VIRTUAL DESKTOP TOOLS
VMware | August 09, 2022
At Black Hat USA 2022, VMware, Inc. released its eighth annual Global Incident Response Threat Report, which takes a deep dive into the challenges faced by security teams amid pandemic disruptions, burnout, and geopolitically motivated cyberattacks. Sixty-five percent of defenders state that cyberattacks have increased since Russia invaded Ukraine, according to report findings. The report also shines a light on emerging threats such as deepfakes, attacks on APIs, and cybercriminals targeting incident responders themselves.
“Cybercriminals are now incorporating deepfakes into their attack methods to evade security controls,” said Rick McElroy, principal cybersecurity strategist at VMware. “Two out of three respondents in our report saw malicious deepfakes used as part of an attack, a 13% increase from last year, with email as the top delivery method. Cybercriminals have evolved beyond using synthetic video and audio simply for influence operations or disinformation campaigns. Their new goal is to use deepfake technology to compromise organizations and gain access to their environment.”
Additional key findings from the report include:
Cyber pro burnout remains a critical issue. Forty-seven percent of incident responders said they experienced burnout or extreme stress in the past 12 months, down slightly from 51% last year. Of this group, 69% (versus 65% in 2021) of respondents have considered leaving their job as a result. Organizations are working to combat this, however, with more than two-thirds of respondents stating their workplaces have implemented wellness programs to address burnout.
Ransomware actors incorporate cyber extortion strategies. The predominance of ransomware attacks, often buttressed by e-crime groups’ collaborations on the dark web, has yet to let up. Fifty-seven percent of respondents have encountered such attacks in the past 12 months, and two-thirds (66%) have encountered affiliate programs and/or partnerships between ransomware groups as prominent cyber cartels continue to extort organizations through double extortion techniques, data auctions, and blackmail.
APIs are the new endpoint, representing the next frontier for attackers. As workloads and applications proliferate, 23% of attacks now compromise API security. The top types of API attacks include data exposure (encountered by 42% of respondents in the past year), SQL and API injection attacks (37% and 34%, respectively), and distributed Denial-of-Service attacks (33%).
Lateral movement is the new battleground. Lateral movement was seen in 25% of all attacks, with cybercriminals leveraging everything from script hosts (49%) and file storage (46%) to PowerShell (45%), business communications platforms (41%), and .NET (39%) to rummage around inside networks. An analysis of the telemetry within VMware Contexa, a full-fidelity threat intelligence cloud that’s built into VMware security products, discovered that in April and May of 2022 alone, nearly half of intrusions contained a lateral movement event.
“In order to defend against the broadening attack surface, security teams need an adequate level of visibility across workloads, devices, users and networks to detect, protect, and respond to cyber threats, When security teams are making decisions based on incomplete and inaccurate data, it inhibits their ability to implement a granular security strategy, while their efforts to detect and stop lateral movement of attacks are stymied due to the limited context of their systems.”
Chad Skipper, global security technologist at VMware
Despite the turbulent threat landscape and rising threats detailed in the report, incident responders are fighting back with 87% saying that they are able to disrupt a cybercriminal’s activities sometimes (50%) or very often (37%). They’re also using new techniques to do so. Three-quarters of respondents (75%) say they are now deploying virtual patching as an emergency mechanism. In every case, the more visibility defenders have across today’s widening attack surface, the better equipped they’ll be to weather the storm.
VMware conducted an online survey about trends in the incident response landscape in June 2022, and 125 cybersecurity and incident response professionals from around the world participated. Percentages in certain questions exceed 100 percent because respondents were asked to check all that apply. Due to rounding, percentages in all questions may not add up to 100 percent.
In addition to VMware’s presence at Black Hat USA 2022, there will be more than 100 security talks at VMware Explore, the global multi-cloud industry event taking place August 29 – September 1, 2022 at Moscone Center in San Francisco. Register today to begin building your agenda.
VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. As a trusted foundation to accelerate innovation, VMware software gives businesses the flexibility and choice they need to build the future. Headquartered in Palo Alto, California, VMware is committed to building a better future through the company’s 2030 Agenda.
