Malware has evolved to evade traditional security defenses and move laterally looking for vulnerabilities.  It may even force a generational shift in security. In a recent CUBE interview with security expert Junaid Islam, host John Furrier asks Junaid a question about the state of security in a new era of nation-sponsored activities and IoT.

Both the questions and answers are revealing in terms of what kind of shift in thinking is required for increasingly interconnected enterprises in an age of state-sponsored attacksVidder Junaid Islam Cube John Furrier_.

“Generational Shift”

John called it a generational shift. He suggested security might even require a “do over.” What has changed beyond the exponential growth in IoT and digital supply chain connectivity? Perhaps it is the evolution of predatory malware that moves laterally through layers of existing solutions in search of vulnerabilities. Once in it has access to increasingly complex configurations of devices, drivers and servers, a kind of hackers’ playground that was once protected against attack and is now exposed. Because of digitalization the stakes are higher than ever.

As Junaid says, increased interconnectedness leads to increased vulnerability and risk. Yet that is the direction we’re going. Then as nation states get involved and “malware that moves by itself” appears the interconnectedness of the US demands new countermeasures.

WannaCry as a Weapons Test

WannaCry was likely a weapons test and it’s up to enterprises to secure their own systems against these new advanced attacks. Security teams need to be aware of these risks and plan accordingly.

Junaid recommends new policies and laws for people holding assets and encouraging the adoption of new, advanced countermeasures. Authenticated access including multifactor authentication should be required for critical systems.

The writing is on the firewall discussed two recent announcements from VMware and Verizon which are likely responses to the state of security and more harbingers for the hardware-bound firewall and network access control vendors.

New Thinking, New Strategies, Secure Enclaves

While security pros spend more time addressing process creep required to keep their firewalls and access control hardware up to date with the latest lists and updates, these new attacks are piercing high profile defenses. New thinking around zero trust is morphing into strategies for establishing secure enclaves where access, lateral movement and even user behavior is trust-based in real-time and granular versus “once you’re in your all in” which is common in traditional security infrastructure.

These are demands which traditional solutions weren’t architected to address. At conclusion Furrier asks Islam about efforts to establish a new US national security initiative. Junaid advises that as soon as an approach is taught hackers will evolve to evade them. “We need to rethink how we share information on a worldwide basis.”

Stay tuned…

Posted by: Greg Ness | September 21, 2017

The Writing is on the Firewall

VMware and Verizon Announce App Security as a Service: Here’s Why It Matters

In a “tip of the hat” to how polluted devices and networks have become, VMware and Verizon announced new service offerings to protect applications from cyber attacks.  VMware announced App Defense at VMworld a few weeks ago. Vidder announced yesterday that its technology is being integrated into a new Verizon Software Defined Perimeter managed service for protecting high value apps from advanced threats.

The Writing is on the Firewall

These announcements matter because they mark a break from traditional thinking about security, from hardware to services and from network security to applications and access control. 

Services are becoming the fastest-growing segment of security spending according to Gartner. One recent forecast predicts a massive cyber security skills shortage in less than four years.

Why think differently about applications and access control? Increasingly powerful doses of cyber security reality are hitting overworked security teams:

  • defending apps and networks with traditional firewalls and network access control solutions is futile at best, even in firms with large security budgets;
  • exploding populations of endpoints will never be secure enough on their own to protect the critical systems they can access;
  • enterprise security faces increasing skills shortages, complexity and process creep just as attackers are getting faster and more capable; and
  • Application-centric access control is becoming strategic, especially for high value apps supporting users who demand LAN and remote access.

Clearly VMware and Verizon both see the writing on the firewall. A new Gartner report shines more light on the coming radical transformation of what was once a bastion of network security (see Secure Web Gateways by Pingree and Contu, published Sep 12, 2017).  Think firewall-as-service in the future.

Until the firewall disruption the focus needs to be on protecting high value apps from attacks that today easily penetrate firewalls and network access control defenses. Petya, for example, spread from its targets in Ukraine around the world in a matter of days, and was responsible for shutting down everything from hospital to shipping company systems.

Developing a Zero Trust Strategy

Synergy is key: New app-centric services can add more powerful capabilities to existing security teams without the headaches of adding new layers of increasingly complex static security infrastructure. Planning Matrix

Your team gets closer to the notion of zero trust, not just for networks but devices as well. They can start by prioritizing security for high value applications, especially those with complex access demands. Then focus on high value apps with simpler access demands.

When endpoints and networks are polluted, trust needs to be established for any user to access any high value application. Think Trusted Access Control: a powerful defense for key apps that augments existing resources and is delivered as a service.

