Tag Archives: been

AIOps exec bets on incident response market shakeup

AIOps and IT automation have been hot topics in IT for about three years, but the ultimate vision of hands-off incident response has yet to be realized in most IT shops, says Vijay Kurkal, who was appointed CEO of Resolve Systems on Jan. 16. Kurkal had served as chief operating officer for the company since 2018.

Kurkal’s key priority in the first quarter of 2020 is the release of Resolve Insights, a platform that folds AIOps IP from the company’s August 2019 acquisition of FixStream into its IT automation software. While enterprise IT pros have been slow to trust such systems — which rely on AI and machine learning data analytics to automate common tasks such as server restarts — they have begun to find their way into production use at mainstream companies.

Vijay KurkalVijay Kurkal

Resolve faces a crowded field of competition that includes vendors with backgrounds in IT monitoring, incident response and data analytics. SearchITOperations.com had a conversation with Kurkal this week about how the company plans to hold its own in this volatile market.

Your product pitch sounds familiar to me. I’m sure I don’t have to tell you there are many vendors out there pursuing a vision of proactive IT automation assisted by AI. How will Resolve and FixStream be different?

Vijay Kurkal: There are two ecosystems we’re playing with. There are application monitoring tools like AppDynamics, Dynatrace, New Relic, etc. The users that they are going after are the application operations team. FixStream is complimentary to them. But they have limited visibility into hypervisors and deep into the network infrastructure. FixStream builds out a visual topology of every single infrastructure device that a particular application is touching, and all the events are overlaid on that. It’s [built] for the IT operation teams that are supporting critical applications.

Some of the other AIOps vendors using AI technologies, they have tons of algorithms, but any algorithm is only as good as the source data. It’s a garbage in, garbage out. Our starting point is always around relationship dependency mapping and getting data in context, and prioritizing what to act on. A second differentiator is that AI/ML algorithms are all based on a probabilistic model. [They] say what they believe are the potential root causes [of an issue], but they can’t say that with certainty. Where we’re taking it is, as soon as those events trigger an alert from FixStream, Resolve automates diagnostics. Typically, that requires a network engineer. We’re already trying this out with some pilot customers and by end of Q1 are going to have a product there. Most AIOps companies identify events; they don’t resolve them.

Most AIOps companies identify events; they don’t resolve them.
Vijay KurkalCEO, Resolve Systems

Is there a plan for IT automation beyond diagnostics?

Kurkal: The next step, and I don’t think most customers are there yet, is, ‘I’ve done this 10 times, and I feel very comfortable, just run this [process] automatically.’ You’ll have categories of events — there’ll be 30% that are not super critical. As the organization gets comfortable, these can be completely [automated]. Then there are 50% that are critical, and we can give them diagnostics, and point them in the right direction to solve them pretty quickly. Then 10% will be outliers where no automation can help, and that’s where IT ops experts will always be very, very relevant to run the business.

Another important aspect of observability is informing the development of the product at the other end of the DevOps pipeline. How does your product work within that process?

Kurkal: The people who build the applications know exactly what stresses their application is putting on various elements [of the infrastructure]. We want to equip the DevOps team with a drag-and-drop system to write automation — to tell the IT operations team, here’s the configuration of the infrastructure I’ll need, and here’s a set of diagnostic scripts, and remediation automation that’s pre-approved. And then it’ll be a closed feedback loop where the operations teams can give feedback [to the developer]. We’re not saying we’ll solve every need of the application, but we are trying to bring together these two teams to drive automation and intelligence.

There are some tools that specifically tie outages or incidents to changes in code — could Resolve make another acquisition in that space or further build out its products to address that too?

Kurkal: For us, it’s a strong possibility in late 2020 or in 2021. It might be an organic development of our products, or potentially, an inorganic acquisition around that. But we do see that’s where the market is moving, because no one wants to be reactive, and they want to have it all together.

