By John Madisson, EVP of Products and CMO at Fortinet
Organizations have distributed data and workloads across both cloud environments and on-premises data centers. As a result, IT teams have to deploy, manage, and secure increasingly complex and hybrid networks. And even though many organizations have moved many of their workloads into the cloud, the majority of them still operate hybrid environments.
Hybrid environments allow organizations to keep important data on-premises. This allows them to maintain full control over sensitive assets, while also taking full advantage of the scalability and agility the cloud provides. However, as organizations become more hybrid and distributed, their security needs to be able to span across all environments.
As applications, resources, devices, and workers work from anywhere, networks need to be able to adapt in real time. Workflows now often span physical data centers as well as multiple cloud environments; applications follow users regardless of where they are connecting from or what device they are using; and data and other resources need to be securely accessed by any user on any device in any location. Security needs to be able to adapt and scale to meet these new requirements.
Five Essential Security Functions to Hybrid Networks
To properly protect and defend these hybrid environments, organizations should look for security solutions that provide the following critical functions:
Broad: Security solutions need to support a distributed security model where the exact same security solutions can be deployed in any environment.
Integrated: All of the various security solutions deployed across the network need to be able to see and work together as a single system to detect threats and respond to them in a coordinated fashion, regardless of where they occur.
Fast: These security functions need to operate not just at the speed of business, but at the speed of threats as well.
Automated: Anomalous and malicious behaviors need automated responses.
Security-driven Networking: Security-driven Networking weaves security and networking into a single, integrated system. This enables them to establish and enforce zero-trust access, dynamic network segmentation, and unified enforcement anywhere, on any device, in any location, without introducing security gaps or performance lags.
Success Requires Networking and Security to Function as a Single Solution
The majority of today’s security solutions are simply not fast enough, nor smart or responsive enough, don’t operate in enough places, and can’t adapt as quickly as today’s business requires. This is especially true in multi-vendor environments with disparate security solutions that don’t integrate when deployed. This lack of integration makes it impossible for organizations to securely use the flexible network environments they need to compete effectively.
Instead, these organizations need a security platform, like the Fortinet Security Fabric, designed to span, adapt to, and protect today’s dynamic environments. If they can’t, their business will not be able to keep up. And that is critical in today’s digital business environment, where the difference between success and failure can be measured in microseconds.
By: Hasan Darwish, Regional Sales Manager for Gulf at A10 Networks
2020 has been a challenging year for the entire world. We predict the pandemic response in 2020 will have a lasting impact on how and where consumers and businesses will use networks services, how service providers will build out their networks and where they will invest in additional capacity.
Here are a few predictions for 2021 for service providers:
Digital Transformation will Accelerate
The pandemic will erase years of resistance by late adopters, social institutions and businesses that previously hadn’t bought into the “digital transformation” argument. Forced to go “online or die” individuals and businesses have learned new skills, overcome technology limitations and forged new business models during 2020. These will continue in 2021 and will accelerate many technology transitions that service providers are conducting.
IPv6 will Finally Overtake IPv4
Hovering right around 33 percent for most of the year, according to Google, IPv6 will be used in more than 50 percent of Google searches globally. Boosted by the growth of 5G devices and networks, and increased pressure on CISOs to upgrade enterprise networks for strong network security, many enterprise and websites will accelerate their eventual conversion to IPv6 in 2021. However, many other ISPs, content providers and retailers, hard-hit by pandemic shutdowns, have web sites that are still IPv4 only and will remain unable to fund a conversion of their IT infrastructure. CGNAT can help extend their investment.
Service Providers Move to the Edge – Faster than Expected
Service providers will have to re-architect their access networks to accommodate the traffic shift from dense urban areas to suburban as work/play/learn at home continues, post-pandemic. Edge computing is forecast by IDC to exceed 50 percent of new infrastructure deployments by 2023 and identified by nearly all mobile operators as extremely important to future networks.
The Pandemic will have a Lasting Impact on Education – Remote/Online Learning will Continue Post Pandemic
The abrupt conversion of in-classroom learning to remote during the pandemic, will encourage educational institutions to offer online options to traditional in-classroom on a regular basis. This will expand education during illness, during period of inclement weather and other situations where a more flexible arrangement would be beneficial.
Lifestyles will be permanently altered by the pandemic and many will not want to return to commutes and less flexible working conditions. Remote work will become a new, acceptable alternative in many industries. The recent announcements by Tesla and Oracle to move corporate headquarters from tech talent-rich Silicon Valley in CA to Texas demonstrates a new trend. This will ultimately impact real estate, mass transportation plans and other social institutions that assume large-scale commutes to a few valuable job destinations. This shift will give a boost to distributed edge networks, cloud services and wireless that are less dependent upon centralized traffic aggregation.
That’s it for service providers….but here’s my final prediction:
2021 Prediction: This Year will be so Much Better than 2020 and We will all be so Glad
The COVID-19 vaccine will be hugely effective, and the world will establish an international day of togetherness in 2021.
By: Partha Narasimhan, CTO of Aruba, a Hewlett Packard Enterprise company
We enter 2021 in a very different place from where we were at the start of 2020. The role of networking and more broadly, the IT function, has more often become the hero – and sometimes the scorn – of business continuity and resilience in the face of the pandemic. As CIOs soak up the praise or take their lumps, they must now look to the horizon and define their approach and strategy in a post-pandemic world.
Aruba has identified four major trends that CIOs now face that can make or break an organization’s IT program:
The rise of the hybrid workforce and how that will evolve during and after the pandemic
The changing role of network security integrated across the fabric of the network
Graduating from uptime networking metrics to user satisfaction metrics, examining networking holistically as part of the broader IT technology stack
Staying the course in implementing automation in networking operations, despite challenges posed by the LAN, WAN and Cloud
The Hybrid Workforce is Here to Stay
Despite recent advances in vaccines for COVID-19, many roles may still not fully return to the office until late 2021, and in many cases, not at all. After speaking with CIOs from across the country, what is clear is that some amount of remote working will remain after the pandemic exits. That admission portends profound changes for physical office spaces, corporate culture, connectivity, and networking.
What many organizations thought would be temporary remote setups to “flatten the curve” of the pandemic infection rate, have evolved to form the hybrid workforce of the future, where employees will work from home, the office, or anywhere else – wherever they have a secure and reliable connection.
For IT, this crisis has presented enormous challenges, but there is a silver lining. CEOs and their boards of directors have come to recognize the impact that IT can have on the business, including how fast change can be implemented, even under such stressful circumstances.
Now, CEOs and their boards are thinking about lessons learned from the pandemic to make networking, security, and the overall IT programs they oversee more flexible and dynamic. As a result, IT has a seat at the table in pushing forward ambitious forms of digital transformation, even accelerating existing planned transitions, emboldened with how the workforce has adapted to what has become known as the “new normal.”
Security Must Be Viewed Dynamically – from Endpoints, to the Edge, to the Cloud
With the maturation of the cloud and the growth of edge networking with its myriad endpoints – all accelerated by the explosion of IoT – how security is defined and implemented is now becoming part of the network architecture, and not some bolted-on component of the enterprise IT environment.
With the rise of remote working and the hybrid work environment, CSOs and CIOs are clamoring for a connected security approach. When looking at network design principles of the past, security experts essentially started with a policy and then designed a network topology that in turn satisfied policy, which meant that topology and policy were tightly coupled. That dynamic is drastically changing. Networking solutions have evolved to offer significant degrees of separation, where policy gets programmed when and where it is needed, and only when and where it is needed.
Zero Trust network architecture solutions will remain a core piece of effective security with traditional IT workloads moving out of the Edge into either the cloud or SaaS environment. The vacuum left behind is eventually going to be replaced by OT/IoT specific workloads at the Edge. Furthermore, with the implementation of 5G, the networking architecture must contend with multi-access edge compute (MEC) workloads – both private and public – all the more requiring dynamic approaches to security policy that must evolve beyond the user-centric workflows that Zero Trust is primarily optimized for today.
End-User Satisfaction is King
Key IT metrics are also evolving. It’s no longer sufficient to just keep the network infrastructure up and running. The metric du jour is user satisfaction which, from the CIO standpoint, is tied to employee productivity that can ultimately impact business profitability.
Networking and security teams are now focused on dynamic experiences that end-users want and expect with the services and applications they choose to use for improved productivity. Instead of asking just what kind of devices are connecting to the network, they are also required to focus on maintaining flexibility and agility while minimizing risk. The goal of network control goes hand-in-hand with business agility. By applying the appropriate security measures, CIOs can better facilitate this increasingly dynamic IT environment.
Ultimately, CIOs want insights beyond the network itself and into availability and performance applications that the users and business leaders care about. They are not as interested in how esoteric aspects of the network are performing, but rather, they’re more concerned about whether a specific user had a poor Zoom experience.
Staying the Course on Automation in Network Operations
Tied to understanding the needs and experience of end users is the maturation of network automation. But automation progress is not equal across the entire networking paradigm. In the data center, which is a more controlled environment when compared to the WAN or LAN, adoption is farther along. Changes in a data center are driven mostly in a naturally hierarchical structure and is thus easier to understand and manage through automation scripts.
The Edge (both LAN and WAN), on the other hand, is a more chaotic environment because changes are triggered by factors that are not totally within IT’s control – namely human and device behavior patterns that are constantly changing. There is a big need for leveraging AI and machine learning models to sense changes as soon as they occur and respond to the ones that seem persistent, even if for a short period of time. The maturity of deployed solutions that provide this learning component of automation at the Edge will improve significantly in 2021. There will also be significant progress in combining these with APIs and other automation tools that will deliver on the promised efficiencies and insights that IT leaders crave.
The pandemic has also heightened the interest in networking automation at the Edge among CIOs and IT leaders. According to a recent survey of 2,400 IT decision makers across the globe, 35% plan to increase their investment in in AI-based networking, as they seek more agile, automated infrastructures for hybrid work environments.
Making 2021 a Success
In 2020, businesses and the economy were rescued by a raft of communication technologies developed over the past 40 years, ranging from security, cloud connectivity, to managed and supported applications over the network. Now in 2021, the four trends outlined here can provide CIOs and IT leaders with the tools to be better equipped for navigating the unpredictability of today and beyond. They empower IT leaders from the top down to strategically position IT as the crucial function businesses need to successfully maneuver whatever the future holds, from pandemics to accelerating shifts in work culture trends and environments.
Mobile Operators Transition Core Networks to 5G Core (5GC)
By: Amr Alashaal, Regional Vice President – Middle East at A10 Networks
Contain your excitement …..5G is coming (again)!
Wait….wasn’t 5G launched over two years ago?
Well, yes. For those not familiar with the nuances of 5G technology, 5GC (core or standalone) takes 5G deployment to the next level and replaces the 4G packet core with a new, cloud-native core using containers and following 3GPP specifications (release 15). This is somewhat separate from the market-by-market launch that most operators publicize, and the activity is less visible to the casual subscriber.
We recently sponsored a 5G security survey to understand the extent of mobile operator 5G core deployment. It was a global survey of 115 service providers that included mobile operators as well as fixed broadband providers. We asked several questions about the timing and extent of 5G core deployment and adoption and where the functions A10 Networks provides will fit in.
So, given that research, what do I see for 2021?
2021 Prediction – Over Half of Mobile Operators will have Launched 5GC (standalone) by the End of 2021
Most mobile operators that have launched 5G have chosen what’s called a “non-standalone” implementation. That is a hybrid of 4G and 5G that allows mobile operators to offer much of the 5G capabilities to their subscribers while still leveraging existing investment in their 4G packet core. Operators are eager to take advantage of the benefits of 5GC (standalone) – greater service agility and lower costs. The survey revealed that operators are committed to 5GC (SA or standalone) implementation, with 93 percent of mobile operators implementing within a three-year window and investing in multiple 5G security options.
2021 Prediction – a Half a Billion Mobile Subscribers Globally will be Using 5G by EOY 2021
Mobile operators also see rapid adoption of 5G over the next three years by subscribers as 5G deployment accelerates. Most operators said that within five years, at least 25 percent of their traffic would be carried via 5G – with 40 percent of operators predicting that most of their traffic would be carried by 5G. This is consistent with the recent Ericsson Mobility Report that forecasts 56 percent of total mobile data traffic will be 5G by 2026.
That’s a significant leap from today where almost half of operators report they have no traffic on 5G core at all. For 2021, 9 percent of operators say that most of their traffic will be on 5Gwith 70 percent predicting less than 50 percent will be 5G.
2021 Prediction – Three-quarters of Mobile Operators will have Whittled Down their 3G Traffic to 25% or Less
It’s really hard for mobile operators to get rid of old technology. 3G still exists in most mobile networks despite rapid 5G deployment. This is a combination of subscribers that won’t give up their older handsets, specific geographic areas, such as rural areas, that have legacy equipment and regulatory and industry practices that require a lengthy process for “sunsetting” older technologies. In North America, AT&T shutdown of 3G is expected in 2022; Verizon in 2021.
For example, today, only 13 percent of mobile operators surveyed have managed to eliminate support of 3G. By 2025, most operators (60 percent) said that they will no longer support 3G. That means that by 2025, 40 percent of operators will still carry 3G traffic. This also increases concerns around 5G security, since older technologies have multiple security vulnerabilities that will still be present in these multi-generational networks.
2021 Prediction – In North America, 2G will Finally be Gone – not so in Europe
2021 Prediction – Mobile Operators will Build More Relationships with Cloud Providers for Mobile Edge Compute (MEC) Services
According to a BPI report commissioned by A10 Networks, nearly all mobile operators state that mobile edge compute (MEC) is a vital part of their 5G deployment plans and most are actively deploying or will deploy within the next year or so. IDC forecasts 50 percent of all new infrastructure deployments (enterprise as well as service provider) will be at the edge by 2023. I believe that mobile service providers will also jump on the advantages of mobile edge compute, but take a more measured, strategic approach to their use of MEC, at least in the near term. By 2025, we see most mobile operators will have deployed 5G (standalone) combined with MEC and will direct up to 25 percent of their traffic through these nodes. Operators will also use strategic partners for their enterprise customers that want the lower latency that a mobile edge compute service provides.
2021 Prediction – In 2021, DDoS Detection and Mitigation will Become the Top Security Investment Priority for MEC networks
It’s already going in that direction now. DDoS attacks are getting more frequent, intense and most are smaller in size, making them harder to detect. The average attack size is only 12 Gbps, with most attacks being under 5 Gbps. A10’s The State of DDoS Weapons Report, Q2 2020 shows 10M available DDoS weapons.
The Heavy Reading 5G Security Report shows that small DDoS attacks are the primary reason for investment priority for MEC. And with MEC capacity as low as 600 Mbps, mobile service providers and their new 5G enterprise customers are at substantial risk for these common DDoS attacks.
Those are the predictions for 2021. Overall, in spite of the pandemic, we believe that demand for 5G services will be strong and that subscribers will continue to find more value and use cases from the growing 5G capability.
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced a new Extended Detection and Response (XDR) solution, FortiXDR, designed to reduce complexity, speed detection, and coordinate response to cyberattacks across the organization. FortiXDR is the only solution of its kind to leverage artificial intelligence (AI) for the investigation effort critical to incident response. Expanding on the cloud-native endpoint platform of FortiEDR, it enhances an organization’s Security Fabric and the threat protection powered by FortiGuard Labs security services. Specifically, FortiXDR can fully automate security operations processes typically handled by experienced security analysts to mitigate threats faster across the broad attack surface.
John Maddison, EVP of Products and CMO at Fortinet said, “Cybercriminals are using sophisticated—and increasingly intelligent—tools to target vulnerable network edges resulting from digital innovation. As a result, organizations need smarter, faster security operations to combat sophisticated, organized cybercrime. FortiXDR is the only XDR solution that leverages artificial intelligence to replicate the hands-on investigation that otherwise leaves organizations playing catch up. Applied across the Security Fabric platform, it helps enterprises keep pace with today’s accelerating threat landscape, even for organizations limited by small teams and few tools.”
XDR Solutions Solve Critical Security Challenges
The large number of security products typically deployed by enterprises has resulted in an unmanageable volume of security information that can actually mask threats, leaving security teams struggling to detect and respondto cyberattacks. As a result, a majority of organizations are either currently or planning in the next two to three years to consolidate security vendors.
Many organizations are gravitating toward consolidation based on an XDR solution. Gartner defines XDR as “a security incident detection and response platform that automatically collects and correlates data from multiple security products.”1 XDR provides an intelligent and automated way to tie traditionally isolated solutions into a single system.
However, while XDR solutions can ease some of the challenges related to vendor complexity, most focus on cross-product alert correlation and still require significant manual intervention of teams already stretched thin due to the cyber skills gap. Security teams require an XDR solution that can automate the entire process, from detection to event investigationto remediating security incidents.
Fortinet Brings Artificial Intelligence to XDR
Unlike other solutions, FortiXDR is AI-powered by a patent-pending Dynamic Control Flow Engine and continually trained by the threat data and research of FortiGuard Labs as well as the frontline expertise of its incident responders. The solution starts by leveraging the diverse security information shared across the Fortinet Security Fabric for correlation and analysis, converting them into high fidelity security incidents. These are then investigated by the AI engine, just as a seasoned security analyst would, to come to a final threat classification and scope. Finally, the best possible contextual responses are defined and can be automatically implemented to quickly remediate confirmed incidents.
Key benefits of FortiXDR include:
Dramatically reduces the number of alerts across products—by 77% or more on average.
Handles complex tasks in seconds that would take experts with specialized tools 30 minutes or more to accomplish. And without human error.
Enables the consolidation of independent security products and an automatic, coordinated response.
Fully automates intelligent incident investigation rather than relying on scarce human resources.
Reduce Time to Detection and Response
Additionally, FortiXDR can ingest telemetry from more aspects of an organization than any other solution, increasing the chance of detecting and properly classifying attacks. It also covers more of the cyberkill chain stages and supports more points of response to mitigate the impact of an attack more effectively than competitive solutions. All of this enables organizations to reduce mean time to detection (MTTD) and mean time to response (MTTR), while improving security operations efficiency and security posture. As a result, FortiXDR enables organizations to reduce the risk of missing potentially crippling cyber attacks like ransomware, phishing, and more, all while easing the burden on small security teams.
FortiXDR and the Fortinet Security Fabric
Fortinet’s platform approach, the Fortinet Security Fabric, leverages the top-rated, global security services of FortiGuard Labs to stop as many attacks as possible across the digital attack surface. It also provides the perfect foundation for XDR – with a common data structure, correlated telemetry, unified visibility, native integration and seamless interoperation. Now, FortiXDR layers on automated analytics, incident investigation and pre-defined responses out of the box.
The right-fit solution for any size organization
FortiXDR joins Fortinet’s industry-leading portfolio of AI-driven Security Operations offerings, including incident response components suitable for organization of any size or sophistication. FortiXDR’s “out of the box” operation makes it perfect for most midmarket and average enterprise organizations with limited teams, tools and processes. For organizations with more staff, solutions and systemic process, FortiSIEM adds multi-vendor visibility while FortiSOAR orchestrates response. This family of products deliver the right-fit solution to organizations of any size to help teams reduce the risk potential of security incidents by blocking more, detecting sooner, and responding faster.
By: Morten Illum, EMEA Vice President at Aruba, a Hewlett Packard Enterprise company
We made it through 2020. But now it is time to turn off our out-of-(home)offices and roll up our sleeves once more.
As our thoughts turn to what 2021 has in store, here are three key trends that are firmly on my radar this year.
The continued evolution of the hybrid workplace
It is perhaps no surprise that this is first up. It’s been top of the business agenda for the past year after most organizations found themselves converting almost overnight to a work from home operating model thanks to COVID-19 and only able to welcome back a skeleton in-person staff since.
But as vaccination programmes roll out across EMEA and people are allowed to return to the office in far more significant numbers, I believe we will see the emergence of a new type of hybrid workplace. Or more accurately, a hybrid workspace. After all, the definition of a place is “a particular position, point, or area in space” and our future work environment is likely to be anything but fixed.
The more significant change, however, is that the new hybrid workspace will be a deliberate one. Of course the redesign of the office as a concept was in play well before COVID-19 turned the world upside down. But for the past year, the hybrid workspace been a reactive one – hybrid by necessity versus by design.
As businesses took the time they’ve had this year to plan their return in more detail, we can expect to see more fundamental changes starting to shape our office environments. In addition to the necessary health and safety measures, I predict we’ll continue to see less desk space and more meeting room space, for example, as day-to-day interactions are kept to video conference and the office is reserved for bigger group get-togethers.
SD-WAN goes mainstream
A quick Google search will show you countless articles proclaiming that this is the year of SD-WAN. Certainly, it was said about both 2019 and 2020, but we really mean it for 2021!
Again, one of the key drivers for this has been the pandemic – and the spotlight it has shone on the need to better connect home, branch and cloud environments to deliver a consistent application experience, whether an employee chooses to log on from the office, home or on the road (imagine!). As businesses look to the coming year, support for a distributed workforce will remain a top priority, making SD-WAN critical to successfully navigating the “new normal.”
This acceleration of interest in SD-WAN is something that is coming through loud and clear in conversations with partners and customers. Case and point, on a recent call with a security company, they mentioned that every current customer discussion ends in them being told that the customer has an SD-WAN project underway and that this project needs to be defined before the customer can make any changes to their security policies or vendor of choice.
This is just one example, but it certainly points to the fact that SD-WAN is becoming a much broader customer need throughout 2021.
Taking the data centre to the Edge
The explosion of data has been a running theme throughout my posts for some time now – but as COVID-19 has accelerated the digital transformation of nearly every organization out there, the amount of data being generated at the Edge has never been higher – or indeed more vulnerable – and the need for businesses to quickly and efficiently collect, secure, process and act on that data has never been more pressing.
With the hybrid workplace set to make the situation even more complicated in 2021 with people constantly moving in and out of the office environment, the traditional model of a single data centre located at a company headquarters is no longer fit for purpose. Instead, we will see enterprises starting to transition to a “centres-of-data” networking model – with multiple micro data centres positioned at the Edge to help convert all that data into simplified IT operations, accelerated service delivery, and streamlined IT deployment.
In it together
The challenges of the past year are by no means over – and the above three trends will certainly keep things interesting in 2021.
With its new Solution-as-a-Service (SaaS) offering, AESG will offer comprehensive commissioning, handover and asset management services, and integrated data solutions on a digital, cloud-based platform with enhanced data management capabilities.
Followingthe announcement of its ongoing global expansion, AESG, a specialist consultancy, engineering, and advisory firm, today strengthened its position as a leading provider of consultancy services for the built environment through the acquisition of Springboard Middle East. In addition to gaining ownership of Springboard Middle East’s regional contracts, staff, IP, and assets, the deal has enabled AESG to launch its new digital commissioning, handover and asset management platform, Data+.
As highlighted in the seminal ‘Building a Safer Future – Independent Review of Building Regulations and Fire Safety’ report[1], insufficient or inaccurate data can significantly impact the performance, efficiency, and safety of buildings. While over the last decade, the building industry has gradually moved away from traditional paper-based documentation to digital alternatives, issues around the accuracy, accessibility, and updatability of building data continue to linger due to the static nature of the pdfs, spreadsheets, and documents typically used in the process.
By offering one of the first comprehensive digital handover solutions in the Middle East, AESG hopes to introduce new practices for the industry, while strengthening the value proposition of its existing services. “Our acquisition of Springboard Middle East perfectly aligns with our strategy of pioneering new and more effective means of service delivery. Their revolutionary platform perfectly rounds out the digitalisation of our offerings and enhances both the immediate and long-term value of the projects we deliver. By adopting an integrated, digital approach across commissioning, handover and asset management, AESG is committed to leading the data revolution in the built environment,” said Saeed Al Abbar, CEO at AESG.
As a value add to its clients, the company will now offer full digital handovers on all commissioning and handover management projects, along with the option of hosting project data on Data+, its cloud-based platform – making it accessible from anywhere, easily searchable, and instantly updatable. When utilized as a subscription-based service, Data+ serves as a secure, collaborative environment that stands as a ‘single, central source of truth’ for all stakeholders and project teams.
Because Data+ has been built on industry standards and follows a COBie and BIM Level 2 compliant framework, it can be integrated with most Building Information Modelling (BIM) and Computer Aided Facility Management (CAFM) solutions. This allows for accurate and validated asset data to be seamlessly exported to these platforms, greatly enhancing building owners modelling, performance optimisation, and maintenance capabilities. The platform also features integration with IOT and AI systems to provide digital twins of assets that enables the use of advanced analytics to optimize the performance of systems during the operational phase of a building’s lifecycle.
While AESG believes clients of all sizes can benefit from its new offering, Al Abbar noted that Data+ will prove to be especially valuable to mega-projects. “We are working on a number of such high-value projects across the region and the size and scale of these undertakings warrants a more streamlined approach to data management. With all teams having instant access to the up-to-date information they need, they can have a clear picture of the real-time project metrics which will greatly enhance their efficiency and effectiveness. We are excited to work together with our clients in familiarising them with this new approach to handover and ongoing project management,” he concluded.
Why is 5G RAN slicing key to delivering on the promise of 5G? As a vital part of end-to-end network slicing technology, RAN slicing will help unlock the potential of a wide range of use cases for various industries, enterprise and enhanced mobile broadband segment. In our latest paper, we discuss what is Ericsson RAN slicing and how it can help realize the full potential of 5G.
From smartphones to smart factories, the promise of 5G is an open innovation platform that enables business and society to take the leap towards a smarter, safer and more sustainable future.
5G network slicing gives service providers the ability to serve a multitude of use cases with lightning-fast connectivity and enhanced performance. Service providers around the world are moving towards 5G network slicing, where slices of virtual networks are allocated to the meet connectivity demands of different use cases. Network slicing facilitates service differentiation and secures the necessary capacity and performance during high load to fulfill service-level agreements (SLA).
A case in point is online gaming. An Ericsson ConsumerLab survey of 7,000 consumers found that 90 percent of those who play video games at least weekly were negatively affected by lag when playing, with at least 1 in 3 sometimes quitting as a result.
Different game genres have different data rates, latency and reliability requirements on mobile networks. This is an area where service providers can offer customized slices for cloud gaming or any AR/VR application. The slicing framework can reserve dedicated resources by orchestrating these across the radio, transport and core networks.
Just like with this cloud gaming example , service providers can use network slicing as a way of differentiating their 5G offering. It helps tap the huge potential of a wide range of use cases for the enterprise and enhanced mobile broadband markets with guaranteed performance.
Ericsson RAN slicing solution enables service providers to offer differentiated handling of new services with respective quality of service and radio resource management for SLA fulfillment. What’s more, our solution is scalable and flexible enough to support a growing number of slicing use cases with faster time to market.
Cyber-crime is a complex landscape, but when it comes to actually launching cyber-attacks, there are three main techniques that criminals have relied on for decades to help them get around organizations’ defenses and into their networks: phishing, credentials theft and business email compromise. According to Verizon’s Data Breach Investigation Report, these ‘big three’ are the cause over two-thirds (67%) of all successful data breaches globally.
Check Point Research recently joined forces with Otorio to analyze and take a deep dive into a large scale phishing campaign that targeted thousands of global organizations, revealing the campaign’s overall infection chain, infrastructure and how the emails were distributed.
In August, attackers initiated a phishing campaign with emails that masqueraded as Xerox scan notifications, prompting users to open a malicious HTML attachment. While this infection chain may sound simple, it successfully bypassed Microsoft Office 365 Advanced Threat Protection (ATP) filtering and stole over a thousand corporate employees’ credentials.
Interestingly, due to a simple mistake in their attack chain, the attackers behind the phishing campaign exposed the credentials they had stolen to the public Internet, across dozens of drop-zone servers used by the attackers. With a simple Google search, anyone could have found the password to one of the compromised, stolen email addresses: a gift to every opportunistic attacker.
Figure 1: Personalized HTML Phishing file example
Infection Chain
The initial attack started with one of several phishing email templates. The attacker would send an email imitating a Xerox (or Xeros) scan notification with the target’s first name or company title in the subject line.
Figure 2: Phishing email example
Once the victim double-clicked the attached HTML file, the default system browser displayed a blurred image with a preconfigured email within the document (see figure 1 above).
Throughout the campaign several other phishing page variants were used, but the blurred background image remained the same.
After the HTML file was launched, a JavaScript code would then run in the background of the document. The code was responsible for simple password checks, sending the data to the attackers’ drop-zone server, and redirecting the user to a legitimate Office 365 login page.
Figure 3: C&C address for exfiltration
Figure 4: Password verification process and redirection
Throughout the campaign, the code was continuously polished and refined, with the attackers creating a more realistic experience so the victims were less likely to have their suspicions aroused, and more likely to provide their login credentials.
By using simple techniques, the attackers were also successful in evading detection by most Anti-Virus vendors, as can be seen from the following detection rates from the latest iteration of the campaign:
Figure 5: Low detection rates for the phishing pages on VirusTotal
Infrastructure
This campaign utilized both unique infrastructure, and compromised WordPress websites that were used as drop-zone servers by the attackers.
While using a specialized infrastructure, the server would run for roughly two months with dozens of XYZ domains. These registered domains were used in the Phishing attacks.
Figure 6: Passive total domains-per-day view for drop-zone server 45.88.3.233
Figure 7: Example drop-zone domains used for phishing attacks
We discovered dozens of compromised WordPress servers that hosted the malicious PHP page (named “go.php”, “post.php”, “gate.php”, “rent.php” or “rest.php”) and processed all incoming credentials from victims of the phishing attacks.
Attackers usually prefer to use compromised servers instead of their own infrastructure because of the existing websites’ well-known reputations. The more widely recognized a reputation is, the chances are higher that the email will not be blocked by security vendors.
Email Distribution
Analyzing the different email headers used in this campaign allowed us to draw several conclusions regarding the Tactics Techniques & Procedures (TTPs) used by the attackers:
The emails are sent from a Linux server hosted on Microsoft’s Azure
The emails are often sent by using PHP Mailer 6.1.5 (latest version from Mar 19 to May 27)
The emails are delivered using 1&1 email servers
Attackers used compromised email accounts to distribute spam through high-reputation phishing campaigns because the emails are harder to block. In one specific campaign, we found a phishing page impersonating IONOS by 1&1, a German web hosting company. It is highly likely that the compromised IONOS account credentials were used by the attackers to send the rest of the Office 365 themed spam.
Figure 8: Alternative Phishing page
Targeted Organizations
We found that once the users’ information was sent to the drop-zone servers, the data was saved in a publicly visible file that was indexable by Google. This allowed anyone access to the stolen email address credentials with a simple Google search.
Figure 9: Example credentials format stored on a publicly available URL
The public availability of this data allowed us to create a breakdown of the victims according to their industry (based on a subset of ~500 stolen credentials).
Figure 10: Distribution of targets by industry
Although there was a wide distribution of targeted industries, there appears to be a special interest in Energy and Construction companies.
Previous Campaigns
We found several correlations to previous phishing activity by comparing the campaign’s TTPs. Due to the similarities, these activities were likely executed by the same attacker or group of attackers.
Figure 11: Email from a previous campaign
We discovered a phishing email from May 2020 that perfectly matched the TTP’s described above. It also used the same JavaScript encoding that was used by this campaign in August.
Figure 12: First lines of the Phishing page compared
In this older scenario, the script redirected the user to another variant of an Office 365 phishing page that was not entirely encoded within the initial HTML file.
Figure 13: Phishing page from an older campaign via Urlscan
Google search engine algorithm naturally indexes the internet, and that is what makes it the most popular search engine ever invented. Thanks to its powerful algorithm, it also capable of indexing the hackers pages where they temporarily store the stolen credentials. We informed Google for them indexing the hackers’ failures and victims now can use Google search capabilities to look for their stolen credentials and change their passwords accordingly.
Conclusion
Our analysis of this campaign highlights the efforts that attackers will make to conceal their malicious intentions, bypass security filtering and trick users. To protect yourself against this type of attack, be suspicious of any email or communication from a familiar brand or organization that asks you to click on a link or open an attached document. Here are some practical tips to help keep your data safe:
Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.
Be cautious with files received via email from unknown senders, especially if they prompt for a certain action you would not usually do.
Ensure you are ordering goods from an authentic source. One way to do this is to NOT click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.
Beware of “special” offers that don’t appear to be reliable or trustworthy purchase opportunities.
Make sure you do not reuse passwords between different applications and accounts.
Organizations should prevent zero-day attacks with an end-to-end cyber architecture, to block deceptive phishing sites and provide alerts on password reuse in real time. Check Point Infinity is effective because it combines two key ingredients: full convergence across all attack surfaces and all attack vectors, and advanced prevention that can tackle the most sophisticated zero-day phishing and account takeover attacks.
Nutanix, Inc. (NASDAQ: NTNX) a leader in private cloud, hybrid, and multicloud computing has released an analysis of its third global Enterprise Cloud Index survey and research report, showing how companies in the UAE compare with the rest of the world when it comes to hybrid cloud adoption. This year, survey respondents were also asked about the impact of the COVID-19 pandemic on current and future IT decisions and strategy. A key finding: hybrid cloud is still the frontrunner as the ideal IT infrastructure model (83% of respondents in the UAE think so, which is close to the global figure of 86%), and respondents running hybrid environments are more likely to plan to focus on strategic efforts and driving positive business impact.
The UAE is right in line with global averages for hybrid cloud adoption (just 10% penetration). However, they’re ahead of the game in their adoption of private cloud and multiple public cloud infrastructure services; the private and public clouds will eventually be integrated into the highly desirable hybrid cloud model.
Key findings:
Respondents in the UAE currently run more private clouds (35%) than any other IT infrastructure model. Those from the UAE tied with Australia and Italy for having the largest penetration of private cloud of all ECI companies polled worldwide. Private cloud is a component of the emerging, highly flexible hybrid cloud model, which 83% of respondents in the UAE agreeing is the ideal IT operating model going forward. UAE appears to have done a reasonable job of paring down their use of legacy datacenter-only environments, reporting below-average penetration of 15% while the country is right in line with averages for hybrid cloud adoption (just 10% penetration).
Over the next five years, respondents in the UAE plan to reduce all IT models in use except for hybrid cloud, which they expect to grow significantly. Hybrid cloud/ multi-cloud will account for 45% of new deployments in the same time frame.
Security, privacy, and compliance strengths together represent the number one decision factor when considering new IT deployments. This was agreed by 26% of UAE respondents. Cost advantages ranked a distant second (13%); from there, respondents from the UAE were highly divided in their selections of the top IT deployment decision factor. More respondents from the UAE did report having to abide by executive-level mandates as their top criterion (9%) than average (2%).
UAE IT pros are migrating to a hybrid cloud environment for better business outcomes, not just to save cost. UAE respondents cited better control of IT resource usage (65%), increased speed to deliver business needs (61%), and better support for remote working (61%) as their top motivators.
Management tools that work across dissimilar cloud platforms are still maturing, and IT shops seek cross-platform cloud talent that’s currently challenging to find. More than a third of respondents from the UAE (35%) reported being short on the IT skills necessary to manage hybrid cloud environments, and over a fourth (29%) said they lacked skills in cloud-native and container technology, such as Kubernetes.
The top reason that UAE respondents moved applications to a new environment involved concerns over security in the public cloud infrastructure (65%). The second most-often cited reason was to improve the speed of access to data (60%), a nod to the generally faster application response times of high-speed local-area networks compared to delay-sensitive wide-area networks used to reach the public cloud. In addition, significantly more respondents in the UAE than elsewhere cited having greater availability of IT skill sets on-prem (46%) as a reason to repatriate applications back to private datacenters. They also were far more bullish about avoiding vendor lock-in as a reason to keep apps on-prem.
When asked where they plan to run applications in the new year 2021, respondents from the UAE were most optimistic about their intentions to host more applications in the private cloud (43%), surpassing the averages, while fewer than average said they’re likely to run more apps in a public cloud infrastructure. Slightly more than average said they intended to host more applications in on-premises datacenters (17%).
The majority of UAE respondents (83%) said that the COVID-19 pandemic has caused IT to be viewed more strategically within their organizations. The pandemic has in many cases forced IT shops to turn to the cloud for readily available infrastructure that can accommodate larger numbers of work-from-home employees. Indeed, while more than a fourth of respondents from the UAE (28%) reported having no regular remote workforce one year ago, that number has plummeted to 4% since the rise of the pandemic.
The COVID-19 pandemic generally drove new investments in cloud infrastructure and tools. 47% of UAE respondents reported making new investments in hybrid cloud and private cloud (41%), while 33% reported increased investments in public cloud infrastructure services because of the pandemic. Far fewer respondents from the UAE reported making no new infrastructure investments because of the pandemic (1%) than in other regions.
“It is a great sign that companies in the UAE have a healthy adoption of private cloud and multiple public cloud infrastructures. Both these components are a necessary step on the journey to a dominant hybrid cloud environment, as enterprises gain the right mix of management tools and skill sets to handle the job,” said Aaron White, Sr. Sales Director, METI at Nutanix. “The COVID-19 pandemic has influenced IT priorities. It moved many businesses’ IT focus from planned initiatives to remote infrastructure build outs to support home workers. However, in doing so, it has boosted cloud use, spurring the growth of underlying cloud infrastructure that’s essential to hybrid cloud plans and, more broadly, to corporate digital transformation initiatives.”
Editor’s note:
For the third consecutive year, Vanson Bourne conducted research on behalf of Nutanix, surveying 3,400 IT decision-makers around the world about where they’re running their business applications today, where they plan to run them in the future, what their cloud challenges are, and how their cloud initiatives stack up against other IT projects and priorities. The respondent base spanned multiple industries, business sizes, and the following geographies: the Americas; Europe, the Middle East, and Africa; and the Asia-Pacific and Japan region.
To learn more about the report and findings, please download the full third Nutanix Enterprise Cloud Index,here.
Globalista Extraordinaire 