Tag Archives: products

Dell EMC Isilon file storage floats into Google public cloud

Dell EMC spun out a flurry of cloud initiatives to bolster one of the few areas where its products lag competing storage vendors.

The infrastructure vendor teamed with Google to make its Dell EMC Isilon OneFS file system available for scale-out analytics in the Google Cloud Platform (GCP). Dell EMC said Google cloud customers can scale up to 50 petabytes of Isilon file storage in a single namespace, with no required application changes.

The managed NAS offering uses Google compute to run software instantiations of Isilon OneFS. The service is part of Dell Technologies Cloud, an umbrella branding for Dell EMC’s cloud options. This is Google’s second major foray into file system storage within the last year. It acquired startup Elastifile, whose scale-out system is integrated in Google Cloud Filestore.

Dell Technologies Cloud hybrid cloud infrastructure enhancements also include native Kubernetes integration in VMware vSphere, along with more flexible compute and storage options.

File storage written for cloud

Dell EMC allows customers to tier local file storage to all three public cloud providers via its Isilon CloudPools, but the Google partnership is its first effort at writing OneFS specifically for cloud-native workloads. AWS has the largest market share of the public cloud market, followed by Microsoft Azure and Google Cloud Platform.

Dell did not address if it plans similar integrations with AWS or Microsoft Azure, but it represents a likely path, especially as enterprises deploy multiple hybrid clouds. File pioneer NetApp started offering cloud-based versions of its OnTap operating system several years ago, while all-flash specialist Pure Storage recently added file services to its block-based FlashArray flagship array. Hewlett Packard Enterprise also sells file services in the cloud on ProLiant servers through an OEM deal with Qumulo, whose founders helped to engineer the original Isilon NAS code.

Dell has to continue to execute on this strategy with the other major cloud providers. This can’t be a one-and-done.
Matt EastwoodSenior vice president of enterprise infrastructure, IDC

“Dell has to continue to execute on this strategy with the other major cloud providers. This can’t be a one-and-done [with Google]. We’ll need to see more improvements from Dell in the next six to 12 months to show they are able to bring their file storage technologies to the cloud,” said Matt Eastwood, a senior vice president of enterprise infrastructure at IDC.

Although Dell and Google publicly acknowledged a beta version in 2018, the formal OneFS cloud launch comes a little more than one year after Thomas Kurian took over as CEO at Google Cloud Platform. An interesting twist would be noteworthy if Kurian’s arrival helped spur the Dell product development: George Kurian, his twin brother, and CEO at NetApp, has said Dell is “years behind” NetApp’s Data Fabric strategy.

Brian Payne, a Dell EMC vice president, said enterprises have struggled to run traditional file systems that fully exploit Google’s fast compute services for analyzing large data sets. Enterprises can purchase the cloud version of Dell EMC Isilon OneFS with the required compute services in the Google Compute Platform portal.

“We found that customers are using Google to run their AI engines or data services, and we paired with Google to help them process and store very large content files in Isilon,” Payne said.

Node requirements flexed for Dell Technologies Cloud

Dell’s strategy has evolved on how to unify is hybrid cloud offerings with public cloud technologies, although its ownership of VMware provides assets supported by Dell EMC storage competitors.

Dell Technologies Cloud integrates VMware Cloud Foundation (VCF) and Dell EMC VxRail hyper-converged infrastructure as a combined stack to run workload domains, software-defined storage, software-defined networking and virtualized compute. Customers can buy Dell Technologies Cloud and manage it locally or as an on-demand service.

VMware Cloud Foundation 4.0 includes native Kubernetes integration that allows container orchestration to be managed in vSphere. The Kubernetes piece is part of Project Pacific, the code name for a major redesign of the vSphere control plane. Payne said it allows cloud-native workloads to run directly on the Dell Technologies Cloud platform, with Dell handling lifecycle management.

Dell Technologies On Demand offers the same services as a consumption license. Payne said Dell’s new entry requirement is a minimum of four nodes, down from eight nodes, and users can scale capacity across multiple racks.

The Dell Technologies Cloud binge includes updates to Dell EMC SD-WAN software-defined networking, based on the VeloCloud technology VMware acquired in 2017. Dell also added support for Dell EMC PowerProtect Cyber Recovery data protection to VMware Cloud, which uses Dell EMC storage to extend private IaaS deployments to public clouds.

Go to Original Article

Parallels RAS pushes remote work flexibility

The sudden transition to remote work has created a demand for application and desktop virtualization products that, like Parallels Remote Application Server, will work with whatever device an employee has on hand.

Representatives from the application and desktop virtualization vendor said the COVID-19 outbreak has pushed both new and existing customers to seek flexibility as they strive to handle the unprecedented work-from-home situation.

The Parallels Remote Application Server (RAS) software can be deployed on multiple types of devices — from Macs to Chromebooks and from iPads to Android phones. The company released Parallels RAS 17.1 in December 2019, updating provisioning options and including new multi-tenant architecture possibilities.

John UppendahlJohn Uppendahl

John Uppendahl, vice president of communications at Parallels, said the product compares to offerings from Citrix and VMware.

“You can be up and running in less than an hour and deploying virtual Windows desktop applications to any device in less than a day,” Uppendahl said.

Shannon KalvarShannon Kalvar

Shannon Kalvar, research manager at IDC, listed Parallels among the virtual client computing market’s major players in his 2019-2020 vendor assessment, noting that customers praised its ease of management and ability to work across a range of devices. He said the sudden interest in remote work technology is driving up demand for the companies that provide it.

“Everybody’s phone is ringing off the hook,” he said. “Everybody’s flat out.”

A need for flexibility

Victor Fiss, director of sales engineering at Parallels, said COVID-19 drove many of its customers to seek temporary licenses for hundreds of additional employees. Parallels RAS can run on premises, on the Azure and AWS public clouds and in a hybrid environment, he said, giving existing customers flexibility in expanding.