Go to Original Article
Author:

For Sale – Z390-H ASUS ROG STRIX, 6 CORSAIR LL120 WITH COMMANDER PRO AND LIGHTING MODULE

ASUS ROG STRIX Z390-H STRIX,
Item is Brand new with ASUS warranty unused, its been out of the box for viewing never been installed.
I would like to see £140 plus the postage of your choice and cost.
Cheapest I have found online is £165 plus postage.

6 x 120mm Corsair ll 120 RGB in black have been installed in the case but really not my cup of tea must have been used 10 minutes. Girlfriend threw away the boxes so will include Noctua boxes for 3 of them and wrap up the others.
Comes with Commander pro. Fully boxed. Again used for 10 minutes. not my cup of tea.
Only 2 of the cables have had the original plastic wraps off
It comes with everything you would need for your PC disco.
£150 for the lot plus postage.

£290 plus postage for everything above.

Listed on eBay also.

Cash on collection is also an option or if local to s70 can drop off for fuel.

Go to Original Article
Author:

For Sale – LG 34WK95U 34″ 5120X2160 HDR600 Monitor – nearly new & Asus PG279Q

Bought this a while ago for work and photo editing, but don’t need it.

Hasn’t been used much at all.

All in perfect condition, with original box.

Collection preferred, but could be shipped.

£780

WD HDDs now sold

Asus PG279Q

Well used, good condition (should have wiped before picture, but it will come clean), no box, collection only.

£400

Go to Original Article
Author:

For Sale – For parts or complete. Desktop CAD/Photoshop etc. i7, Nvidia quadro…

Selling my project PC. Has been used (successfully) as a CCTV server for the past 18 months – 2 years without ever being pushed. All parts were bought new but no retail packaging. Please assume no warranty. No operating system installed either. Selling as we’ve now upgraded to a dedicated Xeon server. Parts listed below.

Generic desktop tower case.
Supermicro C7H270-CG-ML motherboard.
Intel i7 7700 3.6 ghz with stock cooler.
PNY Nvidia quadro M2000 4gb.
Kingston hyperx fury DDR4 16gb RAM (2x8gb).
Seagate Skyhawk 4tb HDD (NO OS).
ACBEL 300w PSU.

Aside from the PSU this a solid machine with decent potential. Could easily be used for gaming with one or two changes and could be used for CAD or photoshop as is (or just change PSU). This handled HIKVision and up to 56 cameras (we had 13 on screen at any one time, could handle more) but admittedly struggled with playback on any more than four cameras at once (All 4K cameras). The case has a dent or two in it but entirely useable. Did intend to keep it for the Mrs for her photography but she’s bought a MacBook instead.

Cost around £2000 new. Asking £700 including postage but collection preferred (from Plymouth). Very open to offers as I’ve struggled to price this up to be honest.

Cheers, Chocky.

Go to Original Article
Author:

Clumio eyes security, BaaS expansion with VC funding

Merging storage and security together effectively has been an elusive goal for many technology vendors over the years, but Clumio believes it has a winning formula — and one that can effectively mitigate ransomware threats.

Clumio, a backup-as-a-service provider based in Santa Clara, Calif., recently celebrated $135 million in Series C funding. The startup was founded in 2017 with the goal of leveraging cloud-native services to build a scalable and agile BaaS offering that could also meet enterprises’ needs for data protection and analytics needs.

In this Q&A, Clumio CTO Chad Kinney and CSO Glenn Mulvaney discuss the origin story of the company, how they plan to utilize their recent funding round, and how Clumio addresses ransomware threats.

Editor’s note: This interview has been edited for length and clarity.

Tell me how the company was founded.

Chad Kinney: The company was founded about two years ago. And the core concept behind it was to fundamentally remove the complexity of traditional data protection to start with, and do so by delivering a service offering that was delivered via the public cloud.

A few things we realized early on were, as customers were journeying to the public cloud, SaaS-based offerings, and path-based offerings, they needed a way to be able to protect their data set along the way. And we realized that people were running into roadblocks and moving data to the public cloud because data protection was not able to deliver the same type of functions and features that they delivered on premises, and there was a big barrier there that we were breaking through to help customers be able to journey along the public cloud.

