VMware releases workarounds for another critical flaw (CVE-2020-4006)

For the second time in less than a week, VMware is warning about a critical vulnerability (CVE-2020-4006). This time, the affected solutions are VMware Workspace One Access, Access Connector, VMware Identity Manager and VMware Identity Manager Connector.

CVE-2020-4006

As some of these are components of the VMware Cloud Foundation (vIDM) and vRealize Suite Lifecycle Manager (vIDM) product suites, those are impacted as well.

About the vulnerability (CVE-2020-4006)

Not much has been shared about CVE-2020-4006, except that it’s a command injection vulnerability that could allow a malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account to execute commands with unrestricted privileges on the underlying operating system.

The vulnerability was privately reported to VMware and the company categorized it as “critical.”

Affected products include:

  • VMware Workspace One Access v20.10 (Linux)
  • VMware Workspace One Access v20.01 (Linux)
  • VMware Identity Manager v3.3.3 (Linux)
  • VMware Identity Manager v3.3.2 (Linux)
  • VMware Identity Manager v3.3.1 (Linux)
  • VMware Identity Manager Connector v3.3.2 and 3.3.1 (Linux)
  • VMware Identity Manager Connector v3.3.3, 3.3.2, and 3.3.1 (Windows)
  • VMware Cloud Foundation (vIDM) v4.x (running on any platform)
  • vRealize Suite Lifecycle Manager (vIDM) v8.x (running on any platform)

VMware did not say whether the flaw is under active exploitation, but they released workarounds (and instructions on how to remove them) as they are working on the patches.

“This workaround is relevant for the configurator hosted on port 8443. Impacts are limited to functionality performed by this service. Configurator-managed setting changes will not be possible while the workaround is in place. If changes are required please revert the workaround following the instructions below, make the required changes and disable again until patches are available. In addition, most of the system diagnostics dashboard will not be displayed,” the company noted.

Last week, VMware patched critical flaws in its ESXi hypervisor that were exploited during the Tianfu Cup Pwn Contest that was held in Chengdu, China, earlier this month.

VMware patches serious vulnerabilities in ESXi hypervisor, SD-WAN Orchestrator

VMware has patched critical vulnerabilities affecting its ESXi enterprise-class hypervisor and has released a security update for its SD-WAN Orchestrator, plugging a handful of serious security holes.

vulnerabilities ESXi hypervisor

Vulnerabilities in ESXi hypervisor exploited during a hacking competition

During the Tianfu Cup Pwn Contest that was held in Chengdu, China, earlier this month, Xiao Wei and Tianwen Tang, two researchers from the Qihoo 360 Vulcan Team, exploited two previously unknown vulnerabilities to thoroughly compromise VMWare’s ESXi hypervisor:

  • CVE-2020-4004, deemed “critical”, is a use-after-free vulnerability in XHCI USB controller that can be used by attackers with local administrative privileges on a virtual machine to execute code as the virtual machine’s VMX process running on the host
  • CVE-2020-4005, deemed “important”, is a VMX elevation-of-privilege vulnerability that can be used by attackers with privileges within the VMX process to escalate their privileges on the affected system

CVE-2020-4004 affects various versions of ESXi, but also VMware Fusion (Mac virtualization solution), VMware Workstation Player (desktop hypervisor application) and VMware Cloud Foundation (ESXi). CVE-2020-4005 affects ESXi and VMware Cloud Foundation. Most patches are already available, but those for Cloud Foundation are still pending.

Users are advised to peruse this advisory and see whether they should update their installations.

VMware SD-WAN Orchestrator vulnerabilities

VMware has also released security updates for both supported branches (3.x and 4.x) of SD-WAN Orchestrator, its enterprise solution for provisioning virtual services in the branch, the cloud, or the enterprise data center.

They fix six vulnerabilities, including SQL injection vulnerabilities, a directory traversal file execution flaw, and default passwords for predefined accounts which may lead to to a Pass-the-Hash attack. In that last instance, the update does nothing – it’s on administrators to change the default passwords of the preconfigured accounts on SD-WAN Orchestrator before production use.

The vulnerabilities are not deemed to be critical, as attackers need to be authenticated in order to exploit them.

Nevertheless, admins have been advised to upgrade their SD-WAN Orchestrator installations to version 4.0.1, 3.4.4, or 3.3.2 P3.

Half of the vulnerabilities have been discovered and reported by Ariel Tempelhof of Realmode Labs, the other half by Christopher Schneider, Cory Billington and Nicholas Spagnola, penetration test analysts at State Farm.

There are currently no reports of these vulnerabilities being exploited in the wild.

VMware launches Modern Network framework to help businesses adapt to a new normal

VMware unveiled the Modern Network framework to enable businesses, and their IT and application development teams, to accelerate adapting to a new normal. To help customers realize a modern network of their own, VMware also announced further enhancements to its virtual networking products and services.

For businesses today, the ability to rapidly and cost effectively respond to change is paramount. Application developers need to quickly deploy, test, and iterate applications. The infrastructure powering applications needs to deliver the efficiency of cloud operating models.

Applications need to run on everything from private clouds to public clouds to edge computing, and the user to application experience needs to be great, no matter the user’s location. Traditional hardware-centric networking models simply don’t meet the needs of today’s business realities. The Modern Network framework addresses all of these needs.

The Virtual Cloud Network embodies the Modern Network framework. More than 18,000 organizations have modernized their networks using VMware’s Virtual Cloud Network solution. These customers are embracing a cloud operating model, launching workloads with full automation, and eliminating weeks and months of wait time to update a firewall or load balancer.

They are virtualizing everything from the data center to the branch to the end user. The Virtual Cloud Network gives organizations an end-to-end solution to deploy applications and make sure they are running optimally and efficiently, while enabling a great user experience.

“Our customers must efficiently manage the rapid shift to remote work, deliver applications faster and more securely, and reduce the cost and complexity of connecting and protecting the distributed enterprise,” said Rajiv Ramaswami, chief operating officer, products and cloud services, VMware.

“The Modern Network framework enables our customers to do this. It turns the old way of thinking about networks as hardware appliances, switches, and routers in enterprise networks on its head and instead, takes a top-down view that puts users and applications first. This is the promise we are delivering on with the Virtual Cloud Network.”

The Modern Network framework explained

In the traditional model, a network is assembled from distinct devices—switches, routers, firewalls, IDS/IPS systems, load balancers, and more—that are deployed separately and typically configured manually using ticketing systems. This is a bottom-up view, requiring the application to use whatever the infrastructure has available.

The Modern Network framework takes a top-down view, creating a network that understands the needs of the application and programmatically managing infrastructure to meet those needs. The Modern Network framework is described by three key pillars.

The first pillar, Modern Application Connectivity Services, enables developers to connect the microservices of a modern application more securely while reducing latency, increasing security, and maintaining application availability. This is done with self-service tools that developers can use without help from central IT.

Underneath this, the Multi-cloud Network Virtualization pillar provides a complete set of essential network services that are fully automated and defined in software. These services include all essential networking functions including security and load balancing.

Virtualization and analytics span end to end, from the data center to the branch office and all the way to the end user. Automation is applied not just to the orchestration of a workload, but also day two operations.

Despite the microservice-level abstractions of the first pillar and the scale-out software network infrastructure of the second pillar, at the bottom, packets still need to travel through wires and silicon.

The Physical Network Infrastructure pillar is all about providing high capacity and low latency connectivity. It’s about keeping it simple and letting the software do its job.

In the Modern Network framework, security is intrinsic to every pillar.

Taken together, the three pillars and the principles they lay out are the foundation of public cloud architectures. VMware makes them available in every cloud.

The virtual cloud network is a Modern Network, and it just got better

The Virtual Cloud Network, powered by the VMware NSX family of products, enables the public cloud experience for enterprise workloads running in private and multi-cloud environments.

Just as in the public cloud, NSX enables automated deployment of the full workload. NSX provides infrastructure services that are defined entirely in scale-out software, delivered on general purpose servers, and built into the CI/CD pipeline so the services are automatically deployed with the application.

Enterprises can now deploy full workloads with a single click without opening tickets which might take weeks of manual effort to close.

To achieve this level of cloud operation, VMware NSX delivers the industry’s only complete L2-7 virtual networking stack—switching, routing, firewall, security analytics, advanced load balancing, and container networking.

VMware extends the Virtual Cloud Network to connect and protect modern application environments with VMware Tanzu Service Mesh and support for Project Antrea, an open source project that enables Kubernetes networking and security wherever Kubernetes runs. The Virtual Cloud Network runs on non-virtualized bare metal servers, VMs, containers, and across every cloud.

The Virtual Cloud Network doesn’t stop in the data center. The VMware SASE platform converges VMware SD-WAN, cloud security, and zero-trust network access with best-in-class web security to deliver flexibility, agility, and scalability for supporting a work from anywhere workforce.

With VMware vRealize Network Insight and VMware Edge Network Intelligence, the Virtual Cloud Network includes advanced analytics that yield better network uptime and resiliency and faster troubleshooting.

vRealize Network Insight can measure the life of a packet from the database all the way to the end user, spanning both physical and virtual infrastructure; a unique capability that makes troubleshooting easier.

Extending the Future Ready Workforce Solution

The branch is now anywhere a user can connect to the company network to access the resources they need, including at home. VMware is extending the Future Ready Workforce Solution with new VMware SD-WAN work from home subscriptions.

These new offerings will provide individual business users optimized network connectivity, more assured application performance, and better security at an affordable low price.

Starting at price points lower than the cost of a mobile phone line, and with bandwidth ranging from 350Mbps to 1Gbps, the new subscriptions enable business users to get the best application performance while working from home. These new offerings are available today.

Connecting, protecting, and automatically scaling modern applications

Modern applications have thousands of components that need to be connected and protected. VMware Tanzu Service Mesh is an exciting new technology that controls the communication between each of the thousands of components, enforcing security policy and measuring performance and other critical functions, regardless of the underlying infrastructure.

VMware is announcing a preview of a unique Attribute-Based Access Control policy model that will bring “who, what, where, when and how” simplicity into modern application policy creation.

Further, VMware is announcing NSX Advanced Load Balancer integration with Tanzu Service Mesh. This integration will enable application developers using Kubernetes to launch an application with all required load balancing capabilities without ever having to touch the infrastructure.

API driven, this combined solution will deliver high availability and security for modern applications via load balancing and web application firewall capabilities. This integration is expected to be available in VMware’s Q1 FY22.

Infrastructure that measures and fixes itself

Users and modern applications expect the network to “just work.” When infrastructure is virtualized, it can actually adapt to changes and heal itself. VMware SD-WAN technology takes multiple unreliable network connections and makes them behave like a single ultra-high-performance network.

For a work from home user, this means video collaboration applications simply work all of the time. In the data center, VMware’s monitoring and management software now includes powerful new network modeling capabilities that act as a “pre-flight check” to verify an application is reachable across both physical and virtual infrastructure.

Together, these new capabilities, which are available today, make troubleshooting faster and more efficient, and represent an important step towards self-healing networks.

Network virtualization that runs on SmartNICs for next-gen servers

VMware announced Project Monterey, a collaboration with leading hardware providers to deliver network and server virtualization that runs on a SmartNIC. This novel architecture promises a leap forward in computing power and efficiency, as well as pervasive, distributed security.