Victor FissVictor Fiss

“A lot of our customers that are running on-prem are now adding 300, 400 users out of the blue because of COVID-19,” he said, adding that hybrid options have been enticing because they provide capacity without affecting the employee’s experience.

With Parallels RAS, he said, deployment is not only fast, according to the vendor, but it also allows for more ways to get work done — like support for native touch gestures in virtual desktop environments.

“If you’re using a mobile device — iOS or Android — you’re not getting a shrunken-down desktop that’s screaming for a keyboard and mouse you don’t have,” Uppendahl said. “Instead, you’re seeing application shortcuts — you can add or remove shortcuts to any application that runs on Windows — and, when you launch it, it will launch in full screen.”

Deploying Parallels

Wayne Hunter, CEO of managed service provider AvTek Solutions, Inc., said he had used Parallels RAS to enable remote work for a client of his. He said that client, a bank, went from zero remote users to 150 in two days.

Wayne HunterWayne Hunter

“The main thing that makes it easy to use is that it’s easy to install, easy to configure, easy to set up,” he said. “You can go from having nothing installed to having a working system up in just a couple hours.”

Hunter said several factors make Parallels RAS advantageous for IT professionals. The product’s ease of deployment and management, he said, would be especially beneficial to small IT teams managing many users.

For end users, Hunter said, the ability of Parallels RAS to work on a variety of devices without hassle was a key selling point.

“It’s just like logging in at their office,” he said, noting that users would find their profiles, desktop backgrounds and files unaffected by remote access. “It’s all there, just like it looked at the office.”

It can be challenging, Hunter noted, to ensure users have a proper device and high-speed internet connection at home to enable remote work. Parallels RAS, he said, eased those concerns.

“The beautiful part of Parallels RAS is [that] it doesn’t take much resources,” he said. “The software is very lightweight, so even some folks who didn’t have very good internet didn’t have any problems.”

An evolution of the virtualization market

Kalvar has spoken of a split in the virtualization market between the hosting of a desktop or application and fuller-featured workspace products. The pandemic’s work-from-home orders have furthered that divide; companies that are just beginning their efforts to change workflows through technology, he said, are more apt to explore traditional virtualization.

“For those [not far along with their business continuity plans], this is going to be an 18-month business continuity disaster,” he said. “If you’re in a continuity situation, and you don’t already have a solution in play — because, if you did, the first thing you would do is try to expand it — I think you’re looking more at the vendors who went down the virtualization side of the road … just because their technology matches up with what you need.”

“What [those] people need is a really fast, really cheap way to get people working from home quickly,” he added.

Kalvar said businesses — especially those just looking to maintain continuity through the crisis — must seek products that are both easy to stand up and manage.

“You have to be flexible, particularly when you’re in that business continuity situation,” he said. “In operations, you’re always looking for good enough, not perfect.”

“You’re looking for, ‘This solution meets enough of my criteria … at the lowest cost,'” he added.

Go to Original Article

Cisco security GM discusses plan for infosec domination

Cisco believes CISOs are overwhelmed by too many security products and vendors, and the company introduced a new platform, ominously code-named Thanos, to help enterprises.

But despite being named after the Marvel Comics megavillain, Cisco’s SecureX platform isn’t necessarily designed to wipe out half of all existing security products within enterprise environments. Instead, Cisco is taking a different approach by opening up the platform, which was unveiled last month, and integrating with third parties.

Gee Rittenhouse, senior vice president and general manager of Cisco’s Security Business Group (SBG), said the aim of SecureX is to tie not only Cisco products together, but other vendor offerings as well. “We’ve been working really hard on taking the security problem and reducing it to its simplest form,” he told SearchSecurity at RSA Conference 2020 last month.

That isn’t to say that all security products are effective; many “are supposed to have a bigger impact than they actually do,” Rittenhouse said. Nevertheless, the SBG strategy for SecureX is to establish partnerships with third parties and invite them to integrate with the platform, he said, rather than Cisco trying to be everything to everyone. In this interview, Rittenhouse discusses the evolution of SecureX, how Cisco’s security strategy has shifted over the last decade and the company’s plan to change the infosec industry.

Editor’s note: This interview was edited for clarity and length.

How did the idea for SecureX come about?

Gee Rittenhouse CiscoGee Rittenhouse

Gee Rittenhouse: We thought initially if we had a solution for every one of the major threats vectors — email, endpoint, firewalls, cloud, etc. — for one vendor, Cisco, then that would be enough. You buy Cisco networking and you buy Cisco security and that transactional model will simplify the industry. And we realized very quickly that didn’t do anything except put a name on a box. Then the second thing we thought was this: What happens if we take all these different things and integrate the back end together so that when I see a threat on email, I can block on my endpoint? We stitch all this together [via the SecureX framework] on behalf of the customer, and not only does the blocking happen automatically but you also get better protection and higher efficacy. We’d tell people we had an integrated architecture. And the customers would look at us and say ‘Really? I don’t feel that. You’ve got a portal over here, and a portal over there’ and so on. And we’d say, ‘Look, we’ve worked for three years integrating this together and we have the highest efficacy.’ And they’d say, ‘Well, everybody has their numbers …’

About a couple of years ago, we said we’ve simplified the buying model and simplified the back end. Let’s try to simplify the user experience. But you have to be very careful with that. The classic approach is to build a platform, and everyone jumps on the platform and if you only have Cisco stuff, life is great. But, of course, there are other platforms and other products. We wanted to be precise about how we do this, so we picked a particular use case around investigations. It’s an important use case. We built this very simple investigation tool [Cisco Threat Response] that you can think about as the Google search of security. Within five seconds, you can find out that you don’t have [a specific threat] in your environment, or yes, you do and here’s how to block it and respond. The tool had the fastest rate of adoption of any of our products in Cisco’s history. It’s massively successful. More than 8,000 customers use it every day as their investigation tool.