The second part was, as we got to the public cloud, security became a big key focus. Our ability to be able to secure this information through both encryption and encryption-in-flight as well as various other ones Glen will go through on the core platform itself was something that customers were very much hyper-focused on as they moved data more and more into the public cloud.

So far we’ve raised about $186 million in a series of A, B and C. Most recently we just closed a series C of $135 million.

How do you plan to use that $135 million to grow the company?

Kinney: A lot of the key focus right now is expediting the introduction of new data sources for the platform itself. Today we back up VMware on premises, VMware running in AWS, as well as elastic block storage for AWS. And so, continuing to expand the data sources is a key thing we’re moving forward with as part of this investment — to get customers access to new data sources faster.

Give me a rundown of what the platform is all about.

Kinney: Fundamentally, we’ve built this platform for the public cloud, on top of AWS. We’ve built in a bunch of great efficiencies in the way the data is ingested. With anything that runs on the public cloud, if you compare that with something that runs on premises, typically you do duplication and security is retrofitted to the data center itself. And the world has shifted dramatically where people are looking to utilize the public cloud heavily and remove the things completely out of the data center. We were able to provide what we call a cloud connector that gets deployed in a customer’s environment — it’s a virtual appliance so there’s no hardware or anything like that. We do duplication and compression and encryption before the data is sent over the wire. We leverage the capabilities of S3 within Amazon, and we use their scale as data gets ingested over the platform itself. Then we use various stateless functions within the platform to churn through the data, as well as DynamoDB for a lot of the metadata functions and various other structures in AWS, and the agility and scale of that core platform to allow us to still be able to ingest data incredibly quickly and be able to provide services on top of that platform.

Glenn Mulvaney: From the security side, leveraging a lot of those public cloud controls we have in Amazon, we’ve implemented a model where data encryption is always on in the platform. It’s not an option to turn it off and data is always encrypted and compressed. And the way it starts, which I think is a critical feature of the platform, is that the data is encrypted before it leaves the customer environment; it’s encrypted in the customer environment, it’s transmitted over a secure channel and then it’s stored securely in S3. And there’s different encryption keys used in each of those steps.

In terms of security in a more general fashion, we think of it in a couple of different ways. Fundamentally, we think of it as technology, people and processes, so we’ve talked about the technology a little bit in terms of how we handle encryption, but for the people and the processes, what we have implemented is the ISO 27001 framework, and we just completed our stage 2 audit last week. The ISO 27001 framework gives us a solid foundation for principles and controls for internal processes, and it also guided how we trained our employees about security awareness. We really used that as a guideline to integrate a lot of security into our software development lifecycle and into our QA lifecycle and broadly across all of the employees at the company, including sales and marketing and customer success.

Do you see yourself as more of a security vendor or a backup vendor or both?

Kinney: I’d say a little bit of both. I’d say we’re a security-first company where we really spent a lot of time thinking about what we’re doing as a core platform setting ourselves up for success. If you had to put a name on it, I’d say we’re more of a data platform company than anything.

What effects have ransomware attacks had on the backup and data protection market in general?

Mulvaney: I think with the prevalence of ransomware attacks happening at all levels of organizations of all sizes, people are thinking a lot more seriously about their data protection and about their ability to recover from some sort of ransomware attack. I think there’s certainly a lot of opportunity for Clumio to help a lot of organizations like that and to be able to give them a truly secure ability to recover from something like a ransomware attack. Certainly the prevalence of these [attacks] is increasing at a rate we hadn’t anticipated, and I think that’s helping in the market for data protection to actually drive people to think much more seriously about what their backup compliance policies look like.

How does Clumio address ransomware threats in a way that’s different from other backup providers?

