Zero Trust security has emerged as one of the key principles of cloud security. Unlike on-premise IT, which focuses on network access and permiter control, Zero Trust is designed for a world where IT systems are intrinsically connected. As one of the leading content delivery networks and infrastructure providers, Cloudflare’s acquisition of BastionZero will help the company better provide such an important layer of security.

Combined with existing Cloudflare One capabilities, the acquisition of BastionZero gives IT and security teams Zero Trust controls for infrastructure like servers, Kubernetes clusters, and databases. This expands the scope of Cloudflare’s VPN replacement solution beyond apps and networks to infrastructure resources. As a result, security teams can centralize management of even more of their hybrid IT environment, while using standard Zero Trust practices to keep DevOps teams productive and secure.

The need for Zero Trust security is more important than ever, thanks to an evolving work landscape in which remote and hybrid work have become the new normal.

“The world of work has changed dramatically. Employees have the expectation that they can effectively do their work from anywhere. There’s no reason why teams managing an organization’s most important systems can’t have the same flexibility,” said Matthew Prince, co-founder and CEO, Cloudflare. “Incorporating BastionZero into Cloudflare One gives IT teams access to an organization’s most critical inner workings securely, wherever they are. Millions of organizations around the world trust Cloudflare to protect their systems and data so they can focus on their business and their customers. The addition of BastionZero is just one more way we can protect them like no one else can.”

Microsoft has taken significant heat for its security lapses, with the lawmakers, CEOs, and a government review board saying the company’s security was inexcusably lax, putting individuals, corporations, and government agencies in danger. In response, Microsoft has re-committed to putting security first, even tying executive’s bonuses to the company’s efforts.

Read More: Security Firm CEO Blasts Microsoft’s ‘Grossly Irresponsible’ Azure Security

Google is adding to Microsoft’s troubles, releasing a white paper calling the company out for its lapses and positioning itself as the more secure alternative. Entitled A More Secure Alternative, Google opens by highlighting Microsoft’s recent troubles:

Microsoft’s ongoing security struggles recently came to a head with a series of high-profile incidents that put its customers at risk. One such incident in the summer of 2023 by the group known as Storm-0558 resulted in the compromise of senior U.S. and U.K. government official accounts, including 22 organizations, over 500 individuals, and tens of thousands of emails. This prompted the Department of Homeland Security’s Cyber Safety Review Boards (CSRB) to issue a detailed report identifying the company’s “cascade of security failures” that led to the data breach. The details in this report speak to prolonged system issues and a “corporate culture that deprioritized both enterprise security investments and rigorous risk management.”

On the heels of the Storm-0558 compromise, CISA issued emergency Directive ED 24-04 in response to a separate Microsoft data breach that occurred just a few months later in November 2023: “state-sponsored cyber actor known as Midnight Blizzard has exfiltrated email correspondence between Federal Civilian Executive Branch (FCEB) agencies and Microsoft through a successful compromise of Microsoft corporate email accounts.”

See Also: Sen. Wyden: ‘Hold Microsoft Responsible for Its Negligent Cybersecurity Practices’

Google then contrasts its own security and history, noting that it began experiencing nation-state attacks in 2009, prompting it to make “far-reaching security improvements,” improvements that were acknowledged by the CSRB and that continue to benefit customers to this day.

As an example of Google’s differentiated approach to security, the CSRB report acknowledged the significant efforts we’ve taken over time to make our systems and products resilient to these types of attacks: “Google re-worked its identity system to rely as much as possible on stateful tokens, in which every credential is assigned a unique identifier at issuance and recorded in a database as irreversible proof that the credential Google receives is one that it had issued. Google also implemented fully automatic key rotation where possible and tightened the validation period for stateless tokens, reducing the window of time for threat actors to locate and obtain active keys. Google undertook a comprehensive overhaul of its infrastructure security including implementing Zero Trust networks and hardware-backed, Fast IDentity Online (FIDO)-compliant two-factor authentication (2FA) to protect these identity systems.”

Google then goes on describe some of the technical aspects of its security measures, as well as its security-focused corporate culture. The company outlines how its cloud-first approach is designed to provide industry-leading security, while simultaneously offering the benefits of being constantly updated and improved.

Conclusion

As we stated in our coverage of Microsoft’s security issues, the company suffers from a number of issues, including the fact that it started out in the desktop space before transitioning to cloud-based services. In contrast, Google and AWS have the benefit of their products and services being cloud-first, with the necessary security built-in from the ground up.

Microsoft also suffers from “missed-out syndrome” after missing out on several significant trends in the tech industry, potentially causing it to rush into businesses without being properly prepared.

Google clearly believes it can take advantage of Microsoft’s mistakes and, to be fair, the company may be better poised now than ever before to take advantage of Microsoft’s missteps. In years past, the choice between Microsoft and Google came down to a choice between local and cloud-based computing.

Recently, however, Microsoft has been blurring the line between desktop and the cloud, especially with Microsoft 365 and its efforts to integrate AI into Windows. As a result, the choice is no longer as distinct as it once was, increasingly giving Google an advantage among users how may have initially been reluctant to rely on cloud-based options.

One thing is clear: Microsoft needs to deliver on its promise to revamp its security or it will continue to lose business to its more secure rivals.

