Tag Archives: vendors

Nuage Networks, Talari SD-WAN tack on multi-cloud connectivity

Software-defined WAN vendors are rushing to enhance their SD-WAN platforms with multi-cloud support, as more enterprises and service providers migrate their workloads to the cloud. This week, both Nuage Networks and Talari made multi-cloud connectivity announcements of their own.

Nuage Networks, a Nokia company, updated its SD-WAN platform — Virtualized Network Services — to better support SaaS and multi-cloud connectivity.

The platform enhancement moves to address three specific pain points among customers, according to Hussein Khazaal, Nuage’s vice president of marketing and partnerships. The three points, multi-cloud connectivity, value-added services and end-to-end security, are already available to customers.

“It’s a single platform that you can deploy today and get connectivity to software as a service,” Khazaal said. “We support customers as they send traffic directly from the branch to the SaaS application.”

In addition to multi-cloud connectivity, Nuage VNS offers customers the option to add value-added services — or virtual network functions (VNFs) — that can be embedded within the SD-WAN platform, hosted in x86 customer premises equipment (CPE) or through service chaining (a set of network services interconnected through the network to support an application). These VNFs are available from more than 40 third-party partners and can include services like next-generation firewalls, voice over IP and WAN optimization, Khazaal said.

While many service providers are leaning toward the VNF and virtual CPE approach, the process isn’t simple, according to Lee Doyle, principal analyst at Doyle Research.

“Many service providers are finding the vCPE and VNF approach side to be challenging,” Doyle said. “Those with the resources can, and will, pursue it, and that’s where Nuage could be a piece of the puzzle.”

When it comes to enterprise customers, however, the VNF approach is less attainable, both Doyle and Khazaal noted.

“Nuage is one piece of the puzzle that a customer might add if they’re able to do it themselves,” Doyle said. “But most customers don’t want to piece together different elements.”

For smaller enterprise customers, Khazaal recommended using the option with embedded features, like stateful firewall and URL filtering, built into the SD-WAN platform.

Although Nuage has more than 400 enterprise customers, according to a company statement, its primary market is among service providers. Nuage counts more than 50 service providers as partners that offer managed SD-WAN services — including BT, Cogeco Peer 1, Telefónica and Vertel — and has been a proven partner for service providers over the years, Doyle said.

“Nuage is a popular element of service providers’ managed services strategies, including SD-WAN,” he said. “These enhancements will be attractive mainly to the service providers.”

Nuage VNS is available now with perpetual and subscription-based licenses, and varies based on desired features and capabilities.

Talari launches Cloud Connect for SaaS, multi-cloud connectivity

In an additional multi-cloud move, Talari updated its own SD-WAN offering with Talari Cloud Connect, a platform that supports access to cloud-based and SaaS applications.

Talari also named five accompanying Cloud Connect partners: RingCentral, Pure IP, Evolve IP, Meta Networks and Mode. These partners will run Talari’s Cloud Connect point of presence (POP) technology in their own infrastructure, creating a tunnel from the customer’s Talari software into the cloud or SaaS service, according to Andy Gottlieb, Talari’s co-founder and chief marketing officer.

“The technology at the service provider is multi-tenant, so they only have to stand up one instance to support multiple customers,” Gottlieb said. Meantime, enterprises can use the Cloud Connect tunnel without having to worry about building infrastructure in the cloud, which reduces costs and complexity, he added.

Talari’s partner list reflects the demands of both customers and service providers, he said. Unified communications vendors like RingCentral, for example, require reliable connectivity and low latency for their applications. Meta Networks, on the other hand, offers cloud-based security capabilities, which enterprises are increasingly adding to their networks. Talari SD-WAN already supports multi-cloud connectivity to Amazon Web Services and Microsoft Azure.

Talari Cloud Connect will be available at the end of October. The software comes at no additional charge for Talari customers with maintenance contracts or with subscriptions, Gottlieb said. Also, Cloud Connect partners can use the Cloud Connect POP software free of charge to connect to Talari SD-WAN customers, he added.

HR chatbots from Google, IBM to be in the spotlight at HR Tech 2018

The role of big vendors, such as Google and IBM, in HR technology is expanding as their expertise in conversational robotic intelligence powers some of the chatbots used in HR applications. That observation will be evident this week at the HR Technology Conference & Expo in Las Vegas where HR chatbots will be in the spotlight.

The tech giants’ relationship to HR chatbots is analogous to Intel’s role with PC makers that slap “Intel Inside” stickers on their laptops. The machine learning and natural language processing (NLP) technologies developed by large technology sellers give chatbots conversational capabilities.

“A chatbot stands and falls with the quality of the dialogue,” said Holger Mueller, principal analyst at Constellation Research. “Users will drop and not use [a chatbot] if the answers don’t make sense,” he said.

Conference attendees assessing HR chatbots, in effect, make two bets on any one application. They not only evaluate the HR application but also the capabilities of the vendor that built the underlying, AI-related chatbot technology, whether it’s from Amazon, Microsoft, IBM, Google or some other provider. This technology is key “for the whole solution to work,” Mueller said.

