will change your job.”

Dig Deeper on IT Ops Implications of Continuous Delivery

Dreamforce brings Salesforce products upgrades

Users can anticipate more Einstein AI features to be integrated with Salesforce products and more news about the CRM vendor’s recent acquisitions and how they will play pivotal roles in the Salesforce platform.

Salesforce is expected to unveil the Einstein and acquisition developments at Dreamforce, the company’s annual customer conference in San Francisco that attracts nearly 150,000 attendees.

Analysts said they expect substantial upgrades to core Salesforce systems and more use cases for Einstein and how recent acquisitions of CloudCraze and MuleSoft fit into the Salesforce ecosystem.

“Salesforce is trying to tell the story that they are the customer success platform for all companies, B2B, B2C and companies that operate in both industries,” said John Bruno, an analyst at Forrester.

Bruno added that he expects more keynotes than usual from companies like Adidas that show how Salesforce products allow companies to work with a variety of customers, from both the business and consumer sectors.

“I think you’ll hear a tight story around exactly how Salesforce and CloudCraze and Commerce Cloud fit for B2B and B2C companies,” Bruno said. “Is it going to be prime time ready? No, but they will target that story because Salesforce hasn’t told that story great.”

Attendees at Dreamforce 2017 in San Francisco
Users can learn about new upgrades and features for all Salesforce products at Dreamforce conference.

New Quip Slides system

Meanwhile, Salesforce said Sept. 17, a week before Dreamforce, that it will be showing at the conference PowerPoint-esque upgrade to its content collaboration platform, Quip, called Quip Slides.

Quip Slides is an AI-assisted platform to help workgroups create interactive presentations mainly for internal meetings and training. It features real-time collaboration, charting, live data, feedback prompts and engagement insights.

Another feature in Quip is Salesforce partner-built Live Apps, which enable work teams to embed Box and Dropbox files into Quip.

Integrating the Integration Cloud

The CloudCraze acquisition was just one of several the San Francisco-based CRM giant made to improve its suite of products. Salesforce spent $6.5 billion to acquire MuleSoft and build out what it’s calling the Integration Cloud.

What Salesforce is recognizing is there’s a whole different set of roles for how you manage customers now.
John Brunoanalyst, Forrester

Paul Greenberg, founder and analyst at The 56 Group, said he sees the name “Integration Cloud” as a misnomer, but that he thinks the MuleSoft purchase is a pivotal acquisition to bolster Salesforce.

“Despite its silly name as Integration Cloud, MuleSoft was a smart acquisition as it gives Salesforce access to all these different layers of service and does a lot of things Salesforce couldn’t previously do,” Greenberg said. “For integrations to succeed, it’s not just about building on the Salesforce platform. Without MuleSoft it was harder to build out integrations.”

With many organizations working to upgrade legacy systems and update their processes and provide  customers with a modern experience, the ability to connect legacy systems to current platforms is often laborious. Salesforce hopes its Integration Cloud will help ease that transition.

“We’ve ended up in a hybrid world,” said Michael Fauscette, chief research officer at G2 Crowd. “We’ve created so many data silo issues and it’s incumbent on the platform players to provide the ability to get past that.”

Continuing with business transformation

In addition to the expected unveiling of Integration Cloud and B2B commerce use cases, Salesforce is anticipated to continue its strategy of bringing together different customer-facing departments to help curate better customer experiences.

“I don’t think it’s a fully mature or fully conscious Salesforce strategy, but Salesforce is drilling down toward more personalization,” Greenberg said. “Salesforce’s Connections conference was the first step to that public story where we saw Marketing Cloud, Sales Cloud and Service Cloud becoming cross clouds in more significant ways than ever before.”

Bruno, from Forrester, agreed that organizational transformation and how Salesforce products can help is a major theme for Salesforce.

“What Salesforce is recognizing is there’s a whole different set of roles for how you manage customers now,” Bruno said. “I can see themes where [Salesforce] recognizes businesses have changed, customer engagement has changed and they are trying to provide solutions to account for that.”