Your security infrastructure is then augmented with specialized software and services that protect apps from malware and credential theft. Access is only granted after trust is established and access is only granted to a specific application.


Verizon Field Tests Vidder Technology at Operation Convergent Response

Related: After extensive tests and hackathons, Verizon recently field tested Vidder technology by securing real time, live action, first responder communications at Operation Convergent Response, last June in Perry, Georgia. For more information check out Junaid’s blog.

Read the news coverage related to the Verizon and Vidder software defined perimeter technology partnership.

Posted by: Greg Ness | August 16, 2017

Is Ukraine a Testing Ground for Cyber Attacks?

As nations and syndicates pursue their interests, they will become sponsors of offensive and defensive cyber capabilities, including information warfare, theft, and attacks designed to take down critical infrastructure. This could explain why–after billions in losses–there are no cyber treaties in place and attacks against election infrastructures are mere diplomatic affairs.

Let’s face it. We are all in the epicenter of an ongoing conflict, exposed to a new kind of Ruins1digital age risk. And in the years ahead it will get harder to discern who or what to trust. And trust is the fabric of civilization. Trust in institutions.  Trust in the availability of water, power or even banking and/or health services. When trust is broken many more things eventually break.

Many civilizations have discovered this the hard way. Today as the pace of life quickens and the ability to mobilize gets easier, institutions struggle with maintaining stability. As we’ve seen around the world, nations running on file folders and traditions cannot keep up with populations empowered by digital connectivity. Connectivity is the new backbone of a nation and yet its biggest vulnerability.

Radio, television and print were all essentially one to many broadcast mediums that helped public institutions maintain trust. The internet and social media are many to many mediums that can erode trust faster than the broadcast media can maintain it. So we see mayhem in Ukraine. And its spread throughout the world, shutting down hospitals and shipping companies.

We’ve entered a new era. And Ukraine may be its poster child.

Ignore Ukraine at your Own Peril

Ukraine has evolved into a kind of microcosm of the East/West conflict and, even more importantly, it is digitally connected to the east and west. It is the front line in a global cyber conflict.

In June I explained how increasing digital connectivity and blurred lines between nations and digital systems will expose servers and applications globally to more collateral damage from the ongoing conflict in Ukraine.  More recently I discussed how global brands will be increasingly vulnerable to cyber attacks. The digital age will separate trusted and untrusted brands.

Ukrainian infrastructure is already being attacked, most likely in order to undermine public trust in the young government. Some of those attacks have already spread well beyond Ukraine. The NotPetya malware attack, for example, is estimated to have caused almost $1B in damages globally.

The latest outbreak was directed against businesses in Ukraine, but they apparently underestimated the malware’ spreading capabilities. That’s why the malware went out of control.

– Telebots are Back, Anton Cherepanov, welivesecurity, June 30, 2017

This year at Future in Review we decided to shift from the evolution of cloud computing1 track (which had lasted more than 6 years) to the rise of cyber security as a critical and strategic IT theme. I cannot think of a more timely topic.

I highly recommend this panel as an insight into the world’s future and this cyber conflict and the impact it could have on trust, the fabric of digital civilization. Here are the videos from last year’s Future in Review.


Ukraine is the Cyber War Front Line: Future in Review Panel

Actual date and time (entire event is October 10-13) is being set.  I’ll update as soon as it is published. See Fire agenda here.

October 11, 2017 230-300PM.

Dmytro Shymkiv – Deputy Head of the Presidential Administration of Ukraine

Bob Flores – Founder/Partner of Cognitio and Former CTO of the US Central Intelligence Agency

Phillip Lohaus2 – Research Fellow, Marilyn Ware Center for Security Studies, American Enterprise Institute

Moderated by: Gregory Ness, VP, Vidder



Wired – How an Entire Nation became Russia’s Test Lab for Cyberwar – Andy Greenberg

US News and World Report – A Vulnerable Castle in Cyberspace – Phillip Lohaus

Reuters – Corporate profits to take more hits from Ukraine cyber attack – Jim Finkle and Eric Auchard

Newsweek – Whose Cyberattack Brought Ukraine to a Shuddering Halt? – Nolan Peterson

Vidder blog– We are Now at War – Cyber War – Gregory Ness

welivesecurity – TeleBots are back: Supply-chain attacks against Ukraine – Anton Cherepanov



1- The cloud track started in 2009 with a panel that led to the formation of the now-defunct Infrastructure 2.0 Working Group and culminated with last year’s Future in Review cloud panel.


2- Phillip is the author of A Vulnerable Castle in Cyberspace- see Background


Posted by: Greg Ness | July 31, 2017

Has FireEye Been Breached?