Virtualization and security functions are offloaded to the SmartNIC, freeing up CPU cycles to run applications and creating meaningful cost savings. VMware is announcing that the NSX Services-Defined Firewall running on a Monterey SmartNIC will be able run stateful Layer 4 firewall services at line rate.

These same SmartNICs will also be able to run Layer 7 stateful firewall, as well as VMware’s curated IPS signatures. This capability will allow enterprise customers to attach a tuned, ultra-fast, ultra-smart firewall to their most valuable workloads – the database apps that hold their sensitive data.

“IDC is seeing that the traditional hardware-defined, device-centric method of building, operating, and securing networks is being supplanted by a cloud-centric, software-based approach. In fact, IDC research shows that by 2023, more than 55 percent of enterprises will replace outdated operational models with cloud-centric models that facilitate rather than inhibit organizational collaboration,” said Brad Casemore, research vice president, datacenter and multicloud networking, IDC.

“Software-based approaches such as the VMware Virtual Cloud Network can help customers modernize both their network infrastructure and operating model, across clouds, datacenters, and the extended enterprise.”

“Around major sporting events, we need to be able to scale out hundreds of apps in seconds and give customers a consistent, reliable, and secure experience,” said Ben Fairclough, lead infrastructure architect at William Hill.

“VMware provides us with a modern network that allows us to automate deployment of critical micro-segmentation functionality through the NSX Distributed Firewall using APIs. Tight integration in our environment means our developers know and understand how security policies are put together to ultimately simplify the entire deployment sequence.

“Our work with VMware gives us confidence that our security posture is as tight as it can be while deploying applications very quickly.”

Cybercrime capitalizing on the convergence of COVID-19 and 2020 election

The cybersecurity challenges of the global pandemic are now colliding with the 2020 U.S. presidential election resulting in a surge of cybercrime, VMware research reveals.

cybercrime 2020 election

Attacks growing increasingly sophisticated and destructive

As eCrime groups grow more powerful, these attacks have grown increasingly sophisticated and destructive – respondents reported that 82 percent of attacks now involve instances of counter incident response (IR), and 55 percent involve island hopping, where an attacker infiltrates an organization’s network to launch attacks on others within the supply chain.

“The disruption caused by COVID-19 has created a massive opportunity for criminals to restructure their businesses,” said Tom Kellermann, Head of Cybersecurity Strategy, VMware Carbon Black.

“The rapid shift to a remote world combined with the power and scale of the dark web has fueled the expansion of eCrime groups. And now ahead of the election, we are at cybersecurity tipping point, cybercriminals have become dramatically more sophisticated and punitive focused on destructive attacks.”

Data for the report is based on an online survey of eighty-three IR and cybersecurity professionals from around the world in September 2020.

Incidents of counter IR are at an all-time high, occurring in 82% of IR engagements

Suggesting the prevalence of increasingly sophisticated, often nation-state attackers, who have the resources and cyber savvy to colonize victims’ networks. Destructive attacks, which are often the final stage of counter IR have also surged, with respondents estimating victims experience them 54% of the time.

55% of cyberattacks target the victim’s digital infrastructure for the purpose of island hopping

The pandemic has left organizations increasingly vulnerable to such attacks as their employees shift to remote work – and less secure home networks and devices.

Custom malware is now being used in 50% of attacks reported by respondents

This demonstrates the scale of the dark web, where such malware and malware services can be purchased to empower traditional criminals, spies and terrorists, many of whom do not have the sophisticated resources to execute these attacks.

As we approach the 2020 presidential election, cybercrime remains a top concern

Drawing upon their security expertise – and in line with recent advisories from Cybersecurity & Infrastructure Security Agency (CISA) – 73% of respondents believe there will be foreign influence on the 2020 U.S. presidential election, and 60% believe it will be influenced by a cyberattack.

Developing a plan for remote work security? Here are 6 key considerations

With so many organizations switching to a work-from-home model, many are finding security to be increasingly more difficult to administer and maintain. There is an influx of vulnerable points distributed across more locations than ever before, as remote workers strive to maintain their productivity. The result? Security teams everywhere are being stretched.

plan remote work security

The Third Global Threat Report from VMware Carbon Black also found little confidence among respondents that the rollout to remote working had been done securely. The study took a deep dive into the effects COVID-19 had on the security of remote working, with 91% of executives stating that working from home has led to a rise in attacks.

Are you making sure your security professionals are up to the task of remote working while security threats are on the rise?

1. Maintain consistency

One way to help mitigate risk is to have your developers and security professionals train at a consistent level so they are all on the same page. Knowing that there is some sort of security architecture at play in your organization and understanding the logistics of how to stress test aspects of that structure will make it easier to prepare for and block attacks.

2. Don’t overlook the details

Training needs to address all aspects of your structure, specifically: information security, data security, cybersecurity, computer security, physical security, IoT security, cloud security, and individual security. Each area of an architecture needs to be tested and hardened regularly for your organization to truly be shielded from security breaches. Be specific about your program: train your staff on how to defend your information around your HR records (SSNs, PII, etc.) and data that could be exposed (shopping cart, customer card numbers), as well as in cyber defense to provide tools against nefarious actors, breaches and threats.

3. Think about the individual

Staff must be trained to know how to lock down computers, so individual machines and network servers are safe. This training should also encompass how to ensure physical security, to protect your storage or physical assets. This comes into play more as the IoT plays a larger role in connecting our devices and BYOD policies allow for more connections to be made between personal and corporate assets. Individual security: each employee is entitled to be secure in their work for a company, and that includes privacy concerns and compliance issues.

4. Keep your head in the cloud

Today, most companies have some sort of cloud presence and security professionals will need to be trained to constantly check the interfaces to cloud and any hybrid on-prem and off-prem instances you have.

5. Invest in learning

With constantly changing layers of architecture and amplified room for breaches as a result of remote working, it’s hard to imagine how security professionals stay ahead of all the changes. One thing that keeps teams on top of their game is professional online learning.

During the COVID-19 shelter-in-place mandate, leading eLearning companies have witnessed a massive increase in hours of security content consumed. For some, security is one of the fastest-growing topic areas which suggests that this year, security is more important. This is likely because of the number of workers who have gone remote and challenges that brings to an organization, particularly in the security department.

6. Consider role-based training

While it’s important to equip teams with skills that apply across function, there is a case to be made for investing in experts. Cybersecurity is not a field where there is a linear path of growth. There are different journeys individuals can take to venture into paths to transition from a vulnerability analyst to a security architect. By looking at individuals within the organization to seek ways to upskill and take on new roles and responsibilities, you have the unique benefit of being able to help them curate roles that fit the needs of the organizations.

It’s not often that a business has a dedicated Remote Team Security Lead, because there was rarely a need for one. Considering the quick transition to remote work and possibility that this is the new normal, organizations can benefit by investing in specific training curated to meet the security needs of remote teams. If this role is cultivated within the organization, there is the added benefit of knowing that the lessons being taught provide direct relevancy to specific needs and increase the attractiveness of investing time and effort into skills training.

Training can be the key to preparing security professionals for the unexpected. But there is no one-size-fits-all lesson that can be delivered or an evergreen degree that can keep up with an industry that changes every day. Training needs to be always on the agenda and it needs to be developed in a way that offers different modalities of learning.

Regardless of how the individual best learns, criterion-based assessments can measure knowledge/skills and act as a guide to true, lasting learning. Developing a culture committed to agility and learning is the key to embracing change.

How do I select a remote workforce protection solution for my business?

Recent research shows almost three quarters of large businesses believe remote working policies introduced to help stop the spread of COVID-19 are making their companies more vulnerable to cyberattacks. New attack vectors for opportunistic cyber attackers – and new challenges for network administrators have been introduced.

To select a suitable remote workforce protection solution for your business, you need to think about a variety of factors. We’ve talked to several cybersecurity professionals to get their insight on the topic.

Vince Berk, VP, Chief Architect Security, Riverbed

select remote workforce protectionA business needs to meet three main realizations or criteria for a remote workforce protection solution to be effective:

Use of SaaS, where access to the traffic in traditional ways becomes challenging: understanding where data lives, and who accesses it, and controlling this access, is the minimum bar to pass in an environment where packets are not available or the connection cannot be intercepted.

Recognition that users use a multitude of devices, from laptops, iPads, phones—many of which are not owned or controlled by the enterprise: can identity be established definitively, can data access be controlled effecitvely, and forensically accurately monitored for compromise at the cloud/datacenter end?

When security becomes ‘too invasive’, workers create out-of-band business processes and “shadow IT,” which are a major blind spot as well as a potential risk surface as company private information ends up outside of the control of the organization: does the solution provide a way to discover and potentially control use of this modern shadow IT.

A comprehensive security solution for remote work must acknowledge the novel problems these new trends bring and succeed on resolving these issues for all three criteria.

Kate Bolseth, CEO, HelpSystems

select remote workforce protectionOne thing must be clear: your entire management team needs to assist in establishing the right infrastructure in order to facilitate a successful remote workforce environment.

Before looking at any solutions, answer the following questions:

  • How are my employees accessing data?
  • How are they working?
  • How can we minimize the risk of data breaches or inadvertent exposure of sensitive data?
  • How do we discern what data is sensitive and needs to be protected?

The answers will inform organizational planning and facilitate employee engagement while removing potential security roadblocks that might thwart workforce productivity. These guidelines must be as fluid as the extraordinary circumstances we are facing without creating unforeseen exposure to risk.

When examining solutions, any option worth considering must be able to identify and classify sensitive personal data and critical corporate information assets. The deployment of enterprise-grade security is essential to protecting the virtual workforce from security breaches via personal computers as well as at-home Wi-Fi networks and routers.

Ultimately, it’s the flow of email that remains the biggest vulnerability for most organizations, so make sure your solution examines emails and files at the point of creation to identify personal data and apply proper protection while providing the link to broader data classification.

Carolyn Crandall, Chief Deception Officer, Attivo Networks

select remote workforce protectionWhen selecting a remote workforce protection solution, CISOs need to consider three key areas: exposed endpoints, security for Active Directory (AD) and preventing malware from spreading.

Exposed endpoints: standard anti-virus software and VPNs are no match for advanced signature-less or file-less attack techniques. EDR tools enhance detection but still leave gaps. Therefore pick an endpoint solution capable of quickly detecting endpoint lateral movement, discovery and privilege escalation.

Security for Active Directory (AD): cloud services and identity access management need protection against credential theft, privilege escalation and AD takeover. In a remote workforce context AD is often over provisioned or misconfigured. A good answer is denial technology which detects discovery behaviors and attempts at privilege escalation.

Preventing spread of malware: it is almost impossible to prevent malware passing from workforce machines reconnecting to the network. It is vital therefore to choose a resolution that uncovers lateral movement, APTs, ransomware and insider threats. Popular options include EPP/EDR, Intrusion Detection/Prevention Systems (IDS/IPS) and deception technology. When selecting, take account of native integrations and automation as well as how well the tools combine to share data and automate incident response.

In short, the answer to remote workforce protection lies in a robust, layered defence. If attackers get through one, there must be additional controls to stop them from progressing.

Daniel Döring, Technical Director Security and Strategic Alliances, Matrix42

select remote workforce protectionEndpoint security requires a bundle of measures, and only companies that take all aspects into account can ensure a high level of security.