More than just Salesforce products

Beyond the larger topics around its new acquisitions and customer empowerment, all of the core Salesforce products are expected to receive upgrades and users will be able to attend sessions with roadmaps outlining the future for Salesforce products.

“A core part of Dreamforce is about unveiling new innovations and it’s what customers have come to expect,” said Brigitte Donner, VP and conference chair for Dreamforce, at Salesforce. “We have more product keynotes planned than ever before.”

Donner added that the theme for Dreamforce is “change,” extending beyond just Salesforce products to larger social issues, with the first climate summit planned at Dreamforce this year, as well as Salesforce bringing back an equality summit.

Dreamforce takes place Sept. 25 to 28. Check SearchSalesforce.com for daily conference coverage.

Tibco analytics capabilities get upgrade in Spotfire X

Spotfire X, the latest iteration of the Tibco analytics and data visualization platform, aims to give users a more streamlined experience by incorporating more AI and machine learning capabilities when the upgraded platform is released this fall.

Notably, the platform update, characterized by what Tibco has dubbed a new “A(X) Experience,” will enable users to type in requests to navigate and visualize their data through natural language processing (NLP), to automatically record dataflows that can later be explored and edited. It also will natively stream data in real time from dozens of sources.

The new Spotfire X features are designed to create a faster and simpler user experience, according to Brad Hopper, vice president of product strategy, analytics and streaming at the integration and analytics software vendor. “This will allow us to take a complete novice off the street, put them in front of the tool, and no matter what they will get something back,” he said.

Search for simple

With the rise of citizen data scientists, it has become a trend for self-service analytics vendors to design platforms that are easier to use and more automatic, turning to employing AI and machine learning algorithms to do so.

Brad Hopper, TibcoBrad Hopper

Earlier this year, a Tibco competitor, Tableau, acquired MIT AI startup Empirical Systems, whose technology is expected to provide Tableau platforms with more advanced predictive analytics capabilities and better automated models. Also this year, Qlik, another big-name self-service analytics vendor, acquired startup Podium Data in a bid to better automate parts of its platforms and make them simpler to use.

“There is a trend in the market … for AI and machine learning to be used to explore all the possible data, all the possible variables,” said Rita Sallam, a Gartner analyst.

With the new Spotfire X features, Tibco analytics is looking forward, even if the features aren’t necessarily innovative on their own, she said.

“They’re leveraging natural language as a way to initiate a question and they are, based on that question, generating all the statistically meaningful insight on that data so the user can see all the possible insights on that data,” Sallam said.

A(X) Experience in Tibco Spotfire X
The A(X) Experience in Tibco’s Spotfire X enables faster and easier analytics with NLP tools and improved AI

AI advice

With the A(X) Experience, Spotfire X also will deliver AI-driven recommendations for users.

“We’ve built in a fairly sophisticated machine learning model behind the scenes,” Hopper said.

The Tibco analytics platform can already use AI to automatically index different pieces of data and suggest relationships between them.

Now from the Spotfire X’s NLP-powered search box, users will be able to receive a list of visualization recommendations, starting first with “classical recommendations” before getting to “a ranked list of interesting structural variations,” Hopper explained.

Forrester analyst Boris Evelson said the Tibco analytics and Spotfire X moves are “yet another confirmation of a trend that leading BI products need a dose of AI to remain effective.”

While AI is not replacing BI, BI tools that infuse AI functionality will displace the tools that don’t.
Boris Evelsonanalyst, Forrester

“While AI is not replacing BI, BI tools that infuse AI functionality will displace the tools that don’t,” Evelson said.

Tibco made the Spotfire X announcements during the Tibco Now conference in Las Vegas in early September 2018. 

The enhancements to Tibco analytics capabilities were among other product developments unveiled at the event. Others included the a user-partner collaboration program called Tibco Labs, more tools for Tibco Cloud, and a new collaboration between Tibco and manufacturing services company Jabil.