Were you expecting that kind of adoption for Cisco Threat Response?

Rittenhouse: No. We were not. There were two things we weren’t expecting. We weren’t expecting the response in terms in usage. We thought there’d be a few customers using it. The other thing that we didn’t expect was a whole use community came together to, for example, integrate vendor X into the tool and publish the connectors on GitHub. A whole user community has evolved around that platform and extended the capability of it. In both cases, we were quite surprised.

When we saw how that worked, saw the business model, and we understood how people consumed it, we attached it to everything and then said ‘Let’s take the next step’ with analytics and security postures. We asked what a day in the life for security professional was. They’re flooded with noise and threats and alerts. They have to be able to decipher all of that — can the platform do that automatically on their behalf? That’s what we’re doing with SecureX, and the feedback has been super positive

What kind of feedback did you get from customers prior to Cisco Threat Response and SecureX? Did they have an idea of what they wanted?

There is only a handful of true, successful platform businesses in the world; it’s very hard to attract that community and achieve that scale.
Gee RittenhouseSVP and GM, Cisco

Rittenhouse: There was a lot of feedback from customers who asked us to make the front end of our portfolio simpler. But what does that actually mean? It was very generic feedback. And in fact, we struggled with the ‘single pane of glass’ approach. What typically happens with that approach is you try to do everything through it, and all of the sudden that portal becomes the slowest part of the portfolio. This actually took a lot of time and a lot of conversations with customers on how they actually work. We engaged a lot of them with design thinking, and Cisco Threat Response was the first thing to come out of those discussions, and then SecureX.

And I want to make the distinction between a platform and a single pane of glass or a portal. And we very much think of SecureX as a platform. And when you think about a platform, it’s usually something that other people can build stuff on top of, so the value to the community is other people’s contributions to it, and you get a multiplier effect. There is only a handful of true, successful platform businesses in the world; it’s very hard to attract that community and achieve that scale.

Like other recent studies, Cisco’s [2020] CISO Benchmark Report showed that many CISOs feel they have too many security products and are actively trying to reduce the number of vendors they have. Other vendors have talked about this trend and are trying to capitalize on it by becoming a one-stop security shop and pushing out other products. But with SecureX, it sounds like you’re taking a different approach by welcoming third-party vendors to the platform and being more open.

Rittenhouse: We would encourage the industry as a whole to be more open. In fact, the industry is not very open at all. One of the benefits to being open is the ability to integrate. In today’s industry, for example, let’s say you’re a security vendor and your technology says a piece of malware is a threat level 5, and I say it’s a level 2. And you’re integrated into our platform, and you’re freaking out because it’s a level 5. I ask you, ‘Rob, why do you think this? What’s the context around this? Share more.’ And until you have that open interface and integration, I just sit there and say, ‘For some reason, this vendor over here claims it’s big, but we don’t see it'”

So yes, we’re open. And I would anticipate the user experience with Cisco security products integrated together will be very different than what you would get with third parties integrated until they start to share more. And this is one of the issues you see in the SIEM and SOAR markets; they become data repositories for investigations after you get attacked. What actually happened? Let’s go back into the records and figure it out. Because of the data fidelity and the real-time nature [of SecureX] this is something you interact with immediately. It can automatically trace threats and set up workflows and bring in other team members to collaborate because you have that integrated back end.

Cisco has said it’s the biggest security vendor in the world by revenue, but most businesses probably still associate the company with networking. Now that SecureX has been introduced, what’s the strategy moving forward?

Rittenhouse: We’ve spent a lot of time on the messaging. I think more and more people recognize we’re the biggest enterprise security company. In many ways, our mission is to democratize security like [Duo Security’s] Wendy Nather said, so we want to make it invisible. We don’t want to be sending the message that you have to get this other stuff to be secure. We want it to be built into everything we do.

There’s been a lot of mergers and acquisitions, especially by companies looking to increase their infosec presence. But Wendy talked during her keynote about simplifying security instead adding product upon product. But it doesn’t sound like you’re feeling the pressure to do that.

Rittenhouse: No. We are not a private equity firm. We buy things for a purpose. And when we buy something, we’ll be happy to tell you why.

Go to Original Article

Top 5 ERP software for small businesses

As ERP software providers have created cloud-based versions of their products, they’ve opened up these capabilities to small businesses.

The per-user, per-month pricing model makes ERP software more accessible to small businesses, and running it in the cloud means that they don’t need to invest in servers or IT staff to deploy, manage and troubleshoot it.

ERP software is ideal for small businesses that have outgrown their spreadsheets, paper-based systems or general small business accounting software. These software systems are now more widely available to businesses that had outgrown spreadsheets or small business accounting software and are looking for something that could better handle accounting, customer relationship management and other business functions.

There’s no hard-and-fast rule as to when small businesses should switch to ERP software. But if they’re struggling with a lot of manual tasks, want to get a better picture of the financial health of their business and take advantage of analytics, it might be time to start evaluating different vendors. Some other indicators that it’s time to look at ERP software include spending too much time trying to integrate other software packages to get a full picture of inventory, supply chain and customers, as well as difficulty meeting customer demands.

Here are the top five ERP software choices for small businesses:


Aimed squarely at small businesses in the distribution, wholesale, retail and services sector, OnCloud ERP is a fully cloud-based ERP software product. The OnCloud ERP suite of applications includes the expected accounting modules for real-time information on cash flow, as well as sales, inventory, purchase order and receipt tracking, inventory management and production planning. Add-on modules provide the ability to manage payroll, track and maintain assets, leverage CRM functions like lead tracking and manage projects.

One of the most attractive features for small businesses is that companies can implement OnCloud ERP without an IT department and uses a single platform for all the ERP functions. The software also offers mobile device and remote access capabilities.