Google’s new Dialogflow powers conversational recruiting

A chatbot stands and falls with the quality of the dialogue.
Holger MuellerPrincipal analyst, Constellation Research

Earlier this year, Google, for instance, announced general availability of its Dialogflow Enterprise Edition. This is Google’s platform for creating voice and text conversation and is based on its machine learning and NLP development.

Google’s technology was adopted by Brazen Technologies, which provides online hiring chat events and a recruiting platform. In late August, Brazen announced a “conversational recruiting” capability based on Google’s system, which provides the underlying chatbot intelligence.

The chatbot conversational capability is assisted by human recruiters who prewrite answers to expected questions that a candidate might ask. The system also conducts an initial screening to try to find qualified people, said Joe Matar, director of marketing at Brazen. He expects the capabilities of conversational HR chatbots to improve rapidly, but it will be a long time before they replace a recruiter’s core skills, such as relationship building, he said.

IBM Watson powers management coaching

LEADx, which is announcing its learning platform at the start of the HR Technology Conference, is using IBM Watson in its product, Coach Amanda.

Coach Amanda aims to improve managerial skills with the help of a virtual trainer. The system uses the Watson Personality Insights module, as well as its natural language conversational capabilities. The Insights program diagnoses personality to help shape the chatbot response, as well the answers and learning materials it delivers to the manager, said Kevin Kruse, founder and CEO of the firm.

Kruse said it works like this: A user can type or speak to the chatbot and ask, for instance, “What is the definition of employee engagement?” The manager may follow with a question about seeking tips on employee engagement. The chatbot answers these questions with material from a resource library based on what it knows about the manager.

The underlying IBM NLP technology has to figure out what the manager is asking about. Is the question about an employee problem? Is the manager seeking advice? Or, said Kruse, is the manager seeking a resource?

But not all firms use big vendor chatbot platforms to power HR chatbots.

HR chatbots at 2018 HR Technology Conference & Expo
HR chatbots will be in the spotlight at this year’s HR Technology Conference & Expo.

In-house and open source seen as superior by some

Jane.ai is designed to make all of a company’s information available, whether it is in a PDF or spreadsheet or resides in applications such as ServiceNow, Workday, Salesforce or among team members. HR is one of the major uses of the application, and that’s why this firm will be at the 2018 HR Technology Conference. SearchHRSoftware is the media partner for the conference.

David Karandish, founder and CEO of Jane.ai, said the system was developed in-house but also used some open source tools, such as software in Stanford CoreNLP, which provides a suite of language tools. Jane.ai developed proprietary algorithms to make matches and mine documents, he said.

An employee can use the chat system, for instance, to check vacation time or ask a question about HR policies. It can put in an IT ticket or schedule a meeting with staff.

The firm is up against the large IT vendors in AI-related development, but Karandish said the big vendor HR chatbots weren’t necessarily designed to solve a business problem. That’s why Jane.ai went with the in-house approach, he said.

“A lot of companies are coming out with cool tech, but they haven’t figured out how to actually go solve real problems with it,” Karandish said.

SmartBear-Zephyr deal spotlights software quality tools shake-up

Consolidation continues to reshape the software quality tools landscape as vendors seek to wean app dev teams off legacy tools for digital transformation initiatives.

The latest shake-up is SmartBear’s acquisition this week of Zephyr, a San Jose, Calif., maker of real-time test management tools, primarily for Atlassian’s Jira issue tracking tool, and for continuous testing and DevOps. This follows the Somerville, Mass., company’s deal in May to acquire Hiptest, in Besancon, France, to enhance continuous testing for Agile and DevOps teams.

Highlight on support for Atlassian’s Jira

Atlassian, Slack and GitHub provide three of the top ecosystems that developers use for ancillary development tools, said Ryan Lloyd, SmartBear’s vice president of products. Atlassian Marketplace’s overall revenue this past year is $200M, according to Atlassian financial reports. Zephyr for Jira is the top-grossing app on the Atlassian Marketplace, with more than $5 million in revenue since 2012.

Ryan Lloyd, SmartBearRyan Lloyd

Zephyr strengthens SmartBear’s portfolio with native test management inside Jira, and the Zephyr Enterprise product represents a modern replacement for Quality Center, HPE’s former software now owned by Micro Focus, Lloyd said.

Meanwhile, Hiptest supports behavior-driven development, and overlaps a bit with Zephyr, said Thomas Murphy, a Gartner analyst in Spokane, Wash.

SmartBear’s portfolio of software quality tools also includes SoapUI, TestComplete, SwaggerHub, CrossBrowserTesting, Collaborator and AlertSite.

Girding for the competition

SmartBear’s moves echo those of other vendors in the software quality tools space as they fill out their portfolios to attract customers from legacy test suites, such as Micro Focus’ Quality Center and Mercury Interactive, to their platforms, Murphy said. They also want to tap into Jira’s wide adoption and teams that seek to shift to more agile practices in testing.