Automated malware protection: automated detection in case of anomalies and deviations is a fundamental driver for IT to be able to react quickly in case of an incident. In this way, it is often possible to fend off attacks before they even cause damage.

Device control: all devices that have access to corporate IT must be registered and secured in advance. This includes both corporate devices and private employee devices such as smartphones, tablets, or laptops. If, for example, a smartphone is lost, access to the system can be withdrawn at the click of a mouse.

App control: if, in addition to devices, all applications are centrally controlled by IT, IT risks can be further minimized. The IT department can thus control access at any time.

Encryption: the encryption of all existing data protects against the consequences of data loss.

Data protection at the technological and manual levels: automated and manual measures are combined for greater data protection. Employees must continue to be trained so that they are aware of risks. However, the secure management of data stocks can be simplified with the help of technology in such a way that error tolerance is significantly increased.

Greg Foss, Senior Cybersecurity Strategist, VMware Carbon Black

select remote workforce protectionThe most important aspect for any security solution is how this product is going to complement your current environment and compensate for gaps within your existing controls.

Whether you’re looking to upgrade your endpoint protections or add always-on VPN capability for the now predominately remote workforce, there are a few key considerations when it comes to deploying security software for protecting distributed assets:

  • Will the solution require infrastructure to deploy, or will this be a remote cloud hosted solution? Both options come with their unique benefits and drawbacks, with cloud being optimal for disparate systems and offloading the burden of securing internet-facing services to the vendor.
  • What is the footprint of the agent and are multiple agents required for the solution to be effective? Compute is expensive, agents should be as non-impactful to the system as possible.
  • How will this solution improve your security team’s visibility and ability to either prevent or respond to a breach? What key gaps in coverage will this tool help rectify as cost effectively as possible.
  • Will this meet the organization’s future needs, as things begin to shift back to the office?
  • Lastly, ensure that you allow for the team to operationalize and integrate the platform. This takes time. Don’t bring on too many tools at once.

Matt Lock, Technical Director, Varonis

select remote workforce protectionWith more remote working, comes more cyberattacks. When selecting a remote workforce solution, CISO’s must ask the following questions:

Am I able to provide comprehensive visibility of cloud apps? Microsoft Teams usage exploded by 500% during the pandemic, however given its immediate enforcement, deployments were rushed with misconfigured permissions. It’s paramount to pick a solution that allows security teams to see where sensitive data is overexposed and provide visibility into how each user can access Office 365 data.

Can I confidently monitor insider threat activity? The shift to remote working has seen a spike in insider threat activity and highlighted the importance of understanding where sensitive data is, who has access to it, whose leveraging that access, and any unusual access patterns. Best practices such as implementing the principle of least privilege to confine user access to the data should also be considered.

Do I have real-time insight into anomalous behavior? Having real-time awareness of unusual VPN, DNS and web activity mustn’t be overlooked. Gaining visibility of this web activity assists security teams track and trend progress as they mitigate critical security gaps.

Selecting the right workforce protection solution will vary for different organizations depending on their priorities but the top priority of any solution must be to provide clear visibility of data across all cloud and remote environments.

Druce MacFarlane, Head of Products – Security, Threat Intelligence and Analytics, Infoblox

select remote workforce protectionEnterprises investing in remote workforce security tools should consider shoring up their foundational security in a way that:

Secures corporate assets wherever they are located: backhauling traffic to a data center—for example with a VPN—can introduce latency and connectivity issues, especially when accessing cloud-based applications and services that are now essential for business operations. Look for solutions that extend the reach of your existing security stack, and leverage infrastructure you already rely on for connectivity to extend security, visibility, and control to the edge.

Optimizes your existing security stack: find a solution that works with your entire security ecosystem to cross-share threat intelligence, spot and flag suspicious activities, and automate threat response.

Offers flexible deployment: to get the most value for your spend, make sure the solution you choose can be deployed on-premises and in the cloud to offer security that cuts across your hybrid infrastructure, protecting your on-premises assets as well as your remote workforce, while allowing IT to manage the solution from anywhere.

The right solution to secure remote work should ideally enable you to scale quickly to optimize remote connections and secure corporate assets wherever they are located.

Faiz Shuja, CEO, SIRP Labs

select remote workforce protectionIn all the discussion around making remote working safer for employees, relatively little has been said about mechanisms governing distributed security monitoring and incident response teams working from home.

Normally, security analysts work within a SOC complete with advanced defences and tools. New special measures are needed to protect them while monitoring threats and responding to attacks from home.

Such measures include hardened machines with secure connectivity through VPNs, 2FA and jump machines. SOC teams also need to update security monitoring plans remotely.

Our advice to CISOs is to optimize security operations and monitoring platforms so that all essential cybersecurity information needed for accurate decision-making is contextualized and visible at-a-glance to a remote security analyst.

Practical measures include:

  • Unify the view for distributed security analysts to monitor and respond to threats
  • Ensure proper communication and escalation between security teams and across the organization through defined workflows
  • Use security orchestration and automation playbooks for repetitive investigation and incident response tasks for consistency across all distributed security analysts
  • Align risk matrix with evolving threat landscape
  • Enhance security monitoring use cases for remote access services and remotely connected devices

One notable essential is the capacity to constantly tweak risk-levels to quickly realign priorities to optimise the detection and response effectiveness of individual security team members.

Todd Weber, CTO, Americas, Optiv Security

select remote workforce protectionSelecting a remote workforce protection solution is more about scale these days than technology. Companies have been providing work-from-home solutions for several years, but not necessarily for all applications.

How granular can you get on access to applications based on certain conditions?

Simply the credentials themselves (even with multi-factor authentication) aren’t enough any longer to judge on trusted access to critical applications. Things like what device am I on, how trusted is this device, where in the world is this device, and other factors play a role, and remote access solutions need to accommodate granular access to applications based on this criteria.

Can I provide enhanced transport and access to applications with the solution?

The concept of SD-WAN is not new, but it has become more important as SaaS applications and distributed workforce have become more prevalent. Providing optimal network transport as well as a visibility point for user and data controls has become vitally important.

Does the solution provide protections for cloud SaaS applications?

Many applications are no longer hosted by companies and aren’t in the direct path of many controls. Can you deploy very granular controls within the solution that provides both visibility and access restrictions to IaaS and SaaS applications?

Cybersecurity after COVID-19: Securing orgs against the new threat landscape

Picture this: An email comes through, offering new COVID-19 workplace safety protocols, and an employee, worn down by the events of the day or feeling anxious about their safety, clicks through. In a matter of seconds, the attacker enters the network. Factor in a sea of newly remote workers and overloaded security teams, and it’s easy to see how COVID-19 has been a boon for cybercriminals.

Cybersecurity after COVID-19

Cracks in cyber defenses

The global pandemic has exposed new cracks in organizations’ cyber defenses, with a recent Tenable report finding just under half of businesses have experienced at least one “business impacting cyber-attack” related to COVID-19 since April 2020. For the most part, COVID-19 has exacerbated pre-existing cyberthreats, from counter incident response and island hopping to lateral movement and destructive attacks. Making matters worse, today’s security teams are struggling to keep up.

A survey of incident response (IR) professionals found that 53% encountered or observed a surge in cyberattacks exploiting COVID-19, specifically pointing to remote access inefficiencies (52%), VPN vulnerabilities (45%) and staff shortages (36%) as the most daunting endpoint security challenges.

VPNs, which many organizations rely on for protection, have become increasingly vulnerable and it may be cause for concern that the average update cycle for software patches tends to generally occur on a weekly basis, with very few updating daily. While these updates might seem frequent, they might not be enough to protect your information, primarily due to the explosion of both traditional and fileless malware.

As for vulnerabilities, IR professionals point to the use of IoT technologies, personal devices like iPhones and iPads, and web conferencing applications, all of which are becoming increasingly popular with employees working from home. Last holiday season, the number one consumer purchase was smart devices. Now they’re in homes that have become office spaces.

Cybercriminals can use those family environments as a launchpad to compromise organizations. In other words, attackers are still island hopping, but instead of starting from one organization’s network and moving along the supply chain, the attack may now originate in home infrastructures.

Emerging attacks on the horizon

Looking ahead, we’ll continue to see burgeoning geopolitical tensions, particularly as we near the 2020 presidential election. These tensions will lead to a rise in destructive attacks.

Moreover, organizations should prepare for other emerging attack types. For instance, 42% of IR professionals agree that cloud jacking will “very likely” become more common in the next 12 months, while 34% said as much of access mining. Mobile rootkits, virtual home invasions of well-known public figures and Bluetooth Low Energy attacks are among the other attack types to prepare for in the next year.

These new methods, in tandem with a surge in counter IR, destructive attacks, lateral movement and island hopping, make for a perilous threat landscape. But with the right tools, strategies, collaboration and staff, security teams can handle the threat.

Best practices for a better defense of data

As the initial shock of COVID-19 subsides, we should expect organizations to firm up their defenses against new vulnerabilities, whether it’s addressing staff shortages, integrating endpoint technologies, aligning IT and security teams or adapting networks and employees to remote work. The following five steps are critical in order to fight back against the next generation of cyber attacks:

  • Gain better visibility into your system’s endpoints – This is increasingly important in today’s landscape, with more attackers seeking to linger for long periods on a network and more vulnerable endpoints online via remote access.
  • Establish digital distancing practices – People working from home should have two routers, segmenting traffic from work and home devices.
  • Enable real-time updates, policies and configurations across the network – This may include updates to VPNs, audits or fixes to configurations across remote endpoints and other security updates.
  • Remember to communicate – about new risk factors (spear phishing, smart devices, file-sharing applications, etc.), protocols and security resources.
  • Enhance collaboration between IT and security teams – This is especially true under the added stress of the pandemic. Alignment should also help elevate IT personnel to become experts on their own systems.

Hackers continue to exploit vulnerable situations, and the global disruption brought on by COVID-19 is no different. Organizations must now refocus their defenses to better protect against evolving threats as workforces continue to shift to the next “normal” and the threat landscape evolves.

Lenovo Data Center Group delivers updated HCI solutions and Lenovo Cloud Services

Lenovo Data Center Group (DCG) announces a range of new and updated hyperconverged infrastructure (HCI) solutions and Lenovo Cloud Services to enable customers to keep pace with evolving business needs.

As remote work becomes the new, smarter normal, businesses need to adapt their hybrid cloud strategy and modernize their data center infrastructure.

Lenovo is addressing this by delivering an unparalleled, open platform of hyperconverged infrastructure solutions in partnership with Nutanix, Microsoft and VMware and expands software-defined systems management capabilities with Lenovo XClarity.

Hyperconverged infrastructure solutions are uniquely suited to provide virtual desktop infrastructure (VDI), supporting the need for people to work remotely across many industries such as education and healthcare.

Lenovo is focused on ready-to-deploy HCI solutions in partnership with industry-leading hybrid cloud software providers, which enable customers to deploy and manage a full edge-to-cloud environment with simpler updates, easy scalability and a consumption-based delivery model.

Reach new levels of performance and efficiency for end user computing with ThinkAgile HX powered by AMD EPYC processors and Nutanix:

Lenovo, in collaboration with Nutanix and AMD, announce the new Lenovo ThinkAgile HX HCI solutions powered by AMD EPYC processors, enabling customers to run their virtual desktop workloads and maintain consistent performance (in the same 1U form factor), with up to 50% fewer servers.