OnCloud ERP offers a free trial for 14 days. Pricing starts at $10 per user per month for the “StartUp” plan, with a minimum of five users.

Microsoft Dynamics Business Central

While Microsoft Dynamics 365 is geared toward larger businesses, Microsoft offers a Business Central application for small businesses. This product includes financials, supply chain management, customer service and project management in one product.

The analytics capabilities in Business Central include the ability to connect data across accounting, sales, purchasing, inventory and customer transactions, then run reports in real-time using business intelligence dashboards. The product also enables users to access data modeling and analysis to create financial forecasts.

Because it’s a Microsoft product, users can integrate the product with Excel, Word, Outlook and Azure. Microsoft also offers pre-built add-on products like Continia Document Capture 365 for recognizing documents and approving invoices and Jet Reports to create financial reports inside Excel.

The pricing model is a per-user, per-month fee, based on whether the company chooses a basic or premium version. Microsoft delivers Business Central entirely in the cloud, and the vendor also offers a mobile application for remote access.

Oracle NetSuite

While Oracle markets NetSuite as ideal for businesses of any size, where NetSuite really shines is with smaller businesses. It’s an all-in-one software suite that includes financials, customer service and e-commerce capabilities, so small business owners don’t have to figure out how to use APIs to connect different software packages. NetSuite also packages analytics in with its ERP software to provide insight into how the business is performing, using key performance indicators.

NetSuite is delivered entirely in the cloud, on the NetSuite Cloud Platform. This enables organizations to add other applications and modules — such as SuitePeople, its human capital management system — to the software. The product is billed as good for manufacturing, media and publishing, nonprofit, retail, services, advertising, distribution and wholesale and software industries.

Potential users must contact NetSuite for pricing information.

Sage Intacct

The focus of Sage Intacct is finance and accounting, and Sage bills it as being “built for finance by finance.” Some of the features it offers includes the ability to automate complex processes, analyze data, create structured transactions and approvals, and manage multiple currencies and locations. It also provides the ability to track multiple accounts in real-time.

For companies that want to extend Sage Intacct beyond core financial functions, the software offers modules for fixed assets, inventory management, and time and expense management, among others. It also offers web services in the form of APIs to integrate with other software systems, as well as a built-in Salesforce integration.

Sage Intacct is priced on a quote basis and is cloud-based.

SAP Business One

As SAP’s ERP product for small businesses, SAP Business One is a single suite that includes financial management, sales and customer management, purchasing and inventory control, and analytics and reporting capabilities. It also includes a mobile access module so that users can check inventory, manage sales and service, and complete approvals from iOS or Android devices.

Companies can customize SAP Business One for their industries, including consumer products, manufacturing, retail, wholesale distribution and professional services. The can also customize the software using application extensions from SAP partners, create web applications that run on desktops or mobile devices, and use self-service options within SAP Business One to create additional fields, tables and forms.

Unlike a lot of other small business ERP products, companies can implement SAP Business One on premises. It’s also delivered in a cloud-based model, priced on a per-user, per-month basis. It’s sold exclusively through SAP partners.

ERP selection advice

Before beginning the ERP software evaluation process, small business leaders need to first identify the business problems they’re trying to solve. They will also want to audit their existing processes to see if the ERP system they’re considering has these processes built in or will let them create workflows.

As small businesses begin the evaluation process, it’s important to keep in mind what the company actually needs and what it can support. Most of these systems will let companies add users as needed, as well as extend capabilities using APIs. These top five ERP software for small business have features that go beyond basic accounting and let small businesses compete with larger companies, using tools that previously were not affordable.

Go to Original Article

Mammoth March Patch Tuesday lands on Windows admins

For the second month in a row, Microsoft doled out a hefty batch of fixes for its products on March Patch Tuesday, resolving 115 unique vulnerabilities that center mostly around the Windows OS and its various web browser applications.

This month’s slate of fixes eclipsed the 99 vulnerabilities Microsoft addressed last month. All told, March Patch Tuesday corrected 26 critical vulnerabilities and 88 bugs rated important. Affected products include Windows, both the HTML-based and Chromium-based Edge browsers, the ChakraCore JavaScript engine, Internet Explorer, Exchange Server, Microsoft Office, Azure DevOps and Azure, Windows Defender, Visual Studio, Microsoft Dynamics and open source projects.

Despite the sheer number of flaws to address, administrators do not have to worry about any zero-day exploits or public disclosures this month. The other good news is most of the bugs are clustered in the Windows and browser products. Of the 115 vulnerabilities, 18 are in the browser and 79 are in the Windows OS.

Now that Microsoft packages its patches in a single monthly rollup rather than individual updates, administrators now have a simpler “all or nothing” choice with patch deployment. In the previous servicing model, which Microsoft ended in late 2016, administrators had the flexibility to choose which patches to apply to different systems. 

“The cumulative model plugs those gaps effectively, so that’s the positive. There are fewer holes in the average environment because one thing people overlook is most of the exploits that are happening are in software that’s months, if not years old,” said Chris Goettl, director of product management and security at Ivanti, a security and IT management vendor based in South Jordan, Utah. 

Chris Goettl, director of product management and security, IvantiChris Goettl

The monthly rollup contains fixes for security flaws, corrections for web browsers and quality updates. Each monthly rollup supersedes the previous month. The downside to the cumulative model is a faulty patch can disable a system, which makes administrators more likely to hold off on deployment until they can do a thorough test.

“Microsoft’s cumulative model makes it more of an all-or-nothing, especially for the OS. It does force people to update it. The challenge comes into play in those cases where companies have more sensitive environments to patching where they let time be more of an element,” Goettl said. 