Other examples in the past year are Austrian firm Tricentis’ acquisition of QASymphony, and Idera, in Houston, which acquired the TestRail and Ranorex Studio test management and automation tools from German firm Gurock Software and Austria’s Ranorex GmbH, respectively.

[Software test vendors] have different tool stacks for different types of users … [but] the more you can drive consistent look and feel that is best, especially as you push from teams up to the enterprise.
Thomas Murphyanalyst, Gartner

However, vendors that assemble tools from acquisitions often end up with overlaps in features and functions, as well as very different user experience environments, Murphy said.

“They have a little feeling that they have different tool stacks for different types of users,” he said. “But I believe the more you can drive consistent look and feel that is best, especially as you push from teams up to the enterprise.”

Test management is a key part of a company’s ability to develop, test and deploy quality software at scale. Modern software quality tools must help organizations transition into a digital transformation, yet continue to adapt to the requirements of cloud scale companies.

“Organizations must get better at automation, they must have tools that support them with figuring out testable requirements on through to code quality testing, unit testing, exploratory testing, functional, automation and performance testing,” Murphy said. “This story has to be built around a continuous quality approach.”

No-code and low-code tools seek ways to stand out in a crowd

As market demand for enterprise application developers continues to surge, no-code and low-code vendors seek ways to stand out from one another in an effort to lure professional and citizen developers.

For instance, last week’s Spark release of Skuid’s eponymous drag-and-drop application creation system adds on-premises, private data integration, a new Design System Studio, and new core components for tasks such as creation of buttons, forms, charts and tables.

A suite of prebuilt application templates aim to help users build and customize a bespoke application, such as salesforce automation, recruitment and applicant tracking, HR management and online learning.

And a native mobile capability enables developers to take the apps they’ve built with Skuid and deploy them on mobile devices with native functionality for iOS and Android.

Ray Wang, Constellation ResearchRay Wang

“We’re seeing a lot of folks who started in other low-code/no-code platforms move toward Skuid because of the flexibility and the ability to use it in more than one type of platform,” said Ray Wang, an analyst at Constellation Research in San Francisco.

Skuid CTO Mike DuensingMike Duensing

“People want to be able to get to templates, reuse templates and modify templates to enable them to move very quickly.”

Skuid — named for an acronym, Scalable Kit for User Interface Design — was originally an education software provider, but users’ requests to customize the software for individual workflows led to a drag-and-drop interface to configure applications. That became the Skuid platform and the company pivoted to no-code, said Mike Duensing, CTO of Skuid in Chattanooga, Tenn.

Quick Base adds Kanban reports

Quick Base Inc., in Cambridge, Mass., recently added support for Kanban reports to its no-code platform. Kanban is a scheduling system for lean and just-in-time manufacturing. The system also provides a framework for Agile development practices, so software teams can visually track and balance project demands with available capacity and ease system-level bottlenecks.

The Quick Base Kanban reports enable development teams to see where work is in process. It also lets end users interact with their work and update their status, said Mark Field, Quick Base director of products.

Users drag and drop progress cards between columns to indicate how much work has been completed on software delivery tasks to date. This lets them track project tasks through stages or priority, opportunities through sales stages, application features through development stages, team members and their task assignments and more, Field said.

Datatrend Technologies, an IT services provider in Minnetonka, Minn., uses Quick Base to build the apps that manage technology rollouts for its customers, and finds the Kanban reports handy.

A lot of low-code/no-code platforms allow you to get on and build an app but then if you want to take it further, you’ll see users wanting to move to something else.
Ray Wanganalyst, Constellation Research

“Quick Base manages that whole process from intake to invoicing, where we interface with our ERP system,” said Darla Nutter, senior solutions architect at Datatrend.

Previously, we kept data of work in progress through four stages (plan, execute, complete and invoice) in a table report with no visual representation, but with these reports users can see what they have to do at any given stage and prioritize work accordingly, she said.

“You can drag and drop tasks to different columns and it automatically updates the stage for you,” she said.

Like the Quick Base no-code platform, the Kanban reports require no coding or programming experience. Datatrend’s typical Quick Base users are project managers and business analysts, Nutter said.

For most companies, however, the issue with no-code and low-code systems is how fast users can learn and then expand upon it, Constellation Research’s Wang said.

“A lot of low-code/no-code platforms allow you to get on and build an app but then if you want to take it further, you’ll see users wanting to move to something else,” Wang said.

OutSystems sees AI as the future

OutSystems said it plans to add advanced artificial intelligence features into its products to increase developer productivity, said Mike Hughes, director of product marketing at OutSystems in Boston.

“We think AI can help us by suggesting next steps and anticipating what developers will be doing next as they build applications,” Hughes said.

OutSystems uses AI in its own tool set, as well as links to publicly available AI services to help organizations build AI-based products. To facilitate this, the company launched Project Turing and opened an AI Center of Excellence in Lisbon, Portugal, named after Alan Turing, who is considered the father of AI.