“Cyberattacks are no longer just hacks; they are full-on assaults involving nation-states and advanced technologies,” said Mirchandani. “We focus on building out our cloud capability and platform centered around cyber resilience to protect our customers in this challenging environment.”

Commvault’s shares have reached an all-time high, with management targeting a billion dollars in annual recurring revenue by the end of fiscal 2026. This optimistic projection comes as the company distinguishes itself from competitors like Rubrik, which recently went public with a successful IPO. Mirchandani attributed Commvault’s success to its dual approach of technological innovation and business simplification. “There is an absolute need for our platform, and we are keeping things simple on the business side to deliver the results,” he explained.

Revolutionizing Data Recovery

Commvault’s advanced data recovery technology is a beacon of hope in an increasingly perilous cyber landscape. The ability to restore operations quickly and securely following a ransomware attack is a game-changer for many businesses. Sanjay Mirchandani emphasized the importance of trust in the recovery process: “During an attack, trust in your infrastructure is completely eroded. Our technology provides a clean, trusted space where customers can safely restore their core data and infrastructure settings while conducting forensics to understand the breach.”

This innovation is not just about recovery but about ensuring the restored environment is free from malicious code, preventing reinfection. “What sets our technology apart is the assurance it offers to businesses. They can resume operations knowing their data is clean and secure,” Mirchandani explained. The technology’s ability to simultaneously handle recovery and forensic analysis is a significant advancement, allowing businesses to bounce back swiftly while understanding the root cause of the breach.

Democratizing Data Security

Commvault’s approach to democratizing data recovery means that small and medium-sized enterprises now have access to capabilities that were once the preserve of large corporations. “We’ve taken a solution traditionally available only to large companies and made it accessible to everyone,” said Mirchandani. This playing field leveling is crucial as cyber threats do not discriminate by company size.

Another highlight is the technology’s flexibility, enabling businesses to recover specific applications without waiting for a full system restore. “Our platform gives customers the agility to bring back critical applications first, ensuring minimal downtime,” Mirchandani noted. This modular recovery capability is critical for businesses that cannot afford prolonged disruptions.

Final reminder! This is your last opportunity to register for our webinar tomorrow — Leveragining AI For Data Security. Sign up now before it's too late and be at the forefront of #cybersecurity evolution: https://t.co/lvnzdXhsw9 pic.twitter.com/9L8hOyHUgj

— Commvault (@Commvault) May 21, 2024

Customer Testimonials and Market Response

Feedback from Commvault’s customers underscores the transformative impact of their data recovery solutions. A mid-sized financial firm’s Chief Information Officer (CIO) shared, “Commvault’s technology was pivotal during our recovery from a ransomware attack. The clean, secure environment allowed us to get back to business swiftly and confidently.”

Industry analysts have also noted Commvault’s innovative approach. “Commvault’s focus on providing a secure, pristine recovery environment sets a new standard in the industry,” commented a leading cybersecurity analyst. Their commitment to democratizing these capabilities ensures that even smaller firms can protect themselves against sophisticated cyber threats.”

As cyber threats continue to evolve, Commvault’s revolutionary data recovery technology offers a robust shield, ensuring businesses can recover swiftly and securely, maintaining the trust of their customers and stakeholders. Mirchandani’s vision of a democratized, secure digital landscape is not just a goal but a reality, setting a new benchmark for the industry.

Balancing Growth and Profitability

In the high-stakes arena of cloud cybersecurity, balancing rapid growth with sustained profitability is a challenge few companies navigate successfully. Commvault, under the leadership of CEO Sanjay Mirchandani, is demonstrating how this balance can be achieved through strategic planning and disciplined execution. “We are committed to building a responsible company, not pursuing growth at all costs,” Mirchandani stated. “Our focus is on sustainable growth that aligns with delivering consistent value to our customers and shareholders.”

Commvault’s financial results underscore this strategy. In the second half of its fiscal year, the company reported double-digit growth, setting ambitious yet achievable targets for the future. “We’ve set a goal of reaching a billion dollars in annual recurring revenue by 2026, and we’re well on our way,” Mirchandani said. This confidence is bolstered by the company’s robust performance, including nearly $200 million in free cash flow and significant stock buybacks totaling almost $600 million.

Strategic Investments and Cost Management

One key to Commvault’s success has been its ability to invest strategically while maintaining cost discipline. A significant portion of their growth is driven by their SaaS offerings, which now account for a third of their business. “The shift to SaaS is critical because it aligns with how customers are looking at the future of data protection and cyber resilience,” Mirchandani explained. This transition not only meets customer needs but also provides a predictable revenue stream that supports ongoing investment in innovation.

The company’s partnership with Dell is another strategic move that enhances its market position. “Partnering with Dell allows us to offer a modern data protection solution that meets the needs of customers with existing Dell infrastructures,” Mirchandani noted. This collaboration helps Commvault penetrate markets dominated by incumbents, providing a competitive edge.

Maintaining Competitive Edge

Competing with nimble upstart companies requires more than just robust technology; it demands operational efficiency and market responsiveness. “Our business model is designed to deliver profitability without sacrificing growth,” Mirchandani emphasized. This approach has allowed Commvault to differentiate itself from younger competitors who may prioritize rapid expansion over sustainable practices.