Microsoft Outlook preview pane could be a threat launchpad

Aside from the browser and OS vulnerabilities, administrators will want to focus on a critical remote code execution vulnerability (CVE-2020-0852) in Microsoft Word which uses the Microsoft Outlook preview pane as the attack vector, Goettl said. In one scenario, an attacker could send a specially crafted document in an email to a user who, if they view the file in the Outlook preview pane, would run code at the security level of that user. 

“That [vulnerability is] a piece of low-hanging fruit for a threat actor if they can exploit the preview pane. That makes their job a lot easier,” Goettl said. 

Administrators will also want to look at a moderate information disclosure vulnerability (CVE-2020-0765) in the Remote Desktop Connection Manager. There are no fixes for this bug because Microsoft no longer develops this application. Microsoft recommends users switch to a supported Microsoft Remote Desktop client version. 

In addition to the March Patch Tuesday updates, administrators should be aware that most of the supported Windows OSes on the client and server side have a servicing stack update. Microsoft does not include these with the monthly rollups and recommends installing servicing stack updates before applying the latest cumulative update.  

Vulnerability from February rears its head

Administrators of organizations that use on-premises Exchange Server for email and have a lengthy test and deploy for patching might want to pick up the pace if they haven’t installed February’s security updates for the messaging product. Microsoft fixed a remote-code execution bug (CVE-2020-0688) in Exchange Server in its February Patch Tuesday releases, but companies that lag in their patching efforts could find themselves in trouble if a persistent hacker finds a way to get inside their systems to launch an exploit.  

On Feb. 25, Simon Zuckerbraun, a security researcher at Trend Micro’s Zero Day Initiative, posted a blog that offered deeper insights into how the vulnerability worked with an accompanying video that demonstrated how to trigger the exploit. 

“Microsoft rated this as Important in severity, likely because an attacker must first authenticate. It should be noted, however, that within an enterprise, most any user would be allowed to authenticate to the Exchange server,” wrote Zuckerbraun. “Similarly, any outside attacker who compromised the device or credentials of any enterprise user would be able to proceed to take over the Exchange server. Having accomplished this, an attacker would be positioned to divulge or falsify corporate email communications at will.”

The same day, another security researcher, Kevin Beaumont — who recently joined Microsoft to work on its Microsoft Threat Protection product — tweeted about Zuckerbraun’s blog and posted updates showing an uptick in threat actors scanning for susceptible internet-facing Exchange servers. 

This caught has caught the attention of the U.S. government. Not only did the National Security Agency issue a warning from its Twitter account on March 6 but the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) reinforced the importance of patching in a bulletin released on March Patch Tuesday.

“Although Microsoft disclosed the vulnerability and provided software patches for the various affected products in February 2020, advanced persistent threat actors are targeting unpatched servers, according to recent open source reports,” wrote the CISA. 

This type of vulnerability and the groundswell of attention it picked up online shows administrators not only need to be technical experts but also social media savants to pick up what’s trending online to steer their patching priorities.

“Knowing things like what’s actively being exploited and keeping more continuous cycle around evaluating and resolving vulnerabilities is definitely more important nowadays,” Goettl said.

Go to Original Article

Threat actors scanning for vulnerable Citrix ADC servers

An unpatched vulnerability in Citrix Application Delivery Controller and Citrix Gateway products has become the target of scans by potential threat actors.

Kevin Beaumont, a security researcher based in the U.K., and Johannes Ullrich, fellow at the SANS Internet Storm Center, independently discovered evidence of people scanning for Citrix ADC and Gateways vulnerable to CVE-2019-19781 over the past week.

Citrix disclosed the vulnerability on Dec. 17, which affects all supported versions of Citrix ADC and Citrix Gateway (formerly NetScaler and NetScaler Gateway, respectively.) Citrix warned that successful exploitation could allow an unauthenticated attacker to run arbitrary code and urged customers to apply mitigation techniques because a patch is not yet available.

Beaumont warned this could “become a serious issue” because of the ease of exploitation and how widespread the issue could be.

“In my Citrix ADC honeypot, CVE-2019-19781 is being probed with attackers reading sensitive credential config files remotely using ../ directory traversal (a variant of this issue). So this is in the wild, active exploitation starting up,” Beaumont wrote on Twitter. “There are way more boxes exposed than Pulse Secure, and you can exploit to RCE pre-auth with one POST and one GET request. Almost every box is also still vulnerable.”

Researchers at Positive Technologies have estimated as many as 80,000 businesses in 158 countries could have vulnerable Citrix products.

Neither Beaumont nor Ullrich saw any public exploits of the Citrix ADC vulnerability, and Ullrich wrote in a blog post that he would not describe the scans as “sophisticated.”

However, Craig Young, computer security researcher for Tripwire’s vulnerability and exposure research team, wrote on Twitter he had reproduced a remote code exploit for the vulnerability and he would “be surprised if someone hasn’t already used this in the wild.”

Florian Roth, CTO of Nextron Systems, detailed a Sigma rule to detect exploitation of the Citrix ADC vulnerability, but Young noted that his functional exploit could “absolutely exploit NetScaler CVE-2019-19781 without leaving this in the logs.”

Young described how he developed the exploit but did not release any proof-of-concept code.

“VERT’s research has identified three vulnerable behaviors which combine to enable code execution attacks on the NetScaler/ADC appliance,” Young wrote in a blog post. “These flaws ultimately allow the attacker to bypass an authorization constraint to create a file with user-controlled content which can then be processed through a server-side scripting language. Other paths towards code execution may also exist.”

All researchers involved urged customers to implement configuration changes detailed in Citrix’s mitigation suggestions while waiting for a proper fix.

Citrix did not respond to requests for comment at the time of this writing and it is unclear when a firmware update will be available to fix the issue.

Go to Original Article

AWS Outposts vs. Azure Stack vs. HCI

Giants Amazon and Microsoft offer cloud products and services that compete in areas usually reserved for the strengths that traditional hyper-converged infrastructure platforms bring to the enterprise IT table. These include hybrid cloud offerings AWS Outposts, which Amazon made generally available late last year, and Azure Stack from Microsoft.