Am reading reports of a breach of FireEye. Stay tuned. While three outlets have covered, I’m awaiting acknowledgement from company officials. This looks like the headlines are ahead of the news. One FireEye employee’s account breached.


Hackers Breach Cybersecurity Company In Apparent Revenge On Employee: Gizmodo


PasteBin data dump: Hackers claim files are from Mandiant FireEye ‘breach’: The Register

Ido Naor, a researcher at Kaspersky Lab, commented: “Only one workstation seems to be infected during ‪#leakTheAnalyst‬. Dump does not show any damage to core assets of ‪Mandiant‬.”

Researcher Hanan Natan‏ agreed: “The current ‪#leakTheAnalyst‬ dump doesn’t contain any [proof] that they compromised the ‪Mandiant‬ networks.‬”


Hackers claim ‘breach’ of cyber firm FireEye: The Hill

Posted by: Greg Ness | July 27, 2017

Death by Maintenance and Process Creep

Hardware-Defined IT is About to End- Not with a Bang but a Whimper

I Couldn't Let Go

After completing Security Paradox the idea of death by maintenance really sunk in. The following is a “song of vapor and iron” that has been echoing through my mind like an earworm:

The Golden Age of IT

As organizations grew they made wise investments in IT infrastructure (productivity) so that employees and partners and customers could interact more easily.  From mainframes to personal computers, networks to the Internet, virtualization to clouds, waves of transformation swept through the enterprise and drove unprecedented productivity gains.

The vendors selling infrastructure achieved billion-dollar market caps because they sold even more gear into the rising tide and made themselves indispensable to the new CIOs influencing massive IT budgets. The vendors then designed their gear to be self-serving. That is, productivity was enabled by complexity, which includes certifications, training, dedicated channels and specialized hardware which you couldn’t buy anywhere else.  It was a timely, brilliant move that produced billions in shareholder value.

hope1Specialization and innovation combined with accelerated throughput helped network and security vendors accelerate growth and profits to such an extent that the cities where they were based experience housing shortages on unimaginable scales.  Those were the halcyon days of Interop packed with multi-story booths and the obnoxious scantily-clad babes hawking switches, routers and firewalls like those tool girls you used to see in your mechanic’s garage. Then something quite remarkable happened yet again.

Virtualization Crushes Server Margins

Just like Microsoft and Intel destroyed mainframe growth (and much more includingmaninredtapeactual high end graphics workstations), VMware came along and disrupted the high-flying server hardware industry.  Both shifted the paradigm from complexity and cost to power and simplicity. Then came AWS, Azure and Google.  They amped up power and simplicity to a new level, but with much of the focus on greenfield and development environments.

Re-Invent in 2012: A Public Cloud Club of a Few Thousand

You can read my lamentations about the AWS preoccupation with public cloud in my 2012 blog Two Weeks in Vegas and others posted in 2013. The first re-Invent was a fraction of the size of Interop which was getting dwarfed by the VMworld leviathan. “Forget Interop, you have to be at VMworld,” a very smart and connected venture capitalist told me repeatedly as we discussed market planning.

AWS then Azure and Google disrupted cumbersome, high cost and high maintenance dev/test environments with agility and low cost and offered cloud-first infrastructure for new apps. This started peeling away opportunities that once went to the hardware vendors as gravy add-on sales for hardware, service and support.

A Song of Vapor and Iron

The traditional infrastructure (and virtualization) vendors and their dedicated army of channel and IT experts then voraciously attacked the cloud for being insecure.  Those attacks often stuck until AWS and others announced a wave of new capabilities, and wins from some of the world’s most discerning security buyers. Then came announcement after announcement from enterprises with varying levels of cloud adoption for their existing apps, much of which was more vapor than iron. But the momentum with cloud-first more than offset the slowness of brownfield cloud migration, which is likely to be addressed in the next 12-36 months.

The Unlikely Alliance

Then something quite remarkable happened. AWS and VMware agreed to partner.  The promise: AWS extends its reach into existing data centers, and VMware survives as a new kind of hybrid cloud migration and orchestration middleware.

I’ve frankly been amazed by how little attention this development has received.  It threatens the pillars of “traditional” IT: billions in hardware-based empires and the powerful synergy of interests between IT pros, channels and vendors.

Death by Maintenance and Process Creep: “I Couldn’t Let Go”

NAC BoulderIf properly executed this unlikely alliance of former enemies can crush the infrastructure hardware business in years, not decades.  Perhaps in a few years.1 Notice has been served.