  • Improved TCO – The Lenovo ThinkAgile HX AMD two-socket delivers a wide range of core counts (2.3X more) to match application needs, two GPUs per one unit and 45% more memory bandwidth, enabling excellent performance for virtualization and VDI consolidation.
  • The factory installed Nutanix software increases flexibility for customers continuing their multi-cloud adoption journeys. It provides simplified operations, increased workload density, stronger data protection and seamless application across clouds to enable a true hybrid architecture.
  • Availability is planned in late November as an appliance or a certified node.
Simplify Edge-to-Cloud scalability with Lenovo ThinkAgile MX and Microsoft Azure Stack:

Lenovo, in collaboration with Microsoft, announce the new Lenovo ThinkAgile MX Azure Stack HCI Edge and Data Center Solutions, enabling customers to rapidly deploy a hybrid cloud infrastructure.

  • Lenovo offers customers a one-stop shop for Azure Stack HCI with the new ThinkAgile MX appliances, providing easy deployment, management and scalability of Azure services from edge-to-core-to-cloud. In addition, Lenovo plans to offers consumption-based (pay-as-you-go) pricing of Azure Stack HCI and Azure Stack Hub.
  • ThinkAgile MX has a single, simplified console for lifecycle management and delivers an enhanced customer experience, so customers can easily modernize and scale their on-premise infrastructure from edge solutions to cloud.
Improve agility of mission critical applications with Lenovo ThinkAgile VX and VMware:

Lenovo, in collaboration with VMware, announce the new Lenovo ThinkAgile VX HCI Solutions, improving agility and reliability for SAP HANA database deployments.

  • Lenovo ThinkAgile VX HCI Solutions are 4S certified nodes that enable customers to modernize their infrastructure for high-end database solutions and SAP HANA, improving agility and simplifying lifecycle management of vSAN environments via the integration of Lenovo XClarity Management software and the new vSphere Lifecycle Manager (vLCM) tools.
  • Lenovo XClarity is the management console for Lenovo ThinkAgile HCI solutions and it provides auto-discovery and asset management, policy-based firmware updates across hardware and software and is the integration interface to leading ISV management tools, including vLCM.
  • Lenovo ThinkAgile VX 4S solution offers double the SAP HANA database memory and direct connect NVMe, to accelerate response times, speed business insights and improve TCO.
  • Available later this month.
Lenovo OEM ON DEMAND Program Delivers Solutions to Modernize IT infrastructure:

Lenovo’s OEM ON DEMAND program enables ISV partners to offer turnkey, integrated IT infrastructure solutions to market through their respective brands. Lenovo provides the open, reliable and secure ThinkSystem platform coupled with their deep engineering, manufacturing and supply chain expertise to integrate and deliver these solutions on behalf of the ISV.

Lenovo, in collaboration with Diamanti, announce the introduction of the Diamanti SR630 solution powered by Lenovo’s ThinkSystem servers. Diamanti specializes in enabling fast Kubernetes deployments and allowing organizations to run containerized applications across hybrid cloud environments.

The Diamanti SR630 enables customers to rapidly deploy a complete container and Kubernetes solution by integrating high-performance compute, plug-and-play networking, persistent storage, Docker and Kubernetes into a powerful, simple full-stack solution. The Diamanti SR630 includes:

  • Improved resource control capabilities via configuration of container-granular quality of service policies for compute, network and storage resources deliver guaranteed service level agreements to applications.
  • Simplified operations enabled by a single pane of glass to manage multiple Kubernetes clusters, allowing businesses to focus on deploying modern applications across on-premise and hybrid cloud infrastructure.
  • Customers can gain up to 30×6 performance improvements for I/O intensive applications and greater than 95% of compute resources for applications while achieving a 70% reduction in the overall data center footprint using less servers to gain the same performance while lowering overall TCO.
  • Available now

“The strategy toward the new, smarter normal is around modernizing the data center and breaking down the longstanding digital barriers that many organizations face today,” said Kamran Amini, Vice President and General Manager of Server, Storage and Software Defined Infrastructure, Lenovo Data Center Group.

“We offer a large breadth of agile and preconfigured edge-to-hybrid cloud solutions in partnership with leading HCI providers that enable customers to harness the flexibility, scalability and economics of the cloud. To help with this transition, customers can leverage our design workshops with our expert solution engineers at no obligation.”

To guide business leaders through their cloud strategy and execution, Lenovo-funded workshops pair customers with Lenovo’s Principal Consultants to simplify and streamline the many options across multiple cloud platforms.

The Lenovo Professional Services team will design the right mix of hybrid cloud solutions for ultimate business agility. By partnering with Nutanix, Microsoft, VMware and many others, customers are granted access to the best selection of pre-tested and -configured cloud infrastructure solutions.

“The Lenovo ThinkAgile MX platform has all the features we need as an MSP—high performance, high availability and easy scalability,” siad Brian Townley, General Manager, C3 Group.

“We haven’t experienced any outages since migrating to the Lenovo infrastructure. Efficiency has increased so we can process and ship out more parts faster than we could before, bringing more products—and therefore socio-economic empowerment—to more and more people around the world,” said Sujoy Brahmachari, Head of IT Infrastructure & Information Security, Hero MotoCorp.

VMware 5G Telco Cloud Platform simplifies and accelerates the rollout of 5G networks

VMware announced its 5G Telco Cloud Platform, a consistent cloud first solution powered by a field proven, carrier-grade, and high-performance cloud native infrastructure with intelligent automation.

This new platform includes Tanzu Kubernetes Grid – an embedded Kubernetes distribution – that will allow Communication Service Providers (CSPs) to reliably build, manage and run containerized workloads across private, telco, edge and public clouds.

To meet the increasing demand for innovative 5G services, CSPs require a network powered by a modernized cloud that delivers web-scale speed and agility while maintaining carrier-grade performance, resiliency, and quality.

VMware’s innovative multi-cloud platform simplifies and accelerates the rollout of 5G networks, transforms operational models through multi-layer automation while seamlessly integrating with today’s networks.

By embracing cloud native principles with VMware’s Telco Cloud Platform, CSPs will be enabled to deploy innovative applications and services to market faster in the highly competitive 5G communications landscape.

The VMware Telco Cloud Platform provides a cloud-first network architecture to accelerate 5G and edge innovation while delivering service agility, operational consistency and integrated lifecycle management automation from infrastructure up to network services.

The VMware Telco Cloud Platform combines VMware Telco Cloud Infrastructure – an evolution of the vCloud NFV solution – and VMware Telco Cloud Automation – the recently launched multi-domain orchestration and automation capability.

The 5G ready Telco Cloud Platform is tailored for CSPs to easily embrace cloud native technology and deliver applications and services across multi-cloud infrastructure.

As CSPs evolve from NFV networks to cloud native and containerized networks, VMware is evolving its VMware vCloud NFV solution to Telco Cloud Infrastructure, providing CSPs a consistent and unified platform delivering consistent operations for both Virtual Network Functions (VNFs) and Cloud Native Network Functions (CNFs) across telco networks.

Telco Cloud Infrastructure is designed to optimize the delivery of network services with telco centric enhancements, supporting distributed cloud deployments, and providing scalability and performance for millions of consumer and enterprise users. These telco centric enhancements enable CSPs to gain web-scale speed and agility while maintaining carrier-grade performance, resiliency, and quality.

Tightly integrated with Telco Cloud Infrastructure, VMware’s Telco Cloud Automation intelligently automates the end-to-end lifecycle management of network functions and services to simplify operations and accelerate service delivery while optimizing resource utilization.

Telco Cloud Automation also now supports infrastructure and Containers-as-a-Service (CaaS) management automation to streamline workload placement and deliver optimal infrastructure resource allocation. It also significantly simplifies the 5G and telco edge network expansions through zero-touch-provisioning (ZTP) whenever capacity is required.

“VMware continues to accelerate the delivery of a comprehensive telco and edge cloud portfolio that addresses our customers’ challenges of today and enables them to harness the opportunities of tomorrow,” said Shekar Ayyar, executive vice president and general manager, Telco and Edge Cloud Business Unit, VMware.

“With support for cloud native technologies in the Telco Cloud Platform, CSPs can now boost their innovation speed to deliver new applications and services, reduce operational complexities, and realize substantial total cost of ownership savings, further accelerating the rollout of their 5G networks.”

DISH and VMware recently announced they have tested and onboarded dozens of cloud native 5G network functions from multiple software vendors on top of the VMware Telco Cloud over the last six months.

“As DISH builds the first Open RAN based 5G network in the U.S., the VMware Telco Cloud Platform will help us provide our customers with solutions that are more secure, agile and cost-effective,” said Marc Rouanne, executive vice president and chief network officer, DISH.

“The cloud native, software-defined nature of the VMware Telco Cloud will also support the DISH ecosystem of partners to accelerate 5G leadership in the U.S.”

“5G is providing a catalyst for CSPs to transform their business. The need for CSPs to increase service agility and transform OpEx economics will require them to make network automation a key part of their digital transformation strategy,” said Anil Rao, principal analyst, Analysys Mason.

“CSPs will require a true agile network infrastructure and operations enabling them to achieve zero-touch provisioning, automate expansion of network services and ongoing lifecycle operations of the network and services to deliver significant opex savings and enable greater innovation.”

To speed up the deployment of network functions and services by CSPs, VMware recently expanded the Ready for Telco Cloud program to add support for VMware Telco Cloud Automation. With the release of VMware Telco Cloud Platform, VMware is further expanding the program to accelerate network functions readiness for deployment.

The program scope extends to container-based network functions and these workloads conformance with VMware’s Cloud Native stack as well as the automation offered by the stack.

CSPs can expect that Network Functions which passed certification will be quicker to onboard and deploy on the VMware Telco Cloud Platform while accelerating CSPs time to revenue. To date, more than 35 partners have received more than 180 certifications as part of the program.

VMware is also announcing Telco Cloud Operations, a real-time automated assurance solution designed to bridge the gap between virtual and physical networks. The solution provides holistic monitoring and performance management across multiple layers of the network, including SD-WAN, for rapid insights, lower costs and improved customer experience.

It integrates machine-learning based performance analytics and vivid reporting dashboards for proactive assurance.  Complemented by the Uhana solution from VMware that provides intelligent automation for Radio Access Networks (RANs), CSPs can have comprehensive operations visibility across their entire network.

“In a 5G world, complexity from dynamic network functions and configurable services requires automated collection, analysis, and control of operations data to establish customer insight and service management boundaries,” said Karl Whitelock, VP Communications Service Provider Operations and Monetization, at IDC Research.

“Advanced assurance solutions such as VMware Telco Cloud Operations are essential for providing automated analysis of network and performance data that can simplify operations, provide end-to-end visibility and improve the customer experience.”

VMware brings Kubernetes to its VMware Fusion and VMware Workstation solutions

VMware unveiled the newest versions of its VMware Fusion and VMware Workstation desktop hypervisor solutions. VMware’s updates support the changing needs of modern developers by extending the tools traditionally used to simplify workflows and expand capabilities of virtual machines (VMs) to container-based applications orchestrated with Kubernetes.

The latest release of Fusion also introduces a new edition—Fusion Player—available with a free Personal Use license as well as offering a paid license for commercial use.

“Developers can now slipstream Kubernetes applications from test/dev into production,” said Lee Caswell, vice president, marketing, Cloud Platform Business Unit, VMware. “We’ve built a consistent CI/CD operational model that—with our free Player version—is available for all developers.”