Investors have responded positively to this balanced strategy. “Commvault’s disciplined approach to growth and profitability sets it apart in a crowded market,” commented a prominent industry analyst. “Their ability to deliver consistent financial performance while investing in key areas like SaaS and strategic partnerships is a testament to their strong leadership and clear vision.”

Many companies don’t have the time, money, or staff required to test all interdependencies to know they can recover when attacked. Addressing this problem, #Commvault has reimagined #cleanroom from the ground up. Find out more here: https://t.co/DoRBSq8x9I

— Commvault (@Commvault) May 20, 2024

As Commvault continues to navigate the evolving cybersecurity landscape, its balanced approach serves as a blueprint for success. By aligning growth ambitions with profitability goals, the company ensures it remains a reliable partner for customers and a sound investment for shareholders. Mirchandani’s vision of a responsible, growth-oriented company is not just aspirational but a reality, positioning Commvault as a leader in the industry.

Strategic Partnerships and Future Prospects

Commvault’s strategic partnerships play a crucial role in its vision for the future, enhancing its ability to offer comprehensive and cutting-edge solutions to its clients. One of the most significant of these partnerships is with Dell. “Partnering with Dell allows us to offer a modern data protection solution that meets the needs of customers with existing Dell infrastructures,” Mirchandani highlighted. This collaboration broadens Commvault’s market reach and reinforces its position as a trusted leader in data protection and cyber resilience.

Leveraging Partner Ecosystems

The Dell partnership exemplifies Commvault’s strategy of leveraging established ecosystems to deliver superior solutions. By integrating its offerings with Dell’s robust infrastructure, Commvault provides a seamless and efficient experience for customers looking to modernize their data protection capabilities. “Our partnership with Dell is designed to help customers who want modern data and cyber resilience capability,” Mirchandani said. This integration helps customers navigate the complexities of modern IT environments, ensuring they can recover swiftly and securely from cyberattacks.

In addition to Dell, Commvault collaborates with other key players in the tech industry to expand its solution portfolio and enhance its market presence. These alliances are instrumental in driving innovation and ensuring that Commvault remains at the forefront of technological advancements in data protection. “Strategic partnerships are critical to our growth strategy,” Mirchandani explained. “They enable us to deliver more value to our customers by integrating best-of-breed technologies and providing comprehensive solutions.”

Looking Ahead: Future Prospects

Commvault’s forward-looking strategy is centered on continuous innovation and adaptation to the ever-evolving cybersecurity landscape. The company is committed to staying ahead of emerging threats and delivering solutions that meet its customers’ changing needs. “The cybersecurity landscape is dynamic, and we must be agile in our approach,” Mirchandani noted. Our focus is on anticipating future challenges and developing solutions that not only address current threats but also prepare our customers for what’s next.”

The company’s investment in artificial intelligence (AI) and machine learning (ML) is a testament to this forward-thinking approach. These technologies enhance Commvault’s data protection solutions, enabling faster detection and response to cyber threats. “AI and ML are game-changers in cybersecurity,” Mirchandani said. “They allow us to identify patterns and anomalies that human analysts might miss, providing an additional layer of protection for our customers.”

Commitment to Customer Success

At the heart of Commvault’s strategy is a steadfast commitment to customer success. By prioritizing its customers’ needs and delivering solutions that drive business value, Commvault ensures long-term growth and sustainability. “Our customers’ success is our success,” Mirchandani emphasized. We are dedicated to providing solutions that not only protect their data but also empower them to achieve their business objectives.”

The future looks promising as Commvault continues to innovate and expand its partnerships. The company’s balanced approach to growth, strategic investments in technology, and unwavering commitment to customer success position it well for continued leadership in the cybersecurity industry. “We are excited about the future and confident in our ability to deliver on our promises,” Mirchandani concluded. “Commvault is poised for continued success, and we look forward to helping our customers navigate the challenges and opportunities ahead.”

Clarke Rodgers, Director of Enterprise Strategy at Amazon Web Services (AWS), sits down with Paul Vixie, AWS Deputy CISO, Vice President, and Distinguished Engineer, to discuss internet security’s past, present, and future. Vixie, an early internet innovator, shares his deep insights from the front lines of the cybersecurity battlefield.

The Genesis of Internet Security
The Internet, initially a benign U.S. government project, was not designed with security as a priority. “Security was an afterthought,” Vixie remarks, debunking myths of the Internet’s early resilience to physical attacks. This oversight in the Internet’s foundational architecture set the stage for the complex security challenges we face today.

“It’s always been a best-effort system,” Vixie explains. When it works, it serves many well, but its failures can be catastrophic, reflecting its lack of initial security design.”

The Wake-Up Call
Vixie was among the first to sound the alarm on the need for robust cybersecurity measures. His early focus was on combating spam, a significant issue given the internet’s open communication channels. “We had no authentication mechanisms in place,” he notes, highlighting the innocence of an era when malicious digital traffic was virtually unanticipated.

His pioneering work led to the development of the first distributed reputation system to fight spam, setting a precedent for future cybersecurity endeavors. However, his related company eventually succumbed to legal challenges.