Why so soon? The complexity and throughput strategy that brought billions to the hardware-centric infrastructure players now stands in the way of “modern IT”, as a kind of albatross of cost and delay: the IT guy with his head nodding sideways.

Modern IT is about the ability to deploy, manage and secure vast complex networks in days (or even hours) instead of months.  And for the CIO and CISO, it promises innovation and impact at a fraction of the cost of simply maintaining and upgrading these amalgamated layers of network layer configurations and anachronisms.

All of the tedious LAN by LAN maintenance and support processes (and costs) that Is Your DR Strategy Obsolete?skyrocketed in the last five years (and slowed innovation to speeds and feeds and new ASICs and tuning/updating processes) will be replaced by faster, cheaper and more powerful software and services. See, for example, the new software-defined perimeter and the maturing software-defined network or my previous blog about the shift to software-defined IT.

Welcome to the new age of modern IT, defined by software and services… and speed.

Disclosure: I work for Vidder.

1) Infrastructure hardware companies won’t cease to exist, but will instead probably end up in SGI-like stasis (see recent $275M HPE acquisition – remember them?) with limited growth prospects and increasing margin pressure that will squeeze harder every year in cities where standard of living costs are unmerciful. Imagine change faster than before and in pockets of downsizing or M&A that are not quite fast enough to adjust to the rate of change.

Posted by: Greg Ness | July 26, 2017

The Big Shift to Software-Defined IT is Now Underway

A week ago I wrote about the recent AWS VMware partnership and how it threatens traditional IT vendors, practices and roles. The week before I talked about exploding security processes eroding protection at a Fortune 100 leader, based on a recent interview with a security architect.

In May I said the cloud will crush the hardware-bound security (and infrastructure players) as traditional IT shifts into more software and service-centric roles.

The emerging pattern is easily apparent: increasing demands upon larger enterprise networks are forcing IT, security and networking teams from hardware to more agile, software and service-centric operating models and solutions.

AWS and VMware Partnership= the Beginning of the End of Traditional IT

The AWS and VMware partnership is particularly notable because cooperation betweenSpeedometer these two former rivals signals a big shift in AWS strategy from cloud native to hybrid cloud and makes cloud migration a strategic enterprise requirement.

This alliance will force hardware-centric IT vendors, channels and buyers (including third party data center operators) into a deep, profound transformation from ongoing LAN-based maintenance and updates into faster, more powerful, scalable and flexible software and service-enabled solutions.

When you combine this transformation with the rising tide of cyber attacks rippling through increasingly connected networks you can understand increasing enterprise interest in software-defined perimeter technology, an advanced architecture with notable advantages over traditional access control technologies. Software-defined IT will leverage software-defined networking and perimeter technologies. (Note: you can read more about software-defined perimeters in Gartner’s just released Hype Cycle for Cloud Security, 2017 and at Vidder’s software-defined perimeter resource page.)

For example: as one organization struggles with updating dozens (if not hundreds) of distributed hardware appliances the other has software-defined perimeter integrated with trust assessment technology, which is quickly updated across internal and external networks by a service provider then tested by agile security and networking teams.

Verizon’s new Convergent Response offering demonstrated in June is noteworthy because it represents this new thinking, which could enhance Verizon’s leadership in managed security service offerings.

Looking forward you can expect to see the shift start in organizations with high security, compliance and operating demands as they will be among the biggest benefactors. Organizations now under siege with attacks and exploding security processes can shift from reaction fatigue to strategic advantage.

Posted by: Greg Ness | July 20, 2017

Can Clouds become Malware Super Spreaders?

In many ways and for most organizations the cloud is more secure than premises-bound security.  It’s easy to understand why: The most widely deployed IaaS architectures are more advanced than their traditional stack counterparts, many of which have been architected over decades based on changing priorities and user demands.

Yet a recent and timely blog from Junaid Islam raises a fair point. Clouds can become malware super spreaders:

The increasing number of personal compute devices and supply chain partnersSuper Spreaders connecting to enterprise clouds makes universal endpoint protection impossible. Subsequently, malware can find and propagate from infected compute devices to cloud-based applications. Once infected, hosted apps can become malware super spreaders. However as bad as the risk of malware is to enterprises, the risk to IoT systems is even greater.

The new generation of IoT devices has the ability to autonomously communicate locally and globally.  As IoT devices come in hundreds of different variations with specialized software modules, patching IoT systems is far more difficult than personal compute devices.

Infected IoT devices can spread malware from autonomous vehicles and energy management systems to consumer products and cloud computers – and then back again.  A malware attack on billons of networked IoT devices would take months or years to correct.