New Mirai variant attacks Apache Struts vulnerability

New variants of the Mirai and Gafgyt botnets are targeting unpatched enterprise devices, according to new research.

Palo Alto Networks’ Unit 42 found the variants affect vulnerabilities in Apache Struts and in SonicWall’s Global Management System (GSM). The Mirai variant exploits the same vulnerability in Apache Struts that was behind the 2018 Equifax data breach, while the Gafgyt variant exploits a newly uncovered vulnerability in unsupported, older versions of SonicWall’s GSM.

The Unit 42 research team noted the Mirai variant involves taking advantage of 16 different vulnerabilities. And while that’s not unusual, it is the first known instance of Mirai or any of its variants targeting an Apache Struts vulnerability.

The research also found the domain that hosts the Mirai samples had resolved to a different IP address in August, which also hosted Gafgyt samples at that time. Those samples exploited the SonicWall GSM vulnerability, which is tracked as CVE-2018-9866. Unit 42’s research did not say whether the two botnets were the work of a single threat group or actor, but it did say the activity could spell trouble for enterprises.

“The incorporation of exploits targeting Apache Struts and SonicWall by these IoT/Linux botnets could indicate a larger movement from consumer device targets to enterprise targets,” the Palo Alto researchers wrote.

The Apache Struts vulnerability exploited by the new Mirai variant was patched last year before it was used in the Equifax breach. But systems that have not been updated are still susceptible to these types of exploits.

The Mirai botnet first emerged in the fall of 2016, and it has since affected hundreds of thousands of IoT and connected devices. The botnet’s malware had primarily targeted consumer devices, and it was responsible for massive distributed denial-of-service attacks on the German teleco Deutsche Telekom and on the domain name server provider Dyn, which took down websites such as Airbnb, Twitter, PayPal, GitHub, Reddit, Netflix and others.

The Unit 42 researchers discovered the Gafgyt and Mirai variant on Aug. 5, and they alerted SonicWall about its GMS vulnerability. The public disclosure was posted by Palo Alto on Sept. 9.

Are SD-WAN security concerns warranted?

Are software-defined WAN security features sufficient to handle the demands of most enterprises? That’s the question addressed by author and engineer Christoph Jaggi, whose SD-WAN security concerns were cited in a recent blog post on IPSpace. The short answer? No — primarily because of the various connections that can take place over an SD-WAN deployment.

“The only common elements between the different SD-WAN offerings on the market are the separation of the data plane and the control plane and the takeover of the control plane by an SD-WAN controller,” Jaggi said. “When looking at an SD-WAN solution, it is part of the due diligence to look at the key management and the security architecture in detail. There are different approaches to implement network security, each having its own benefits and challenges.”

Organizations contemplating SD-WAN rollouts should determine whether prospective products meet important security thresholds. For example, products should support cryptographic protocols and algorithms and meet current key management criteria, Jaggi said.

Read what Jaggi had to say about the justification for SD-WAN security concerns.

Wireless ain’t nothing without the wire

You can have the fanciest access points and the flashiest management software, but without good and reliable wiring underpinning your wireless LAN, you’re not going to get very far. So said network engineer Lee Badman as he recounted a situation where a switch upgrade caused formerly reliable APs to lurch to a halt.

“I’ve long been a proponent of recognizing [unshielded twisted pair] as a vital component in the networking ecosystem,” Badman said. Flaky cable might still be sufficient in a Fast Ethernet world, but with multigig wireless now taking root, old cable can be the source of many problems, he said.

For Badman, the culprit was PoE-related and once the cable was re-terminated and tested anew, the APs again worked like a charm. A good lesson.

See what else Badman had to say about the issues that can plague a WLAN.

The long tail and DDoS attacks

Now there’s something new to worry about with distributed denial of service, or DDoS, attacks. Network engineer Russ White has examined another tactic, dubbed tail attacks, which can just as easily clog networking resources.