Expanding support for developers

VMware has long served developers as well as end users and IT professionals with some of the best-in-class features with its award-winning desktop hypervisor products—VMware Fusion and Workstation.

These updates expand support for modern application developers with enhancements to VMware’s container engine CLI—vctl—while also making it available on Workstation for Windows.

With Fusion or Workstation, developers will be able to support more custom Kubernetes clusters with support for ‘kind’ — a tool for running local Kubernetes clusters using containers as “nodes.”

Containers built with vctl can be tested on local Kubernetes clusters to validate pipeline workflows before pushing them upstream to a central registry such as Harbor. In turn, the containers can be implemented on larger VMware Cloud Foundation 4 with Tanzu production clusters in a service delivery pipeline.

Additionally, administrators will be able to connect with VMware vSphere 7 through ESXi and vCenter for remote VM operation and maintenance tasks. Supporting the latest physical and virtual hardware features, Fusion and Workstation provide out-of-the-box workload mobility / compatibility between desktops and data centers.

In preparation for the next major version of macOS 11.0 Big Sur, VMware has made full use of Apple’s hypervisor and other APIs, removing the need for kernel extensions and supporting macOS 11 as both host and guest.

Additional new VMware Fusion and Workstation features

  • DirectX 11 and OpenGL 4.1 – Running games and apps support with Direct3D version 11 or OpenGL 4.1
  • Windows 10 Hyper-V mode – VMware Workstation products support running VMs, containers and Kubernetes clusters on PCs with Windows 10 version 2004 that have Hyper-V mode enabled.
  • Dark Mode – For Workstation Pro and Player UIs, a new Dark Mode feature will seamlessly align with the latest versions of Windows 10, including the recently released 2004 build.
  • eGPU compatibility – Fusion Player and Pro will support eGPU devices, helping offload the resource-taxing graphics rendering process from the internal integrated or discrete GPU, to a much more powerful external one.
  • Improved accessibility – Accessibility controls in compliance with VPAT Section 508, helping users get the full benefits of virtual machines.

Intel and VMware extend virtualization to RAN through broadened collaboration for 5G

Intel and VMware are collaborating on an integrated software platform for virtualized Radio Access Networks (RAN) to accelerate the rollout of both existing LTE and future 5G networks.

As communications service providers (CoSPs) evolve their networks to support the rollout of future 5G networks, they are increasingly adopting a software-defined, virtualized infrastructure. Virtualization of the core network has already enabled CoSPs to improve operational costs and bring services to market faster. This expanded collaboration between Intel and VMware aims to offer CoSPs reduced development cycles and scale across multiple designs.

Many CoSPs are embracing the idea of having open and disaggregated RAN architectures that can give them added flexibility and choice, as well as programmability to create and deploy new services that require fine grained radio resource control and dynamic slicing to provide differentiated experiences such as cloud gaming and cloud controlled robotics. This collaboration seeks to simplify the steps and reduce the integration effort involved in creating deployable virtualized RAN solutions.

Intel and VMware will work with a rich ecosystem, including telecom equipment manufacturers, original equipment manufacturers and RAN software vendors, to help CoSPs more easily build on top of the vRAN platform to address specific use cases. As part of this effort, Intel and VMware will collaborate in building programmable open interfaces that leverage Intel’s FlexRAN software reference architecture and a VMware RAN Intelligent Controller (RIC), to enable development of innovative radio network functions using AI/ML learning for real time resource management, traffic steering and dynamic slicing. This in turn will assist in optimized QoE for rollout of new 5G vertical use cases.

“Many CoSPs are choosing to extend the benefits of network virtualization into the RAN for increased agility as they roll out new 5G services, but the software integration can be rather complex. With an integrated vRAN platform, combined with leading technology and expertise from Intel VMware, CoSPs are positioned to benefit from accelerated time to deployment of innovative services at the edge of their network,” explained Dan Rodriguez, corporate vice president and general manager, Network Platforms Group, Intel.

“CoSPs around the globe rely on VMware’s Telco Cloud platform to deploy and manage myriad core network functions. As they look to extend their software-defined infrastructure out to the RAN, there are tremendous benefits to delivering all network functions on a single platform,” said Shekar Ayyar, executive vice president and general manager, Telco and Edge Cloud, VMware. “With an integrated platform, CoSPs will be able to deploy new network functions across the same Telco Cloud architecture, from core to RAN, enabling the scale and agility needed to deliver services across a 5G network more efficiently.”

How do I select an endpoint protection solution for my business?

Endpoint protection has evolved to safeguard from complex malware and evolving zero-day threats.

To select an appropriate endpoint protection solution for your business, you need to think about a variety of factors. We’ve talked to several cybersecurity professionals to get their insight on the topic.

Theresa Lanowitz, Head of Evangelism, AT&T Cybersecurity

select endpoint protection solutionCorporate endpoints represent a top area of security risk for organizations, especially considering the shift to virtual operations brought on by COVID-19. As malicious actors target endpoints with new types of attacks designed to evade traditional endpoint prevention tools, organizations must seek out advanced endpoint detection and response (EDR) solutions.

Traditionally, enterprise EDR solutions carry high cost and complexity, making it difficult for organizations to implement EDR successfully. While many security teams recognize the need for EDR, most do not have the resources to manage a standalone endpoint security solution.

For this reason, when selecting an EDR solution, it’s critical to seek a unified solution for threat detection, incident response and compliance, to be incorporated into an organization’s existing security stack, eliminating any added cost or complexity. Look for endpoint solutions where security teams can deploy a single platform that delivers advanced EDR combined with many other essential security capabilities in a single pane of glass, in an effort to drive efficiency of security and network operations.

Overall, organizations should select an EDR solution that enables security teams to detect and respond to threats faster while eliminating the cost and complexity of maintaining yet another point security solution. This approach can help organizations bolster their cybersecurity and network resiliency, with an eye towards securing the various endpoints used in today’s virtual workforce.

Rick McElroy, Cyber Security Strategist, VMware Carbon Black

select endpoint protection solutionWith the continuously evolving threat landscape, there are a number of factors to consider during the selection process. Whether a security team is looking to replace antiquated malware prevention or empower a fully-automated security operations process, here are the key considerations:

  • Does the platform have the flexibility for your environment? Not all endpoints are the same, therefore broad coverage of operating systems is a must.
  • Does the vendor support the MITRE ATT&CK Framework for both testing and maturing the product? Organizations need to test security techniques, validate coverage and identify gaps in their environments, and implement mitigation to reduce attack surface.
  • Does it provide deeper visibility into attacks than traditional antivirus? Organizations need deeper context to make a prevention, detection or response decision.
  • Does the platform provide multiple security functionality in one lightweight sensor? Compute is expensive, endpoint security tools should be as non-impactful to the system as possible.
  • Is the platform usable at scale? If your endpoint protection platform isn’t centrally analyzing behaviors across millions of endpoints, it won’t be able to spot minor fluctuations in normal activity to reveal attacks.
  • Does the vendor’s roadmap meet the future needs of the organization? Any tool selected should allow teams the opportunity for growth and ability to use it for multiple years, building automated processes around it.
  • Does the platform have open APIs? Teams want to integrate endpoints with SEIM, SOAR platforms and network security systems.

David Ngo, VP Metallic Products and Engineering, Commvault

select endpoint protection solutionWith millions working remotely due to COVID-19, laptop endpoints being used by employees while they work from home are particularly vulnerable to data loss.

This has made it more important than ever for businesses to select a strong endpoint protection solution that:

  • Lowers the risk of lost data. The best solutions have automated backups that run multiple times during the day to ensure recent data is protected and security features such as geolocation and remote wipe for lost or stolen laptops. Backup data isolation from source data can also provide an extra layer of protection from ransomware. In addition, anomaly detection capabilities can identify abnormal file access patterns that indicate an attack.
  • Enables rapid recovery. If an endpoint is compromised, the solution should accelerate data recovery by offering metadata search for quick identification of backup data. It’s also important for the solution to provide multiple granular restore options – including point in time, out of place, and cross OS restores – to meet different recovery needs.
  • Limits user and IT staff administration burdens. Endpoint solutions with silent install and backup capabilities require no action from end users and do not impact their productivity. The solution should also allow users and staff to access backup data, anytime, anywhere, from a browser-enabled device, and make it possible for employees to search and restore files themselves.

James Yeager, VP of Public Sector, CrowdStrike

select endpoint protection solutionDecision-makers seeking the best endpoint protection (EPP) solution for their business should be warned legacy security solutions are generally ineffective, leaving organizations highly susceptible to breaches, placing a huge burden on security teams and users.

Legacy tools, engineered by on-premises architectures, are unable to keep up with the capabilities made available in a modern EPP solution, like collecting data in real-time, storing it for long periods and analyzing it in a timely manner. Storing threat telemetry data in the cloud makes it possible to quickly search petabytes of data in an effort to glean historical context for activities running on any managed system.

Beware of retrofitted systems from vendors advertising newer “cloud-enabled” features. Simply put, these “bolt-on” models are unable to match the performance of a cloud-native solution. Buyers run the risk of their security program becoming outdated with tools that cannot scale to meet the growing needs of today’s modern, distributed workforce.

Furthermore, comprehensive visibility into the threat landscape and overall IT hygiene of your enterprise are foundational for efficient security. Implementing cloud-native endpoint detection and response (EDR) capabilities into your security stack that leverages machine learning will deliver visibility and detection for threat protection across the entire kill chain. Additionally, a “hygiene first” approach will help you identify the most critical risk areas early-on in the threat cycle.

Bug in widely used bootloader opens Windows, Linux devices to persistent compromise

A vulnerability (CVE-2020-10713) in the widely used GRUB2 bootloader opens most Linux and Windows systems in use today to persistent compromise, Eclypsium researchers have found. The list of affected systems includes servers and workstations, laptops and desktops, and possibly a large number of Linux-based OT and IoT systems.

CVE-2020-10713

What’s more, the discovery of this vulnerability has spurred a larger effort to audit the GRUB2 code for flaws and, as a result, seven CVE-numbered flaws and many others without a CVE have been brought to light (and have or will be fixed).

BootHole (CVE-2020-10713)

CVE-2020-10713, named “BootHole” by the researchers who discovered it, can be used to install persistent and stealthy bootkits or malicious bootloaders that will operate even when the Secure Boot protection mechanism is enabled and functioning.

“The vulnerability affects systems using Secure Boot, even if they are not using GRUB2. Almost all signed versions of GRUB2 are vulnerable, meaning virtually every Linux distribution is affected,” the researchers explained.

“In addition, GRUB2 supports other operating systems, kernels and hypervisors such as Xen. The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority. Thus the majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries. This vulnerability makes these devices susceptible to attackers such as the threat actors recently discovered using malicious UEFI bootloaders.”

The researchers have done a good job explaining in detail why the why, where and how of the vulnerability, and so did Kelly Shortridge, the VP of Product Management and Product Strategy at Capsule8. The problem effectively lies in the fact that a GRUB2 configuration file can be modified by attackers to make sure that their own malicious code runs before the OS is loaded.

The only good news is that the vulnerability can’t be exploited remotely. The attacker must first gain a foothold on the system and escalate privileges to root/admin in order to exploit it. Alternatively, they must have physical access to the target system.

