VMware issues 10.0 CVSS rating on vCenter Server vulnerability

scmagazine | April 13, 2020

VMWare issued a warning and patch for a vulnerability in its VMware vCenter Server that maxed out the CVSS rating system by garnering a 10.0. The issue, CVE-2020-3952, centers on the vmdir that ships with VMWare vCenter Server as it does not properly implement access controls. To exploit this vulnerability a malicious actor would have to have network access to an affected vmdir deployment giving them the ability to extract highly sensitive information which then could be used to compromise vCenter Server or other services which are dependent upon vmdir for authentication. Satnam Narang, principal research engineer at Tenable, pointed out that VMWare listed only a limited set of vCenter Servers affected by this flaw, specifically version 6.7 upgraded from version 6.0 and 6.5. Narang also suggested that by giving the flaw a 10.0 CVSS score VMWare likely believes it is easy to exploit.

Spotlight

Tune in to this deep dive video with Faction CTO, Matt Wallace, as he explains how Faction Cloud Control Volumes unlock the power of VMware Cloud on AWS by freeing you from storage constraints.

Spotlight

Tune in to this deep dive video with Faction CTO, Matt Wallace, as he explains how Faction Cloud Control Volumes unlock the power of VMware Cloud on AWS by freeing you from storage constraints.

Related News

VIRTUAL SERVER MANAGEMENT

Login VSI Named as Top 20 Emerging Vendor by DEJ

Login VSI | October 13, 2022

Login VSI, the company that provides the industry's first digital workspace reliability platform, announced today that Digital Enterprise Journal (DEJ), a business technology research firm, has named Login VSI to its 2022 Emerging Vendors list in managing IT performance in a recent report. The designation is a follow-up to DEJ's market study titled "24 Key Areas Shaping IT Performance Markets in 2022." After identifying these 24 key areas through end-user-focused research, DEJ then identified vendors that were best aligned with the study's findings and were leaders in many of these key areas. "Login VSI's insights into the VDI chain of service drive better employee experiences. Their platform provides transparency across all major VDI vendors and helps organizations better leverage automation, benchmark performance, and respond to the impact of ongoing changes," said Bojan Simic, founder and chief analyst at DEJ and the report's primary author. Simic also noted that Login VSI is well aligned "with user requirements in categories such as optimization and visibility into inefficiencies." Leading enterprises use the Login Enterprise platform to modernize and future-proof their VDI investments but also apply a rigorous testing process to assess the impact of application changes on the entire VDI chain of service and identify potential failures due to service disruptions or behavioral changes. "We are honored to be recognized by DEJ as one of its top 20 emerging vendors for managing IT performance, One of our primary objectives has always been to provide innovative products that empower our clients to successfully manage rapidly evolving and growing IT demands. We believe this insight from DEJ will help empower organizations to find and leverage the latest groundbreaking IT technologies." Eric Jan van Leeuwen, CEO of Login VSI DEJ's 2022 research report, Top 20 Vendors for Managing IT Performance, showcases the results of its current state of the market, including insights from more than 3,300 organizations. The 24 key areas discovered in this research were used as evaluation criteria from which DEJ chose the top 20 vendors based on their effectiveness in solving top challenges for organizations as well as their ability to respond to their fast-changing requirements. These findings underscore the need for innovative approaches to address both persistent challenges and a new set of management issues that cannot be effectively solved by legacy solutions. About Login VSI Login VSI provides the industry's first digital workspace reliability solution that increases the velocity of change and preserves the performance of Windows applications and workspaces (cloud, virtual and physical). Our Login Enterprise platform provides a human-centric and automated approach that objectively measures experience and delivers immediate insights into the impact of any change. Using industry accepted, patented benchmarks, organizations can plan and maintain a successful digital workplace with less cost, fewer disruptions, and less risk. Founded in 2012, Login VSI is headquartered in Amsterdam, Netherlands and Boston, Massachusetts.

Read More

VIRTUAL SERVER INFRASTRUCTURE

Hewlett Packard Enterprise Introduces Next-Generation Compute Engineered for a Hybrid World