The company also will commit 20% of its R&D budget to AI research and partner with industry leaders and universities for research in AI and machine learning.

Digital marketing partnerships key to vendors’ channel strategies

For some vendors, the key to a thriving channel ecosystem means engaging and supporting a variety of partner types, including digital marketing partnerships.

Digital marketing organizations were among the earliest firms to recognize the IT budgets for marketing shifting from the purview of customers’ IT departments to marketing executives. Vendors took note of the agencies’ influence and unique reach within customer organizations. While on the surface, digital marketing agencies didn’t appear to be direct competition for traditional channel partners, some industry watchers asserted the agencies did in fact pose a potential threat. For example, agencies working on digital initiatives with a client’s marketing department could hypothetically annex the client’s infrastructure decisions, cutting channel partners out from those deals.

Vendors, however, view their digital marketing partnerships as an important subgroup of their overall partner ecosystems that, if anything, is complementary to a traditional channel base.

Progress cites potential partner synergies

Progress Software, an application development and deployment software vendor, said it sees an opportunity for digital marketing agencies to partner up with traditional channel firms.

Progress began to pursue digital marketing partnerships following its acquisition of app development vendor Telerik in 2014, said Matthew Gharegozlou, vice president of sales at Progress. The Telerik buyout brought with it Sitefinity, a content management system, as well as digital marketing agencies that had been working with the product.

Matthew Gharegozlou, vice president of sales, Progress SoftwareMatthew Gharegozlou

“The acquisition of Telerik and Sitefinity gave us the ability to go after these relationships,” Gharegozlou said.

He noted that about 65% of Progress’ content management business is now derived from channel partners. About 80% of those partners are digital marketing agencies.

Progress’ traditional partners typically share a few traits: They work in the app development space, deal with customers’ IT departments and lack skill sets related to digital experience and digital marketing. “So far, we haven’t had any conflict” between traditional and agency partners, he said, because “the bulk of the experience needed on the digital side, our traditional partners don’t have it.”

Traditional Progress partners also usually have expertise in vertical industries, he said, adding that most are based in markets such as financial services, government, healthcare and education. “Our traditional partners are extremely knowledgeable” and have strong relationships in their vertical spaces, he said.

Because of traditional partners’ strengths, Gharegozlou said Progress looks to pair them up with digital marketing agencies for certain leads. Combining the expertise in back-end work and vertical markets with agencies’ expertise in web development and related technologies can produce compelling offerings. 

But while optimistic about these synergies, he recognized that a “full-service” digital marketing agency, which can do both the front-end and back-end work for a customer, diminishes the value that traditional partners may offer. In this sense, full-service agencies may be preferable to customers “because they can do the entire project,” he said.

Salesforce supports acquisition trend

For Salesforce, digital marketing partnerships play a critical role in advancing its marketing platform.

Stephane Viallet, vice president of global alliances, agencies, at SalesforceStephane Viallet

Salesforce has signed numerous digital marketing agencies over the last six years, spurred by several acquisitions to build out its business-to-commercial and marketing portfolio, said Stephane Viallet, vice president of global alliances, agencies, at Salesforce. Salesforce’s acquisitions have included digital marketing software company ExactTarget in 2013, as well as e-commerce provider Demandware and data management platform Krux in 2016. Viallet also cited Salesforce’s alliance with Google as a driver behind the company’s growing digital marketing agency partnerships.

“Partners, including digital marketing agencies, are the lifeblood of Salesforce, extending our platform in new and exciting ways and fueling our growth,” Viallet said in an email. He said Salesforce and its partners are pursuing opportunities created by “our ability to merge media, adtech and martech to execute on a whole new way for brands to connect with customers.”

Digital marketing organizations use Salesforce’s products such as Salesforce Commerce Cloud, Marketing Cloud and Service Cloud to offer “transformative digital experience that enable clients to meet consumer expectations,” he noted.

I think often agencies can help us get into areas of the business or with clients that we may not thoroughly be in today.
Adrianna Bustamantedirector of digital sales and alliances, Rackspace

In addition to having digital marketing and advertising skills, Viallet said Salesforce seeks partners that understand “the importance of merging data, technology and creativity” to deliver customer experience strategies.

Viallet also pointed to a trend among digital marketing organizations acquiring Salesforce practices, such as Publicis.Sapient’s 2016 buyout of Vertiba, a Gold-level Salesforce Consulting partner.

Other notable acquisitions have included the following:

  • Wunderman bought a majority stake in Salesforce consultancy Pierry Inc. in September 2017.
  • Dentsu Aegis purchased Swiss digital marketing company Blue-Infinity in January 2017.
  • MRM//McCann acquired e-commerce service provider Optaros in December 2014.

“Digital marketing agencies haven’t just built Salesforce practices around the globe organically — they’ve been acquiring them as well,” he said. “Salesforce supports these collaborations as we work to provide our partners with an edge that enables them to exceed customers’ expectations.”