An integrated hardware and software offering, Azure Stack is designed to deliver Microsoft Azure public cloud services to enable enterprises to construct hybrid clouds in a local data center. It delivers IaaS and PaaS for organizations developing web apps. By sharing its code, APIs and management portal with Microsoft Azure, Azure Stack provides a common platform to address hybrid cloud issues, such as maintaining consistency between cloud and on-premises environments. Stack is for those who want the benefits of a cloud-like platform but must keep certain data private due to regulations or some other constraint.

AWS Outposts is Amazon’s on-premises version of its IaaS offering. Amazon targets AWS Outposts at those who want to run workloads on Amazon Web Services, but instead of in the cloud, do so inside their own data centers to better meet regulatory requirements and, for example, to reduce latency.

Let’s delve deeper into AWS Outposts vs. Azure Stack to better see how they compete with each other and your typical hyper-converged infrastructure (HCI) deployment.

hybrid cloud storage use cases

What is AWS Outposts?

AWS Outposts is Amazon’s acknowledgment that most enterprise class organizations prefer hybrid cloud to a public cloud-only model. Amazon generally has acted solely as a hyperscale public cloud provider, leaving its customers’ data center hardware needs for other vendors to handle. With AWS Outposts, however, Amazon is — for the first time — making its own appliances available for on-premises use.

AWS Outposts customers can run AWS on premises. They can also extend their AWS virtual private clouds into their on-premises environments, so a single virtual private cloud can contain both cloud and data center resources. That way, workloads with low-latency or geographical requirements can remain on premises while other workloads run in the Amazon cloud. Because Outposts is essentially an on-premises extension of the Amazon cloud, it also aims to ease the migration of workloads between the data center and the cloud.

What is Microsoft Azure Stack?

Although initially marketed as simply a way to host Azure services on premises, Azure Stack has evolved into a portfolio of products. The three products that make up the Azure Stack portfolio include Azure Stack Edge, Azure Stack Hub and Azure Stack HCI.

Azure Stack Edge is a cloud-managed appliance that enables you to run managed virtual machine (VM) and container workloads on premises. While this can also be done with Windows Server, the benefit to using Azure Stack Edge is workloads can be managed with a common tool set, whether they’re running on premises or in the cloud.

Azure Stack Hub is used for running cloud applications on premises. It’s mostly for situations in which data sovereignty is required or where connectivity isn’t available.

As its name implies, Azure Stack HCI is a version of Azure Stack that runs on HCI hardware.

AWS Outposts vs. Azure Stack vs. HCI

To appreciate how AWS Outposts competes with traditional HCI, consider common HCI use cases. HCI is often used as a virtualization platform. While AWS Outposts will presumably be able to host Elastic Compute Cloud virtual machine instances, the bigger news is that Amazon is preparing to release a VMware-specific version of Outposts in 2020. The VMware Cloud on AWS Outposts will allow a managed VMware software-defined data center to run on the Outposts infrastructure.

Organizations are also increasingly using HCI as a disaster recovery platform. While Amazon isn’t marketing Outposts as a DR tool, the fact that Outposts acts as a gateway between on-premises services and services running in the Amazon cloud means the platform will likely be well positioned as a DR enabler.

Many organizations have adopted hyper-converged systems as a platform for running VMs and containers. Azure Stack Edge may end up displacing some of those HCIs if an organization is already hosting VMs and containers in the Azure cloud. As for Azure Stack Hub, it seems unlikely that it will directly compete with HCI, except possibly in some specific branch office scenarios.

The member of the Azure Stack portfolio that’s most likely to compete with traditional hyper-convergence is Azure Stack HCI. It’s designed to run scalable VMs and provide those VMs with connectivity to Azure cloud services. These systems are being marketed for use in branch offices and with high-performance workloads.

Unlike first-generation HCI systems, Azure Stack HCI will provide scalability for both compute and storage. This could make it a viable replacement for traditional HCI platforms.

In summary, when it comes to AWS Outposts vs. Azure Stack or standard hyper-convergence, all three platforms have their merits, without any one being clearly superior to the others. If an organization is trying to choose between the three, then my advice would be to choose the platform that does the best job of meshing with the existing infrastructure and the organization’s operational requirements. If the organization already has a significant AWS or Azure footprint, then Outposts or Azure Stack would probably be a better fit, respectively. Otherwise, traditional HCI is probably going to entail less of a learning curve and may also end up being less expensive.

Go to Original Article

Siemplify looks to streamline security operations for enterprises

With the vast number of security products on the market and the growing amount of security data generated, enterprises face an uphill battle.

Siemplify, a startup based in New York, is aiming to make that hill easier to climb with its security operations platform, which the company hopes will be a Salesforce-like hub for security professionals. Siemplify’s platform is designed to tie various third-party products together and streamline the data for enterprises.

Nimmy Reichenberg, chief strategy officer at Siemplify, explained the company’s mission to provide an all-in-one spot for SOC teams to get their work done, as well as the relationship between SOAR and SIEM and why security product integration is becoming harder to accomplish.

Editor’s note: This interview has been edited for length and clarity.

Tell me the story of how Siemplify was founded.

Nimmy Reichenberg: Siemplify was started by three people: Amos Stern, Alon Cohen and Garry Fatakhov. Basically, all of them have security operations experience from the Israeli Defense Force. All three of them went to work for a government defense contractor, and what they did is train SOCs all over the world, so they trained dozens and dozens of both civilian and security operations teams on how to better deal with cyberthreats. Through this work, it became very clear to them that the way that security operations teams work is highly flawed. There are so many things that can be improved about how these teams work, and they had this idea: why don’t we build this product and start a company that will solve what we’re seeing from training security operations teams around the world? And they founded Siemplify.