Hewlett Packard Enterprise | November 03, 2022

Hewlett Packard Enterprise announced a next generation compute portfolio that delivers a cloud operating experience designed to power hybrid environments and digital transformation. The new HPE ProLiant Gen11 servers provide organizations with intuitive, trusted, and optimized compute resources, ideally suited for a range of modern workloads, including AI, analytics, cloud-native applications, graphic-intensive applications, machine learning, Virtual Desktop Infrastructure (VDI), and virtualization. “The foundation of any hybrid strategy is compute, HPE Compute brings businesses closer to the edge, where data is created, where new cloud experiences are delivered, and where security is integral. The new HPE ProLiant Gen11 servers are engineered for the hybrid world to deliver an intuitive cloud operating experience, trusted security by design, and optimized performance for workloads.” Neil MacDonald, executive vice president and general manager, Compute, at HPE VIDEO: Be data-first: Next generation HPE ProLiant – engineered for your hybrid world Intuitive cloud operating experience On HPE ProLiant servers, an HPE GreenLake for Compute Ops Management subscription provides a cloud-native management console. This increases operational efficiency by securely automating the process to access, monitor, and manage servers, no matter where the compute environment lives. The console provides simple, unified, and automated capabilities to allow customers to control their compute with global visibility and insight. Customers can also easily onboard thousands of distributed devices and benefit from faster server firmware updates to focus efforts on business operations, and not on managing complex IT infrastructure. HPE GreenLake for Compute Ops Management also includes carbon footprint reporting for customers to view emission metrics, from individual servers to full compute environments, to monitor energy usage. Trusted security by design HPE continues to lead and deliver secure infrastructure, from edge to cloud, starting at the silicon level with the HPE Silicon Root of Trust, an industry-exclusive security capability that protects millions of lines of firmware code, from malware and ransomware, with a digital fingerprint that is unique to the server. Today, the HPE Silicon Root of Trust secures millions of HPE servers around the world. The next-generation HPE ProLiant servers build on this security innovation with the following new features to protect data and systems: Ensure verification and authentication for device components with the new version of the HPE Integrated Lights-Out (iLO), with iLO6. ILO is a remote server management software that enables customers to securely configure, monitor, and update HPE servers seamlessly. The latest version features new authentication using the Security Protocol and Data Model (SPDM), a key security capability in servers for authenticating and securely monitoring devices in an open standards-based approach. Prevent alterations to unique server identity access with the inclusion of platform certifications and Secure Device Identity (iDevID) by default. Gain an additional layer of authentication by monitoring a secure boot and system state through the Trusted Platform Module (TPM). Adopt the highest level of security through the HPE Trusted Supply Chain. The HPE Trusted Supply Chain advances end-to-end security with certified servers that feature hardened data protection during the manufacturing process. Recently, HPE extended options for certified servers, from US-based factories, to produce and ship worldwide.1 Optimized performance for any workload As organizations run more demanding workloads, including AI, machine learning, and rendering projects, they require optimal compute and accelerated compute performance. The next-generation HPE ProLiant servers are optimized to deliver high performance on an organization’s most data-intensive workloads and support a diverse set of architectures, including 4th Generation AMD EPYC™ processors, 4th Gen Intel® Xeon® Scalable processors, and Ampere® Altra® and Ampere® Altra® Max Cloud Native Processors. Compared to the previous generation, the new HPE ProLiant Gen11 servers support twice as much I/O bandwidth for the most demanding applications, 50% more cores per CPU for improved workload consolidation, and 33% more high-performance GPU density per server to support AI and graphic-intensive workloads. Service providers, and enterprises that are embracing cloud-native workloads, require dedicated, cloud-native compute to deliver agile and extensible capabilities to drive innovation. In June 2022, HPE announced that it was the first tier-one server provider to offer compute with optimized cloud-native silicon, using Ampere® Altra® and Ampere® Altra® Max Cloud Native Processors in the new HPE ProLiant RL300 Gen11 server. Delivering a pay-as-you-go consumption model with HPE GreenLake Organizations looking to transition from one generation to the next, can adopt HPE’s next-generation compute through a traditional infrastructure purchase or through a pay-as-you-go model with HPE GreenLake. HPE GreenLake is an as-a-service platform that enables customers to accelerate data-first modernization and provides over 70 cloud services that can run on-premises, at the edge, in a colocation facility, and in the public cloud. Additionally, through HPE Financial Services (HPEFS), customers can convert existing technology assets into capital to purchase new or upgraded technology. Expanding the customer experience with new services Through HPE Pointnext Services, an award-winning team of over 15,000 experts, customers adopting the HPE ProLiant Gen11 servers can leverage in-depth global expertise to deploy next-generation HPE ProLiant servers and create new experiences, gain real-time insights from their data, and modernize IT to unlock value. Today, HPE unveiled enhancements to its customer experience, supporting HPE ProLiant Gen11 servers, including: HPE Pointnext Complete Care Secure Locations