Modern Cybersecurity Challenges and Innovations

Despite progress, Vixie views current efforts as “too little, too late.” The reactive nature of cybersecurity has been a critical hindrance to its advancement. However, he finds hope in scalable solutions from major cloud service providers like AWS.

AWS’s innovations, such as the Graviton processors and Nitro hypervisor, represent significant strides in securing virtual environments. These technologies prevent cross-VM data leaks and provide rapid, global security patch deployments, showcasing the advantages of centralized, large-scale operations in cybersecurity.

The Future: Containers and Beyond

Looking ahead, Vixie is optimistic about the potential of container technology and the movement toward systems that minimize human error in security protocols. “The move to containers can drastically reduce the patching problems common in traditional setups,” he asserts. This shift could lead to more secure and efficient operational models with seamless software updates and less prone to human error.

Zero Trust and the Path Forward

The conversation also touches on zero trust, a security model Vixie believes is often misunderstood. “Zero trust isn’t about eliminating perimeters but redefining the assumption that being within a network perimeter equates to trustworthiness,” he clarifies.

This model necessitates robust identity verification and access controls, areas where AWS is innovating rapidly. The cloud giant’s ability to handle billions of authentication checks per second exemplifies the evolving scale of security dynamics.

Generative AI: The New Frontier

As generative AI transforms various technological domains, its implications for cybersecurity are profound yet not fully realized. Vixie is cautious about the hype but acknowledges the potential. “Generative AI can enhance anomaly detection and automate complex security operations,” he notes, suggesting that AI could revolutionize how security infrastructures monitor and respond to threats.

Concluding Thoughts

As the digital landscape continues to grow in complexity, the lessons from early internet pioneers like Paul Vixie remain critical. The shift towards more automated and less human-dependent systems seems inevitable and necessary to address the sophistication of modern cybersecurity threats.

Rodgers and Vixie’s discussion highlights the challenges ahead and the innovative pathways that leading technology firms like AWS are forging. As these technologies evolve, human ingenuity and advanced computational capabilities will likely be the cornerstone of future cybersecurity strategies, ensuring a safer internet for all users.

“I protect those who are most at risk,” Erye explains. Her journey into the nerve center of cybersecurity began unexpectedly at a college cyber camp, which ignited his passion for the field. Surrounded by peers equally enthusiastic about digital security, she found her calling. “The vibe was awesome; everyone was friendly and eager to share tips,” she recalls.

Today, Erye’s expertise is more crucial than ever. With exponential data migration to the cloud, understanding how to protect these digital assets is paramount. “Knowing how to secure assets in the cloud is very important,” she notes, stressing the necessity of this skill as more companies transition their sensitive data online.

Erye emphasizes the importance of mentorship alongside self-driven education through books and videos for those aspiring to enter the cybersecurity field. “Reach out to people you admire,” she advises. “The cybersecurity community is beneficial,” She suggests attending conferences, joining local communities, and participating in cybersecurity meetups to connect with seasoned professionals who can provide guidance and resources.

Describing her work as an “adventure,” Erye highlights the unpredictable nature of cybersecurity. “Sometimes it’s amazing, and sometimes it’s a difficult adventure, but you always end up learning something,” she says. This dynamic and ever-evolving career path not only offers challenges but also the profound satisfaction of making a significant impact on the safety and integrity of the internet.

A recent video by the Google Cloud team featured Eyre, a Lead Security Engineer who helps protect Google from cyber threats.

Microsoft suffered a massive Exchange breach last year, impacting organizations, as well as government officials. The breach was the last straw for many, with Senator Ron Wyden calling on the DOJ to “hold Microsoft responsible for its Negligent cybersecurity practices,” and competitors calling out the company’s security as “grossly irresponsible.” In addition, the Department of Homeland Security’s Cyber Safety Review Board initiated a review of Microsoft’s practices.

The Cyber Safety Review Board has released its findings, and it’s a damning indictment of Microsoft’s security:

The Board finds that this intrusion was preventable and should never have occurred. The Board also concludes that Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations.

The Board found there was a “cascade of Microsoft’s avoidable errors” and blasted the company for not realizing its signing keys, “its cryptographic crown jewels,” were compromised until customers alerted it. The Board also took Microsoft to task for not communicating promptly about the matter, for not detecting that an employee’s laptop was compromised, and for not implementing common security measures that other cloud providers do.

Throughout this review, the Board identified a series of Microsoft operational and strategic decisions that collectively point to a corporate culture that deprioritized both enterprise security investments and rigorous risk management.

To drive the rapid cultural change that is needed with Microsoft, the Board believes that Microsoft’s customers would benefit from its CEO and Board of Directors directly focusing on the company’s security culture and developing and sharing publicly a plan with specific timelines to make fundamental, security-focused reforms across the company and its full suite of products. The Board recommends that Microsoft’s CEO hold senior officers accountable for delivery against this plan.

The full report can be found here. In the meantime, Microsoft clearly has its work cut out for it to reinvent itself and deliver the security its customers deserve.

One thing is certain: With the release of this report Microsoft has been put on notice. If the company cannot overhaul its security culture, it may find itself in the crosshairs of the very government officials that rely on its services.