Unlike traditional DDoS or DoS attacks that overwhelm bandwidth or TCP sessions, tail attacks concentrate on resource pools, such as storage nodes. In this scenario, a targeted node might be struggling because of full queues, White said, and that can cause dependent nodes to shut down as well. These tail attacks don’t require a lot of traffic and, what’s more, are difficult to detect.

For now, tail attacks aren’t common; they require attackers to know a great deal about a particular network before they can be launched. That said, they are something network managers should be aware of, White added.

Read more about tail attacks.

At HR Technology Conference, Walmart says virtual reality works

LAS VEGAS — Learning technology appears to be heading for a major upgrade. Walmart is using virtual reality, or VR, to train its employees, and many other companies may soon do the same.

VR adoption is part of a larger tech shift in employee learning. For example, companies such as Wendy’s are using simulation or gamification to help employees learn about food preparation.

Deploying VR technology is expensive, with cost estimates ranging from tens of thousands of dollars to millions, attendees at the HR Technology Conference learned. But headset prices are declining rapidly, and libraries of VR training tools for dealing with common HR situations — such as how to fire an employee — may make this tool affordable to firms of all sizes.

For Walmart, a payoff of using virtual reality comes from higher job certification test scores. Meanwhile, Wendy’s has been using computer simulations to help employees learn their jobs. It is also adapting its training to the expectations of its workers, and its efforts have led to a turnover reduction. Based on presentations and interviews at the HR Technology Conference, users deploying these technologies are enthusiastic about them.

Walmart employees experience VR’s 3D

“It truly becomes an experience,” said Andy Trainor, senior director of Walmart Academies, in an interview about the impact of VR and augmented reality on training. It’s unlike a typical classroom lesson. “Employees actually feel like they experience it,” he said.

Walmart has adopted virtual reality for its training program.
Walmart’s training and virtual reality team, from left to right: Brock McKeel, senior director of digital operations at Walmart and Andy Trainor, senior director of Walmart Academies.

Walmart employees go to “academies” for training, testing and certification on certain processes, such as taking care of the store’s produce section, interacting with customers or preparing for Black Friday. As one person in a class wears the VR headset or goggles, what that person sees and experiences displays on a monitor for the class to follow.

Walmart has been using VR in training from startup STRIVR for just over a year. In classes using VR, Trainor said the company is seeing an increase in test scores as high as 15% over traditional methods of instruction. Trainor said his team members are convinced VR, with its ability to create 3D simulations, is here to stay as a training tool. 

“Life isn’t 2D,” said Brock McKeel, senior director of digital operations at Walmart. For problems ranging from customer service issues to emergency weather planning, “we want our associates to be the best prepared that we can get them to be.”

Walmart has also created a simulation-type game that helps employees understand store management. The company plans to soon release its simulation as an app for anyone to experience, Trainor said.

The old ways of training are broken

The need to do things differently in learning was a theme at the HR Technology Conference.

Life isn’t 2D.
Brock McKeelsenior director of digital operations at Walmart

The idea that employees will take time out of their day to watch a training video or read material that may not be connected to their task at hand is not effective, said David Mallon, a vice president and chief analyst at Bersin, Deloitte Consulting, based in Oakland, Calif.

The traditional methods of learning “have fallen apart,” Mallon said. Employees “want to engage with content on their terms, when they need it, where they need it and in ways that make more sense.”

Mallon’s point is something Wendy’s realized about its restaurant workers, who understand technology and have expectations about content, said Coley O’Brien, chief people officer at the restaurant chain. Employees want the content to be quick, they want the ability to swipe, and videos should be 30 seconds or less, he said.

“We really had to think about how we evolve our training approach and our content to really meet their expectations,” said O’Brien, who presented at the conference.

Wendy’s also created simulations that reproduce some of the time pressures faced with certain food-preparation processes. Employees must make choices in simulations, and mistakes are tracked. The company uses Cornerstone OnDemand’s platform.

Restaurants in which employees received a certain level of certification see higher sales of 1% to 2%, increases in customer satisfaction and a turnover reduction as high as 20%, O’Brien said.