Rackspace: Little overlap between the channels

Managed cloud provider Rackspace, meanwhile, looks at digital marketing partnerships differently: Traditional channel firms and digital marketing agencies can do business with the same customers without necessarily encroaching on each other’s turf.

Rackspace’s alliances with digital marketing agencies stem from its digital services practice. Launched in 2014, Rackspace Digital provides application and infrastructure hosting for web content management systems, e-commerce products, and mobile and critical application services. Adrianna Bustamante, Rackspace’s director of digital sales and alliances, noted that the company has formally developed strategic digital marketing partnerships since about 2010.

Adrianna Bustamante, director of digital sales and alliances, RackspaceAdrianna Bustamante

“I think often agencies can help us get into areas of the business or with clients that we may not thoroughly be in today,” Bustamante said.That’s partly because digital marketing organizations tend to target a customer’s marketing department — versus the IT department.

“Nowadays … your traditional agencies have to be more digitally focused. … But still their main focus is very much around the consulting, the service and the creative — potentially integration and development,” Bustamante said.

She noted that the line between digital marketing organizations and systems integrators are blurring. Digital marketing organizations now look a lot more like systems integrators, while systems integrators “look a lot more like agencies,” she said.

Rackspace works with its agency partners in reseller and referral models. The company offers enablement resources for creating “sticky engagements for their customers and successful projects,” she said, while Rackspace focuses on the back end to ensure their projects meet scale, security and compliance requirements.

“We are heavily focused on trying to … accelerate now in certain verticals and certain segments, now in midmarket and enterprise. We can form a strong partnership when the agency realizes and understands that we are that trusted partner for them,” she said.

Rackspace generally doesn’t see any tension between its traditional and digital marketing partnerships, according to Bustamante.

“There might be several partners that we might have within … a certain customer that we are working with, but they might be working on five different projects, 20 different workloads, across three different business units,” she said.

Coinhive malware infects tens of thousands of MikroTik routers

Poor patching practices by vendors and users are once again coming back to bite users around the world, as a researcher discovered a cryptominer being spread to unpatched MikroTik routers.

The Coinhive malware was first found spreading through routers in Brazil. Simon Kenin, security researcher for Trustwave, based in Chicago, discovered the Coinhive malware infection originating from Brazil and first assumed it was a more common website compromise attack to inject the cryptomining code. But more digging revealed the infection was spreading through MikroTik routers.

Kenin said malicious actors were exploiting a vulnerability in the routers that MikroTik had patched in April — just one day after the flaw was first discovered.

“The exploit targets Winbox and allows the attacker to read files from the device … but the bottom line is that using this exploit you can get unauthenticated remote admin access to any vulnerable MikroTik router,” Kenin wrote in his analysis. “Initial investigation indicates that instead of running a malicious executable on the router itself, which is how the exploit was being used when it was first discovered, the attacker used the device’s functionality in order to inject the CoinHive script into every web page that a user visited.”

Mounir Hahad, head of Juniper Threat Labs at Juniper Networks, based in Sunnyvale, Calif., noted that MicroTik has deployed approximately 1.7 million units around the world — “mostly in Brazil, China, Russia and Indonesia” — and explained why the victims may not have patched.

“Most routers, unfortunately, lack the ability to auto-update, and very few users, especially home users, know how or when to patch the firmware on their router,” Hahad wrote via email. “One of the biggest failures of security vendors that provide small-office [or] home-office routers is not including an auto-update feature by default, regardless of the technical difficulties lying around potentially taking the router offline during the update process.”

Chris Olson, founder and CEO of The Media Trust, based in McLean, Va., agreed infections like the Coinhive malware could prey on poor patching habits.

“The average user will likely plug in their router and forget about it until something goes awry,” Olson wrote via email. “Routers are like electricity and water: Unless service is disrupted, they receive little to no attention. Because they are often ignored, they make the perfect attack vector.”

Coinhive malware infections

Routers are like electricity and water: Unless service is disrupted, they receive little to no attention. Because they are often ignored, they make the perfect attack vector.
Chris OlsonCEO, The Media Trust

Kenin said the Coinhive malware creates and injects a custom error page for every webpage visited by a user through an infected router.

“So if a user receives an error page of any kind while web browsing, they will get this custom error page which will mine CoinHive for the attacker,” Kenin wrote. “The backend Apache server is connected to the router as well, and somewhere along the way there was an error and it was displayed to me, miner included. What this means is that this also impacts users who are not directly connected to the infected router’s network, but also users who visit websites behind these infected routers. In other words, the attack works in both directions.”

Experts noted that this method of spreading the Coinhive malware to every site visited was unusual.

Sean Newman, director product management at Corero Network Security, based in Marlborough, Mass., said the Coinhive malware “is not something we’ve specifically seen before.”