offers customers assigned experts to deliver support to locations where access, connectivity as well as electronic and verbal communications, are subject to specific security measures. HPE Expert on Demand provides customers with access to services professionals with dedicated expertise related to HPE’s next-generation compute offerings. HPE Support Center, which provides online services and a support platform, has been enhanced to include greater collaboration, case management, enhanced virtual agent troubleshooting and a new digital insights dashboard. Support for HPE’s next-generation compute has been extended from three to five years, to up to seven years. Availability HPE ProLiant Gen11 servers featuring 4th Generation AMD EPYC™ processors will be available to order worldwide starting on November 10, and available through the HPE GreenLake cloud platform. The HPE ProLiant RL300 Gen11 server using Ampere processors is available to order worldwide today. All HPE ProLiant servers can be purchased through HPE and HPE’s channel partners. About Hewlett Packard Enterprise Hewlett Packard Enterprise (NYSE: HPE) is the global edge-to-cloud company that helps organizations accelerate outcomes by unlocking value from all of their data, everywhere. Built on decades of reimagining the future and innovating to advance the way people live and work, HPE delivers unique, open and intelligent technology solutions as a service. With offerings spanning Cloud Services, Compute, High Performance Computing & AI, Intelligent Edge, Software, and Storage, HPE provides a consistent experience across all clouds and edges, helping customers develop new business models, engage in new ways, and increase operational performance. For more information, visit: www.hpe.com Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. HPE ProLiant servers – Customer Quote Sheet Fernando Hortal, CTO, Pleiades “At Pleiades, our mission is to assist companies in adopting new technologies and solutions through our technology services, which include architecting labs for proof-of-concepts, and training. Having high-performing, reliable, secure and efficient compute is key to optimizing our business. The new HPE ProLiant Gen11 server is already more powerful that anything we have experienced in the data center, and through the new HPE iLO6, we have gained more control and security of our devices to guarantee the integrity of our compute environment. We look forward to using these powerful capabilities to continue innovating and enabling new workloads.” Christian Sack, Lead System Architect, Canon “At Canon, our customers expect the highest level of reliability, performance and security due to their mission critical workload. That is why we are delighted to partner with HPE to adopt next-generation HPE ProLiant servers. This new generation will deliver all the capabilities we rely on from HPE, but with unprecedented levels of performance, simplified management and enhanced security.” Vasco Portugal, CEO and Co-Founder of Sensei “At Sensei, we are committed to transforming retail to deliver a seamless shopping experience for customers while also optimizing operations with automated, cashier-less stores. In partnership Through our global OEM partnership with HPE, and using its HPE ProLiant servers that delivers high-performance and versatility to support a range of workloads, we have successfully driven deployed our proprietary AI-enabled applications software and hardware platform that turns physical stores autonomous and cashierless, while digitizing store operations and boosted inventory efficiencies. We look forward to the new HPE ProLiant Gen11 servers, that will provide even greater performance and flexibility to innovate with AI and machine learning.” Craig Sinasac, Vice-President Development & Technology at Velocix "We provide class-leading, carrier-grade streaming technology that our customers use to deliver video services to millions of people around the globe. Our software runs on HPE ProLiant servers to maximise performance, minimise power consumption, and achieve the rock-solid reliability required to stream high-quality video content with the lowest possible latency. We look forward to adding the upcoming HPE ProLiant Gen 11 servers to our portfolio to further extend our performance and flexibility advantage.” Nate Engum, Information Systems, Kimley-Horn “Our greatest difficulty was transferring huge data files to our branch offices for updates, and HPE GreenLake for Compute Ops Management solved this problem with a novel approach. Instead of pulling down the entire file, we could schedule updates and the system would download only the necessary data for that specific update. Overnight, the server update process went from about four hours to 45 minutes. That is a considerable improvement in terms of the operational impact of downtime.” Roger Hilton, Technical Advisor of Global Deployment, Infrastructure, & Integration, InterContinental Hotels Group (IHG) “We partnered with HPE and worked closely with their engineering team to help bring HPE GreenLake for Compute Ops Management to life. It allows me to rest easy as an IT professional because I no longer have to worry about a component failing or a firmware update breaking our infrastructure. Imagine being on vacation and pushing out firmware without interrupting your holiday. That’s what you get.” Michael Taylor, IT Director, Mercedes-AMG Petronas Formula One Team “We don’t have the luxury of time to relay data back to the factory to process and send results back to the track. We need the ability to process data and make those decisions faster, at the edge, and that is why the team deployed a mobile data center, based on HPE ProLiant servers, to provide our engineering team with the processing power required to compute and visualize data at-scale. There is no doubt that next-generation HPE ProLiant servers will provide the same level of reliability with even greater performance and capabilities to process data-intensive workloads at the edge to unlock insights in real-time.”

