NFV Challenges Abound, a Leaning Beckons

sdxcentral | April 03, 2019

NFV was introduced as a concept more than six years ago, but the wireless telecommunications industry is caught in a “paradox” that is precluding it from reaching a critical mass, said Scott Shenker, professor of computer science at U.C. Berkeley, in a keynote at this week’s Open Networking Summit. “We have to admit that we have a very serious problem. The rate of adoption and innovation is much slower than anybody thought six years ago,��� he said. The problem boils down to integration, or rather a lack thereof, Shenker explained. Because the three components of NFV virtualized network functions (VNFs), NFV management and orchestration, and NFV infrastructure (NFVI) are so tightly combined, it has created a paradox that makes it unnecessarily complex and difficult for operators to implement the concept at scale.

Spotlight

Digital transformation aligns technology and business models to more effectively engage digital customers throughout the entire customer experience lifecycle.1 Citrix XenDesktop provides secure application and desktop virtualization to give your employees the freedom to work from anywhere, on any device, with a high definition user experience.


Other News
VIRTUAL DESKTOP STRATEGIES

Pentera Finds Two Zero-Day Vulnerabilities in VMWare vCenter, Exposing More Than 500,000 Companies Globally

Pentera | April 04, 2022

Pentera, the leader in Automated Security Validation (ASV), today announced its Pentera Labs team discovered two zero-day vulnerabilities. If exploited by threat actors, the critical attack path may result in the ability to disable, disrupt and destroy VMware vCenter managed environments in over 500,000 organizations globally. The vulnerabilities were reported to VMware by Senior Security Researcher Yuval Lazar and released under CVE-2022-22948 and CVE-2021-22015 with a patch. Pentera Labs’ technical review of the vulnerabilities can be found here. Discovered vulnerabilities require immediate patching to prevent malicious actors from achieving remote access to vCenter and inflicting widespread damage on organizations. Installed in thousands of organizations worldwide and managing some of their most critical asset and core systems, VMware vCenter Servers are a high-priority target for cybercriminals. Once compromised, the ease and convenience that vCenter offers for managing virtualized hosts in enterprise environments will play into the adversary’s hands, providing centralized access and widespread Impact. “As part of our daily work, we research the entire enterprise IT attack surfaces, including the exploitability of virtual workload environments such as vCenter and ESXi and discovered zero-day vulnerabilities,” said Alex Spivakovsky, VP of Research at Pentera. “We’re glad to have discovered and immediately disclosed these vulnerabilities to strengthen the defender community and have not seen evidence that malicious actors exploited it at this time.” Pentera’s interest in VMWare’s vCenter started because of previously reported vulnerabilities, increasing demand from customers and threats observed in the wild, most notably recent reports of a python ransomware strain targeting ESXi. The team will continue to identify potential vulnerabilities within the platform that could affect businesses globally. Security readiness is not determined by a single vulnerability or the security team’s ability to discover and patch it. Our award-winning security validation platform autonomously emulates the entire cyberattack kill chain and provides peace of mind for security leaders facing a multitude of internal and external attacks.” Pentera co-founder and CTO, Dr. Arik Liberzon About Pentera Pentera is the category leader for Automated Security Validation, allowing every organization to easily test the integrity of all cybersecurity layers, unfolding accurate, current security exposures at any moment, at any scale. Thousands of security professionals and service providers worldwide use Pentera to guide remediation and close security gaps before they are exploited.

Read More

SERVER VIRTUALIZATION

New Audit Resources from ISACA Help Professionals Keep Pace with 2022 Audit and Compliance Trends and Updates