What does Siemplify do?

Reichenberg: What we essentially provide is security operations platform. The easiest way to describe our vision is that just like how Salesforce is a platform that sales professionals work on or Workday is what human resources professionals use to get their work done, Siemplify is the platform where security operations teams log on in the morning and get their work done. We provide a security operations platform. A big component of what we provide goes by SOAR, security orchestration automation and response, and that functionality basically has to do with building repeatable processes and integrating the various tools security teams use to investigate threats and remediate threats using as much automation as possible. We know that there’s a huge shortage in security professionals these days so obviously there’s a lot of appetite in automating anything that can be done.

Do you think SOAR is making SIEM tech obsolete or is SIEM tech being integrated into SOAR?

Reichenberg: SOAR is definitely a complementary solution to SIEM. SIEMs definitely have a place when it comes to storing all your logs, doing that initial analysis and correlation and firing off an alert to an analyst. That’s kind of what SIEMs do and that’s not going away. We could talk about next-gen SIEMs or there’s all these newer technologies but essentially that is what they do. SOAR tools take that alert and apply a process to it — encase it into case management, decide a playbook that walks the analyst through the steps of what actually needs to be done once that alert is fired, automate that, and provide machine learning.

Do you think it’s easier to integrate with other vendors’ security products today than it was five years ago?

Reichenberg: I would say the answer to that is no. One of the things that SOAR solutions do is act as a security fabric that connects all your tools, but the reason why it’s harder to integrate tools is that there’s just so many of them out there. The number of security tools out there is only growing. Nothing is going away, and everyone is still using the antivirus tools from 50 years ago only now there’s 50 products on top of that. Ten years ago, the average company maybe used a dozen or two dozen security tools. Now it’s pretty common to find companies that use 50, 60 or 90 different security tools throughout the company. So integrating tools is harder [today], and the reason is if I’m a new company and I built this new security tool and it’s great, do I really now want to invest the time and effort to make it agree with 500 other security tools? And the answer is I’m probably not going to do that. Our approach is we don’t detect anything bad; that’s a type of tool we integrate into our platform. Our job is to be that connecting tissue between all the different tools. We have over 200 integrations of tools already built into our platform, so we have well-connecting tissue, if you will, and apply a process of how all these tools actually work and apply a playbook that addresses each specific scenario in cybersecurity.

What do the next 12 months look like for the company?

Reichenberg: The category is exploding rapidly. The key thing for the next 12 months is scale. We have to scale everything about the company. Scale our processes, scale our go-to-market, et cetera. From a product perspective, what we’re working on is making the product easier to use in the market, and that’s kind of our differentiator — make it easy to address a wide variety of use cases.

How do you plan on utilizing your $30 million Series C?

Reichenberg: We’re going to do a pretty horizontal use of the money because we need to scale everything. Maybe a little more towards go-to-market — sales, marketing, customer success — because we’re adding a lot of customers, and the rest to R&D so it’s pretty horizontal.

Go to Original Article

4 cloud UC partnerships to watch in 2020

In 2019, unified communications vendors forged partnerships to integrate their products and plug holes in their portfolios.

Avaya and RingCentral came together to deliver cloud telephony to the midmarket, while Microsoft and Cisco reached a truce in the hopes of making it easier for users to join meetings across platforms.

Slack and Zoom inked a deal to align roadmaps, while Zoom and RingCentral agreed to keep bundling their calling and video services for at least another couple of years.

These cloud UC partnerships could bring significant new features to users and help the vendors involved stand out from the competition. But questions remain about exactly how each of them will play out in 2020 and beyond.


In October, Avaya and RingCentral announced a partnership to sell the latter’s UC-as-a-service offering to the former’s base of on-premises customers.

The new product, Avaya Cloud Office by RingCentral, is supposed to launch in the first quarter of 2020. Avaya’s resellers will attempt to sell it to the small and midsize businesses that currently use Avaya IP Office.

The deal followed reports that Avaya was in advanced talks with private equity firms interested in buying the company. Ultimately, the vendor opted to partner with a competitor that had been stealing its on-premises customers for years.

The partnership brings together a leading cloud vendor and an industry stalwart with one of the largest bases of customers in the industry. But many remain skeptical about how much the deal will benefit the two companies.

Analysts have questioned whether it was smart for RingCentral to partner with Avaya when it was already successfully recruiting the vendor’s customers.

Meanwhile, Avaya’s customers are waiting to find out how different the joint cloud product will be from RingCentral’s standard offering. Avaya has said it plans to enhance the product with extra features familiar to on-premises users.

“The big question is, can Avaya really sell cloud? They have not really been successful in the past,” said Zeus Kerravala, principal analyst at ZK Research. “Another question is, will Avaya customers embrace this?”


In November, longtime rivals Microsoft and Cisco revealed they were working together to enable better interoperability between their video conferencing room systems.

Businesses currently use third-party gateways to connect room systems. But the setup is unreliable and provides limited functionality in meetings.

In the future, Microsoft and Cisco room kits will load the other party’s app in a web browser. That will provide a native meeting experience and eliminate the need for a third-party gateway. The vendors expect to launch the feature in early 2020.

Microsoft is working with Zoom to enable the same kind of interoperability, a sign that the video conferencing industry could soon unite around the new method as a standard.

But cloud UC vendors have been promising to make joining meetings quick and easy for years. Large organizations will likely be taking a “wait and see” approach to the latest attempt to do so, said Dion Hinchcliffe, principal analyst at Constellation Research.

Meanwhile, Microsoft also said it would certify Cisco as a partner providing traditional gateway services for interoperability. Plus, it will let customers use Cisco’s session border controllers to support calling in Microsoft Teams.

The cooperation between Microsoft and Cisco is welcome news to the many large organizations that use a mix of technologies from both vendors. For Cisco, the initiative could be crucial in helping convince customers to keep their Webex video gear in place.