VIRTUAL SERVER MANAGEMENT
Verizon | September 19, 2022
Verizon, the leader in Virtualized Radio Access Network (VRAN) innovation, has now deployed over 8,000 virtualized cell sites with a goal of deploying over 20,000 by the end of 2025. This technology milestone allows Verizon to rapidly respond to customers’ varied latency and computing needs, and provides greater flexibility and agility in the introduction of new products and services. The move to a cloud-based, virtualized architecture with standardized interfaces in every part of the network leads to greater flexibility, faster delivery of services, greater scalability, and improved cost efficiency in networks.
“We are building the network with the most advanced technology available, because we know people rely on our network and we are committed to delivering the variety and quality of services our customers need, Even while driving the most aggressive network deployment in our company’s history, we know giving people access to 5G is only part of the winning equation.”
Adam Koeppe, Senior Vice President of Planning and Technology at Verizon
Key 5G use cases focused on providing the best, most efficient network for customers, will heavily rely on the programmability of virtualized networks. Networks must serve IoT devices that do very little networking and stay in place, smartphones with infinite opportunities to use data in a highly mobile environment, and complex solutions like Augmented Reality that require massive computing capabilities on the edge of the network. These various network solutions rely on a correlated variety of resources from the network, which until recently have been defined rigidly and manually. Using orchestration and automation capabilities at scale on virtual infrastructure, Verizon automates network configuration changes and resource scaling dynamically based on demand. This is one of the greatest benefits of virtualizing a network - essentially building programmability into the network.
It takes more than just virtualization
While the advancement of virtualization technology is a critical step towards advanced 5G solutions, Verizon is working on many other technological advancements in parallel to deliver to customers the most robust, advanced, and reliable network in the world.
Verizon recently announced a massive advancement in its packet core network, quadrupling the capacity on its fiber network.
It also recently announced it is beginning to deploy 100 MHz of C-band spectrum in many markets across the US– a significant increase from the 60 MHz of spectrum it has deployed in 5G markets to date. Almost doubling the spectrum available for 5G Ultra Wideband turbo charges the service, offering significantly higher speeds, much greater capacity to accommodate more customers and more robust services, and allows Verizon to offer 5G Home broadband and Business Internet services to more customers.
ORAN - Disaggregating the hardware and software functions on the network through widespread virtualization creates the foundation for ORAN. ORAN is an evolution of the virtual network architecture with the potential to bring many benefits in terms of deployment flexibility, faster innovation in an open environment, and greater service options by increasing the opportunity for new entrants to provide competitive and advanced solutions. More competition, more innovation, and increased supplier diversity will all be a net benefit to operators and consumers.
Advanced antenna configurations - Verizon continues to drive antenna efficiency, including widespread use of Massive MIMO, which leads to greater speeds and less signal interference resulting in greater capacity and speed for customers.
MEC - Mobile EdgeComputing (MEC) moves the data processing done by the applications and services closer to the customer at the edge of the network. This shortens the roundtrip distance data travels from the device to servers that can process data. This helps critical, performance-impacting applications respond more quickly and efficiently. Verizon’s MEC is deployed in a rack next to our Core network gear which enables the lowest possible latency. We are partnering with the top cloud partners, driving tighter network integration/differentiation through API’s. Verizon recently expanded its MEC ecosystem by bringing AWS Wavelength zones to Nashville and Tampa and now reaches 19 metro areas. This means that 75% of the U.S. population is now within 150 miles of VZ 5G Edge.
Webscale platform - Using a Verizon-owned and operated webscale platform, Verizon engineers have created a cloud-native architecture. Verizon’s telco cloud has been optimized for telco workloads, unique telco regulatory and performance requirements, and tighter integration with other operations systems. This unique cloud architecture drives efficiency and allows functionality to be distributed throughout the network. Verizon’s native telco workloads (Core, RAN, signaling, and user plane) run more efficiently and with better performance and resiliency when deployed on this optimized cloud platform.
Verizon remains very active in global standards bodies and continue to work with experts globally to set standards and expectations for future technology.
VIRTUAL SERVER INFRASTRUCTURE
Code42 | September 26, 2022
Code42 Software, Inc., the Insider Risk Management (IRM) leader, today announced its Incydr product fully supports all major Desktop-as-a-Service (DaaS) and Virtual Desktop Infrastructure (VDI) environments. The Code42® Incydr™ product detects when valuable and sensitive files are moved to untrusted locations, including personal email and cloud accounts, and removable media – and allows security teams to quickly respond in order to stop data leaks and theft.