ISACA | December 22, 2021

As the year winds down, many audit professionals are shifting their focus to 2022 priorities—including developing dynamic new strategies such as agile auditing, revisiting established technologies from a remote or hybrid working environment perspective, and closing any gaps between compliance expectations and current practices—and how they can enhance their skills to meet the needs of the evolving audit landscape. To meet these needs, ISACA has released three new audit resources—its VPN Security Audit Program, Destination: Agile Auditing white paper, and a new edition of its IT Control Objectives for Sarbanes-Oxley publication. During the pandemic, the reliance on virtual private networks (VPNs) was heightened as many shifted to working from home—as did the need to manage its risks and implement safeguards. ISACA’s VPN Security Audit Program provides a foundation for auditors to provide assurance around the effectiveness of implemented VPN controls, including pre-audit planning, governance and oversight, implementation and configuration, operations, and maintenance and monitoring, to avoid some of the following risks: The increase in number of end users combined with extended VPN use may put additional pressure on infrastructure and adversely affect performance. Failure to detect unauthorized VPN activity may cause denial of service due to excessive traffic or connection attempts. Lack of alignment of data classification requirements with VPN requirements and configuration may impair compliance initiatives that are reliant on data classification. During the pandemic, organizations embraced methods to increase agility and efficiency, including by using Agile. Destination: Agile Auditing outlines how audit professionals can incorporate Agile principles into their audit methodologies. Auditors can learn the basics about Agile auditing, its benefits, how Agile complements established assurance standards, how developing competency in Agile can enhance the planning, fieldwork, and reporting phases of an audit. The white paper also includes examples of elements from the Agile tool set, including an Agile road map and Agile audit engagement workflows and illuminates key components like sprints, audit backlog and daily standups. Internal and external auditors, IT auditors and managers, and financial and operational managers can also ensure they are keeping up with the latest guidance in complying with the Sarbanes-Oxley Act in a new edition of ISACA’s IT Control Objectives for Sarbanes-Oxley publication. This latest edition incorporates updated guidance and standards from the Public Company Accounting Oversight Board (PCAOB) and the American Institute of CPAs (AICPA) and its Auditing Standards Board, with updates including: Integrating guidance for implementing internal control over financial reporting (ICFR) using COBIT® 2019, for IT and financial management within enterprises and for their internal and external auditors and consultants Aligning with COBIT 2019 Focus Area: Information & Technology Risk Providing the mapping of the role of COSO Internal Control – Integrated Framework, 2013 to COBIT 2019 Highlighting technological innovations and their impacts on auditing IT controls. The audit landscape is constantly shifting as technologies and regulations evolve, making it essential that audit professionals prioritize continuous learning to ensure they are applying the most current and effective audit practices. ISACA is committed to equipping the global audit community with the tools they need to deliver the highest audit standards at their organizations.” Robin Lyons, IT Audit Professional Practices Lead About ISACA For more than 50 years, ISACA has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation that supports IT education and career pathways for under-resourced, under-represented populations.

Read More

VMWARE

Pavilion Data Raises $45 Million to Expand Its Platform for Accelerating Data Analytics

Pavilion Data | January 21, 2022

Pavilion Data Systems, the leading data analytics acceleration platform provider and a pioneer of NVMe-oF, announced major successes on multiple fronts in 2021, underscoring the strong demand for its dense high-performance data analytics platform and laying the groundwork for increased momentum in 2022. Pavilion Data Systems raised a $45 million round led by Kleiner Perkins and Artiman Ventures. This funding, combined with the rapid growth of its customer base, strong business momentum, and key executive hires, including Dario Zamarian as CEO, positions Pavilion to address the increasing need for a high-performance, dense, and scale-out flash storage platform for analytics and AI/ML applications. "Pavilion is proving its market acceptance across a broad range of industry verticals as an analytics acceleration platform for legacy and next-generation applications," noted Zamarian. "2021 saw the company grow its employee base by 50% across all functions. This, combined with additional funding from our investors, our expanded leadership team, and the strong position of our flagship HyperParallel Data Platform will enable us to take data analytics acceleration to the next level." Pavilion's total outside capital investment increased to $107 million after the $45 million round led by Kleiner Perkins and Artiman Ventures. All existing investors participated in the funding, including Korea Investment Partners, SK Telecom Ventures, Taiwania Capital, Tyche Partners, DAG Ventures, and RPS Ventures. This investment round also was joined by new investors Mirae Asset, Liberty Street Advisors, and Gaingels. Many organizations in the federal and commercial space are already using Pavilion to make the most of their applications and accelerate their workloads. Pavilion's platform enables users to build a bridge between their existing and future needs. We see that its unique ability to accelerate legacy as well as next-generation applications is making it a prime choice for many users. My partners and I are excited to have co-led this round, as the funding will help Pavilion establish itself as a leader in the data analytics and AI/ML acceleration market." Wen Hsieh, Partner at Kleiner Perkins In 2021 Pavilion significantly increased deployments within federal agencies and increased penetration into analytics use cases in Fortune 500 companies, including a top-20 banking institution, a top credit agency, and one of the largest hedge funds in the country. Nearly 80% of all deployments were to accelerate analytics, legacy and next-generation, ML, and streaming applications. Pavilion doubled its new customers, and customer loyalty remains strong with 75% of its 2020 customers repurchasing in 2021. Pavilion also opened new sales offices in Atlanta, Boston, and London, and it directly addressed the public sector by opening a sales division focused on federal government customers to support its strong presence in the federal space. The company continued its expansion into the life sciences, financial, and media and entertainment industry verticals. "We needed an external storage platform that matched the performance we get from internal NVMe SSDs to support a mission critical SQL analytics use case running on VMWare 7," said Ken Boyer, Director Global Storage MGMT at IQVIA. "The Pavilion platform enabled us to meet this challenging requirement that could not be met with other options. It's really exciting to see this recognition and endorsement of Pavilion by the investment community to build upon their momentum and accelerate their roadmap. We look forward to seeing continued momentum of their data analytics acceleration platform." "We have been working with Pavilion for the last couple of years and have had great success with some of our large federal customers," said Herb Ahmuty, Senior Solutions Architect at Meadowgate. "The Pavilion platform has helped a couple of our customers address the challenging data-ingest and performance needs of their demanding analytics workloads. Given the rapidly changing nature of technology, Pavilion's agility has enabled our customers to be more responsive to their growing data sets and expanded application environments. It's great to see continued support of Pavilion from the investment community." To build out the next phase of company development, Pavilion added to its executive suite with the hiring of a chief marketing/product officer, senior vice president of software development, vice president of operations, and vice president of marketing. Awards Granted to Pavilion Data Systems: In May 2021, Frost & Sullivan recognized Pavilion with its North American Technology Award, citing its innovative approach to NVME-oF (Non-Volatile Memory Express over Fabrics), the most advanced development in data storage. In January 2022, DCIG named Pavilion as one of the Top 5 Storage Solutions for Life Sciences. Pavilion's data analytics acceleration platform, consisting of the Pavilion HyperParallel File System and Pavilion HyperOS, was singled out among 15 contending providers for having exceptional performance, deployment capability, data protection, and technical support, among other factors. In January 2022, GigaOm named Pavilion as a "Fast Mover" in the "GigaOm Radar for High-Performance Scale-Out File Systems," claiming that Pavilion provides "a compelling, no-compromise architecture built around NVMe and maximum performance," "one of the greatest GPUDirect implementations available," "a superb security-oriented architecture," and "great scalability and performance. " About Pavilion Data Systems Pavilion provides the data analytics acceleration platform enabling enterprises to derive greater value from their data—faster, simpler, and at scale. We are the perfect complement for AI/ML, HPC, analytics, edge and other data-driven workloads and the ideal data IO platform for GPU-based computing platforms. The Pavilion HyperParallel Data Platform, powered by Pavilion HyperOS, delivers unmatched performance and density, ultra-low latency, unlimited scalability, and flexibility, providing customers unprecedented choice and control. Learn why Fortune 500 companies and federal government agencies choose Pavilion.

Read More

VMWARE

Cybercriminals Target Linux-based Systems With Ransomware and Cryptojacking Attacks

VMware | February 09, 2022

As the most common cloud operating system, Linux is a core part of digital infrastructure and is quickly becoming an attacker’s ticket into a multi-cloud environment. Current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks that target Linux-based workloads. VMware, Inc. released a threat report titled “Exposing Malware in Linux-based Multi-Cloud Environments.” Key findings that detail how cybercriminals are using malware to target Linux-based operating systems include: Ransomware is evolving to target Linux host images used to spin workloads in virtualized environments; 89 percent of cryptojacking attacks use XMRig-related libraries; and More than half of Cobalt Strike users may be cybercriminals, or at least using Cobalt Strike illicitly. Cybercriminals are dramatically expanding their scope and adding malware that targets Linux-based operating systems to their attack toolkit in order to maximize their impact with as little effort as possible. Rather than infecting an endpoint and then navigating to a higher value target, cybercriminals have discovered that compromising a single server can deliver the massive payoff and access they’re looking for. Attackers view both public and private clouds as high-value targets due to the access they provide to critical infrastructure services and confidential data. Unfortunately, current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks on Linux-based operating systems.” Giovanni Vigna, senior director of threat intelligence at VMware As malware targeting Linux-based operating systems increases in both volume and complexity amid a rapidly changing threat landscape, organizations must place a greater priority on threat detection. In this report, the VMware Threat Analysis Unit (TAU) analyzed the threats to Linux-based operating systems in multi-cloud environments: ransomware, cryptominers, and remote access tools. Ransomware Targets the Cloud to Inflict Maximum Damage As one of the leading breach causes for organizations, a successful ransomware attack on a cloud environment can have devastating consequences.(2) Ransomware attacks against cloud deployments are targeted, and are often combined with data exfiltration, implementing a double-extortion scheme that improves the odds of success. A new development shows that ransomware is evolving to target Linux host images used to spin workloads in virtualized environments. Attackers are now looking for the most valuable assets in cloud environments to inflict the maximum amount of damage to the target. Examples include the Defray777 ransomware family, which encrypted host images on ESXi servers, and the DarkSide ransomware family, which crippled Colonial Pipeline’s networks and caused a nationwide gasoline shortage in the U.S. Cryptojacking Attacks Use XMRig to Mine Monero Cybercriminals looking for an instant monetary reward often target cryptocurrencies using one of two approaches. Cybercriminals either include wallet-stealing functionality in malware or they monetize stolen CPU cycles to successfully mine cryptocurrencies in an attack called cryptojacking. Most cryptojacking attacks focus on mining the Monero currency (or XMR) and VMware TAU discovered that 89 percent of cryptominers used XMRig-related libraries. For this reason, when XMRig-specific libraries and modules in Linux binaries are identified, it is likely evidence of malicious cryptomining behavior. VMware TAU also observed that defense evasion is the most commonly used technique by cryptominers. Unfortunately, because cryptojacking attacks do not completely disrupt the operations of cloud environments like ransomware, they are much more difficult to detect. Cobalt Strike Is Attackers’ Remote Access Tool of Choice In order to gain control and persist within an environment, attackers look to install an implant on a compromised system that gives them partial control of the machine. Malware, webshells, and Remote Access Tools (RATs) can all be implants used by attackers in a compromised system to allow for remote access. One of the primary implants used by attackers is Cobalt Strike, a commercial penetration testing and red team tool, and its recent variant of Linux-based Vermilion Strike. Since Cobalt Strike is such a ubiquitous threat on Windows, the expansion out to the Linux-based operating system demonstrates the desire of threat actors to use readily available tools that target as many platforms as possible. VMware TAU discovered more than 14,000 active Cobalt Strike Team Servers on the Internet between February 2020 and November 2021. The total percentage of cracked and leaked Cobalt Strike customer IDs is 56 percent, meaning that more than half of Cobalt Strike users may be cybercriminals, or at least using Cobalt Strike illicitly. The fact that RATs like Cobalt Strike and Vermilion Strike have become a commodity tool for cybercriminals poses a significant threat to enterprises. “Since we conducted our analysis, even more ransomware families were observed gravitating to malware targeting Linux-based systems, with the potential for additional attacks that could leverage the Log4j vulnerabilities,” said Brian Baskin, manager of threat research at VMware. “The findings in this report can be used to better understand the nature of this malware and mitigate the growing threat that ransomware, cryptomining, and RATs have on multi-cloud environments. As attacks targeting the cloud continue to evolve, organizations should adopt a Zero Trust approach to embed security throughout their infrastructure and systematically address the threat vectors that make up their attack surface.” Methodology The VMware Threat Analysis Unit (TAU) helps protect customers from cyberattacks through innovation and world-class research. TAU is composed of malware analysts, reverse engineers, threat hunters, data scientists, and intelligence analysts at VMware. To understand how to detect and prevent attacks that bypass traditional, file-centric, prevention strategies, TAU focuses on techniques that were once the domain of advanced hackers and are now moving downstream into the commodity attack market. The team leverages real-time big data, event streaming processing, static, dynamic and behavioral analytics, and machine learning. TAU applied a composition of static and dynamic techniques to characterize various families of malware observed on Linux-based systems based on a curated dataset of metadata associated with Linux binaries. All the samples in this dataset are public and therefore they can be easily accessed using VirusTotal or various websites of major Linux distributions. TAU collected more than 11,000 benign samples from several Linux distributions, namely, Ubuntu, Debian, Mint, Fedora, CentOS, and Kali. TAU then collected a dataset of samples for two classes of threats, namely ransomware and cryptominers. Finally, TAU collected a dataset of malicious ELF binaries from VirusTotal that were used as a test malicious dataset. TAU started collecting the dataset in June 2021 and concluded in November 2021. About VMware VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. As a trusted foundation to accelerate innovation, VMware software gives businesses the flexibility and choice they need to build the future. Headquartered in Palo Alto, California, VMware is committed to building a better future through the company’s 2030 Agenda.

Read More

Spotlight

Digital transformation aligns technology and business models to more effectively engage digital customers throughout the entire customer experience lifecycle.1 Citrix XenDesktop provides secure application and desktop virtualization to give your employees the freedom to work from anywhere, on any device, with a high definition user experience.

Resources