Kinney: Let me give you the most recent example, which is an interesting one. We recently announced the capability to be able to back up elastic block storage from AWS and when you look at the solutions that are out there today, most people protect data with snapshots and the snapshots live in the same account as the production data. Most people rely on these snapshots for quick recovery but they’re also relying on them for the backup. And when malware hits or a bad actor hits on that particular account, they functionally get access to both the production data as well as the backup of that data in the same account and so it’s opened up possibilities for people to run into data loss issues.

With our solution what we’re fundamentally doing is we’re copying the data and creating an air gap solution between the customer’s environment and Clumio, which enables people to protect their data outside of their account and protect them from malware and ransomware attacks. We store all data in S3, which is unbeatable so no data, once backed up, can even change itself in any factor, so it gives customers the ability with our recovery mechanism to restore data into another AWS account, alleviating any sort of malware issues that may occur within one of their other AWS accounts.  

What do the next 12 months look like for the company?

Kinney: The motivation for us is to continue to expand more and more into the public cloud. Today we solve the key focus around private cloud, which is VMware. As people are moving to the public cloud some are choosing to use VMware running in AWS which is using a button to quickly move assets into the public cloud. They’re also going and re-architecting applications into the public cloud, like using elastic block storage and other platform and service-based offerings. We are going to continue to expand in both SaaS-based offerings the usual suspects in that as well as more and more cloud-native capabilities so we can follow customers along that journey.

Beyond the additional data sources, we’re adding additional functions on top of those datasets; we’re investing in things like anomaly detection and reporting over the next 12 months and we are slowly bringing those into the platform as they come to bear.

Mulvaney: From the compliance side in 2020, obviously we’re thinking about looking closely at CCPA [California Privacy Protection Act] and I think with that going into effect on January 1 we’re going to see that there’s probably going to be more emerging new standards for certifications for protections and personal information handling already the ISO 27001 was revised in 2019 and previously was only revised in 2014 so I think protection of personal data is going to be a paramount part of our roadmap and in 2020 we’re looking very closely at doing high-trust certification and beginning implementation for Fedramp.

Go to Original Article
Author:

Two attacks on Maze ransomware list confirmed

Two attacks found on the Maze ransomware list have been confirmed.

The original list of alleged Maze ransomware victims, posted earlier this month, included seven possible victims, as well as sample files the group claimed were stolen during the attacks and a full 3 GB dump from one company. SearchSecurity discovered two more companies were added to the Maze ransomware victim’s list, one of which had previously confirmed a ransomware attack.

On Dec. 13, Busch’s Fresh Food Markets, an independently owned supermarket chain based in Michigan, disclosed that it was the victim of a ransomware attack on Dec. 9. Busch’s asserted it there was no evidence that payment card data was compromised and that they believed “this ransomware was only designed to lockdown our internal systems and interrupt our business, not to steal data.” Busch’s also detailed the reasons it didn’t pay the ransom.

“First, even if we had paid the ransom, there was no guarantee that we would ever actually get access to our systems again. Second, if we had paid them it was more likely that they would try and extort us again,” Busch’s wrote in a blog post. “Finally, we chose not to pay because doing so would perpetuate this type of behavior and give them funds to go after other companies.”

Busch’s spokesperson had not responded to SearchSecurity’s request for comment at the time of this post, so the validity of the documents leaked by Maze could not be confirmed.

On Wednesday, Canadian insurance firm Andrew Agencies Ltd., one of the original companies listed on the Maze ransomware site, admitted to being hit with ransomware.

Dave Schioler, executive vice president and general counsel for Andrew Agencies, confirmed in an email to CTV News that the company was the victim of a ransomware attack and said the company did not pay the ransom. Schioler did not mention the Maze gang, but the threat group contacted Lawrence Abrams, CEO of BleepingComputer, to provide more proof it was behind that attack. 

The stated goal of the victim’s list published by Maze was to pressure companies to pay the ransom, but it is unclear how successful the group has been with that goal. The two new names added to the list add up to nine possible victims that have not paid, but only two of those companies have even admitted to being attacked. There is no information on how many organizations were hit with Maze ransomware and did pay the ransom.