You can read the entire blog here: Malware Will Cripple Cloud and IoT Infrastructure if not Contained

blindfolded senior business man walking through social media data

A recent interview with a security architect at a Fortune 100 firm with a network of hundreds of thousands of corporate and partner users brought out the explosion of complexity as networks scale and encompass remote users and partners:

When a certain level of scale is attained, incremental growth can cause exponential increases in complexity and required management processes. That point of scale will vary from company to company, often based on the nature of the security and networking solutions they are using.

Yet it gets worse as you bring in hybrid clouds:

As networks embrace partners and clouds, process creep erodes security further by requiring more procedures to maintain an existing and increasingly obsolete security posture. The net effect is a security paradox: more security processes can translate into weakened protection.

You can read the rest of the story at my Vidder blog on security creep at a F100 enterprise.

Posted by: Greg Ness | July 19, 2017

Amazon goes Hybrid with VMware

Roller coaster loops against evening sky

The Wild Ride is Getting Wilder for Tech Infrastructure Vendors

Notice is Served to More than a Dozen Tech Leaders by Once Unlikely Alliance

Recent talks between Amazon and VMware could ignite a second wave of cloud adoption, this time focused on brownfield cloud migration. A recent report covered by CNBC raises the specter of a massive shift of workloads from premises to clouds, something of notable concern to at least a dozen premises-bound tech leaders and perhaps a couple dozen third party data center players managing traditional stacks.

See my Vidder blog The Cloud is about to Crush the Hardware-based Security Industry.

This development represents a fundamental shift for Amazon and VMware, and each has their own distinct reasons for this once unlikely alliance.  Amazon finally recognizes the value of the hybrid cloud model, which it has dismissed for years. This could be as much about Amazon growth as countering Azure’s massive inroads into cloud. See a few highlights from my blog Amazon, AWS and the Public Cloud Paradox from early 2013:

As discussed previously, the total addressable market for VMware server virtualization and private cloud is about $50B dollars, per a VMware presentation made late in 2012.  Amazon’s AWS revenues, representing an estimated 90% of the public cloud market, were under $3B.  This suggests a wide gulf between the public cloud and private cloud market and an even larger $60B hybrid cloud market that is available to the victors.Kitty Hawk

That public cloud myopia on the part of Amazon, which was so prevalent at last year’s AWS reInvent Conference, is an albatross around the neck of what has otherwise been perhaps one of the most successful and revolutionary launches since… online bookselling.  Amazon’s future success may depend more upon its ability to lead the cloud market versus being a former first mover.

Amazon clearly understands that public IaaS is too limiting, and has made a series of smart improvements to its cloud offerings that align them more closely to enterprise requirements.  It is possible and reasonable to suggest that Amazon’s enhancements (along with Azure’s coming grand entrance) may have forced VMware’s hand into its own IaaS offering, much to the unease of some key VMware partners.  Yet Amazon today is still stuck in the public cloud mindset.

Then there is Amazon and the Amazing Enterprise IT Monoculture Myth:

Without denying cloud computing’s massive impact on enterprise IT, I think it isclouddisconnectimageblog still easy to get lost in the vendor haze of massive switches to any self-serving single standard or model -beyond core networking and communications stacks, which are often economically too powerful to resist, and the dynamic, pulsating world of IT services and solutions.  Innovation and conformity are not often mentioned in the same sentence as allies.

For VMware this represents a shift from its earlier cloud initiative. For background see my previous post based on a recent Cisco study and Cloud is Bigger than you Think, based on a Future in Review panel in late 2015.

==> If you are an executive at a hardware-bound company selling gear exclusively for premises deployment this is a very big yellow light at best. And it grows the TAM for AWS by several-fold.  Stay tuned.




My recent Vidder blog on security in the new cyber world explains why security will become more important to business success in the digital age and why CISOs will become as important to CMOs in most consumer and B2B companies.

The world’s cyber future looks more like Ukraine, the emerging frontline of a growing conflict between entrepreneurial hackers, nation states interacting in a virtual marketplaces of exploits, tools, identities marketplaces and a shrinking population of cyber security experts defending critical and increasingly complex systems.

If you think the cyber war in Ukraine will stay within its borders think again. We may already be embroiled in a stealth, undeclared cyber war.

With larger populations of devices accessing more complex, shared infrastructures attached to increasing exposed systems you have a market of growing opportunity for fast growing populations of cybercriminals and their sponsors living beyond the reach of domestic law enforcement and perhaps even international treaties.

That’s why I’m putting together a cyber war panel for Future in Review this October in Park City. Stay tuned!

Older Posts »