HashiCorp | October 10, 2022
HashiCorp, Inc. a leading provider of multi-cloud infrastructure automation software, today announced the general availability of HashiCorp Cloud Platform (HCP) Boundary, a secure remote access product. With this release, Boundary joins HCP Vault and HCP Consul to provide the industry’s first zero trust security solution to secure applications, networks, and people built for the cloud.
As organizations move to the cloud and adopt cloud operating models, they require a different approach to security — commonly referred to as zero trust security — where the default security posture is to trust nothing, authenticate and authorize everything. But the gap between legacy security postures and the accelerated move to the cloud is contributing to a significant increase in security breaches. According to the HashiCorp State of Cloud Strategy Survey, 89% of respondents believe security is the number one determining factor for cloud success, which is driving organizations to adopt zero trust security postures.
HashiCorp’s approach to zero trust security focuses on using identity to secure applications, networks, and people across multiple clouds, on-premises, and hybrid environments, which reduces the attack surface and automates complex security workflows. This ensures people, machines, and services are authenticated, every action is authorized, and data is protected.
“As organizations continue to expand their cloud estates, they must shift their security strategies to keep up with the growth and complexity of applications, network components, and cloud-based systems, At HashiCorp, we have always believed that identity is the foundation for zero trust security for applications, networks, and users. With HCP Boundary, companies now have a modern solution for privileged access management, securing access in dynamic, ephemeral environments for their workforce. We think we’ve reached an important milestone for our customers by delivering a security solution built for today’s threat and infrastructure landscape.”
Armon Dadgar, co-founder and CTO, HashiCorp
As organizations move out of traditional datacenters and into multiple clouds, hybrid, and edge environments, securing their infrastructure becomes more complex at scale. The HashiCorp zero trust solution covers all three of these aspects:
Applications: HashiCorp Vault provides a consistent way to manage application identity by integrating many platforms and identity providers. Vault enables fine-grained access control and authorization between applications and databases, including dynamically rotating credentials, PKI certificates, and API tokens, while also ensuring application data is always secure in transit and at rest.
Networks: HashiCorp Consul secures network traffic between applications and services, enabling fine-grained access control policies, observability, and traffic shaping. Consul integrates with Vault’s identity platform to leverage application identity for the policies and to allow dynamic PKI.
People: HashiCorp Boundary ensures the right people have access to the right systems and cloud services while removing the need to distribute and issue credentials, expose private networks, or manage static credentials. Boundary integrates with Vault to issue just-in-time credentials and ensure ephemeral access to critical systems.
General Availability of HCP Boundary
HCP Boundary provides a secure remote access solution for a cloud operating model, offering improvements over existing software-defined perimeter (SDP) solutions, like VPNs, and privileged access management (PAM) solutions that are IP-driven and highly manual. With HCP Boundary, teams gain fine-grained authentication and authorization controls, rapid user onboarding, and automated workflows for target discovery and credential management for ephemeral resources. As a cloud-based service, HCP Boundary benefits organizations struggling with security as they transition to the cloud, driven by people and skills shortages.
HCP Boundary allows teams and users to access the critical systems they need while abstracting the session connection, establishment, credential issuance, and revocation. Boundary provides operations and security teams the ability to dynamically pull in cloud service catalogs and on-premises resources and map out policies to which systems, users, and groups should have access. To do this Boundary leverages Vault to provide passwordless connections, and after each use revokes the credentials. This helps ensure critical information like credentials, networks, and resources are never exposed to the user or outside actors.
In addition to core secure remote access capabilities, Boundary also offers:
Identity platform integration with Microsoft Azure Active Directory and Okta, along with many other identity platforms that support OpenID Connect to onboard trusted identities and delegate authentication
Role-based access control (RBAC) to provide broad or fine-grained access to people throughout your organization
Passwordless authentication for seamless integration with dynamic secrets and Vault
Automated service discovery for streamlined discovery and configuration of targets. Dynamic host catalogs are currently available with Microsoft Azure and AWS, as well as direct HashiCorp Terraform integration to pull in resources under management
Session visibility and logging to get insights into session metrics, events, logs, and traces with the ability to export data to business intelligence and event monitoring tools
HashiCorp is a leader in multi-cloud infrastructure automation software. The HashiCorp software suite enables organizations to adopt consistent workflows and create a system of record for automating the cloud: infrastructure provisioning, security, networking, and application deployment. HashiCorp’s portfolio of products includes Vagrant™, Packer™, Terraform®, Vault™, Consul®, Nomad™, Boundary™, and Waypoint™. HashiCorp offers products as open source, enterprise, and as managed cloud services. The company is headquartered in San Francisco, though most of HashiCorp employees work remotely, strategically distributed around the globe.