The real danger, according to Shortridge, is if criminals incorporate this vulnerability into a bootkit, license it to bot authors, who will deploy or sell the bootkit-armed bots.

“This pipeline will not pop out pwnage overnight, so the question becomes whether mitigations can be successfully rolled out before criminals can scale this attack,” she noted.

A complex mitigation process

The main problem is that fixing this flaw on such a great number of systems will be a massive, complex and partly manual undertaking.

“Full mitigation of this issue will require coordinated efforts from a variety of entities: affected open-source projects, Microsoft, and the owners of affected systems, among others,” Eclypsium researchers noted.

“This will include: updates to GRUB2 to address the vulnerability; Linux distributions and other vendors using GRUB2 will need to update their installers, bootloaders, and shims [a small app that contains the vendor’s certificate and code that verifies and runs the GRUB2 bootloader]; new shims will need to be signed by the Microsoft 3rd Party UEFI CA; administrators of affected devices will need to update installed versions of operating systems in the field as well as installer images, including disaster recovery media; and eventually the UEFI revocation list (dbx) needs to be updated in the firmware of each affected system to prevent running this vulnerable code during boot.”

Again, both Eclypsium and Shortridge helpfully explained in detail the whole process and the dangers it holds for organizations. In addition to the complex hoop jumping of the mitigation process, orgs should also be monitoring their systems for threats and ransomware that use vulnerable bootloaders to infect or damage systems.

Eclypsium researchers have provided recommendations and have linked to the various reference materials by Microsoft, Debian, Canonical, Red Hat, HPE, SUSE, VMware and others who need to help users and admins fix the problem.

They’ve also powershell and bash scripts to help administrators identify certificates revoked by the various OS vendors when they push out security updates for CVE-2020-10713.

Other discovered vulnerabilities

After being notified of the existence of BootHole, Canonical (the company that develops Ubuntu) and others went in search for other security holes in GRUB2. They discovered seven related vulnerabilities, whose mitigations are included in today’s release for Ubuntu and other major Linux distributions.

“Given the difficulty of this kind of ecosystem-wide update/revocation, there is a strong desire to avoid having to do it again six months later,” Eclypsium researchers noted.

“To that end, a large effort — spanning multiple security teams at Oracle, Red Hat, Canonical, VMware, and Debian — using static analysis tools and manual review helped identify and fix dozens of further vulnerabilities and dangerous operations throughout the codebase that do not yet have individual CVEs assigned.”

New threat environment elements and global attack trends

There has been an increase in both cyberattack volume and breaches during the past 12 months in the U.S. This has prompted increased investment in cyber defense, with U.S. businesses already using an average of more than nine different cybersecurity tools, a VMware survey found.

threat environment elements

Key findings

  • 92% said attack volumes have increased in the last 12 months, the survey found.
  • 97% said their business has suffered a security breach in the last 12 months. The average organization said they experienced 2.70 breaches during that time, the survey found.
  • 84% said attacks have become more sophisticated, the survey found.
  • 95% said they plan to increase cyber defense spending in the coming year.
  • OS vulnerabilities are the leading cause of breaches, according to the survey, followed by web application attacks and ransomware.
  • US companies said they are using an average of 9 different security technologies to manage their security program, the survey found.

Common breach causes in U.S.

The most common cause of breaches in the U.S. was OS vulnerabilities (27%). This was jointly followed by web application attacks with 13.5% and ransomware with 13%. Island-hopping was the cause of 5% of breaches.

Rick McElroy, Cyber Security Strategist at VMware Carbon Black, said: “Island-hopping is having an increasing breach impact with 11% of survey respondents citing it as the main cause. In combination with other third-party risks such as third-party apps and the supply chain, it’s clear the extended enterprise is under pressure.”

Complex multi-technology environments

US cybersecurity professionals said they are using an average of more than nine different tools or consoles to manage their cyber defense program, the survey found. This indicates a security environment that has evolved reactively as security tools have been adopted to tackle emerging threats.

“Siloed, hard-to-manage environments hand the advantage to attackers from the start. Evidence shows that attackers have the upper hand when security is not an intrinsic feature of the environment. As the cyber threat landscape reaches saturation, it is time for rationalization, strategic thinking and clarity over security deployment,” said McElroy.

Supplemental COVID-19 survey in U.S.

The latest research was supplemented with a survey on the impact COVID-19 has had on the attack landscape. According to the supplemental survey of more than 1,000 respondents from the U.S., UK, Singapore and Italy, 88% of U.S. cybersecurity professionals said attack volumes have increased as more employees work from home. 89% said their organizations have experienced cyberattacks linked to COVID-19 malware.

Key findings from the supplemental U.S. COVID-19-focused survey:

  • 89% said they have been targeted by COVID-19-related malware.
  • Inability to institute multifactor authentication (MFA) was reported as the biggest security threat to businesses during COVID-19, the survey found.
  • 83% reported gaps in disaster planning around communications with external parties including customers, prospects, and partners.

Said McElroy: “The global situation with COVID-19 has put the spotlight on business resilience and disaster recovery planning. Those organizations that have delayed implementing multi-factor authentication appear to be facing challenges, as 32% of U.S. respondents say the inability to implement MFA is the biggest threat to business resilience they are facing right now.”

Exposing gaps in a disaster recovery plan

U.S. survey respondents were asked whether COVID-19 had exposed gaps in their disaster recovery plans, and to indicate the severity of those gaps. Their responses showed that:

  • 83% of respondents reported gaps in recovery planning, ranging from slight to severe.
  • 83% said they had uncovered gaps in IT operations.
  • 84% said they encountered problems around enabling a remote workforce.
  • 83% said they’ve experienced challenges communicating with employees
  • 83% said they had experienced difficulty communicating with external parties.
  • 63% said the situation uncovered gaps around visibility into cybersecurity threats.

“These figures indicate that the surveyed CISOs may be facing difficulty in a number of areas when answering the demands placed on them by the COVID-19 situation,” according to McElroy.

Risks directly related to COVID-19 have also quickly emerged, the survey found. This includes rises in COVID-19 malware which was seen by 89% of U.S. respondents.

Said McElroy: “The 2020 survey results suggest that security teams must be working in tandem with business leaders to shift the balance of power from attackers to defenders. We must also collaborate with IT teams and work to remove the complexity that’s weighing down the current model.

“By building security intrinsically into the fabric of the enterprise – across applications, clouds and devices – teams can significantly reduce the attack surface, gain greater visibility into threats, and understand where security vulnerabilities exist.”

VMware Cloud on AWS drives app modernization, business continuity and better cloud economics

VMware announced new capabilities designed to further improve the economic value of VMware Cloud on AWS while meeting an evolving set of requirements for application modernization, business continuity and resiliency, and cloud migration.

These new offerings include the new Amazon Elastic Compute Cloud (Amazon EC2) i3en instances that can deliver nearly 50% lower cost per GB of raw storage, a 2-host SDDC configuration that lowers the entry price for production environments by 33%, and a new multi-tenant cloud management service that enables partners to support 5-10x more customers with no additional upfront costs, while enabling smaller organizations to purchase VMware Cloud on AWS on a per VM rather than per host basis.

VMware Cloud on AWS is a jointly engineered service that brings VMware Cloud Foundation to Amazon Web Services (AWS), with optimized access to AWS services. The service offers ultra-fast cloud migration, powered by VMware HCX and vMotion combined with consistent hybrid cloud infrastructure and operations.

Once applications are migrated, customers can run, manage, and modernize these applications with the VMware Tanzu portfolio as well as integrate native AWS services. As of June 2020, total VMs are up 3.5x and total number of hosts up 2.5x year over year.

More than 500 channel partners have achieved a VMware Cloud on AWS service competency, including 43 with a Master Services Competency, and there are more than 300 certified or validated technology solutions available to VMware Cloud on AWS customers.

“VMware Cloud on AWS unlocks the power of cloud, enabling customers to rapidly migrate apps, scale resources up or down based on demand, deliver resources for new remote work initiatives, and drive app modernization strategies,” said Mark Lohmeyer, senior vice president and general manager, cloud services business unit, VMware.

“Along with AWS, VMware’s preferred public cloud partner for vSphere-based workloads, we are accelerating service innovation and broadening access to VMware Cloud on AWS to help more businesses support the demands of a broad range of enterprise applications and use cases, while delivering the best economic value.”

“Customers want cloud services that are available anywhere they operate in the world, can deliver real business value and financial savings, support their needs instantly as priorities change,” said David Brown, vice president, EC2, Amazon Web Services, Inc.

“We are delighted to be working with VMware to allow customers to build and operate applications in AWS Regions, using the same foundation they use in their data centers today, which is why VMware Cloud on AWS is our preferred service for all vSphere-based workloads.”

VMware Cloud on AWS delivers new innovations, better cloud economics

VMware continues to deliver key capabilities that enable customers to accelerate their migration and modernization journey and further support business resiliency with VMware Cloud on AWS. VMware announces the following enhancements that will help customers migrate and modernize applications while driving better cloud economics from VMware Cloud on AWS.

New i3en.metal instance: this new host type is based on 2nd generation Intel® Xeon® Scalable Processors. It’s designed for storage-dense workloads with high-performance requirements and delivers superior economics at scale for data center migration and disaster recovery transformation projects.

These new instances deliver 4x the raw storage capacity at roughly half the cost per GB of storage per host of current offerings. In addition, it comes with low latency Non-Volatile Memory Express (NVMe) SSD capacity for applications that require high random I/O access to large amounts of data such as relational databases.

Native encryption at the NIC level offers better security for east-west traffic within the SDDC boundaries. Customer can gain even better economics by mixing and matching i3en instances for storage demanding workloads with i3.metal instances for compute/memory demanding workloads.

“The exponential growth of data generation and consumption and the rapid expansion of hyperscale computing necessitate a highly flexible and scalable cloud architecture,” said Jason Grebe, corporate vice president and general manager, Intel Cloud and Enterprise Solutions Group.

“Second Generation Intel Xeon Scalable processors are designed to take full advantage of the scalable memory, storage and network bandwidth offered by VMware Cloud on AWS. Intel has partnered with VMware and AWS to provide customers with a powerful foundation for digital transformation.”

2-host production cluster lowers starting cost by 33%: The 2-host cluster provides a new, smaller minimum environment for production workloads, enabling even more customers, partners, and managed service providers (MSPs) to get started with VMware Cloud on AWS.

The 2-host cluster is ideal for proving the value of VMware Cloud on AWS and reducing cost of getting started. With the 2-host cluster, customers can get started with persistent VMware Cloud on AWS environments at up to 33 percent lower cost of entry than a 3-host cluster.

Embrace cloud native infrastructure with VMware Tanzu Kubernetes Grid: Organizations can deploy, scale, and manage containerized applications on VMware Cloud on AWS with the addition of Tanzu Kubernetes Grid.

Tanzu Kubernetes Grid packages open source technologies and automation tooling to help customers get up and running quickly with a scalable, multi-cluster Kubernetes environment.

With Tanzu Kubernetes Grid on VMware Cloud on AWS, customers can deploy their SDDC in the cloud, with all the required components needed to architect and scale Kubernetes to fit their needs.

Expanded networking options: VMware Transit Connect (Preview) will eliminate the hassles of self-deploying and managing complex configurations to establish a connectivity fabric across VMware Cloud on AWS SDDCs, Amazon Virtual Private Clouds (Amazon VPCs), and on-premises environments.