“However, it does combine well-known exploit mechanisms, though in a novel way that is well-suited to the practice of cryptojacking,” Newman wrote via email. And, in this case, we’re not talking about cheap IoT devices with vulnerabilities which are never addressed by the vendor. In this case, the routers were exploited to deliver a cryptomining payload, but the same approach could have just as easily leveraged them for other objectives.”

Olson agreed this method of spreading malware would be more common with the creation of a botnet, and Hahad noted the Coinhive malware might not be the most efficient way of cryptomining.

“Every browser tends to have several open tabs that connect to several sites at once. Duplicating the Coinhive mining script so heavily would bring any computer to its knees in seconds, defeating the very purpose of the attack,” Hahad wrote. “Once tweaked to only inject error pages, the issue was mitigated. But, again, the effectiveness is now dramatically reduced, because people do not hit error pages very often. In my opinion, this shows it is the work of a script kiddie with not much hacking experience.”

Container security emerges in IT products enterprises know and trust

Container security has arrived from established IT vendors that enterprises know and trust, but startups that were first to market still have a lead, with support for cloud-native tech.

Managed security SaaS provider Alert Logic this week became the latest major vendor to throw its hat into the container security ring, a month after cloud security and compliance vendor Qualys added container security support to its DevSecOps tool.

Container security monitoring is now a part of Alert Logic’s Cloud Defender and Threat Manager intrusion detection systems (IDSes). Software agents deployed on each host inside a privileged container monitor network traffic between containers within that host, as well as between hosts for threats. A web application firewall blocks suspicious traffic Threat Manager finds between containers, and Threat Manager offers remediation recommendations to address any risks that remain in the infrastructure.

Accesso Technology Group bought into Alert Logic’s IDS products in January 2018 because it supports VM-based and bare-metal infrastructure, and planned container support was a bonus.

“They gave us a central location to monitor our physical data centers, remote offices and multiple public clouds,” said Will DeMar, director of information security at Accesso, a ticketing and e-commerce service provider in Lake Mary, Fla.

DeMar beta-tested the Threat Manager features and has already deployed them with production Kubernetes clusters in Google Kubernetes Engine and AWS Elastic Compute Cloud environments, though Alert Logic’s official support for its initial release is limited to AWS.

Immediate visibility into intrusion and configuration issues … [is] critical to our DevOps process.
Will DeMarDirector of information security, Accesso

“We have [AWS] CloudFormation and [HashiCorp] Terraform scripts that put Alert Logic onto every new Kubernetes host, which gives us immediate visibility into intrusion and configuration issues,” DeMar said. “It’s critical to our DevOps process.”

A centralized view of IT security in multiple environments and “one throat to choke” in a single vendor appeals to DeMar, but he hasn’t ruled out tools from Alert Logic’s startup competitors, such as Aqua Security, NeuVector and Twistlock, which he sees as complementary to Alert Logic’s product.

“Aqua and Twistlock are more container security-focused than intrusion detection-focused,” DeMar said. “They help you check the configuration on your container before you release it to the host; Alert Logic doesn’t help you there.”

Container security competition escalates

Alert Logic officials, however, do see Aqua Security, Twistlock and their ilk as competitors, and the container image scanning ability DeMar referred to is on the company’s roadmap for Threat Manager in the next nine months. Multiple layers of infrastructure are involved to secure Docker containers, and Alert Logic positions its container security approach as network-based IDS, as opposed to host-based IDS. The company said network-based IDS more deeply inspects real-time network traffic at the packet level, whereas startups’ products examine only where that network traffic goes between hosts.

lert Logic Threat Manager UI
Alert Logic’s Threat Manager offers container security remediation recommendations.

Aqua Security co-founder and CTO Amir Jerbi, of course, sees things differently.

“Traditional security tools are trying to shift into containers and still talk in traditional terms about the host and network,” Jerbi said. “Container security companies like ours don’t distinguish between network, host and other levels of access — we protect the container, through a mesh of multiple disciplines.”

That’s the major distinction for enterprise end users: whether they prefer container security baked into broader, traditional products or as the sole focus of their vendor’s expertise. Aqua Security version 3.2, also released this week, added support for container host monitoring where thin OSes are used, but the tool isn’t a good fit in VM or bare-metal environments where containers aren’t present, Jerbi said.

Aqua Security’s tighter focus means it has a head start on the latest and greatest container security features. For example, version 3.2 includes the ability to customize and build a whitelist of system calls containers make, which is still on the roadmap for Alert Logic. Version 3.2 also adds support for static AWS Lambda function monitoring, with real-time Lambda security monitoring already on the docket. Aqua Security was AWS’ partner for container security with Fargate, while Alert Logic must still catch up there as well.

Industry watchers expect this dynamic to continue for the rest of 2018 and predict that incumbent vendors will snap up startups in an effort to get ahead of the curve.

“Everyone sees the same hill now, but they approach it from different viewpoints, more aligned with developers or more aligned with IT operations,” said Fernando Montenegro, analyst with 451 Research. “As the battle lines become better defined, consolidation among vendors is still a possibility, to strengthen the operations approach where vendors are already focused on developers and vice versa.”