Go to Original Article
Author:

For Sale – LG 34WK95U 34″ 5120X2160 HDR600 Monitor – nearly new & Asus PG279Q

Bought this a while ago for work and photo editing, but don’t need it.

Hasn’t been used much at all.

All in perfect condition, with original box.

Collection preferred, but could be shipped.

£780

WD HDDs now sold

Asus PG279Q

Well used, good condition (should have wiped before picture, but it will come clean), no box, collection only.

£400

Go to Original Article
Author:

For VMware, DSC provides ESXi host and resource management

PowerShell Desired State Configuration has been a favorite among Windows infrastructure engineers for years, and the advent of the VMware DSC module means users who already use DSC to manage Windows servers can use it to manage VMware, too. As VMware has continued to develop the module, it has increased the numbers of vSphere components the tool can manage, including VMware Update Manager.

DSC has been the configuration management tool of choice for Windows since it was released. No other tool offers such a wide array of capabilities to manage a Windows OS in code instead of through a GUI.

VMware also uses PowerShell technology to manage vSphere. The vendor officially states that PowerCLI, its PowerShell module, is the best automation tool it offers. So, it only makes sense that VMware would eventually incorporate DSC so that its existing PowerShell customers can manage their assets in code.

Why use DSC?

Managing a machine through configuration as code is not new, especially in the world of DevOps. You can write a server’s desired state in code, which ensures you can quickly resolve any drift in configuration by applying that configuration frequently.

In vSphere, ESXi hosts, in particular, are the prime candidates for this type of management. An ESXi host’s configurations do not change often, and when they do happen to change, admins must personally make that change. This means any change in the DSC configuration will apply to the hosts.

You can use this tool to manage a number of vSphere components, such as VMware Update Manger and vSphere Standard Switch.

How the LCM works

In DSC, the LCM makes up the brains of a node.

In DSC, Local Configuration Manager (LCM) makes up the brains of a node. It takes in the configuration file and then parses and applies the change locally.

ESXi and vCenter do not have LCM, so in the context of vSphere, you must use an LCM proxy, which runs as a Windows machine with PowerShell v5.1 and PowerCLI 10.1.1.

Installing the module

Installing the module is simple, as the DSC module is part of PowerShell Gallery. It only takes a single cmdlet to install the module on your LCM proxy:

C:> Install-Module -Name VMware.vSphereDSC

Updating the module when Windows releases additional versions is also a simple task. You can use the Update-Module cmdlet in PowerCLI:

C:> Update-Module vmware.vspheredsc

Resources

DSC ties a resource to a particular area of a system it can manage. The DSC module vmware.vspheredsc, for example, can manage various aspects of vSphere, such as the following:

C:Usersdan> Get-DscResource -Module vmware.vspheredsc | Select NameName
----
Cluster
Datacenter
DatacenterFolder
DrsCluster
Folder
HACluster
PowerCLISettings
vCenterSettings
vCenterStatistics
VMHostAccount
VMHostDnsSettings
VMHostNtpSettings
VMHostSatpClaimRule
VMHostService
VMHostSettings
VMHostSyslog
VMHostTpsSettings
VMHostVss
VMHostVssBridge
VMHostVssSecurity
VMHostVssShaping
VMHostVssTeaming

Many such resources are associated with ESXi hosts. You can manage settings such as accounts, Network Time Protocol and service through DSC. For clusters, manage settings such as HAEnabled, Distributed Resource Scheduler and DRS distribution. You can view the resources DSC can manage with the Get-DSCResource cmdlet:

C:> Get-DscResource -Name Cluster -Module vmware.vspheredsc -Syntax
Cluster [String] #ResourceName
{
[DependsOn = [String[]]]
[PsDscRunAsCredential = [PSCredential]]
Server = [String]
Credential = [PSCredential]
Name = [String]
Location = [String] DatacenterName = [String]
DatacenterLocation = [String]
Ensure = [String]
[HAEnabled = [Boolean]]
[HAAdmissionControlEnabled = [Boolean]]
[HAFailoverLevel = [Int32]]
[HAIsolationResponse = [String]]
[HARestartPriority = [String]]
[DrsEnabled = [Boolean]]
[DrsAutomationLevel = [String]]
[DrsMigrationThreshold = [Int32]]
[DrsDistribution = [Int32]]
[MemoryLoadBalancing = [Int32]]
[CPUOverCommitment = [Int32]]
}

With the capabilities of DSC now available to VMware admins, as well as Windows admins, they can control a variety of server variables through code and make vSphere and vCenter automation easy and accessible. They can apply broad changes across an entire infrastructure of hosts and ensure consistent configuration.

Go to Original Article
Author:

Google expands multiple Chrome password protection features

Google’s Chrome browser will now warn users if their passwords have been exposed in a data breach.

Google this week expanded Chrome password protection features, which are intended to reduce the risk of phishing sites that prompt users to enter their passwords and other sensitive information, according to the company. New protections, which were introduced Tuesday for Chrome 79, include stolen password warnings, real-time and predictive phishing protections and new profile representations for shared devices.

Phishing attacks and data breaches are on the rise. According to the 2019 State of the Phish Report by Proofpoint, 83% of information security professionals surveyed said they experienced phishing attacks in 2018, up from 76% who said the same in 2017.

New Chrome password protection features

Previously, Google offered Chrome password protection extensions such as Password Alert and Password Checkup that warn users if they enter a username and password that are no longer safe because they appear in a data breach known to the company. In October, the Password Checkup extension became a feature in Google Account’s built-in password manager and the Chrome browser where users can conduct a scan of their saved passwords.

According to blog post by AbdelKarim Mardini, senior product manager, Google now offers warnings as users browse the web in Chrome. When users enter their credentials into a website, Chrome will alert them if their username and password have been compromised in a data breach and recommend that they change their credentials.

Chrome's stolen password warning on mobile
Chrome’s stolen password warning on mobile

Users can control this feature in Chrome Settings under Sync and Google Services.

In addition, Google enhanced its list of known phishing domains. Google Safe Browsing maintains a list of malicious websites that was previously updated every 30 minutes, which allowed some phishing campaigns that quickly switch their domains to slip through. With this week’s update, Chrome now checks any site a user visits on desktop in real time, removing the 30-minute delay, and offers phishing warning for unsafe sites.

Chrome's alert of suspected phishing sites
Chrome’s alert of suspected phishing sites

According to Google, this feature is enabled to users who turn on the “Make searches and browsing better” setting in Chrome.

Chrome also expanded its predictive phishing protection, which is intended to warn users who are signed in to Chrome and have Sync enabled if they enter their Google Account passwords into a site suspected of phishing by Google.

Tuesday’s update expands the protection to users who are signed in to Chrome but do not have Sync enabled. The feature will also work for all passwords stored in Chrome’s password manager.

The new sign-in indicator in Chrome
The new sign-in indicator in Chrome

Lastly, Chrome will now show the photo and username of the profile that a user is currently using on a device. The feature is intended to help users make sure they are creating and saving passwords to the right profile when using Chrome’s password manager, according to the company.

Go to Original Article
Author:

For Sale – Macbook Pro 13 2015 8GB Ram 256GB Mint Condition Boxed

Macbook Pro 13″ 2015 is up for sale.

It was purchased in August 2016. Been used very occasionally. It is in amazing mint condition with no signs of use whatsoever. Screen replaced by Apple recently so it is brand new.

It only has a cycle count of 66 on it’s original battery.

The specs are as follows :

MacBook Pro Early 2015
13.3″ model with RETINA Display
i5 CPU with 2.7GHZ speed
8GB of RAM
256GB FLASH SSD

Will be reset and updated to latest Mojave build.
Would be perfect Christmas present for someone.

Will get it posted insured.

Go to Original Article
Author: