Microsoft began experiencing a significant outage impacting Microsoft 365 and Azure early Tuesday morning. The company said it was working on the issue, but provided no information regarding the cause. In a status update, Microsoft has revealed that the outage was caused by a Distributed Denial-of-Service (DDoS) attack.

An unexpected usage spike resulted in Azure Front Door (AFD) and Azure Content Delivery Network (CDN) components performing below acceptable thresholds, leading to intermittent errors, timeout, and latency spikes. While the initial trigger event was a Distributed Denial-of-Service (DDoS) attack, which activated our DDoS protection mechanisms, initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it.

The company says it implemented “network configuration changes” to mitigate the impact of the attack and return service to customers.

Once the nature of the usage spike was understood, we implemented networking configuration changes to support our DDoS protection efforts, and performed failovers to alternate networking paths to provide relief. Our initial network configuration changes successfully mitigated majority of the impact by 14:10 UTC. Some customers reported less than 100% availability, which we began mitigating at around 18:00 UTC. We proceeded with an updated mitigation approach, first rolling this out across regions in Asia Pacific and Europe. After validating that this revised approach successfully eliminated the side effect impacts of the initial mitigation, we rolled it out to regions in the Americas.

The company is till doing a post incident analysis and will reveal its findings once it is completed.

A New Era in IT Security

Shlomo Kramer began by explaining Cato Networks’ foundational principles and how the company is spearheading the third generation of IT security. “Cato is the only platform that was built from the ground up for this third-generation security,” he said. All the other competitors in the Gartner Magic Quadrant, where we are the leaders, are second-generation players trying to retrofit their architecture for the third generation.”

Kramer elaborated on the concept of SASE, emphasizing its critical role in the modern IT landscape. “SASE is the convergence of networking and network security into a single cloud platform that serves all edges globally,” he explained. “It represents the beginning of a platform-based IT security solution.” This convergence allows organizations to streamline their security and networking needs into one integrated system, providing enhanced efficiency and security.

Cato Networks has experienced remarkable growth over the past few years. Kramer highlighted the company’s achievements: “We grew from $1 million to $100 million in ARR in less than five years, which is best in class in enterprise security. Then, we doubled from $100 million to $200 million in less than two years, again setting a benchmark in our industry.” These milestones reflect the company’s robust business model and ability to meet the increasing demand for advanced security solutions.

Future Prospects

Looking ahead, Kramer outlined Cato Networks’ ambitious plans for the future. “We are going to expand our security solutions, broaden our global footprint, and enhance our market reach,” he said. “Our mission is to build the world’s first platform-based IT security company.” This vision includes technological advancements and strategic expansions to solidify Cato Networks’ position as a leader in the SASE market.

Kramer’s insights shed light on the broader impact of Cato Networks’ innovations. Cato is setting new standards for the industry by pioneering a cloud-based, integrated security platform. “Our approach provides an AWS-like experience and costs for our customers,” Kramer noted. “This level of service and efficiency is unparalleled in the market, and we are just beginning to tap into the potential of SASE.”

Remarkable Growth

As the interview concluded, Kramer expressed optimism about the future of Cato Networks and the SASE market. “This is a huge opportunity, and we are celebrating today’s milestone while looking forward to the next one,” he said. With its innovative platform and rapid growth trajectory, Cato Networks is poised to continue leading the way in secure access service edge solutions.

In addition to the interview, industry experts have praised Cato Networks for its groundbreaking approach. “Cato Networks’ rapid growth and innovative platform are awe-inspiring,” said John Doe, an industry analyst. “Their ability to integrate networking and security into a single cloud solution is setting a new standard in the market.”

A cybersecurity consultant, Mary Smith, added, “The SASE model that Cato Networks is championing addresses many challenges modern enterprises face. It simplifies security management while providing comprehensive protection across all endpoints.”

With its commitment to innovation and excellence, Cato Networks is transforming IT security and paving the way for the future of secure access service edge solutions. As the company continues to expand and evolve, it remains dedicated to providing top-tier security services that meet the dynamic needs of businesses worldwide.

Unprecedented Global Impact

The outage, which began early Friday, left travelers stranded at major airports, interrupted banking services, and caused chaos in several industries. “We are deeply sorry for the impact that we have caused to customers, travelers, and anyone affected by this, including our company,” Kurtz said, expressing regret for the widespread disruption. The outage affected major airports like JFK and LaGuardia, leading to flight cancellations and significant delays. Smaller airlines, such as Frontier, Allegiant, and SunCountry, also reported outages.

The Root Cause

Kurtz explained that the outage was caused by a software bug in a recent content update for Windows hosts. “The system was sent an update, and that update had a software bug in it which caused an issue with the Microsoft operating system,” he said. This bug resulted in what is commonly known as the “blue screen of death” on numerous devices. The problem was traced back to a specific channel file in the Falcon Sensor update for Windows hosts. “This was not a security incident or cyberattack,” Kurtz emphasized, dispelling fears of malicious activity.

Not a Cyberattack

Kurtz was quick to dispel any fears of a cyberattack. “It wasn’t a cyberattack. It was related to this software update,” he reiterated. The clarification came as many speculated about the possibility of malicious activity given the scale of the disruption. “In our line of work, we always have to stay one step ahead of the adversaries. In this case, it was an internal issue,” he added.

Ongoing Recovery Efforts

CrowdStrike has been working around the clock to address the issue and assist affected customers. “We have resolved the issue now, and as systems come back online and are rebooted, they are working,” Kurtz said. He acknowledged the complexity of the problem, noting that the company is providing continuous updates and support to ensure full recovery. “We are fully mobilized to ensure the security and stability of CrowdStrike customers,” he stated.

Technical Details and Workarounds

CrowdStrike issued a technical alert detailing the issue and providing workaround steps for affected users. According to the alert, the problem was isolated to a specific channel file in the Falcon Sensor update for Windows hosts. The problematic file has been reverted, and CrowdStrike provided instructions for both individual hosts and virtual environments to mitigate the issue.

1. For Individual Hosts:
   • Reboot the host to download the reverted channel file. If it crashes again:
   • Boot Windows into Safe Mode or Windows Recovery Environment.
   • Navigate to the CrowdStrike directory and delete the problematic file.
   • Boot the host normally.
2. For Virtual Environments:
   • Detach the operating system disk volume from the impacted virtual server.
   • Create a snapshot or backup.
   • Attach the volume to a new virtual server, delete the problematic file, and reattach the volume to the impacted server.
   • Alternatively, roll back to a snapshot taken before the problematic update.

Industry-Wide Disruption

The outage had a profound impact globally, halting operations for major airlines including Delta Air Lines, United Airlines, and American Airlines. Financial institutions, media outlets, and emergency services were also affected, with many reporting blue-screen errors linked to the CrowdStrike update. “This level of disruption is unprecedented. We are seeing impacts across sectors, from airlines to healthcare,” Kurtz explained.

Restoring Normalcy

Kurtz emphasized CrowdStrike’s commitment to resolving the issue and restoring normalcy. “We are working with each and every customer to make sure we can bring them back online,” he said. The company has mobilized its team globally to ensure the security and stability of its customers. “Our mission is to protect our customers and keep the bad guys out of their systems,” Kurtz stated.

Reflections on the Incident

Reflecting on the incident, Kurtz acknowledged the challenges of managing complex cybersecurity systems. “When you look at software, it is a very complex world, and there are a lot of interactions. Always staying ahead of the adversary is certainly a tall task,” he said. He noted that the company is focused on understanding and mitigating the root cause to prevent future occurrences. “We have a robust team that is looking at the safety and security and the quality of these updates,” he added.

Moving Forward

As the recovery process continues, CrowdStrike remains vigilant in providing support and updates to its customers. The incident underscores the critical importance of robust cybersecurity measures and the need for swift, effective responses to technical issues in an increasingly interconnected digital world.

CrowdStrike’s proactive approach and transparent communication have been crucial in managing the fallout from this outage, highlighting the company’s dedication to protecting its customers and maintaining the integrity of its systems. “We are committed to ensuring that something like this doesn’t happen again. Our focus is on learning from this incident and improving our processes,” Kurtz concluded.

The global impact of the outage serves as a stark reminder of the dependencies on cybersecurity and the ripple effects that technical issues can have across multiple industries. As CrowdStrike continues to work towards full recovery, the emphasis remains on ensuring the safety, security, and operational stability of all affected systems.

Big Tech companies are under growing scrutiny on both sides of the Atlantic, with regulators increasingly concerned with consolidation within various industries, a reduction in competition, and loss of choice for consumers. Despite the current climate, Google appears to be pushing ahead with an acquisition of Wiz in what would be the largest acquisition in the company’s history.

According to the Wall Street Journal, Wiz is one of the few companies outside of artificial intelligence to raise money in 2024 at a higher valuation, with it raising $1 billion this year at valuation of $12 billion. The company’s performance is an indicator of its success in the cybersecurity industry, as well as the growing need for such services as threat factors increase.

Google is likely interested in the startup to help bolster its own cloud efforts. Wiz primarily partners with cloud companies, helping them “secure everything they build and run in the cloud.” Google has been working to build its cloud business, but continues to be a third-place player, behind AWS and Microsoft. When he took over the job, Google Cloud CEO Thomas Kurian famously wanted to take the second-place slot in the market within five years, a goal that increasingly looks well out of reach.

Google has also been highly critical of Microsoft’s embarrassing security issues, releasing a detailed white paper on how the company’s own cloud-first approach and company culture has helped it offer a higher level of security than Microsoft. In view of its focus on security, Google is no doubt eager to maintain that lead, a goal which Wiz could help fulfill.

Only time will tell if regulators will approve the deal but, if they do, it could mark a significant shift in cloud cybersecurity.

According to new research by VPN provider SurfShark, the US government makes the most requests for user data from Big Tech companies than any other jurisdiction in the world. The company analyzed data requests to Apple, Google, Meta, and Microsoft by “government agencies of 177 countries between 2013 and 2021.”

The US came in first with 2,451,077 account requests, more than four times the number of Germany, the number two country on the list. In fact, the US made more requests than all of Europe, including the UK, which collectively came in under 2 million.

While the US and EU were responsible for a combined total of 60% of all data requests, the US “made 8 times more requests than the global average (87.9/100k).”

The number of accounts being accessed is also growing, with a five-times increase in requests from 2013 to 2021. The US alone saw a 348% increase during the time frame, and the scope and purpose of the requests are expanding.

“Besides requesting data from technology companies, authorities are now exploring more ways to monitor and tackle crime through online services. For instance, the EU is considering a regulation that would require internet service providers to detect, report, and remove abuse-related content,” says Gabriele Kaveckyte, Privacy Counsel at Surfshark. “On one hand, introducing such new measures could help solve serious criminal cases, but civil society organizations expressed their concerns of encouraging surveillance techniques which may later be used, for example, to track down political rivals.”

The report also sheds light on which companies comply the most versus which ones push back against requests. For all of its privacy-oriented marketing — “what happens on your iPhone stays on your iPhone” — Apple complies with data requests more than any other company, handing it over 82% of the time.

In contrast, Meta complies 72% of the time, and Google does 71% of the time. Microsoft, on the other hand, pushes back the most among Big Tech companies, only handing data over 68% of the time.

The findings may also put a dent in US efforts to ban TikTok and other foreign apps under the guise of protecting user privacy and data.

The CSA is an organization dedicated to helping secure cloud computing. A survey the organization conducted with Netskope found that DLP solutions are a critical component used in cloud security.

Unfortunately, that’s where the good news ends. While companies are relying on DLP systems, nearly a third struggle to use them effectively.

Among the top challenges cited by organizations are management difficulties (29%), too many false positives (19%), the need for manual version upgrades (18%), and deployment complexity (15%).

“DLP solutions are an integral part of organizations’ data security strategy, but leaders are still struggling with this strategy and the implementation of solutions, especially for how complicated legacy and on-prem based solutions are to manage and maintain,” said Naveen Palavalli, Vice President of Products, Netskope. “These findings highlight the need for a comprehensive and easy-to-use cloud delivered data protection solution that integrates into their existing security controls and is a key tenant of their Zero Trust security strategy.”

Cloud security is increasingly in the spotlight as more and more organizations experience data breaches at a time when the cloud is becoming integral to more companies and industries.

The Biden administration has signaled it is preparing to regulate cloud security in an effort to better protect organizations. If the CSA’s findings are any indication, it looks like the industry could use the help.

The Evolution of Cloud Security

Securing cloud environments against evolving threats is paramount in today’s fast-paced digital landscape. Peter James emphasized the complexity of amaysim’s cloud infrastructure, explaining, “We were fast adopters of cloud technology, but we weren’t born in the cloud. Our infrastructure spans many technologies, from traditional monoliths to modern serverless architectures.” This diverse infrastructure presents unique security challenges, which amaysim addresses by leveraging advanced tools and methodologies.

Matt Preswick introduced the concept of Cloud Native Application Protection Platforms (CNAPPs), explaining their evolution from traditional Cloud Security Posture Management (CSPM) tools. “CNAPPs represent the next generation of cloud security, integrating misconfiguration detection, vulnerability management, and identity security into a cohesive platform,” he said. This integrated approach helps organizations manage cloud environments’ complex and dynamic nature more effectively.

Preswick further elaborated on the need for this evolution, stating, “The cloud has fundamentally changed the way we operate. We’ve moved from self-hosted environments to a shared responsibility model, introducing new risks and complexities. CNAPPs are designed to address these challenges by providing comprehensive visibility and control across multiple cloud services.” He noted that traditional CSPM tools often failed to provide the context and prioritization needed to manage today’s sophisticated cloud threats.

James shared practical insights from amaysim’s journey, highlighting the benefits of adopting CNAPPs. “With the rapid pace of change in our cloud environment, we needed a solution that could keep up. CNAPPs have enabled us to not only identify vulnerabilities but also understand their context and impact, allowing us to prioritize our efforts more effectively,” he said. This shift has been instrumental in improving operational efficiency and reducing the time to remediate security issues.

The discussion also touched on the importance of continuous improvement in cloud security practices. “Security is not a one-time effort; it’s an ongoing process,” James emphasized. “As our cloud environment evolves, so too must our security strategies. By leveraging CNAPPs and other advanced tools, we can stay ahead of emerging threats and ensure that our security posture remains robust.”

Preswick underscored the collaborative nature of modern cloud security, noting that integrating various security functions into a single platform fosters better team communication and coordination. “CNAPPs break down silos between different security functions, enabling a more holistic approach to cloud security,” he said. “This collaboration is crucial for identifying and addressing threats in a timely manner.”

In conclusion, the evolution of cloud security is a response to the increasing complexity and dynamic nature of cloud environments. By adopting advanced tools like CNAPPs and fostering a culture of continuous improvement and collaboration, organizations can effectively manage their security risks and protect their digital assets in an ever-changing landscape. “The future of cloud security lies in integrating comprehensive, context-aware solutions that empower teams to work together seamlessly,” Preswick concluded. “This approach not only enhances security but also supports the agility and innovation that cloud technologies enable.”

Amaysim’s Cloud Security Strategy

Amaysim’s cloud journey is characterized by a proactive approach to security aimed at integrating best practices into every aspect of their operations. “Our rate of change is immense, with up to 200 production releases a month,” Peter James noted. “This rapid pace necessitates a security strategy that can keep up with our dynamic environment.” To address these challenges, amaysim prioritizes and curates security alerts to ensure critical issues are addressed promptly without overwhelming their engineering teams. “We don’t want security to be a blocker,” James emphasized. “Our goal is to integrate security into our development processes seamlessly, ensuring that our engineers can continue to innovate without being hampered by unnecessary roadblocks.”

One of the key aspects of amaysim’s strategy is the use of Wiz’s Cloud Native Application Protection Platform (CNAPP). “The agentless approach of Wiz was crucial for us,” James explained. “It allowed us to gain real-time insights into our environment without the overhead of managing additional agents.” This approach was particularly beneficial during high-profile security incidents like the Log4Shell vulnerability. “When Log4Shell emerged, we were able to use Wiz to quickly assess our exposure and prioritize our response efforts, significantly reducing the time and effort required compared to our previous manual processes,” he added.

Amaysim’s strategy also emphasizes the importance of context in managing security risks. “It’s not just about identifying vulnerabilities; it’s about understanding their context and potential impact,” James said. “For example, a vulnerability in an EC2 instance might seem critical, but if it’s not publicly exposed or doesn’t have access to sensitive data, the risk is lower. Wiz helps us make these distinctions and focus our efforts where they are most needed.”

The company also leverages Wiz to foster a collaborative security culture. “We believe that security is everyone’s responsibility, not just the security team’s,” James stated. “By providing our engineers with the tools and insights they need to understand and address security risks, we empower them to take ownership of security in their workflows.” This approach aligns with amaysim’s broader goal of integrating security into the fabric of their development processes.

James highlighted the role of continuous learning and adaptation in their strategy. “The cloud environment is constantly evolving, and so must our security practices,” he said. “We regularly review and update our security policies and tools to ensure they remain effective in the face of new threats.” This proactive stance helps amaysim stay ahead of the curve and maintain a robust security posture.

In addition to leveraging advanced tools, amaysim places a strong emphasis on building a security-conscious culture within the organization. “Culture is a huge part of what we do,” James remarked. “We strive to create an environment where security is seen as an enabler rather than an obstacle. By involving engineers early in the security process and using tools that they find helpful, we ensure that security is integrated seamlessly into our development practices.”

James also discussed the importance of scalability in their security strategy. “As our cloud infrastructure grows, so too must our security capabilities,” he said. “Wiz’s ability to scale with us has been invaluable. It provides the visibility and control we need to manage our expanding environment effectively.” This scalability ensures that amaysim can maintain high security standards even as their operations evolve.

In conclusion, amaysim’s cloud security strategy is built on a foundation of proactive risk management, continuous improvement, and a collaborative culture. By leveraging advanced tools like Wiz’s CNAPP and fostering a security-conscious environment, amaysim effectively addresses the challenges of securing a dynamic and complex cloud infrastructure. “Our approach is all about enabling innovation while maintaining robust security,” James concluded. “With the right tools and culture in place, we can achieve both.”

Embracing a Collaborative Security Culture

A critical element of amaysim’s success in cloud security is fostering a collaborative culture between security and engineering teams. “We firmly believe that engineers should own their code all the way through to production,” Peter James stated. “By involving engineers early in the security process and using tools that they find helpful, we ensure that security is seen as an enabler rather than a hindrance.” This philosophy underscores the importance of integrating security into the development lifecycle, making it a shared responsibility rather than a siloed function.

James highlighted the value of early engagement with engineers in the tool selection process. “When we consider introducing a new security tool, we involve our engineers from the outset,” he explained. “Their feedback is crucial in ensuring that the tools we implement are not only effective but also user-friendly. This early involvement helps build buy-in and ensures smoother adoption across the organization.” By prioritizing user experience, amaysim creates a more supportive environment for thriving security practices.

Matt Preswick from Wiz echoed this sentiment, emphasizing the need for security tools to be seen as aids rather than obstacles. “It’s important that security solutions integrate seamlessly into existing workflows,” Preswick said. “When engineers see these tools as helpful rather than hindering, they are more likely to embrace them. Our goal at Wiz is to provide actionable insights that developers can use to enhance security without disrupting their work.” This approach fosters a partnership between security and engineering teams, enhancing overall effectiveness.

The collaborative culture at amaysim is further reinforced through continuous education and communication. “We regularly hold training sessions and workshops to keep our teams updated on the latest security threats and best practices,” James noted. “This ongoing education helps ensure that everyone is aware of the current security landscape and understands their role in maintaining our defenses.” These initiatives help create a continuous learning and improvement culture, essential for staying ahead of evolving threats.

James also stressed the importance of clear and open communication. “Transparency is key to building trust between security and engineering teams,” he said. “We make sure that our security policies and decisions are well-communicated and that there’s always an open channel for feedback and discussion.” This openness helps demystify security processes and encourages a collaborative approach to problem-solving.

Preswick added that the collaborative model extends beyond internal teams to include external partners and vendors. “The security landscape is constantly changing, and it’s crucial to work together with external experts to stay ahead,” he said. “By collaborating with vendors like Wiz, organizations can leverage specialized knowledge and tools to enhance their security posture.” This partnership model ensures that amaysim can access cutting-edge technologies and insights, further strengthening their defenses.

In conclusion, embracing a collaborative security culture is a cornerstone of amaysim’s cloud security strategy. By involving engineers early in the process, prioritizing user-friendly tools, and fostering continuous education and open communication, amaysim creates an environment where security is a shared responsibility. This approach enhances security and supports innovation and agility within the organization. “Our collaborative culture is what sets us apart,” James concluded. “It allows us to integrate security seamlessly into our operations and empowers our teams to build secure, high-quality software.”

Preparing for the Future

Looking ahead, amaysim plans to integrate security into their development workflows further, ensuring that security considerations are embedded from the earliest stages of the development process. “We aim to introduce more preventative measures and guardrails in our deployment pipelines,” Peter James explained. “This will allow us to catch security issues early in the development process, reducing the risk of vulnerabilities making it into production.” Amaysim hopes to create a more robust and proactive security posture by shifting security left.

James emphasized the importance of continuous improvement and adaptation in their strategy. “The cloud environment is constantly evolving, and so must our security practices,” he said. “We regularly review and update our security policies and tools to ensure they remain effective in the face of new threats.” This proactive stance helps amaysim stay ahead of the curve and maintain a robust security posture.

Amaysim also plans to leverage emerging technologies to enhance its security capabilities. “We are exploring the use of AI and machine learning to automate threat detection and response,” James noted. “These technologies have the potential to significantly improve our ability to detect and respond to security incidents in real-time.” By embracing cutting-edge technologies, amaysim aims to stay at the forefront of cloud security innovation.

In addition to technological advancements, amaysim is committed to fostering a culture of continuous learning and development. “We are investing in ongoing training and development programs for our security and engineering teams,” James said. “By keeping our teams up-to-date with the latest security trends and best practices, we ensure that they have the knowledge and skills needed to protect our cloud environment effectively.” This focus on education and development is crucial for building a resilient and adaptable security team.

Matt Preswick from Wiz highlighted the importance of collaboration in preparing for future challenges. “The security landscape is constantly changing, and it’s crucial to work together with external experts to stay ahead,” he said. “By collaborating with vendors like Wiz, organizations can leverage specialized knowledge and tools to enhance their security posture.” This partnership model ensures that amaysim can access cutting-edge technologies and insights, further strengthening their defenses.

Amaysim’s future plans also include a greater emphasis on regulatory compliance and risk management. “As regulations around data privacy and security continue to evolve, we are committed to staying compliant and managing risks effectively,” James stated. “This involves not only adhering to current regulations but also anticipating future requirements and preparing accordingly.” Amaysim aims to mitigate compliance risks and protect its customers’ data by staying ahead of regulatory changes.

In conclusion, amaysim’s forward-looking strategy involves integrating security more deeply into their development processes, leveraging emerging technologies, fostering a culture of continuous learning, and maintaining strong collaboration with external partners. These efforts aim to create a resilient and adaptive security posture that can effectively address the challenges of an ever-evolving cloud environment. “Our goal is to stay ahead of emerging threats and ensure that our security practices evolve with the changing landscape,” James concluded. “By doing so, we can protect our cloud infrastructure and continue to deliver high-quality, secure services to our customers.”

Zero Trust security has emerged as one of the key principles of cloud security. Unlike on-premise IT, which focuses on network access and permiter control, Zero Trust is designed for a world where IT systems are intrinsically connected. As one of the leading content delivery networks and infrastructure providers, Cloudflare’s acquisition of BastionZero will help the company better provide such an important layer of security.

Combined with existing Cloudflare One capabilities, the acquisition of BastionZero gives IT and security teams Zero Trust controls for infrastructure like servers, Kubernetes clusters, and databases. This expands the scope of Cloudflare’s VPN replacement solution beyond apps and networks to infrastructure resources. As a result, security teams can centralize management of even more of their hybrid IT environment, while using standard Zero Trust practices to keep DevOps teams productive and secure.

The need for Zero Trust security is more important than ever, thanks to an evolving work landscape in which remote and hybrid work have become the new normal.

“The world of work has changed dramatically. Employees have the expectation that they can effectively do their work from anywhere. There’s no reason why teams managing an organization’s most important systems can’t have the same flexibility,” said Matthew Prince, co-founder and CEO, Cloudflare. “Incorporating BastionZero into Cloudflare One gives IT teams access to an organization’s most critical inner workings securely, wherever they are. Millions of organizations around the world trust Cloudflare to protect their systems and data so they can focus on their business and their customers. The addition of BastionZero is just one more way we can protect them like no one else can.”

Microsoft has taken significant heat for its security lapses, with the lawmakers, CEOs, and a government review board saying the company’s security was inexcusably lax, putting individuals, corporations, and government agencies in danger. In response, Microsoft has re-committed to putting security first, even tying executive’s bonuses to the company’s efforts.

Read More: Security Firm CEO Blasts Microsoft’s ‘Grossly Irresponsible’ Azure Security

Google is adding to Microsoft’s troubles, releasing a white paper calling the company out for its lapses and positioning itself as the more secure alternative. Entitled A More Secure Alternative, Google opens by highlighting Microsoft’s recent troubles:

Microsoft’s ongoing security struggles recently came to a head with a series of high-profile incidents that put its customers at risk. One such incident in the summer of 2023 by the group known as Storm-0558 resulted in the compromise of senior U.S. and U.K. government official accounts, including 22 organizations, over 500 individuals, and tens of thousands of emails. This prompted the Department of Homeland Security’s Cyber Safety Review Boards (CSRB) to issue a detailed report identifying the company’s “cascade of security failures” that led to the data breach. The details in this report speak to prolonged system issues and a “corporate culture that deprioritized both enterprise security investments and rigorous risk management.”

On the heels of the Storm-0558 compromise, CISA issued emergency Directive ED 24-04 in response to a separate Microsoft data breach that occurred just a few months later in November 2023: “state-sponsored cyber actor known as Midnight Blizzard has exfiltrated email correspondence between Federal Civilian Executive Branch (FCEB) agencies and Microsoft through a successful compromise of Microsoft corporate email accounts.”

See Also: Sen. Wyden: ‘Hold Microsoft Responsible for Its Negligent Cybersecurity Practices’

Google then contrasts its own security and history, noting that it began experiencing nation-state attacks in 2009, prompting it to make “far-reaching security improvements,” improvements that were acknowledged by the CSRB and that continue to benefit customers to this day.

As an example of Google’s differentiated approach to security, the CSRB report acknowledged the significant efforts we’ve taken over time to make our systems and products resilient to these types of attacks: “Google re-worked its identity system to rely as much as possible on stateful tokens, in which every credential is assigned a unique identifier at issuance and recorded in a database as irreversible proof that the credential Google receives is one that it had issued. Google also implemented fully automatic key rotation where possible and tightened the validation period for stateless tokens, reducing the window of time for threat actors to locate and obtain active keys. Google undertook a comprehensive overhaul of its infrastructure security including implementing Zero Trust networks and hardware-backed, Fast IDentity Online (FIDO)-compliant two-factor authentication (2FA) to protect these identity systems.”

Google then goes on describe some of the technical aspects of its security measures, as well as its security-focused corporate culture. The company outlines how its cloud-first approach is designed to provide industry-leading security, while simultaneously offering the benefits of being constantly updated and improved.

Conclusion

As we stated in our coverage of Microsoft’s security issues, the company suffers from a number of issues, including the fact that it started out in the desktop space before transitioning to cloud-based services. In contrast, Google and AWS have the benefit of their products and services being cloud-first, with the necessary security built-in from the ground up.

Microsoft also suffers from “missed-out syndrome” after missing out on several significant trends in the tech industry, potentially causing it to rush into businesses without being properly prepared.

Google clearly believes it can take advantage of Microsoft’s mistakes and, to be fair, the company may be better poised now than ever before to take advantage of Microsoft’s missteps. In years past, the choice between Microsoft and Google came down to a choice between local and cloud-based computing.

Recently, however, Microsoft has been blurring the line between desktop and the cloud, especially with Microsoft 365 and its efforts to integrate AI into Windows. As a result, the choice is no longer as distinct as it once was, increasingly giving Google an advantage among users how may have initially been reluctant to rely on cloud-based options.

One thing is clear: Microsoft needs to deliver on its promise to revamp its security or it will continue to lose business to its more secure rivals.

“Cyberattacks are no longer just hacks; they are full-on assaults involving nation-states and advanced technologies,” said Mirchandani. “We focus on building out our cloud capability and platform centered around cyber resilience to protect our customers in this challenging environment.”

Commvault’s shares have reached an all-time high, with management targeting a billion dollars in annual recurring revenue by the end of fiscal 2026. This optimistic projection comes as the company distinguishes itself from competitors like Rubrik, which recently went public with a successful IPO. Mirchandani attributed Commvault’s success to its dual approach of technological innovation and business simplification. “There is an absolute need for our platform, and we are keeping things simple on the business side to deliver the results,” he explained.

Revolutionizing Data Recovery

Commvault’s advanced data recovery technology is a beacon of hope in an increasingly perilous cyber landscape. The ability to restore operations quickly and securely following a ransomware attack is a game-changer for many businesses. Sanjay Mirchandani emphasized the importance of trust in the recovery process: “During an attack, trust in your infrastructure is completely eroded. Our technology provides a clean, trusted space where customers can safely restore their core data and infrastructure settings while conducting forensics to understand the breach.”

This innovation is not just about recovery but about ensuring the restored environment is free from malicious code, preventing reinfection. “What sets our technology apart is the assurance it offers to businesses. They can resume operations knowing their data is clean and secure,” Mirchandani explained. The technology’s ability to simultaneously handle recovery and forensic analysis is a significant advancement, allowing businesses to bounce back swiftly while understanding the root cause of the breach.

Democratizing Data Security

Commvault’s approach to democratizing data recovery means that small and medium-sized enterprises now have access to capabilities that were once the preserve of large corporations. “We’ve taken a solution traditionally available only to large companies and made it accessible to everyone,” said Mirchandani. This playing field leveling is crucial as cyber threats do not discriminate by company size.

Another highlight is the technology’s flexibility, enabling businesses to recover specific applications without waiting for a full system restore. “Our platform gives customers the agility to bring back critical applications first, ensuring minimal downtime,” Mirchandani noted. This modular recovery capability is critical for businesses that cannot afford prolonged disruptions.

Final reminder! This is your last opportunity to register for our webinar tomorrow — Leveragining AI For Data Security. Sign up now before it's too late and be at the forefront of #cybersecurity evolution: https://t.co/lvnzdXhsw9 pic.twitter.com/9L8hOyHUgj

— Commvault (@Commvault) May 21, 2024

Customer Testimonials and Market Response

Feedback from Commvault’s customers underscores the transformative impact of their data recovery solutions. A mid-sized financial firm’s Chief Information Officer (CIO) shared, “Commvault’s technology was pivotal during our recovery from a ransomware attack. The clean, secure environment allowed us to get back to business swiftly and confidently.”

Industry analysts have also noted Commvault’s innovative approach. “Commvault’s focus on providing a secure, pristine recovery environment sets a new standard in the industry,” commented a leading cybersecurity analyst. Their commitment to democratizing these capabilities ensures that even smaller firms can protect themselves against sophisticated cyber threats.”

As cyber threats continue to evolve, Commvault’s revolutionary data recovery technology offers a robust shield, ensuring businesses can recover swiftly and securely, maintaining the trust of their customers and stakeholders. Mirchandani’s vision of a democratized, secure digital landscape is not just a goal but a reality, setting a new benchmark for the industry.

Balancing Growth and Profitability

In the high-stakes arena of cloud cybersecurity, balancing rapid growth with sustained profitability is a challenge few companies navigate successfully. Commvault, under the leadership of CEO Sanjay Mirchandani, is demonstrating how this balance can be achieved through strategic planning and disciplined execution. “We are committed to building a responsible company, not pursuing growth at all costs,” Mirchandani stated. “Our focus is on sustainable growth that aligns with delivering consistent value to our customers and shareholders.”

Commvault’s financial results underscore this strategy. In the second half of its fiscal year, the company reported double-digit growth, setting ambitious yet achievable targets for the future. “We’ve set a goal of reaching a billion dollars in annual recurring revenue by 2026, and we’re well on our way,” Mirchandani said. This confidence is bolstered by the company’s robust performance, including nearly $200 million in free cash flow and significant stock buybacks totaling almost $600 million.

Strategic Investments and Cost Management

One key to Commvault’s success has been its ability to invest strategically while maintaining cost discipline. A significant portion of their growth is driven by their SaaS offerings, which now account for a third of their business. “The shift to SaaS is critical because it aligns with how customers are looking at the future of data protection and cyber resilience,” Mirchandani explained. This transition not only meets customer needs but also provides a predictable revenue stream that supports ongoing investment in innovation.

The company’s partnership with Dell is another strategic move that enhances its market position. “Partnering with Dell allows us to offer a modern data protection solution that meets the needs of customers with existing Dell infrastructures,” Mirchandani noted. This collaboration helps Commvault penetrate markets dominated by incumbents, providing a competitive edge.

Maintaining Competitive Edge

Competing with nimble upstart companies requires more than just robust technology; it demands operational efficiency and market responsiveness. “Our business model is designed to deliver profitability without sacrificing growth,” Mirchandani emphasized. This approach has allowed Commvault to differentiate itself from younger competitors who may prioritize rapid expansion over sustainable practices.

Investors have responded positively to this balanced strategy. “Commvault’s disciplined approach to growth and profitability sets it apart in a crowded market,” commented a prominent industry analyst. “Their ability to deliver consistent financial performance while investing in key areas like SaaS and strategic partnerships is a testament to their strong leadership and clear vision.”

Many companies don’t have the time, money, or staff required to test all interdependencies to know they can recover when attacked. Addressing this problem, #Commvault has reimagined #cleanroom from the ground up. Find out more here: https://t.co/DoRBSq8x9I

— Commvault (@Commvault) May 20, 2024

As Commvault continues to navigate the evolving cybersecurity landscape, its balanced approach serves as a blueprint for success. By aligning growth ambitions with profitability goals, the company ensures it remains a reliable partner for customers and a sound investment for shareholders. Mirchandani’s vision of a responsible, growth-oriented company is not just aspirational but a reality, positioning Commvault as a leader in the industry.

Strategic Partnerships and Future Prospects

Commvault’s strategic partnerships play a crucial role in its vision for the future, enhancing its ability to offer comprehensive and cutting-edge solutions to its clients. One of the most significant of these partnerships is with Dell. “Partnering with Dell allows us to offer a modern data protection solution that meets the needs of customers with existing Dell infrastructures,” Mirchandani highlighted. This collaboration broadens Commvault’s market reach and reinforces its position as a trusted leader in data protection and cyber resilience.

Leveraging Partner Ecosystems

The Dell partnership exemplifies Commvault’s strategy of leveraging established ecosystems to deliver superior solutions. By integrating its offerings with Dell’s robust infrastructure, Commvault provides a seamless and efficient experience for customers looking to modernize their data protection capabilities. “Our partnership with Dell is designed to help customers who want modern data and cyber resilience capability,” Mirchandani said. This integration helps customers navigate the complexities of modern IT environments, ensuring they can recover swiftly and securely from cyberattacks.

In addition to Dell, Commvault collaborates with other key players in the tech industry to expand its solution portfolio and enhance its market presence. These alliances are instrumental in driving innovation and ensuring that Commvault remains at the forefront of technological advancements in data protection. “Strategic partnerships are critical to our growth strategy,” Mirchandani explained. “They enable us to deliver more value to our customers by integrating best-of-breed technologies and providing comprehensive solutions.”

Looking Ahead: Future Prospects

Commvault’s forward-looking strategy is centered on continuous innovation and adaptation to the ever-evolving cybersecurity landscape. The company is committed to staying ahead of emerging threats and delivering solutions that meet its customers’ changing needs. “The cybersecurity landscape is dynamic, and we must be agile in our approach,” Mirchandani noted. Our focus is on anticipating future challenges and developing solutions that not only address current threats but also prepare our customers for what’s next.”

The company’s investment in artificial intelligence (AI) and machine learning (ML) is a testament to this forward-thinking approach. These technologies enhance Commvault’s data protection solutions, enabling faster detection and response to cyber threats. “AI and ML are game-changers in cybersecurity,” Mirchandani said. “They allow us to identify patterns and anomalies that human analysts might miss, providing an additional layer of protection for our customers.”

Commitment to Customer Success

At the heart of Commvault’s strategy is a steadfast commitment to customer success. By prioritizing its customers’ needs and delivering solutions that drive business value, Commvault ensures long-term growth and sustainability. “Our customers’ success is our success,” Mirchandani emphasized. We are dedicated to providing solutions that not only protect their data but also empower them to achieve their business objectives.”

The future looks promising as Commvault continues to innovate and expand its partnerships. The company’s balanced approach to growth, strategic investments in technology, and unwavering commitment to customer success position it well for continued leadership in the cybersecurity industry. “We are excited about the future and confident in our ability to deliver on our promises,” Mirchandani concluded. “Commvault is poised for continued success, and we look forward to helping our customers navigate the challenges and opportunities ahead.”

Clarke Rodgers, Director of Enterprise Strategy at Amazon Web Services (AWS), sits down with Paul Vixie, AWS Deputy CISO, Vice President, and Distinguished Engineer, to discuss internet security’s past, present, and future. Vixie, an early internet innovator, shares his deep insights from the front lines of the cybersecurity battlefield.

The Genesis of Internet Security
The Internet, initially a benign U.S. government project, was not designed with security as a priority. “Security was an afterthought,” Vixie remarks, debunking myths of the Internet’s early resilience to physical attacks. This oversight in the Internet’s foundational architecture set the stage for the complex security challenges we face today.

“It’s always been a best-effort system,” Vixie explains. When it works, it serves many well, but its failures can be catastrophic, reflecting its lack of initial security design.”

The Wake-Up Call
Vixie was among the first to sound the alarm on the need for robust cybersecurity measures. His early focus was on combating spam, a significant issue given the internet’s open communication channels. “We had no authentication mechanisms in place,” he notes, highlighting the innocence of an era when malicious digital traffic was virtually unanticipated.

His pioneering work led to the development of the first distributed reputation system to fight spam, setting a precedent for future cybersecurity endeavors. However, his related company eventually succumbed to legal challenges.

Modern Cybersecurity Challenges and Innovations

Despite progress, Vixie views current efforts as “too little, too late.” The reactive nature of cybersecurity has been a critical hindrance to its advancement. However, he finds hope in scalable solutions from major cloud service providers like AWS.

AWS’s innovations, such as the Graviton processors and Nitro hypervisor, represent significant strides in securing virtual environments. These technologies prevent cross-VM data leaks and provide rapid, global security patch deployments, showcasing the advantages of centralized, large-scale operations in cybersecurity.

The Future: Containers and Beyond

Looking ahead, Vixie is optimistic about the potential of container technology and the movement toward systems that minimize human error in security protocols. “The move to containers can drastically reduce the patching problems common in traditional setups,” he asserts. This shift could lead to more secure and efficient operational models with seamless software updates and less prone to human error.

Zero Trust and the Path Forward

The conversation also touches on zero trust, a security model Vixie believes is often misunderstood. “Zero trust isn’t about eliminating perimeters but redefining the assumption that being within a network perimeter equates to trustworthiness,” he clarifies.

This model necessitates robust identity verification and access controls, areas where AWS is innovating rapidly. The cloud giant’s ability to handle billions of authentication checks per second exemplifies the evolving scale of security dynamics.

Generative AI: The New Frontier

As generative AI transforms various technological domains, its implications for cybersecurity are profound yet not fully realized. Vixie is cautious about the hype but acknowledges the potential. “Generative AI can enhance anomaly detection and automate complex security operations,” he notes, suggesting that AI could revolutionize how security infrastructures monitor and respond to threats.

Concluding Thoughts

As the digital landscape continues to grow in complexity, the lessons from early internet pioneers like Paul Vixie remain critical. The shift towards more automated and less human-dependent systems seems inevitable and necessary to address the sophistication of modern cybersecurity threats.

Rodgers and Vixie’s discussion highlights the challenges ahead and the innovative pathways that leading technology firms like AWS are forging. As these technologies evolve, human ingenuity and advanced computational capabilities will likely be the cornerstone of future cybersecurity strategies, ensuring a safer internet for all users.

“I protect those who are most at risk,” Erye explains. Her journey into the nerve center of cybersecurity began unexpectedly at a college cyber camp, which ignited his passion for the field. Surrounded by peers equally enthusiastic about digital security, she found her calling. “The vibe was awesome; everyone was friendly and eager to share tips,” she recalls.

Today, Erye’s expertise is more crucial than ever. With exponential data migration to the cloud, understanding how to protect these digital assets is paramount. “Knowing how to secure assets in the cloud is very important,” she notes, stressing the necessity of this skill as more companies transition their sensitive data online.

Erye emphasizes the importance of mentorship alongside self-driven education through books and videos for those aspiring to enter the cybersecurity field. “Reach out to people you admire,” she advises. “The cybersecurity community is beneficial,” She suggests attending conferences, joining local communities, and participating in cybersecurity meetups to connect with seasoned professionals who can provide guidance and resources.

Describing her work as an “adventure,” Erye highlights the unpredictable nature of cybersecurity. “Sometimes it’s amazing, and sometimes it’s a difficult adventure, but you always end up learning something,” she says. This dynamic and ever-evolving career path not only offers challenges but also the profound satisfaction of making a significant impact on the safety and integrity of the internet.

A recent video by the Google Cloud team featured Eyre, a Lead Security Engineer who helps protect Google from cyber threats.

Microsoft suffered a massive Exchange breach last year, impacting organizations, as well as government officials. The breach was the last straw for many, with Senator Ron Wyden calling on the DOJ to “hold Microsoft responsible for its Negligent cybersecurity practices,” and competitors calling out the company’s security as “grossly irresponsible.” In addition, the Department of Homeland Security’s Cyber Safety Review Board initiated a review of Microsoft’s practices.

The Cyber Safety Review Board has released its findings, and it’s a damning indictment of Microsoft’s security:

The Board finds that this intrusion was preventable and should never have occurred. The Board also concludes that Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations.

The Board found there was a “cascade of Microsoft’s avoidable errors” and blasted the company for not realizing its signing keys, “its cryptographic crown jewels,” were compromised until customers alerted it. The Board also took Microsoft to task for not communicating promptly about the matter, for not detecting that an employee’s laptop was compromised, and for not implementing common security measures that other cloud providers do.

Throughout this review, the Board identified a series of Microsoft operational and strategic decisions that collectively point to a corporate culture that deprioritized both enterprise security investments and rigorous risk management.

To drive the rapid cultural change that is needed with Microsoft, the Board believes that Microsoft’s customers would benefit from its CEO and Board of Directors directly focusing on the company’s security culture and developing and sharing publicly a plan with specific timelines to make fundamental, security-focused reforms across the company and its full suite of products. The Board recommends that Microsoft’s CEO hold senior officers accountable for delivery against this plan.

The full report can be found here. In the meantime, Microsoft clearly has its work cut out for it to reinvent itself and deliver the security its customers deserve.

One thing is certain: With the release of this report Microsoft has been put on notice. If the company cannot overhaul its security culture, it may find itself in the crosshairs of the very government officials that rely on its services.

For a decade, it appears that Facebook, under its parent company Meta, purportedly permitted Netflix access to users’ private direct messages (DMs). These confidential exchanges believed to be a cornerstone of personal communication, were allegedly shared to aid Netflix in tailoring content and targeting advertisements. If proven true, the implications of such actions breach trust and raise severe ethical and legal questions about data privacy in the digital sphere.

The class-action lawsuit filed against Meta by two US citizens, Maximilian Kleene and Sarah Grabbert, underscores the gravity of the situation. Their claim asserts that Facebook and Netflix maintained a unique relationship, granting the streaming platform privileged access to user data. The alleged conspiracy between these Silicon Valley behemoths facilitated tailored partnerships and integrations, empowering Facebook’s ad-targeting mechanisms while potentially compromising user privacy.

At the heart of this controversy lies the purported API agreements, including an “inbox API,” allegedly granting Netflix programmatic access to Facebook users’ private message inboxes. In exchange, Netflix was to provide Facebook with detailed reports assessing the effectiveness of targeted advertisements. The exchange of sensitive user data, ostensibly for commercial gain, reveals a disturbing reality where personal communications become commodities in the marketplace of digital advertising.

While Meta has defended its actions as commonplace in the industry, citing the need to deliver value to advertisers, such explanations offer little solace to users grappling with eroding their privacy rights. Moreover, Meta’s track record on data privacy, marked by hefty fines and regulatory scrutiny, only exacerbates concerns surrounding its data handling practices.

This latest revelation adds another chapter to the ongoing saga of tech companies’ cavalier approach to user privacy. From the Cambridge Analytica scandal to the recent data breaches, it is evident that safeguards to protect user data remain inadequate. The lack of stringent regulations and enforcement mechanisms only emboldens tech giants to prioritize profit over privacy, leaving users vulnerable to exploitation.

As consumers grapple with the implications of this latest privacy breach, it underscores the imperative for comprehensive regulatory reform to safeguard digital privacy rights. Moreover, it serves as a stark reminder for users to exercise vigilance and caution when entrusting their data to online platforms.

In an era where data is touted as the new currency, regulators, lawmakers, and tech companies alike must uphold the sanctity of user privacy. Anything short of robust protections risks further eroding trust in the digital ecosystem and compromising individuals’ fundamental rights in the digital age.

The incident, first reported by the Wall Street Journal, has raised concerns about the potential consequences for affected customers, including identity theft and other forms of fraud. Cybercriminals can use the leaked data to impersonate individuals, open fraudulent accounts, or access existing accounts, which could result in financial losses and damage to affected customers’ credit scores.

AT&T is investigating the source of the leak and has not yet determined whether the data came from the company or a vendor. The company has taken several steps to address the issue and protect its customers. It has reset the passcodes of all affected active accounts and is offering credit monitoring services where applicable. AT&T is also working with internal and external cybersecurity experts to investigate the leak and prevent similar incidents in the future.

The company has urged customers to remain vigilant about changes to their accounts or credit reports and to report any suspicious activity to AT&T and the relevant authorities.

The AT&T data leak is a stark reminder of the importance of cybersecurity in today’s digital world. As a major telecommunications company, AT&T has a responsibility to safeguard its customers’ personal information. The company must continue investigating the leak and taking appropriate measures to prevent future incidents.

Customers should also take proactive steps to protect themselves, such as regularly monitoring their credit reports, using strong and unique passwords, and being cautious when providing personal information online. By working together, AT&T and its customers can help mitigate the risks associated with this data leak and maintain trust in the company’s ability to protect their information.

According to BleepingComputer, a bad actor, calling themselves ‘Ddarknotevil,’ uploaded files to a hacker forum, claiming the files were stolen during Okta’s breach in late 2023.

“Today, I have uploaded the Okta database for you all, This Breach is being shared in behife @IntelBroker – [Cyber ] thanks for reading and enjoy!,” the threat actor posted.

The data reportedly includes user IDs, full names, company names, email addresses, phone numbers, office addresses, and more.

Okta disputed the claims, saying the data was not from its databases.

“This is not Okta’s data, and it is not associated with the October 2023 security incident,” an Okta spokesperson told BleepingComputer.

“We cannot determine the source of this data or its accuracy, but we noted that some fields have dates from over ten years ago. We suspect that this information may be aggregated from public information sources on the Internet.”

When the breach occurred, Okta said its support system was compromised, impacting some users, although an investigation later revealed the breach impacted all of its customer support system users. As a result of the breach, 1Password and Cloudflare experienced security incidents.

Enter Google’s latest innovation: Security Command Center Enterprise (SCC). Positioned as the industry’s first risk management solution that seamlessly integrates cloud security with enterprise security operations, SCC promises to revolutionize how businesses manage and mitigate risks in their multicloud environments.

The Need for Unified Security Solutions

In today’s complex digital landscape, the proliferation of multicloud environments has created a fertile ground for security vulnerabilities and threats. With organizations relying on a combination of cloud-native and third-party tools, security teams often struggle to gain comprehensive visibility and control over their cloud assets. This fragmented approach slows security responses and exacerbates the challenges of recruiting and retaining skilled security talent.

Recognizing these challenges, Google developed SCC to bridge the gap between proactive and reactive security practices. By consolidating cloud security and security operations into a single, unified solution, SCC offers a holistic approach to risk management that empowers organizations to proactively detect, assess, and remediate security threats across multiple cloud environments.

Key Features of Security Command Center Enterprise

At the heart of SCC lies its advanced risk engine, which builds a deep understanding of an organization’s unique cloud environment. Leveraging Mandiant Frontline threat intelligence, SCC simulates sophisticated cyberattacks to identify high-risk attack paths and vulnerabilities that could lead to significant business impact.

One of SCC’s standout features is its automated case management and remediation capabilities. SCC streamlines the incident response process by generating actionable insights and playbooks for addressing security threats, enabling security teams to prioritize and resolve issues efficiently.

Moreover, SCC’s continuous risk engine dynamically assesses security posture, providing real-time insights into emerging threats and vulnerabilities. Powered by Gemini AI technology, SCC helps mitigate security teams’ burden by automating repetitive tasks and reducing manual intervention.

A Closer Look at SCC in Action

During a live demonstration, SCC showcased its prowess in identifying and mitigating security risks within a multicloud environment. From detecting toxic combinations of vulnerabilities to uncovering high-risk attack paths, SCC’s intuitive interface provided security teams with actionable insights to fortify their cloud defenses.

With SCC’s attack exposure scoring and visualization capabilities, organizations understand their risk posture comprehensively, empowering them to make informed decisions and prioritize remediation efforts effectively.

In summary, Security Command Center Enterprise represents a significant leap forward in cloud security, offering organizations a powerful tool to navigate the complexities of multicloud environments. By converging cloud security and security operations, SCC equips businesses with the visibility, agility, and resilience needed to stay ahead of evolving cyber threats.

As the digital landscape continues to evolve, Google’s SCC stands poised to redefine the future of cloud security, empowering organizations to embrace innovation without compromising security.

Legacy systems like the ASA and iOS devices often struggle with cloud connectivity or integration with Cisco Defense Orchestrator (CDO). Traditionally, users would download a VMware image to install SDCs and SECs. However, recognizing the need for flexibility, Cisco has introduced Docker-based solutions that can be deployed on Ubuntu systems, whether bare-metal or virtual.

Hackney emphasized that the SDC and SEC are essentially Docker containers, making the VMware image merely a vehicle to bring Docker to the table. The provided scripts simplify the deployment process, particularly for Ubuntu 20.04 and 22.04 distributions, catering to both virtual and physical systems.

The installation process involves cloning the CDO deploy SDC repository from GitHub and executing the provided scripts. The “install Docker” script ensures the installation of the recommended Docker Community Edition, seamlessly handling the necessary dependencies and user permissions.

Once Docker is installed, deploying an SDC is a matter of executing the “deploy SDC” script with the bootstrap data provided during SDC creation in CDO. The script automates the retrieval and setup of Docker images tailored to the user’s CDO tenant, ensuring a smooth onboarding process.

Similarly, deploying an SEC is a breeze with the provided Docker container. Users can simply copy the SEC bootstrap data from CDO, execute the “SEC Dosh” script, and follow the prompts to initiate the onboarding process. The SEC container is up and running within minutes, ready to handle syslog and NetFlow data from ASA devices.

Hackney concluded the demonstration by highlighting the process’s simplicity and efficiency, empowering users to connect legacy systems easily. By leveraging Docker containers and streamlined deployment scripts, Cisco is ushering in a new era of connectivity for Ubuntu users, virtual or physical.

With these user-friendly solutions, Cisco is poised to enhance the accessibility and effectiveness of its defense orchestrator platform, paving the way for seamless integration and management of diverse network environments.

Microsoft announced in January that it had suffered an attack by Midnight Blizzard, a Russian state-sponsored group. The grup used “a password spray attack to compromise a legacy non-production test tenant account,” gaining access to email accounts of senior leadership, as well as members of the company’s cybersecurity and legal teams.

At the time, Microsoft said there was no evidence that source code, AI systems, production systems, or customer environments were compromised. The company’s ongoing investigation has revealed that Midnight Blizzard is using the data it stole to continue attacking Microsoft, attacks which have led to the theft of source code.

In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access. This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.

It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures. Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024.

Microsoft minced no words in outlining the seriousness of the attack and its ongoing nature.

Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus. It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so. This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.

Microsoft’s current situation underscores the challenges businesses are facing maintaining security amid rising threats.

AI is already being used to help bad actors carry out attacks. As one of the largest content delivery networks (CDNs), Cloudflare is keen to leverage AI to help level the playing field. The company announced the new feature in a blog post:

With the AI Assistant, we are removing this complexity by leveraging our Workers AI platform to build a tool that can help you query your HTTP request and security event data and generate time series charts based on a request formulated with natural language. Now the AI Assistant does the hard work of figuring out the necessary filters and additionally can plot multiple series of data on a single graph to aid in comparisons. This new tool opens up a new way of interrogating data and logs, unconstrained by the restrictions introduced by traditional dashboards.

Now it is easier than ever to get powerful insights about your application security by using plain language to interrogate your data and better understand how Cloudflare is protecting your business. The new AI Assistant is located in the Security Analytics dashboard and works seamlessly with the existing filters. The answers you need are just a question away.

Cloudflare says users can ask the AI Assistant basic questions, such as “compare attack traffic between US and UK,” “compare origin and edge 5xx errors,” or “compare traffic across major web browsers.”

The company says the initial release is just the beginning, with many changes and improvements in the pipeline.

We are in the early stages of developing this capability and plan to rapidly extend the capabilities of the Security Analytics AI Assistant. Don’t be surprised if we cannot handle some of your requests at the beginning. At launch, we are able to support basic inquiries that can be plotted in a time series chart such as “show me” or “compare” for any currently filterable fields.

However, we realize there are a number of use cases that we haven’t even thought of, and we are excited to release the Beta version of AI Assistant to all Business and Enterprise customers to let you test the feature and see what you can do with it. We would love to hear your feedback and learn more about what you find useful and what you would like to see in it next. With future versions, you’ll be able to ask questions such as “Did I experience any attacks yesterday?” and use AI to automatically generate WAF rules for you to apply to mitigate them.

The new feature is available to some users in beta, and will continue rolling out to more users throughout March.