VIRTUAL DESKTOP TOOLS,SERVER VIRTUALIZATION,SERVER HYPERVISORS
Fortinet | December 14, 2022
Fortinet issued an advisory Monday detailing the heap-based buffer overflow flaw, tracked as CVE-2022-42475, affecting multiple versions of its FortiOS SSL-VPN. Ranked a 9.3 on the common vulnerability scoring system, Fortinet warned the critical flaw could allow a remote unauthenticated attacker to execute arbitrary code.
"Fortinet is aware of an instance where this vulnerability was exploited in the wild, and recommends immediately validating your systems against the following indicators of compromise," Fortinet wrote in the advisory.
Patches are available, and Fortinet recommended upgrading to the latest versions as well as the unaffected earlier version of FortiOS. In an email to TechTarget Editorial, Fortinet said it also continues to monitor the situation.
While the company's Product Security Incident Response team made the advisory publicly available Monday, it was not the first notification on the critical flaw. Olympe Cyberdefense, a France-based cyber threat intelligence vendor, released an alert Friday citing that a "new critical flaw, not yet made public" affected Fortinet SSL-VPN.
The alert, which was first reported Monday by TechTarget sister publication Le Mag IT, warned the zero-day vulnerability was easy to exploit and that attackers could gain full control of intended devices. Additionally, Olympe Cyberdefense recommended disabling VPN-SSL functionality if it's not essential.
Olympe updated its alert once Fortinet confirmed the vulnerability and urged customers to patch.
In a statement sent to TechTarget Editorial, Claire Tills, senior researcher engineer at Tenable, noted the time gap between the Olympe's initial disclosure and Fortinet's advisory. "Three days after its initial public disclosure, Fortinet patched CVE-2022-42475 and confirmed it has been exploited in the wild," Tills said.
"Fortinet SSL-VPNs have been a major target for years now -- to the extent that the FBI and CISA issued a dedicated advisory to these flaws and their exploitation in 2021. Nation state actors are still known to exploit those legacy vulnerabilities in Fortinet SSL-VPNs. Given that this new vulnerability has already been exploited, organizations should patch CVE-2022-42475 immediately before it joins the ranks of other legacy VPN flaws."
Attacks targeting VPNs have been on the rise, with multiple government warnings since 2020 when remote work increased amid the COVID-19 pandemic. In October, FortiOS faced another critical vulnerability that allowed attackers to bypass authentication and was exploited in the wild. Like Monday's advisory, Fortinet was not the first to publicly disclose the flaw.
VIRTUAL DESKTOP TOOLS,SERVER VIRTUALIZATION
Hughes | January 17, 2023
Hughes Network Systems, an EchoStar company, has announced that it will debut the Hughes Active Power Edge, a power distribution unit designed for managed services, and showcase its suite of managed services at Retail's Big Show 2023. The Hughes Active Power Edge promises to lower the costs of running a data center and make it use less energy.
The Active Power Edge (model number HS54) is designed to make networks more reliable, smarter, and better performing for enterprise customers by correlating data points such as network performance, power usage, and power conditioning . Hughes Network Systems, EchoStar, and a team of experts who are committed to making new managed services solutions came together to make the Hughes Active Power Edge (model number HS54).
Dan Rasmussen, senior vice president, enterprise division, Hughes, commented, “By correlating data points like power usage, power conditioning and network performance, the Hughes Active Power Edge enables us to be even more proactive in ensuring reliable business operations for our customers.”
It can reset outlets and power cycle connected devices as needed, thus maintaining network uptime seamlessly, saving customers time and costly downtime. It is seamlessly integrated into the HughesON suite of managed network services. The Active Power Edge (model number HS54) is a powerful tool for enterprise customers that makes networks smarter, more reliable, and higher performing.
Hughes Network Systems, LLC, a subsidiary of EchoStar (Nasdaq: SATS), provides broadband equipment and services, managed services based on smart, software-defined networking, and end-to-end network operation to millions of consumers, businesses, governments, and communities around the world. HughesNet®, the company's flagship internet service, connects millions across the Americas, and the Hughes JupiterTM System provides internet access to tens of millions more worldwide. Hughes works with more than half of the world's satellite operators, in-flight service providers, mobile network operators, and military customers. Hughes, a managed network services provider, supports 500,000 enterprise sites with its HughesONTM portfolio of wired and wireless solutions.
VIRTUAL DESKTOP TOOLS
Dell Technologies | November 18, 2022
Dell Technologies is expanding its industry leadership in data protection appliances and software1 to help customers protect their data on premises, in public clouds and at the edge.
The Dell PowerProtect Data Manager Appliance leads a series of advancements for multicloud data protection that are simple to use and easy to consume. Dell innovation in AI-powered resilience and operational security accelerates the adoption of Zero Trust architectures, helping protect organizations from the increasing threat of cyberattacks.
The new solutions help address rising data protection challenges facing organizations. According to the 2022 Dell Global Data Protection Index (GDPI) survey, organizations have experienced higher levels of natural and modern disasters than in previous years, resulting in more data loss, downtime and recovery costs. In the past year, cyberattacks accounted for 48% of all disasters (up from 37% in 2021), leading all other causes of data disruption. The survey also revealed 85% of organizations using multiple data protection vendors see a benefit in reducing their number of vendors. Furthermore, it revealed that organizations using a single data protection vendor incurred 34% less cost recovering from cyberattacks or other cyber incidents than those who used multiple vendors.