NSS Labs ranks next-gen firewalls, with some surprises

New testing of next-generation firewalls found that products from seven vendors effectively protected enterprises from malicious traffic for a reasonable total cost of ownership — under $10 per Mbps of network traffic.

NSS Labs released its annual evaluation of next-gen firewalls on Tuesday, offering seven of 10 product recommendations for security effectiveness and total cost of ownership (TCO) based on comparative testing of hardware and software that prevents unauthorized access to networks.

“Our data shows that north of 80% of enterprises deploy next-gen firewalls,” said Jason Brvenik, CTO at NSS Labs, who noted that the market is mature and many of these vendors’ technologies are in refresh cycles.

The research analysts reviewed next-gen firewalls from 10 vendors for the comparative group test, including:

  • Barracuda Networks CloudGen Firewall F800.CCE v7.2.0;
  • Check Point 15600 Next Generation Threat Prevention Appliance vR80.20;
  • Cisco Firepower 4120 Security Appliance v6.2.2;
  • Forcepoint NGFW 2105 Appliance v6.3.3 build 19153 (Update Package: 1056);
  • Fortinet FortiGate 500E V5.6.3GA build 7858;
  • Palo Alto Networks PA-5220 PAN-OS 8.1.1;
  • SonicWall NSa 2650 SonicOS Enhanced 6.5.0.10-73n;
  • Sophos XG Firewall 750 SFO v17 MR7;
  • Versa Networks FlexVNF 16.1R1-S6; and
  • WatchGuard M670 v12.0.1.B562953.

The independent testing involved some cooperation from participating vendors and in some cases help from consultants who verified that the next-gen firewall technology was configured properly using default settings for physical and virtual test environments. NSS Labs did not evaluate systems from Huawei or Juniper Networks because it could not “verify the products,” which researchers claimed was necessary to measure their effectiveness.

Despite the maturity of the NGFW market, the vast majority of enterprises don’t customize default configurations, according to Brvenik. Network security teams disable core protections that are noisy to avoid false positives and create access control policies, but otherwise they trust the vendors’ default recommendations.

The expanding functionality in next-gen firewalls underscores the complexity of protecting enterprise networks against modern threats. In addition to detecting and blocking malicious traffic through the use of dynamic packet filtering and user-defined security policies, next-gen firewalls integrate intrusion prevention systems (IPS), application and user awareness controls, threat intelligence to block malware, SSL and SSH inspection and, in some cases, support for cloud services.

Some products offer a single management console to enable network security teams to monitor firewall deployments and policies, including VPN and IPS, across environments. An assessment of manageability was not part of NSS Labs’ evaluation, however. NSS Labs focused on the firewall technology itself.

Worth the investment?

Researchers used individual test reports and comparison data to assess security effectiveness, which ranged from 25.0% to 99.7%, and total cost of ownership per protected Mbps, which ranged from U.S. $2 to U.S. $57, to determine the value of investments. The testing resulted in overall ratings of “recommended” for seven next-gen firewalls, two “caution” limited value ratings (Check Point and Sophos) and one “security recommended” but higher than average cost (Cisco).

The security effectiveness assessment was based on the product’s ability to enforce security policies and block attacks while passing nonmalicious traffic over a testing period that lasted several hours. Researchers factored in exploit block rates, evasion techniques, stability and reliability, and performance under different traffic conditions. The total cost of ownership per protected Mbps was calculated using a three-year TCO based on capital expenditure for the products divided by security effectiveness times network throughput.

Six of the next-gen firewalls scored 90.3% or higher for security effectiveness, and most products cost less than $10 per protected Mbps of network throughput, according to the report. While the majority of the next-gen firewalls received favorable assessments, four failed to detect one or more common evasion techniques, which could cause a product to completely miss a class of attacks.

Lack of resilience

NSS Labs added a new test in 2018 for resiliency against modified exploits and, according to the report, none of the devices exhibited resilience against all attack variants.

“The most surprising thing that we saw in this test was that … our research and our testing showed that a fair number of firewalls did not demonstrate resilience against changes in attacks that are already known,” Brvenik said.

Enterprises deploy next-gen firewalls to protect their networks from the internet, he added, and as part of that they expect that employees who browse the internet should not have to worry about new threats. Technology innovation related to cloud integration and real-time updates is promising, but key enterprise problems remain unsolved such as the ability to defend against attacks delivered in JavaScript.

“I think one of the greatest opportunities in the market is to handle that traffic,” said Brvenik, who noted that some next-gen firewalls performed adequately in terms of toolkit-based protections, but NSS Labs didn’t observe any of them “wholly mitigating JavaScript.”

TCO in 2018 is trending lower than previous years. While there are a number of very affordable next-gen firewalls on the market, vendors that can’t validate the effectiveness of next-gen firewalls with independent testing to show the technology can consistently deliver on top-level protections, should be questioned, according to Brvenik. Affordable products are a great choice only if they achieve what the enterprise is looking for and “live up to the security climate.”

Fortinet transitions from partner to FortiGate SD-WAN vendor

Fortinet, a security vendor that has established partnerships with many software-defined WAN vendors, opted last week to start selling FortiGate SD-WAN, its own proprietary SD-WAN service.

In its previous SD-WAN partnerships, Fortinet offered its security services as a virtual network function or integrated into other vendors’ SD-WAN products. To make this transition, Fortinet upgraded its existing next-generation firewall product, FortiGate, to make SD-WAN available as an integrated feature, releasing an updated operating system to support the move. Fortinet’s website states the SD-WAN feature comes at no additional cost with a FortiGate license.

FortiGate SD-WAN includes security features such as application control, web filtering, antivirus, intrusion prevention and cloud advanced threat detection. FortiGate SD-WAN customers have access to FortiManager to monitor and configure deployed appliances, which are available as hardware appliances, virtual machines or cloud instances.

Fortinet counts Alorica, Edward Jones and the Upper Grand District School Board in Guelph, Ont., as FortiGate SD-WAN customers.

Cato Cloud SD-WAN adds identity-aware routing

Cato Networks made a series of upgrades to its SD-WAN-as-a-service product, Cato Cloud, which includes the introduction of what Cato calls identity-aware routing.

According to a Cato statement, identity-aware routing goes deeper than application-aware routing, which directs traffic based on application type. Instead, Cato said identity-aware routing assigns networking and security policies that “direct traffic or restrict resource access based on team, department and individual users.”

To do this, Cato Cloud accesses company data from Microsoft Active Directory, distributed repositories and real-time logins to identify each packet flow. This allows Cato Cloud to prioritize traffic on business processes, Cato said.

Cato also added or enhanced its SD-WAN features for real-time network analytics, failover options and multisegment, policy-based routing.

Aryaka expands global private network to Canada

Aryaka Networks added its twenty-seventh point of presence (PoP) to extend the reach of its SD-WAN-as-a-service offering. The latest PoP is located in Toronto and is the first PoP Aryaka has in Canada, although it previously offered its SD-WAN service in Canada through channel partners.

Aryaka also introduced its new director of business development for Canada, Craig Workman, who joins Aryaka from Gigamon, a network visibility provider.

“The PoP in Toronto will further enhance our software-defined network optimization and access capabilities in the region and open up new markets for our partners,” Workman said in a statement.

Aryaka uses its global private network as the basis for its SD-WAN service, which IHS Markit listed as a notable SD-WAN product generating revenue in 2018.

Fortinet transitions from partner to FortiGate SD-WAN vendor

Fortinet, a security vendor that has established partnerships with many software-defined WAN vendors, opted last week to start selling FortiGate SD-WAN, its own proprietary SD-WAN service.

In its previous SD-WAN partnerships, Fortinet offered its security services as a virtual network function or integrated into other vendors’ SD-WAN products. To make this transition, Fortinet upgraded its existing next-generation firewall product, FortiGate, to make SD-WAN available as an integrated feature, releasing an updated operating system to support the move. Fortinet’s website states the SD-WAN feature comes at no additional cost with a FortiGate license.

FortiGate SD-WAN includes security features such as application control, web filtering, antivirus, intrusion prevention and cloud advanced threat detection. FortiGate SD-WAN customers have access to FortiManager to monitor and configure deployed appliances, which are available as hardware appliances, virtual machines or cloud instances.

Fortinet counts Alorica, Edward Jones and the Upper Grand District School Board in Guelph, Ont., as FortiGate SD-WAN customers.

Cato Cloud SD-WAN adds identity-aware routing

Cato Networks made a series of upgrades to its SD-WAN-as-a-service product, Cato Cloud, which includes the introduction of what Cato calls identity-aware routing.

According to a Cato statement, identity-aware routing goes deeper than application-aware routing, which directs traffic based on application type. Instead, Cato said identity-aware routing assigns networking and security policies that “direct traffic or restrict resource access based on team, department and individual users.”

To do this, Cato Cloud accesses company data from Microsoft Active Directory, distributed repositories and real-time logins to identify each packet flow. This allows Cato Cloud to prioritize traffic on business processes, Cato said.

Cato also added or enhanced its SD-WAN features for real-time network analytics, failover options and multisegment, policy-based routing.

Aryaka expands global private network to Canada

Aryaka Networks added its twenty-seventh point of presence (PoP) to extend the reach of its SD-WAN-as-a-service offering. The latest PoP is located in Toronto and is the first PoP Aryaka has in Canada, although it previously offered its SD-WAN service in Canada through channel partners.

Aryaka also introduced its new director of business development for Canada, Craig Workman, who joins Aryaka from Gigamon, a network visibility provider.

“The PoP in Toronto will further enhance our software-defined network optimization and access capabilities in the region and open up new markets for our partners,” Workman said in a statement.

Aryaka uses its global private network as the basis for its SD-WAN service, which IHS Markit listed as a notable SD-WAN product generating revenue in 2018.