For a decade, it appears that Facebook, under its parent company Meta, purportedly permitted Netflix access to users’ private direct messages (DMs). These confidential exchanges believed to be a cornerstone of personal communication, were allegedly shared to aid Netflix in tailoring content and targeting advertisements. If proven true, the implications of such actions breach trust and raise severe ethical and legal questions about data privacy in the digital sphere.

The class-action lawsuit filed against Meta by two US citizens, Maximilian Kleene and Sarah Grabbert, underscores the gravity of the situation. Their claim asserts that Facebook and Netflix maintained a unique relationship, granting the streaming platform privileged access to user data. The alleged conspiracy between these Silicon Valley behemoths facilitated tailored partnerships and integrations, empowering Facebook’s ad-targeting mechanisms while potentially compromising user privacy.

At the heart of this controversy lies the purported API agreements, including an “inbox API,” allegedly granting Netflix programmatic access to Facebook users’ private message inboxes. In exchange, Netflix was to provide Facebook with detailed reports assessing the effectiveness of targeted advertisements. The exchange of sensitive user data, ostensibly for commercial gain, reveals a disturbing reality where personal communications become commodities in the marketplace of digital advertising.

While Meta has defended its actions as commonplace in the industry, citing the need to deliver value to advertisers, such explanations offer little solace to users grappling with eroding their privacy rights. Moreover, Meta’s track record on data privacy, marked by hefty fines and regulatory scrutiny, only exacerbates concerns surrounding its data handling practices.

This latest revelation adds another chapter to the ongoing saga of tech companies’ cavalier approach to user privacy. From the Cambridge Analytica scandal to the recent data breaches, it is evident that safeguards to protect user data remain inadequate. The lack of stringent regulations and enforcement mechanisms only emboldens tech giants to prioritize profit over privacy, leaving users vulnerable to exploitation.

As consumers grapple with the implications of this latest privacy breach, it underscores the imperative for comprehensive regulatory reform to safeguard digital privacy rights. Moreover, it serves as a stark reminder for users to exercise vigilance and caution when entrusting their data to online platforms.

In an era where data is touted as the new currency, regulators, lawmakers, and tech companies alike must uphold the sanctity of user privacy. Anything short of robust protections risks further eroding trust in the digital ecosystem and compromising individuals’ fundamental rights in the digital age.

The incident, first reported by the Wall Street Journal, has raised concerns about the potential consequences for affected customers, including identity theft and other forms of fraud. Cybercriminals can use the leaked data to impersonate individuals, open fraudulent accounts, or access existing accounts, which could result in financial losses and damage to affected customers’ credit scores.

AT&T is investigating the source of the leak and has not yet determined whether the data came from the company or a vendor. The company has taken several steps to address the issue and protect its customers. It has reset the passcodes of all affected active accounts and is offering credit monitoring services where applicable. AT&T is also working with internal and external cybersecurity experts to investigate the leak and prevent similar incidents in the future.

The company has urged customers to remain vigilant about changes to their accounts or credit reports and to report any suspicious activity to AT&T and the relevant authorities.

The AT&T data leak is a stark reminder of the importance of cybersecurity in today’s digital world. As a major telecommunications company, AT&T has a responsibility to safeguard its customers’ personal information. The company must continue investigating the leak and taking appropriate measures to prevent future incidents.

Customers should also take proactive steps to protect themselves, such as regularly monitoring their credit reports, using strong and unique passwords, and being cautious when providing personal information online. By working together, AT&T and its customers can help mitigate the risks associated with this data leak and maintain trust in the company’s ability to protect their information.

According to BleepingComputer, a bad actor, calling themselves ‘Ddarknotevil,’ uploaded files to a hacker forum, claiming the files were stolen during Okta’s breach in late 2023.

“Today, I have uploaded the Okta database for you all, This Breach is being shared in behife @IntelBroker – [Cyber ] thanks for reading and enjoy!,” the threat actor posted.

The data reportedly includes user IDs, full names, company names, email addresses, phone numbers, office addresses, and more.

Okta disputed the claims, saying the data was not from its databases.

“This is not Okta’s data, and it is not associated with the October 2023 security incident,” an Okta spokesperson told BleepingComputer.

“We cannot determine the source of this data or its accuracy, but we noted that some fields have dates from over ten years ago. We suspect that this information may be aggregated from public information sources on the Internet.”

When the breach occurred, Okta said its support system was compromised, impacting some users, although an investigation later revealed the breach impacted all of its customer support system users. As a result of the breach, 1Password and Cloudflare experienced security incidents.

Enter Google’s latest innovation: Security Command Center Enterprise (SCC). Positioned as the industry’s first risk management solution that seamlessly integrates cloud security with enterprise security operations, SCC promises to revolutionize how businesses manage and mitigate risks in their multicloud environments.

The Need for Unified Security Solutions

In today’s complex digital landscape, the proliferation of multicloud environments has created a fertile ground for security vulnerabilities and threats. With organizations relying on a combination of cloud-native and third-party tools, security teams often struggle to gain comprehensive visibility and control over their cloud assets. This fragmented approach slows security responses and exacerbates the challenges of recruiting and retaining skilled security talent.

Recognizing these challenges, Google developed SCC to bridge the gap between proactive and reactive security practices. By consolidating cloud security and security operations into a single, unified solution, SCC offers a holistic approach to risk management that empowers organizations to proactively detect, assess, and remediate security threats across multiple cloud environments.

Key Features of Security Command Center Enterprise

At the heart of SCC lies its advanced risk engine, which builds a deep understanding of an organization’s unique cloud environment. Leveraging Mandiant Frontline threat intelligence, SCC simulates sophisticated cyberattacks to identify high-risk attack paths and vulnerabilities that could lead to significant business impact.

One of SCC’s standout features is its automated case management and remediation capabilities. SCC streamlines the incident response process by generating actionable insights and playbooks for addressing security threats, enabling security teams to prioritize and resolve issues efficiently.

Moreover, SCC’s continuous risk engine dynamically assesses security posture, providing real-time insights into emerging threats and vulnerabilities. Powered by Gemini AI technology, SCC helps mitigate security teams’ burden by automating repetitive tasks and reducing manual intervention.

A Closer Look at SCC in Action

During a live demonstration, SCC showcased its prowess in identifying and mitigating security risks within a multicloud environment. From detecting toxic combinations of vulnerabilities to uncovering high-risk attack paths, SCC’s intuitive interface provided security teams with actionable insights to fortify their cloud defenses.

With SCC’s attack exposure scoring and visualization capabilities, organizations understand their risk posture comprehensively, empowering them to make informed decisions and prioritize remediation efforts effectively.

In summary, Security Command Center Enterprise represents a significant leap forward in cloud security, offering organizations a powerful tool to navigate the complexities of multicloud environments. By converging cloud security and security operations, SCC equips businesses with the visibility, agility, and resilience needed to stay ahead of evolving cyber threats.

As the digital landscape continues to evolve, Google’s SCC stands poised to redefine the future of cloud security, empowering organizations to embrace innovation without compromising security.

Legacy systems like the ASA and iOS devices often struggle with cloud connectivity or integration with Cisco Defense Orchestrator (CDO). Traditionally, users would download a VMware image to install SDCs and SECs. However, recognizing the need for flexibility, Cisco has introduced Docker-based solutions that can be deployed on Ubuntu systems, whether bare-metal or virtual.

Hackney emphasized that the SDC and SEC are essentially Docker containers, making the VMware image merely a vehicle to bring Docker to the table. The provided scripts simplify the deployment process, particularly for Ubuntu 20.04 and 22.04 distributions, catering to both virtual and physical systems.

The installation process involves cloning the CDO deploy SDC repository from GitHub and executing the provided scripts. The “install Docker” script ensures the installation of the recommended Docker Community Edition, seamlessly handling the necessary dependencies and user permissions.

Once Docker is installed, deploying an SDC is a matter of executing the “deploy SDC” script with the bootstrap data provided during SDC creation in CDO. The script automates the retrieval and setup of Docker images tailored to the user’s CDO tenant, ensuring a smooth onboarding process.

Similarly, deploying an SEC is a breeze with the provided Docker container. Users can simply copy the SEC bootstrap data from CDO, execute the “SEC Dosh” script, and follow the prompts to initiate the onboarding process. The SEC container is up and running within minutes, ready to handle syslog and NetFlow data from ASA devices.

Hackney concluded the demonstration by highlighting the process’s simplicity and efficiency, empowering users to connect legacy systems easily. By leveraging Docker containers and streamlined deployment scripts, Cisco is ushering in a new era of connectivity for Ubuntu users, virtual or physical.

With these user-friendly solutions, Cisco is poised to enhance the accessibility and effectiveness of its defense orchestrator platform, paving the way for seamless integration and management of diverse network environments.

Microsoft announced in January that it had suffered an attack by Midnight Blizzard, a Russian state-sponsored group. The grup used “a password spray attack to compromise a legacy non-production test tenant account,” gaining access to email accounts of senior leadership, as well as members of the company’s cybersecurity and legal teams.

At the time, Microsoft said there was no evidence that source code, AI systems, production systems, or customer environments were compromised. The company’s ongoing investigation has revealed that Midnight Blizzard is using the data it stole to continue attacking Microsoft, attacks which have led to the theft of source code.

In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access. This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.

It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures. Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024.

Microsoft minced no words in outlining the seriousness of the attack and its ongoing nature.

Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus. It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so. This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.

Microsoft’s current situation underscores the challenges businesses are facing maintaining security amid rising threats.

AI is already being used to help bad actors carry out attacks. As one of the largest content delivery networks (CDNs), Cloudflare is keen to leverage AI to help level the playing field. The company announced the new feature in a blog post:

With the AI Assistant, we are removing this complexity by leveraging our Workers AI platform to build a tool that can help you query your HTTP request and security event data and generate time series charts based on a request formulated with natural language. Now the AI Assistant does the hard work of figuring out the necessary filters and additionally can plot multiple series of data on a single graph to aid in comparisons. This new tool opens up a new way of interrogating data and logs, unconstrained by the restrictions introduced by traditional dashboards.

Now it is easier than ever to get powerful insights about your application security by using plain language to interrogate your data and better understand how Cloudflare is protecting your business. The new AI Assistant is located in the Security Analytics dashboard and works seamlessly with the existing filters. The answers you need are just a question away.

Cloudflare says users can ask the AI Assistant basic questions, such as “compare attack traffic between US and UK,” “compare origin and edge 5xx errors,” or “compare traffic across major web browsers.”

The company says the initial release is just the beginning, with many changes and improvements in the pipeline.

We are in the early stages of developing this capability and plan to rapidly extend the capabilities of the Security Analytics AI Assistant. Don’t be surprised if we cannot handle some of your requests at the beginning. At launch, we are able to support basic inquiries that can be plotted in a time series chart such as “show me” or “compare” for any currently filterable fields.

However, we realize there are a number of use cases that we haven’t even thought of, and we are excited to release the Beta version of AI Assistant to all Business and Enterprise customers to let you test the feature and see what you can do with it. We would love to hear your feedback and learn more about what you find useful and what you would like to see in it next. With future versions, you’ll be able to ask questions such as “Did I experience any attacks yesterday?” and use AI to automatically generate WAF rules for you to apply to mitigate them.

The new feature is available to some users in beta, and will continue rolling out to more users throughout March.

According to TheHackerNews, Palo Alto Networks Unit 42 discovered the flaw and reported it via Google’s Vulnerability Reward Program. Google detailed the issue in a security bulletin:

An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to escalate privileges in the cluster. The issues with Fluent Bit and Anthos Service Mesh have been mitigated and fixes are now available. These vulnerabilities are not exploitable on their own in GKE and require an initial compromise. We are not aware of any instances of exploitation of these vulnerabilities.

Google recommends manually upgrading GKE to ensure customers are running the patched version:

The following versions of GKE have been updated with code to fix these vulnerabilities in Fluent Bit and for users of managed Anthos Service Mesh. For security purposes, even if you have node auto-upgrade enabled, we recommend that you manually upgrade your cluster and node pools to one of the following GKE versions or later:

• 1.25.16-gke.1020000
• 1.26.10-gke.1235000
• 1.27.7-gke.1293000
• 1.28.4-gke.1083000

According to new research by VPN provider SurfShark, the US government makes the most requests for user data from Big Tech companies than any other jurisdiction in the world. The company analyzed data requests to Apple, Google, Meta, and Microsoft by “government agencies of 177 countries between 2013 and 2021.”

The US came in first with 2,451,077 account requests, more than four times the number of Germany, the number two country on the list. In fact, the US made more requests than all of Europe, including the UK, which collectively came in under 2 million.

While the US and EU were responsible for a combined total of 60% of all data requests, the US “made 8 times more requests than the global average (87.9/100k).”

The number of accounts being accessed is also growing, with a five-times increase in requests from 2013 to 2021. The US alone saw a 348% increase during the time frame, and the scope and purpose of the requests are expanding.

“Besides requesting data from technology companies, authorities are now exploring more ways to monitor and tackle crime through online services. For instance, the EU is considering a regulation that would require internet service providers to detect, report, and remove abuse-related content,” says Gabriele Kaveckyte, Privacy Counsel at Surfshark. “On one hand, introducing such new measures could help solve serious criminal cases, but civil society organizations expressed their concerns of encouraging surveillance techniques which may later be used, for example, to track down political rivals.”

The report also sheds light on which companies comply the most versus which ones push back against requests. For all of its privacy-oriented marketing — “what happens on your iPhone stays on your iPhone” — Apple complies with data requests more than any other company, handing it over 82% of the time.

In contrast, Meta complies 72% of the time, and Google does 71% of the time. Microsoft, on the other hand, pushes back the most among Big Tech companies, only handing data over 68% of the time.

The findings may also put a dent in US efforts to ban TikTok and other foreign apps under the guise of protecting user privacy and data.

Microsoft Threat Intelligence says bad actors have been using the ms-appinstaller URI scheme (App Installer) to distribute malware since at least mid-November 2023. Microsoft has disabled the protocol handler in an effort to combat its abuse.

The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution. Multiple cybercriminals are also selling a malware kit as a service that abuses the MSIX file format and ms-appinstaller protocol handler. These threat actors distribute signed malicious MSIX application packages using websites accessed through malicious advertisements for legitimate popular software. A second vector of phishing through Microsoft Teams is also in use by Storm-1674.

Threat actors have likely chosen the ms-appinstaller protocol handler vector because it can bypass mechanisms designed to help keep users safe from malware, such as Microsoft Defender SmartScreen and built-in browser warnings for downloads of executable file formats.

The attacks are especially dangerous for Teams users, since the bad actors are spoofing legitimate Microsoft pages.

Since the beginning of December 2023, Microsoft identified instances where Storm-1674 delivered fake landing pages through messages delivered using Teams. The landing pages spoof Microsoft services like OneDrive and SharePoint, as well as other companies. Tenants created by the threat actor are used to create meetings and send chat messages to potential victims using the meeting’s chat functionality.

More information can be found here, including detailed analysis of the attack. In the meantime, Microsoft says organizations should educate Teams users to be able to identify and protect themselves from this exploit.

Educate Microsoft Teams users to verify ‘External’ tagging on communication attempts from external entities, be cautious about what they share, and never share their account information or authorize sign-in requests over chat.

Cloudflare is one of the leading content delivery networks (CDN), used by companies of all sizes. The company has been steadily expanding its network, bringing better performance, reduced latency, and improved reliability to users.

The company announced the news in a blog post:

We make no secret about how passionate we are about building a world-class global network to deliver the best possible experience for our customers. This means an unwavering and continual dedication to always improving the breadth (number of cities) and depth (number of interconnects) of our network.

This is why we are pleased to announce that Cloudflare is now connected to over 12,000 Internet networks in over 300 cities around the world!

The Cloudflare global network runs every service in every data center so your users have a consistent experience everywhere—whether you are in Reykjavík, Guam or in the vicinity of any of the 300 cities where Cloudflare lives. This means all customer traffic is processed at the data center closest to its source, with no backhauling or performance tradeoffs.

The vulnerability and phishing campaign was discovered by Oleg Zaytsev and Nati Tal, researchers at Guardio Labs.

Those phishing campaigns cleverly evade conventional detection methods by chaining the Salesforce vulnerability and legacy quirks in Facebook’s web games platform. Guardio Labs has disclosed these findings and worked with Salesforce and Meta to close the vulnerabilities and misuse.

The phishing campaigns tried to trick users into going to a fake Facebook page in an effort to steal their Facebook login information, as well as their two-factor authentication information. Targets received an email that appeared to come from Meta but came from a salesforce.com domain.

So it’s a no-brainer why we’ve seen this email slipping through traditional anti-spam and anti-phishing mechanisms. It includes legit links (to facebook.com) and is sent from a legit email address of @salesforce.com, one of the worlds leading CRM providers.

The researchers praise both Salesforce and Meta for quickly addressing the issue and providing a fix to all impacted services. At the same time, they express concern over the growing sophistication of such phishing attacks, combining a range of legitimate services to thwart countermeasures.

The prevalence of phishing attacks and scams remains high, with bad actors continuously testing the limits of email distribution infrastructure and existing security measures. A concerning aspect of this ongoing battle is the exploitation of seemingly legitimate services, such as CRMs, marketing platforms, and cloud-based workspaces, to carry out malicious activities. This represents a significant security gap, where traditional methods often struggle to keep pace with the evolving and advanced techniques employed by threat actors.

It is imperative for these service providers to exercise additional caution and implement stringent measures to thwart such abuse. Taking proactive steps to keep scammers away from secure and reputable mail gateways is of utmost importance. This includes bolstering verification processes to ensure the legitimacy of users, as well as conducting comprehensive ongoing activity analysis to promptly identify any misuse of the gateway, whether through excessive volume or through analysis of metadata such as mailing lists and content characteristics.

Kudos to Salesforce and Meta’s Security teams for their prompt response to our discoveries and their ongoing efforts to enhance the security and resilience of their platforms against scammers’ attempts.

Cisco says Isovalent’s acquisition will help improve its Cisco Security Cloud and provide customers better protection across their workloads.

“Together with Isovalent, Cisco will build on the open source power of Cilium to create a truly unique multicloud security and networking capability to help customers simplify and accelerate their digital transformation journeys,” said Jeetu Patel, executive vice president and general manager of Security and Collaboration at Cisco. “Imagine in today’s distributed environment – of applications, virtual machines, containers and cloud assets – having security controls with total visibility, without hindering networking and application performance. The combination of Cisco and Isovalent will make this a reality.”

“Cisco is committed to nurturing, investing in, and contributing to the eBPF and Cilium open source communities,” said Stephen Augustus, Head of Open Source at Cisco. “Isovalent’s team will join Cisco’s deep bench of open source governance and technical leadership to solve complex cloud native, security, and networking challenges. Their knowledge will accelerate innovation across the business and help further strengthen the Cisco Security Cloud platform to meet the growing demands of our customers.”

Terms of the deal were no disclosed, but it is expected to close in the third quarter of fiscal 2024.

In a blog post, the company explains that platforms like Gmail rely on text classification to identify spam and other harmful content. Google has been working on a new type of text classification called RETVec.

To help make text classifiers more robust and efficient, we’ve developed a novel, multilingual text vectorizer called RETVec (Resilient & Efficient Text Vectorizer) that helps models achieve state-of-the-art classification performance and drastically reduces computational cost. Today, we’re sharing how RETVec has been used to help protect Gmail inboxes.

In the company’s internal testing, RETVec improved spam detection by 38% while reducing false positives by 19.4%. RETVec also reduced TPU usage by 83%.

RETVec achieves these improvements by combining a novel, highly-compact character encoder, an augmentation-driven training regime, and the use of metric learning. The architecture details and benchmark evaluations are available in our NeurIPS 2023 paper and we open-source RETVec on Github.

Due to its novel architecture, RETVec works out-of-the-box on every language and all UTF-8 characters without the need for text preprocessing, making it the ideal candidate for on-device, web, and large-scale text classification deployments. Models trained with RETVec exhibit faster inference speed due to its compact representation. Having smaller models reduces computational costs and decreases latency, which is critical for large-scale applications and on-device models.

Perhaps best of all, Google is making RETVec available as an open source project that organizations can customize and use.

RETVec is a novel open-source text vectorizer that allows you to build more resilient and efficient server-side and on-device text classifiers. The Gmail spam filter uses it to help protect Gmail inboxes against malicious emails.

If you would like to use RETVec for your own use cases or research, we created a tutorial to help you get started.