VIRTUAL DESKTOP STRATEGIES
Sophos | November 22, 2022
Sophos, a global leader in innovating and delivering cybersecurity as a service, today introduced new Sophos Firewall capabilities to better meet the complex and demanding needs of distributed and enterprise edge computing. Sophos Firewall now delivers performance enhancements that accelerate encrypted traffic inspection, dynamic traffic routing for Internet Protocol version 6 (IPv6), added resiliency with software-defined wide area network (SD-WAN) load balancing and high-availability enhancements, and seamless integration with Microsoft Azure Active Directory.
“One of the key benefits of the Xstream architecture and Flow Processors is that they are programmable. This means that while other firewalls get slower over time, we can increase performance, even when we add new features and capabilities, Our design ensures customers’ investment in Sophos Firewall is future-proofed and enables seamless transition to a cloud-enabled world. SD-WAN and Secure Access Service Edge (SASE) demand a more efficient platform, which is not only resilient but also makes day-to-day management easier and faster than ever.”
Daniel Cole, vice president of network security product management at Sophos
The effective and reliable assessment of network traffic is critical in protecting against threat actors, as evidenced in Sophos’ 2023 Threat Report that published today. Distributed offices, remote workforces, cloud workloads, custom-built legacy apps, and a growing reliance on global software-as-a-service providers create a configuration and risk management headache for network security managers.
Sophos Firewall now provides the performance, protection and resiliency that distributed enterprises require, while simplifying the management of complex networks. Benefits include:
Advanced performance and protection: A new high-performance dynamic routing engine and Xstream Transport Layer Security (TLS) FastPath acceleration improves encrypted traffic inspection while also adding headroom for traffic that requires deep-packet inspection; the asymmetric cryptographic capabilities within Xstream Flow Processors – included in every XGS Series appliance – enable TLS inspection on even the most demanding networks
Added resiliency and peace of mind: New SD-WAN load balancing for performance and reliability in the event of an internet service providers’ (ISP) outage along with enhancements to high-availability clusters ensure maximum business continuity and uptime for mission critical networks
Improved ease of management: Managing network security is easier than ever with new Microsoft Azure Active Directory integration for seamless administrator single sign-on and new host and service object search
Sophos Firewall integrates with Sophos ZTNA (zero trust network access) under one unified management plane and is a key pillar of Sophos’ SASE strategy, providing a more simplified, scalable and secure solution over traditional remote-access virtual private networks (VPN). The network solution is also part of the Sophos Adaptive Cybersecurity Ecosystem, which integrates Sophos’ entire portfolio of products, services and Sophos X-Ops threat intelligence for faster and more contextual and synchronized detection, protection and response.
Sophos Firewall is available for immediate purchase exclusively through Sophos’ global channel of partners and Managed Service Providers (MSPs). It is easily managed in the cloud-native Sophos Central platform alongside other solutions, where users can oversee installations, respond to alerts and track licenses and upcoming renewal dates via a single, intuitive interface, or by Sophos Managed Detection and Response (MDR).
What Analysts, Channel Partners and Customers Say
“With their latest firewall release, Sophos has leveraged the flexibility of their Xstream architecture to deliver improvements in performance for VPN throughput and more efficient handling of TLS encrypted traffic, which is vitally important in today’s encrypted world,” said Christopher Rodriguez, research director of IDC’s Security & Trust practice. “They’ve also completed the build-out of their networking feature set to provide an integrated SD-WAN solution. Combined with other recent enhancements to their secure access portfolio like ZTNA as a Service, they’re positioning to provide the features and capabilities that larger distributed enterprise organizations demand, while also building out a SASE strategy that will appeal to organizations of all sizes.”
“As a multinational technology consulting firm that’s relied on Sophos Firewall since it was first incepted, Seidor Networks intimately knows the offering is a must-have solution for protecting against malware and other unwanted network traffic,” said Sean Hancock, ISP manager at Seidor Networks. “Sophos is continuously innovating and adding new features that are industry best. This new version of Sophos Firewall raises the bar even higher with unrivaled network protection and performance; and when you pair Sophos Firewall with Sophos XDR, the results are truly next level as endpoints and firewalls share real-time threat intelligence for further improved network visibility and lateral movement control.”
“The new Sophos Firewall software has multiple advantages for all of our customers,” said Marc Hurrelmann, chief executive officer at Midland IT. “Many of the features added have been designed to address the challenges that larger organizations are facing with implementing SD-WAN, optimizing performance, scaling their network, improving resiliency and up-time, and enhancing management efficiency. Smaller organizations will benefit from all the added value packed into Sophos Firewall with better performance, protection, networking, and management.”