According to a recent survey of IT professionals published by Citrix, nearly 70% of organizations are planning to implement VDIs to accommodate hybrid or remote work strategies, with just under 60% accelerating the adoption of cloud tools. Though DaaS and VDI solutions help security teams better protect against vulnerabilities, malicious actors and other external threats, they do little to reduce the risk from insiders, as virtual environments inherently depend on cloud tools.
“We’ve seen a notable uptick in the number of teams that have deployed DaaS and VDI solutions throughout their environments. Given the continued popularity of bring-your-own-device (BYOD) and remote work, coupled with an unstable hardware supply chain, we absolutely expect this trend to continue, In virtual-first organizations where there is pervasive use of cloud collaboration tools, such as Git, Salesforce, GDrive, OneDrive and iCloud, Incydr wraps a layer of protection around data put at risk by insiders, complementing solutions that focus on external threats and malicious actors.”
Rob Juncker, CTO of Code42
Code42 Incydr: The Industry’s Leading Data Security Product for Exfiltration Detection and Response
Incydr is an Insider Risk Management solution that provides the visibility, context and controls needed to stop data leak and IP theft. Organizations utilize Incydr to detect and respond to data exposure and exfiltration from corporate computer, cloud and email systems. It deploys in hours so security teams can address material risk to the business in a matter of days and drive the secure work habits needed to decrease how often employees put data at risk in the future.
Code42 Instructor: Education-Led Insider Risk Response
The Code42 Instructor™ micro-learning solution improves Insider Risk awareness by focusing on the creation of holistic, security-oriented cultures. The solution delivers actionable, hyper-targeted and bite-sized video lessons to end-users when they’re needed most, helping to change security behavior for the long term. The Instructor solution helps organizations rapidly mature their Insider Risk Management programs by incorporating data-driven Insider Risk behavioral guidance for end-users.
Combining the Power of Incydr and Instructor
Instructor works in tandem with Incydr, allowing security, compliance and education teams to immediately send corrective video lessons triggered by employee actions that create risk for the business. For example, when Incydr flags file movement to an untrusted location, like an unauthorized cloud application, an Instructor video specifically explaining the correct activity is sent to educate the employee in real-time through the Incydr solution.
Code42 Services: Measure, Manage, Mitigate
IRM technology is simpler and faster to deploy than other technologies, such as DLP and CASB, but it does require a strategy and mindset shift. Insider Risk Management isn’t only about data – it’s about a company’s employees and culture. Code42 IRM Services are designed to help organizations establish an efficient and effective IRM program rooted in transparency, training and technology. Code42’s services take a collaborative approach to helping organizations develop, operationalize, and mature an end-to-end IRM program.
Code42 is the leader in Insider Risk Management (IRM), offering end-to-end data loss detection and response solutions. The Code42 Incydr product is native to the cloud and rapidly detects data exposure, loss, leak and theft as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. Accelerating the effectiveness of Insider Risk programs are the Code42 Instructor microlearning solution, and Code42’s full suite of expert services.
With Code42, security professionals can protect corporate data and reduce insider risk while fostering an open and collaborative culture for employees. Designed to meet regulatory control requirements, Code42’s IRM solution is FEDRAMP authorized and can be configured for GDPR, HIPAA, PCI and other compliance frameworks. Innovative organizations, including the fastest-growing security companies, rely on Code42 to safeguard their ideas. Founded in 2001, the company is headquartered in Minneapolis, Minnesota, and backed by Accel Partners, JMI Equity, NewView and Split Rock Partners. Code42 has played a defining role in developing a vision and requirements for the IRM category – now recognized by Gartner, IDC and Forrester – and is a founding member of the annual Insider Risk Summit and Insider Risk Community.
The Company has several offices across the United States and its clients include large multinational organizations, such as Crowdstrike, Exabeam, BAYADA Home Health Care, Juniper Networks, Lending Club, MacDonald-Miller, MACOM, North Highland, Ping Identity, Shape Technologies, Snowflake, University of Georgia, User Testing, UTEX and Xactly.