The solution, which is based on the AWS Transit Gateway service, is a high-bandwidth, low latency and resilient connectivity solution that will be operationally simple with automated provisioning and controls.

The connectivity model automatically scales up/down linearly as new environments are added or removed from a group, providing users with flexibility.

Additionally, with support for the industry-leading VMware SD-WAN, users at branches or remote locations can have a better network connectivity to workloads deployed on VMware Cloud on AWS. VMware SD-WAN provides a cloud-delivered, transport-agnostic architecture supporting and optimizing any WAN link or combination of links.

Multi-tenancy lowers MSPs costs, opens new opportunities with SMBs: VMware Cloud Director service provides MSPs with a pay-as-you-grow model, thus reducing the overhead costs to pursue small and medium sized businesses.

The service enables partners to provide flexibility in pricing and environment size by dividing their VMware Cloud on AWS SDDC environments into multi-tenanted resource pools, with fine-grained control of resource allocation and support for differing consumption models.

MSPs can quickly implement changes to resource pools across hosts and pair regions to support geo-expansion and quickly adapt to changing customer requirements. They can also accelerate time-to-market by reducing operational overhead with familiar management and a consistent experience for their end customers.

Enabling business continuity with VMware Cloud on AWS

VMware Cloud on AWS helps businesses alleviate potential disruptions, delivering a seamlessly integrated hybrid cloud environment in under two hours from any of the 17 AWS Regions worldwide, and scaled to support more users, more workloads, and urgent demands in minutes.

With Horizon 7 VDI on VMware Cloud on AWS, customers can quickly set up and scale cloud-delivered virtual desktop infrastructure to support remote employees, temporary workers, and contractors. VMware Site Recovery and VMware Cloud on AWS provide infrastructure risk mitigation and enable customers to implement proactive disaster avoidance​.

VMware has also announced its intent to acquire Datrium, and, after the deal closes, plans to expand on the performance-optimized VMware Site Recovery disaster recovery as a service (DRaaS) solution with a cost-optimized option.

VMware Cloud on AWS customers share their stories

West Windsor-Plainsboro Regional School District in central New Jersey serves approximately 9,900 students. Harry Doctor, technology manager for WW-P school district, said, “We originally selected VMware Cloud on AWS to support disaster preparedness, providing resiliency for our VMware Horizon virtual desktops and other critical applications.

“When it was confirmed that New Jersey schools would remain closed for the rest of the 2020 school year, we were able to quickly shift strategies and immediately burst our infrastructure using VMware Cloud on AWS to support remote learning for nearly 10,000 students.

“This service enabled us to respond more than 10 times faster than we could have if we had needed to deploy additional physical servers to support the increased workloads. What would have taken eight weeks took five days, because no additional hardware was required.

“We were able to keep learning and operations as close to business as usual as possible, even in the face of unprecedented challenges. A lot of people wish they had a deployment like this stood up when the pandemic started.”

ZOZO Technologies, Inc supports the R&D and IT operations of ZOZO Inc., including Japan’s largest online fashion shopping website, ZOZOTOWN, which the company says offers more than 7,600 brands and 3,000 new items per day for purchase online.

Nobuhiko Watanabe, Team Leader, Development Division of ZOZO Technologies, said, “We experience a huge surge in shopping traffic to our website, sometimes more than three to four times the usual traffic on an average day, during seasonal sales.

“This meant we needed to scale up our IT infrastructure very quickly to ensure a smooth and seamless online retail experience for our customers and over 1,300 store owners. VMware was successful in scaling up to 100 hosts on-demand through VMware Cloud on AWS during the 2019-2020 Christmas / New Year sales period.

“During the COVID19 quarantine and summer sales event this year, there was an increase in traffic, but we achieved similar success, despite our teams working entirely from home. With VMware Cloud on AWS, we were able to scale up hosts easily and without any disruption.

“Both successes demonstrate the power of a consistent cloud infrastructure and operations to enable our business to scale on demand and help meet business continuity requirements.”

2020: The year of increased attack sophistication

There was an increase in both cyberattack volume and breaches during the past 12 months in the U.S. This has prompted increased investment in cyber defense, with U.S. businesses already using an average of more than nine different cybersecurity tools, a VMware survey found.

2020 increased attack sophistication

Increased attack sophistication in 2020

Key survey findings from U.S. respondents:

  • 92% said attack volumes have increased in the last 12 months, the survey found.
  • 97% said their business has suffered a security breach in the last 12 months. The average organization said they experienced 2.70 breaches during that time, the survey found.
  • 84% said attacks have become more sophisticated, the survey found.
  • 95% said they plan to increase cyber defense spending in the coming year.
  • OS vulnerabilities are the leading cause of breaches, according to the survey, followed by web application attacks and ransomware.
  • US companies said they are using an average of 9 different security technologies to manage their security program, the survey found.

Common breach causes in U.S.

The most common cause of breaches in the U.S. was OS vulnerabilities (27%). This was jointly followed by web application attacks with 13.5% and ransomware with 13%. Island-hopping was the cause of 5% of breaches.

Rick McElroy, Cyber Security Strategist at VMware Carbon Black, said: “Island-hopping is having an increasing breach impact with 11% of survey respondents citing it as the main cause. In combination with other third-party risks such as third-party apps and the supply chain, it’s clear the extended enterprise is under pressure.”

Complex multi-technology environments

US cybersecurity professionals said they are using an average of more than nine different tools or consoles to manage their cyber defense program, the survey found. This indicates a security environment that has evolved reactively as security tools have been adopted to tackle emerging threats.

Said McElroy: “Siloed, hard-to-manage environments hand the advantage to attackers from the start. Evidence shows that attackers have the upper hand when security is not an intrinsic feature of the environment. As the cyber threat landscape reaches saturation, it is time for rationalization, strategic thinking and clarity over security deployment.”

Supplemental COVID-19 survey

The latest research was supplemented with a survey on the impact COVID-19 has had on the attack landscape. According to the supplemental survey of more than 1,000 respondents from the U.S., UK, Singapore and Italy, 88% of U.S. cybersecurity professionals said attack volumes have increased as more employees work from home. 89% said their organizations have experienced cyberattacks linked to COVID-19 malware.

Key findings from the supplemental U.S. COVID-19-focused survey:

  • 89% said they have been targeted by COVID-19-related malware.
  • Inability to institute multi-factor authentication (MFA) was reported as the biggest security threat to businesses during COVID-19, the survey found.
  • 83% reported gaps in disaster planning around communications with external parties including customers, prospects, and partners.

“The global situation with COVID-19 has put the spotlight on business resilience and disaster recovery planning. Those organizations that have delayed implementing multi-factor authentication appear to be facing challenges, as 32% of U.S. respondents say the inability to implement MFA is the biggest threat to business resilience they are facing right now,” said Said McElroy.

Gaps in disaster recovery plans

U.S. survey respondents were asked whether COVID-19 had exposed gaps in their disaster recovery plans, and to indicate the severity of those gaps. Their responses showed that:

  • 83% of respondents reported gaps in recovery planning, ranging from slight to severe.
  • 83% said they had uncovered gaps in IT operations.
  • 84% said they encountered problems around enabling a remote workforce.
  • 83% said they’ve experienced challenges communicating with employees.
  • 83% said they had experienced difficulty communicating with external parties.
  • 63% said the situation uncovered gaps around visibility into cybersecurity threats.

Said McElroy: “These figures indicate that the surveyed CISOs may be facing difficulty in a number of areas when answering the demands placed on them by the COVID-19 situation.”

2020 increased attack sophistication

Risks directly related to the pandemic have also quickly emerged, the survey found. This includes rises in COVID-19 malware which was seen by 89% of U.S. respondents.

Said McElroy: “The 2020 survey results suggest that security teams must be working in tandem with business leaders to shift the balance of power from attackers to defenders. We must also collaborate with IT teams and work to remove the complexity that’s weighing down the current model.

“By building security intrinsically into the fabric of the enterprise – across applications, clouds and devices – teams can significantly reduce the attack surface, gain greater visibility into threats, and understand where security vulnerabilities exist.”

Zettaset’s encryption solutions now available on VMware Cloud Marketplace

Zettaset announced the availability of its encryption solutions on VMware Cloud Marketplace. Zettaset XCrypt Kubernetes & Container Encryption and XCrypt Virtual Key Manager and Data Encryption Solutions are now accessible for VMware customers deploying Kubernetes and container environments running on vSphere.

VMware Cloud Marketplace enables customers to discover and deploy validated, third-party solutions for VMware-based platforms – across public, private and hybrid cloud environments. Once validated, partners can easily publish their solutions for VMware customers across platforms.

Customers will be able to access these third-party partner solutions directly from their cloud environments, while also being able to experience the convenience of features such as notifications, reporting, and analytics.

Zettaset’s software-defined data encryption and enterprise key management solutions secure business critical data within cloud environments, without impacting performance.

Due to its software-defined approach, Zettaset’s encryption solutions allow organizations to tap into the power of emerging environments without worrying about the security of their data or slowing down their business velocity.

In addition, software-defined encryption is more cost effective and less disruptive than more traditional appliance-based products, helping organizations operate at higher efficiencies and ultimately better secure their critical business assets.

“The DevOps to DevSecOps shift is upon us. Enterprise organizations will continue to adopt cloud-native technologies such as Kubernetes and containers in order to accelerate digital transformation initiatives,” said Tim Reilly, CEO, Zettaset.

“In turn, these new virtual environments have expanded the attack surface and created new vectors for cybercriminals to target. For VMware customers running vSphere, Zettaset’s suite of encryption solutions seamlessly supports encryption for Kubernetes and containers to best secure these emerging environments.”

“We are pleased to welcome Zettaset’s XCrypt Kubernetes & Container Encryption and XCrypt Virtual Key Manager and Data Encryption Solutions to the VMware Cloud Marketplace,” said Ramya Sarangarajan, Director within VMware’s Cloud Services group.

“Validated technologies, such as the software-defined encryption solutions from Zettaset, enable our customers to build, run and manage their applications effectively and efficiently. We’re excited to work with partners such as Zettaset to empower customers to derive the most value from their technology investments.”

Cybercriminals banking on finance: Mitigating escalation

When it comes to cyber attacks, no industry is safe. But according to Boston Consulting Group research, financial service firms experience up to 300 times as many cyber attacks per year compared to companies in other industries. No financial firm is ever safe, especially as cybercriminals become more determined and sophisticated in their attack methods.

cybercriminals sophisticated

The dramatic increase in attacks against the financial industry can be attributed to three factors:

1. The COVID-19 pandemic has forced many employees to work remotely, further increasing the attack surface, making them easier targets
2. Cybercrime syndicates have adopted new attack methodologies, which traditional cybersecurity controls cannot defend against
3. Cybercriminals are, in some cases, being seen as patriots by their respective nations and acting as nefarious “cyber Robin Hoods.”

Cashing in on COVID-19

According to recent data, cyber attacks against the financial sector increased by 238 percent from February to April 2020, amid the COVID-19 surge. Cybercriminals often work to exploit fear and uncertainty during major world events by launching cyber attacks, and the pandemic is no exception. In fact, notable spikes in attacks can also be correlated to key days in the COVID-19 news cycle, such as March 1, 2020 when many states in the U.S. declared COVID-19 a public health emergency. This suggests attackers are being opportunistic and leverage breaking news to take advantage of vulnerable populations.