Sophos is a worldwide leader and innovator of advanced cybersecurity solutions, including Managed Detection and Response (MDR) and incident response services and a broad portfolio of endpoint, network, email, and cloud security technologies that help organizations defeat cyberattacks. As one of the largest pure-play cybersecurity providers, Sophos defends more than 500,000 organizations and more than 100 million users globally from active adversaries, ransomware, phishing, malware, and more. Sophos’ services and products connect through its cloud-based Sophos Central management console and are powered by Sophos X-Ops, the company’s cross-domain threat intelligence unit. Sophos X-Ops intelligence optimizes the entire Sophos Adaptive Cybersecurity Ecosystem, which includes a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity and information technology vendors. Sophos provides cybersecurity-as-a-service to organizations needing fully-managed, turnkey security solutions. Customers can also manage their cybersecurity directly with Sophos’ security operations platform or use a hybrid approach by supplementing their in-house teams with Sophos’ services, including threat hunting and remediation. Sophos sells through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K.
VIRTUAL SERVER INFRASTRUCTURE
ProArch | October 20, 2022
ProArch, a global IT services and consulting firm and top Microsoft Solutions Partner, has partnered with Nerdio the premier solution for organizations looking to deploy virtual desktops in Microsoft Azure and Rimo3 the leading innovator of intelligent, automated, testing and modernization solutions for enterprise Windows applications to fortify ProArch’s Desktop-as-a-Service (DaaS) solution.
Gartner projects the demand for DaaS to grow 253% between 2021 and 2024. Recognizing a market and skills gap, ProArch has enlisted Nerdio and Rimo3 to deliver a highly comprehensive DaaS solution that supports modern cloud strategies that enterprise IT leaders are looking to adopt.
“With experience working with enterprises across cloud, security, data and application development, we know every organization requires a unique approach to adopting Azure Virtual Desktop (AVD), DaaS strategically moves workloads to a secure AVD environment and includes ongoing guidance from ProArch, so your team isn’t left wondering what to do next. Now, in partnership with Nerdio and Rimo3, we’re able to leverage automation to streamline migration and management so that enterprises can accelerate their cloud journey and be more flexible and secure.”
Ben Wilcox, CTO of security and cloud at ProArch
ProArch’s DaaS Solution is built on top of Microsoft’s Azure Virtual Desktop (AVD), Nerdio Manager for Enterprise and Rimo3. The solution helps enterprises realize the benefits of a distributed workforce and build elasticity into their IT infrastructure to accelerate growth. It is currently available, and ProArch has begun working with enterprise organizations to execute the migration of workloads, AVD implementation and ongoing managed services.
ProArch’s DaaS Solution is unique in the market not only because of the strength of its technology stack but also because ProArch performs the migration of workloads while incorporating security best practices. In addition, ProArch’s 24/7 Security Operations Center (SOC) can be integrated into the service to monitor and respond to cyber threats in real time.
“We have always admired ProArch’s strong expertise in helping enterprises realize their cloud potential,” said Vadim Vladimirskiy, CEO and cofounder of Nerdio. “We are excited to propel their new DaaS solution alongside Rimo3 so that enterprise organizations can get up and running with Azure Virtual Desktop much more quickly and efficiently while feeling assured their investment is being guided, optimized and cared for by the experts at ProArch.”
“The full complement of ProArch’s service offerings and depth of subject matter expertise helps enterprises move to the cloud with confidence,” said Samit Halvadia, CTO of Rimo3. “Combining the industry-leading features of Nerdio and Rimo3 into their DaaS solution enables customers to accelerate their journey from legacy to modern and ultimately unlock the full benefits of AVD.”
ProArch is a global technology services firm that delivers transformative value through cybersecurity and compliance, cloud and infrastructure, data and AI, and software development. ProArch connects business goals with technology solutions and strategies to accelerate modernization, reduce risk, harness the power of data and create customer-centric digital products. ProArch’s mission is to listen closely, understand deeply and solve strategically for absolute value to our clients.
Nerdio empowers Managed Service Providers (MSPs) and enterprises to build successful cloud practices in Microsoft Azure with Azure Virtual Desktop and Windows 365. Nerdio Manager for Enterprise is a packaged Azure application that runs in users’ own tenants without compromising security and compliance by allowing third-party vendors access to the IT environment. Nerdio Manager for MSP empowers MSPs to deploy, manage and optimize virtual desktop environments in Microsoft Azure through easy multitenant management.
Rimo3 provides unattended automation for Windows application migration, format modernization and readiness testing for Windows 10, Windows 11, Windows 365 and Azure Virtual Desktop, as well as identifying MSIX and multisession suitability. By leveraging automation to collect application insights, Rimo3 helps IT organizations speed the time to delivery and minimize risk in deploying security updates and ongoing changes in desktop and server environments across physical, virtual and cloud workspaces. Streamline operations, optimize resources, lower costs and improve end-user productivity.