“What this shows you is that Microsoft is no longer afraid of Cisco,” Hinchcliffe said. “The bottom line is, Cisco wants to stay in the game. We are seeing Microsoft and Zoom winning a lot and having Cisco being pulled out.”


In April, Slack and Zoom announced that they would align product roadmaps and develop joint marketing strategies.

The team collaboration vendor and the video conferencing provider have maintained a close association for years. The deal reached in April made that relationship formal, bringing together two upstarts that have disrupted their respective markets.

One aspect of the partnership involves better integrations between the two products. The companies have already made it easier to join Zoom meetings from within Slack. In the future, they are planning to power calling in Slack using Zoom Phone.

But analysts are still waiting to see whether Slack and Zoom will pursue joint sales activities, such as offering a discount for buying both products as a bundle.

A Slack-Zoom bundle could help the vendors compete against larger rivals Microsoft and Cisco. But the package would still be missing a calling service capable of appealing to the largest businesses. Zoom’s one-year-old telephony offering, Zoom Phone, does not yet offer everything those customers need, said Raúl Castañón-Martinez, analyst at 451 Research.

“While a combined offering is very compelling, I don’t think it poses a significant threat to Cisco or Microsoft,” Castañón-Martinez said. “Still, this could set the stage for Zoom and Slack to become disruptive in the near future.”


For years, RingCentral has relied on Zoom to provide a video conferencing app to its UC-as-a-service customers. Zoom’s technology powers an offering called RingCentral Meetings.

In May, the two companies announced a “multiyear” extension of the partnership. But Zoom’s push into the cloud calling market is likely straining that relationship. Zoom has been rapidly building out Zoom Phone, a product that could replace RingCentral’s calling service within some organizations.

In launching Zoom Phone in 2018, CEO Eric Yuan suggested the company did not intend to compete with RingCentral. But Zoom was far less shy about pushing the product at its annual user conference in 2019, saying it was time for all customers to adopt it.

At the conference, Yuan told reporters and analysts he expected the relationship with RingCentral to continue. Given the multiyear extension announced in May, that may be true, at least in the near term. But analysts said it would make sense if RingCentral were developing a backup plan for video communications.

“It makes sense that RingCentral might consider its own meeting app and reduce reliance on Zoom,” said Irwin Lazar, analyst at Nemertes Research. “That doesn’t preclude them from continuing to support and partner with Zoom as well, for at least the time being.”

Go to Original Article

AWS, NFL machine learning partnership looks at player safety

The NFL will use AWS’ AI and machine learning products and services to better simulate and predict player injuries, with the goal of ultimately improving player health and safety.

The new NFL machine learning and AWS partnership, announced during a press event Thursday with AWS CEO Andy Jassy and NFL Commissioner Roger Goodell at AWS re:Invent 2019, will change the game of football, Goodell said.

“It will be changing the way it’s played, it will [change] the way its coached, the way we prepare athletes for the game,” he said.

The NFL machine learning journey

The partnership builds off Next Gen Stats, an existing NFL and AWS agreement that has helped the NFL capture and process data on its players. That partnership, revealed back in 2017, introduced new sensors on player equipment and the football to capture real-time location, speed and acceleration data.

That data is then fed into AWS data analytics and machine learning tools to provide fans, broadcasters and NFL Clubs with live and on-screen stats and predictions, including expected catch rates and pass completion probabilities.

Taking data from that, as well as from other sources, including video feeds, equipment choice, playing surfaces, player injury information, play type, impact type and environmental factors, the new NFL machine learning and AWS partnership will create a digital twin of players.

AWS CEO Andy Jassy and NFL Commissioner Roger Goodell
AWS CEO Andy Jassy, left, and NFL Commissioner Roger Goodell announced a new AI and machine learning partnership at AWS re:Invent 2019.

The NFL began the project with a collection of different data sets from which to gather information, said Jeff Crandall, chairman of the NFL Engineering Committee, during the press event.

It wasn’t just passing data, but also “the equipment that players were wearing, the frequency of those impacts, the speeds the players were traveling, the angles that they hit one another,” he continued.

Typically used in manufacturing to predict machine outputs and potential breakdowns, a digital twin is essentially a complex virtual replica of a machine or person formed out of a host of real-time and historical data. Using machine learning and predictive analytics, a digital twin can be fed into countless virtual scenarios, enabling engineers and data scientists to see how its real-life counterpart would react.

The new AWS and NFL partnership will create digital athletes, or digital twins of a scalable sampling of players, that can be fed into infinite scenarios without risking the health and safety of real players. Data collected from these scenarios is expected to provide insights into changes to game rules, player equipment and other factors that could make football a safer game.

“For us, what we see the power here is to be able to take the data that we’ve created over the last decade or so” and use it, Goodell said. “I think the possibilities are enormous.”

Partnership’s latest move to enhance safety

It will be changing the way it’s played, it will [change] the way its coached, the way we prepare athletes for the game.
Roger GoodellCommissioner, NFL

New research in recent years has highlighted the extreme health risks of playing football. In 2017, researchers from the VA Boston Healthcare System and the Boston University School of Medicine published a study in the Journal of the American Medical Association that indicated football players are at a high risk for developing long-term neurological conditions.

The study, which did not include a control group, looked at the brains of high school, college and professional-level football players. Of the 111 NFL-level football players the researchers looked at, 110 of them had some form of degenerative brain disease.

The new partnership is just one of the changes the NFL has made over the last few years in an attempt to make football safer for its players. Other recent efforts include new helmet rules, and a recent $3 million challenge to create safer helmets.

The AWS and NFL partnership “really has a chance to transform player health and safety,” Jassy said.

AWS re:Invent, the annual flagship conference of AWS, was held this week in Las Vegas.

Go to Original Article