"With virtually everything connected to the internet in today's digital world, the need to protect valuable data is more important than ever, This digital landscape requires a modern data protection and security strategy to address cyber threats. Point solutions don't go deep or wide enough to help protect organizations. Dell helps customers strengthen cyber resiliency by offering integrated data protection software, systems and services to help ensure data and applications are protected and resilient wherever they live."
Jeff Boudreau, president and general manager, Infrastructure Solutions Group, Dell Technologies
The GDPI survey found that 91% of organizations are either aware of or planning to deploy a Zero Trust architecture – a cybersecurity model that shifts how organizations approach security from relying solely on perimeter defenses to a proactive strategy that only allows known, authorized traffic across system boundaries and data pipelines. However, only 23% are deploying a Zero Trust model and 12% are fully deployed. With embedded security features designed into the hardware, firmware and security control points, Dell's holistic approach helps organizations achieve Zero Trust architectures to strengthen cyber resiliency and help reduce security complexity.
The simplest path to modern data protection
Dell continues to deliver innovation for its data protection software, Dell PowerProtect Data Manager, to help organizations simplify their IT operations and reduce risk. PowerProtect Data Manager software addresses the increasing need for cyber resiliency and supports Zero Trust principles with new built-in operational security capabilities, such as multifactor authentication, dual authorization, and role-based access controls.
The Dell PowerProtect Data Manager Appliance offers a simple path to adopt modern data protection. The debut system is ideal for small and mid-sized use cases with support that scales from 12 to 96 terabytes of data.
The appliance offers customers a:
Modern, software-defined architecture: Allows automated discovery and protection of assets and delivers unique VMware protection with Transparent Snapshots to ensure the availability of all VMs without business disruption.
Secure, cyber resilient solution: Provides more secure access to restricted functions with Identity and Access Management to strengthen cyber resiliency.
Simple, unified user experience: Delivers software-defined data protection, making it easy to deploy and use.
"Dell PowerProtect Data Manager simplifies our backup environment, giving us the business agility needed to protect our data as we digitally transform," said James McNair, vice president, distributed systems manager, Trustmark Bank. "With the new PowerProtect Data Manager Appliance, we can more simply deploy Data Manager across our infrastructure, helping us be more efficient and strengthening our cyber resiliency."
Dell expands cyber recovery for fast, easy-to-deploy public cloud vaults
PowerProtect Cyber Recovery for Google Cloud enables customers to deploy an isolated cyber vault in Google Cloud to more securely separate and protect data from a cyberattack. Unlike standard cloud-based backup solutions, access to management interfaces is locked down by networking controls and can require separate security credentials and multi-factor authentication for access.
Organizations can use their existing Google Cloud subscription for purchasing PowerProtect Cyber Recovery through the Google Cloud Marketplace, and the service can be acquired directly from Dell and its channel partners.
The new offering marks the latest expansion of Dell's cyber recovery capabilities for public clouds, following this year's introduction of Dell PowerProtect for Microsoft Azure and CyberSense for Dell PowerProtect Cyber Recovery for AWS.
Dell APEX simplifies backup storage with flexible consumption options
Dell APEX Data Storage Services is expanding to offer a Backup Target option to provide more secure backup storage in a pay-per-use, flexible consumption model. The Backup Target service is easy for customers to adopt and streamlines the process of purchasing, deploying and maintaining backup storage. Building on Dell's leadership in data protection appliances and software1, the Backup Target helps reduce a customer's storage footprint and can increase data availability.
The new Dell APEX Data Storage Services Backup Target offer will support the increasing reliance on as-a-Service offerings to help overcome data protection challenges. Nearly every GDPI respondent (99%) identified at least one as-a-Service offering as a high priority to help overcome challenges for their organization. Storage as-a-Service (44%), Cyber Recovery as-a-Service (41%), and Backup as-a-Service (40%) ranked as the top three as-a-Service priorities.
Dell expands Future-Proof Program with new Cyber Recovery Guarantee
With cyber threats increasing and data becoming more valuable than ever, Dell plans to introduce in January a new Cyber Recovery Guarantee2 to provide assurance to customers that their data will be recoverable following a cyberattack. Dell will provide customers up to $10 million in reimbursement for qualifying expenses to assist in the recovery of data from ransomware and other cyber incidents in the event restoring data is not possible with Dell solutions.
The guarantee is designed to increase customer comfort and confidence in choosing Dell Data Protection Solutions, whether for data in production or, more securely, in a cyber vault. This new cyber recovery guarantee expands the Dell Technologies Future-Proof Program, which also includes a Data Protection Deduplication Guarantee3.
Seife Teklu, senior solutions architect, Arrow Electronics
"The integrated Dell PowerProtect Data Manager Appliance is easy to use and quick to deploy. This system will be a compelling option for our small to medium-sized customers needing to modernize data protection to help reduce risk and ensure business continuity."
Dell PowerProtect Data Manager Appliance is globally available this month in more than 30 countries across North America, Latin America, Europe and Asia Pacific.
Dell PowerProtect Data Manager software is globally available today.
Dell PowerProtect Cyber Recovery for Google Cloud Platform is globally available today.
Dell APEX Data Storage Services Backup Target will be globally available in the first quarter of 2023 in 16 countries across North America, Europe and Asia Pacific.
Dell's new Cyber Recovery Guarantee will be available in the US starting in January 2023.
About Dell Technologies
Dell Technologies helps organizations and individuals build their digital future and transform how they work, live and play. The company provides customers with the industry's broadest and most innovative technology and services portfolio for the data era.