Read More

VIRTUAL SERVER INFRASTRUCTURE

Code42 Incydr Supports Leading Desktop-as-a-Service Offerings and Virtual Desktop Infrastructure Solutions

Code42 | September 26, 2022

Code42 Software, Inc., the Insider Risk Management (IRM) leader, today announced its Incydr product fully supports all major Desktop-as-a-Service (DaaS) and Virtual Desktop Infrastructure (VDI) environments. The Code42® Incydr™ product detects when valuable and sensitive files are moved to untrusted locations, including personal email and cloud accounts, and removable media – and allows security teams to quickly respond in order to stop data leaks and theft. According to a recent survey of IT professionals published by Citrix, nearly 70% of organizations are planning to implement VDIs to accommodate hybrid or remote work strategies, with just under 60% accelerating the adoption of cloud tools. Though DaaS and VDI solutions help security teams better protect against vulnerabilities, malicious actors and other external threats, they do little to reduce the risk from insiders, as virtual environments inherently depend on cloud tools. “We’ve seen a notable uptick in the number of teams that have deployed DaaS and VDI solutions throughout their environments. Given the continued popularity of bring-your-own-device (BYOD) and remote work, coupled with an unstable hardware supply chain, we absolutely expect this trend to continue, In virtual-first organizations where there is pervasive use of cloud collaboration tools, such as Git, Salesforce, GDrive, OneDrive and iCloud, Incydr wraps a layer of protection around data put at risk by insiders, complementing solutions that focus on external threats and malicious actors.” Rob Juncker, CTO of Code42 Code42 Incydr: The Industry’s Leading Data Security Product for Exfiltration Detection and Response Incydr is an Insider Risk Management solution that provides the visibility, context and controls needed to stop data leak and IP theft. Organizations utilize Incydr to detect and respond to data exposure and exfiltration from corporate computer, cloud and email systems. It deploys in hours so security teams can address material risk to the business in a matter of days and drive the secure work habits needed to decrease how often employees put data at risk in the future. Code42 Instructor: Education-Led Insider Risk Response The Code42 Instructor™ micro-learning solution improves Insider Risk awareness by focusing on the creation of holistic, security-oriented cultures. The solution delivers actionable, hyper-targeted and bite-sized video lessons to end-users when they’re needed most, helping to change security behavior for the long term. The Instructor solution helps organizations rapidly mature their Insider Risk Management programs by incorporating data-driven Insider Risk behavioral guidance for end-users. Combining the Power of Incydr and Instructor Instructor works in tandem with Incydr, allowing security, compliance and education teams to immediately send corrective video lessons triggered by employee actions that create risk for the business. For example, when Incydr flags file movement to an untrusted location, like an unauthorized cloud application, an Instructor video specifically explaining the correct activity is sent to educate the employee in real-time through the Incydr solution. Code42 Services: Measure, Manage, Mitigate IRM technology is simpler and faster to deploy than other technologies, such as DLP and CASB, but it does require a strategy and mindset shift. Insider Risk Management isn’t only about data – it’s about a company’s employees and culture. Code42 IRM Services are designed to help organizations establish an efficient and effective IRM program rooted in transparency, training and technology. Code42’s services take a collaborative approach to helping organizations develop, operationalize, and mature an end-to-end IRM program. About Code42 Code42 is the leader in Insider Risk Management (IRM), offering end-to-end data loss detection and response solutions. The Code42 Incydr product is native to the cloud and rapidly detects data exposure, loss, leak and theft as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. Accelerating the effectiveness of Insider Risk programs are the Code42 Instructor microlearning solution, and Code42’s full suite of expert services. With Code42, security professionals can protect corporate data and reduce insider risk while fostering an open and collaborative culture for employees. Designed to meet regulatory control requirements, Code42’s IRM solution is FEDRAMP authorized and can be configured for GDPR, HIPAA, PCI and other compliance frameworks. Innovative organizations, including the fastest-growing security companies, rely on Code42 to safeguard their ideas. Founded in 2001, the company is headquartered in Minneapolis, Minnesota, and backed by Accel Partners, JMI Equity, NewView and Split Rock Partners. Code42 has played a defining role in developing a vision and requirements for the IRM category – now recognized by Gartner, IDC and Forrester – and is a founding member of the annual Insider Risk Summit and Insider Risk Community. The Company has several offices across the United States and its clients include large multinational organizations, such as Crowdstrike, Exabeam, BAYADA Home Health Care, Juniper Networks, Lending Club, MacDonald-Miller, MACOM, North Highland, Ping Identity, Shape Technologies, Snowflake, University of Georgia, User Testing, UTEX and Xactly.

Read More