These cyber attacks are often performed with social engineering campaigns, leveraging malicious emails that lure victims to install malware which steals financial data and other valuable personal information. Attackers have been using COVID-19 to launch phishing attacks, fake apps/maps, trojans, backdoors, crypto miners, botnets and ransomware.

This can be increasingly damaging as the pandemic has already resulted in many people losing their jobs. It’s clear the attackers are not slowing down amid the pandemic, which means understanding their behaviors has become more important than ever before.

Money is the motive: Understanding attacker tactics

Financial institutions have reported cybercriminals are becoming more sophisticated, leveraging highly targeted social engineering attacks and advanced procedures for hiding malicious activity. The criminals’ goal is to exploit weaknesses in people, processes and technology in order to infiltrate the network and gain the ability to transfer funds and withdraw sensitive data.

For example, the most popular Trojan attack recently has been Kryptik. This malware is believed to be Russian-made and is successful because of its anti-emulation, anti-debugging, and code obfuscation features, which prevent analysis and allow for persistence. And while social engineering is still very prevalent, there has been a shift away from spear phishing toward island-hopping, as attackers try to gain a foothold and then jump to additional targets.

The modern cybercriminal understands that it is more lucrative to island-hop from the bank’s environment in order to attack its customers, which is why there are a variety of island-hopping attacks seen today.

The most common attacks seen in the financial sector is reverse business email compromise. These attacks occur when a hacker successfully takes over a victim’s email server and executes fileless malware attacks against members of the organization as well as the board. This has become easier for attackers as more employees are working from home, where their network security can be more easily compromised.

Watering-hole attacks make up one in every five attacks on financial institutions. In this case, hackers target a website frequently visited by partners or customers of the organization they are trying to breach. A majority of financial institutions reported increased attempts of wire fraud transfer since 2019. These attacks are often performed by exploiting gaps in the wire transfer verification process or through social engineering attacks targeting customer service representatives and consumers directly.

Hackers aim to identify websites that a majority of people are looking to gain information from. In this case, many people are looking to financial institutions to help them through trying times, and unfortunately hackers are taking advantage of that.

Bank heist: From heists to hostage situations

Cybercriminals are escalating their attacks as they fight back to maintain persistence. If it can’t be stolen, it will be destroyed – similar to burning a house down versus robbing it. And, increasingly, destructive attacks are being leveraged as counter incident response techniques. Trust and confidence can be undermined as cybercriminals appreciate that it is more valuable to commandeer the digital transformation efforts of the financial institution than to target its customers directly.

In order to fight against these attacks, financial institutions must conduct regular cyber threat hunting exercises to root out any persistent attacker that might already be inside. A shift to an intrinsic security model must occur, one where security is built in and not bolted on to the enterprise. Security teams must integrate security controls, microsegment, employ just-in-time authentication and modernize their endpoint security controls to mitigate the modern bank heist.

As the COVID-19 battle continues, it’s clear attackers will continue to target vulnerable populations and organizations, with an eye on finance. Increased vigilance and visibility into enterprise-wide endpoint activity are more paramount than ever. Cybersecurity is now a brand protection imperative, and the trust and confidence in the safety and soundness of a financial institution will depend on it.

VMware vSphere 7: Enabling enterprises to deliver elastic infrastructure for AI and ML apps

VMware introduced a new integrated feature in VMware vSphere 7 that will enable enterprises to deliver elastic infrastructure on-demand for artificial intelligence (AI) and machine learning (ML) applications.

This new feature—VMware vSphere Bitfusion—is developed out of VMware’s 2019 acquisition of Bitfusion, a pioneer in the virtualization of hardware accelerator resources including graphics processing unit (GPU) technology.

Organizations use hardware accelerators such as GPUs to dramatically improve the performance of AI/ML workloads that may run several hours or longer. IT teams have come to realize that these hardware accelerators are isolated islands—unable to be shared across many parts of the business.

The inability to share those resources leads to inefficient and poor utilization of both existing and newly purchased resources. The combination of Bitfusion and VMware vSphere will help organizations achieve cost savings, enable resource sharing out of the box, and deliver the right hardware accelerator resource, like a GPU, to the right workload at the right time.

“We aim to deliver the same value to GPUs that we delivered for CPUs,” said Krish Prasad, senior vice president and general manager, Cloud Platform Business Unit, VMware.

“By breaking down existing silos of GPU resources, organizations will be able to achieve better utilization and efficient use of them through sharing—resulting in immediate cost savings. More importantly, organizations will be able to jumpstart new or stalled AI/ML initiatives to drive their business forward by sharing those GPU resources with their teams on-demand with VMware vSphere 7.”

VMware vSphere 7 with Bitfusion enables efficient GPU pooling and sharing

AI and ML-based applications—deep learning training in particular—rely on hardware accelerators to tackle large and complex computation. With the newly integrated Bitfusion capabilities, VMware vSphere 7 will enable enterprises to pool their powerful GPU resources on their servers and share them within their data centers.

That will enable organizations to efficiently and rapidly share GPUs across the network with teams of AI researchers, data scientists and ML developers relying on and/or building AI/ML applications.

Released in April 2020, VMware vSphere 7 was rearchitected into an open platform using Kubernetes to provide a cloud-like experience for developers and operators. The Bitfusion feature of VMware vSphere 7 will leverage GPUs for applications running in virtual machines or containers.

Bitfusion can operate in a Kubernetes environment such as VMware Tanzu Kubernetes Grid, and is expected to run side-by-side as customers deploy AI/ML applications as part of an overall modern applications strategy.

The Bitfusion feature of VMware vSphere will be available through a single download with no disruption to current infrastructure and will seamlessly integrate with existing workflows and lifecycles.

VMware acquired Bitfusion last year with the intention to integrate the technology into VMware vSphere. Bitfusion offered a software platform that decoupled specific physical resources from the servers they are attached to in the environment. This included sharing GPUs in a virtualized infrastructure, as a pool of network-accessible resources, rather than isolated resources per server.

Dell Technologies taps VMware for Dell EMC ready solutions

Dell Technologies also announced two new Ready Solutions: Dell EMC Ready Solutions for AI: GPU-as-a-Service and Dell EMC Ready Solutions for Virtualized High Performance Computing (HPC). Read more details here.

With the new Dell EMC Ready Solutions for AI: GPU-as-a-Service, customers will be able to quickly and conveniently take advantage of GPUs to supercharge AI projects including predictive analytics, machine learning and deep learning.

These Ready Solutions will incorporate VMware Cloud Foundation including VMware vSphere Bitfusion along with Dell EMC servers, storage, networking and services. These solutions will help customers to provide developers and data scientists self-service access to a virtualized accelerator pool to increase the utilization and efficiency of these valuable resources.

The new Dell EMC Ready Solutions for Virtualized HPC (vHPC) will make it simpler for organizations to run demanding AI applications in VMware environments.

The ability to virtualize HPC and AI operations with VMware Cloud Foundation including VMware vSphere Bitfusion or VMware vSphere Scale-Out Edition will offer rapid hardware provisioning on demand, faster initial setup, and configuration and ongoing maintenance with centralized management and security.

Dell EMC Ready Solutions for vHPC support the intensive compute needs for bioinformatics, computational chemistry and computer-aided engineering.

“What we’re seeing among data science departments is that many of their artificial intelligence applications are already running in containers. There’s a great opportunity for us to serve them better by combining vSphere with Bitfusion and the native scaling abilities of vSphere with Kubernetes to accelerate their research.” – Johan van Amersfoort, Technologist EUC & AI, ITQ Consultancy

VMware Cloud Director vulnerability enables a full cloud infrastructure takeover

A code injection vulnerability (CVE-2020-3956) affecting VMware vCloud Director could be exploited to take over the infrastructure of cloud services, Citadelo researchers have discovered.

CVE-2020-3956

About VMware vCloud Director and CVE-2020-3956

VMware Cloud Director (formerly known as vCloud Director) is a cloud service delivery platform used by public and private cloud providers to operate and manage cloud infrastructure.

CVE-2020-3956 was discovered by Citadelo penetration testers during a security audit of a customer’s VMWare Cloud Director-based cloud infrastructure.

“An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access,” VMware explained in a security advisory published on May 19, after the company finished releasing patches for several versions of vCloud Director.

The researchers have provided more details about the vulnerability, explained how it can be exploited, and shared an exploit.

The damage attackers can do after exploiting the flaw is substantial. They can:

  • View content of the internal system database, including password hashes of any customers allocated to this infrastructure
  • Modify the system database to steal foreign virtual machines (VM) assigned to different organizations within Cloud Director
  • Escalate privileges from “Organization Administrator” (normally a customer account) to “System Administrator” with access to all cloud accounts (organization) as an attacker can change the hash for this account
  • Modify the login page to Cloud Director, which allows the attacker to capture passwords of another customer in plaintext, including System Administrator accounts
  • Read other sensitive data related to customers.

The vulnerability has been patched

The vulnerability was privately reported to VMware, and has been addressed in April and May.

VMware considers the flaw to be “important” and not “critical”, since an attacker must be authenticated in order to exploit CVE-2020-3956. But, as the researchers noted, “cloud providers offering a free trial to potential new customers using VMware Cloud Director are at high risk because an untrusted actor can quickly take advantage.”

Admins are advised to upgrade to vCloud Director versions 10.0.0.2, 9.7.0.5, 9.5.0.6 or 9.1.0.4 to plug the security hole. A workaround is also available for those that can’t upgrade to a recommended version (temporarily or ever).

VMware Cloud Director v10.1.0 and vCloud Director versions 9.0.x and 8.x are not affected by the flaw.

Kinetic Business unveils SD-WAN built upon VeloCloud technology from VMware

As small to mid-sized businesses use more bandwidth every year to modernize their companies, Kinetic Business is proud to announce a SD-WAN solution to help manage their usage.

Kinetic Business SD-WAN is built upon VeloCloud technology from VMware, an industry leader in SD-WAN solutions. The partnership between Kinetic and VMware delivers small and mid-size businesses the same control and confidence as major corporations, and it’s easily accessible through an award-winning management portal.

“Our customers are increasing their network complexity with multiple WiFi networks and cloud applications,” said Joe Johnson, vice president of Kinetic Product Development and Management.

“We already deliver an excellent broadband product over our robust fiber network. Our customers have asked for greater simplicity and control over their networks, and with this partnership we are delivering an industry leading solution easily managed from a web interface or a mobile device.”

For example, at a restaurant and bar, the owner wants to keep video and music streaming for customers but also make sure credit cards are being processed and online orders are coming in, as well as answer the phone. With SD-WAN’s application prioritization, that owner can easily bump the most important applications to the top of the list.

VMware SD-WAN also features WAN controls to keep businesses up and running. Whether a customer brings in a second WAN link or relies upon an LTE backup, they can be assured that critical applications continue to operate when the unexpected occurs.

Not only does WAN control automatic failover communications, but it can do so seamlessly, without even dropping the call the customer is on.

Kinetic Business SD-WAN also provides important benefits to multi-site customers. It allows branch offices to easily connect to each other, without building VPN connections, managing routing tables, and other complex networking configurations.

An owner can see what devices and networks are doing at all locations, while resting assured that communications between branch sites and headquarters, or data centers, or the cloud are up, running, and reliable.