NetEvents

All posts in Latest News

by Mark Fox

Armed with the latest software tools, they are successfully exploiting human weaknesses through clever phishing and spearphishing, and leveraging vulnerabilities in servers, payment systems, and cloud platforms. They must be stopped – and at the upcoming NetEvents Global Press & Analysts Summit in San Jose, CA on Sept 28 & 29, you’ll learn exactly how intelligence services, Internet providers, and software companies are taking the fight back to the hacker.

Come be part of the cybersecurity conversation at this Global Press & Analysts Summit. The final speakers are now being selected and we promise to dig deep into the mind of the hacker. Who are they? Some are government agents, some are from organized crime, and some are hacktivists. What do they want? Mayhem, money, mischief. Can they be stopped? Yes, but it can be done.

We are lining up presentations from top intelligence experts from the CIA, FBI, NSA, and others. Our editorial board along with our session chair people such as NSS Group are evaluating submissions from service providers and cybersecurity firms for a series of debate panels that will explore various aspects of cybersecurity from the enterprise, carrier/service provider, societal, and public-policy perspectives.

We can defeat the hackers. Share your voice as we discuss the challenge and the path to victory, in front of the worlds top business IT and cybersecurity media representing 120+ publications covering 35+ countries across the globe!

The cybersecurity problem is more than an inconvenience — it’s a looming disaster to businesses, organizations, and society around the world. Fully 2 in 5 — that’s 40% — of retailers across the globe suffered a data breach in the past year. Half a million Windows users have been infected by 15-year-old malware. In India alone, more than 27,000 cybersecurity incidents have been reported so far in 2017. The U.K. Parliament suffered 200,000 attempts to hack MPs emails. And Lloyds of London has stated that the cost of a single major cyberattack could exceed $53 billion in economic losses.

 

 


london

by Mark Fox

NetEvents European Media Spotlight opened in London’s Chelsea Harbour – a rare visit to its homeland – to enable press, vendors and analysts from around the globe to discuss issues around Innovation, IoT, AI and Security.

Security was the key issue of the day, with an opening keynote, discussions, and two debates around the topic. What made it unusual was the in-depth keynote speech from ex-GCHQ Deputy Director of Intelligence and Cyber Operations, Brian Lord. He delivered his experience of security from a state perspective. Among his many points, he talked about how many attackers are now state-sponsored but said that they are all, basically, criminals.

Joined on-stage by Arthur Snell, ex-MI6, Guy Franco, ex-Israeli Military Intelligence, and quizzed by analyst Alan Zeichick of Camden Associates, he talked about how the power relationships between attackers and defenders is changing, and what the wider societal impacts this will have over time.

The theme continued with the next panel debate, led by Mike Spanbauer, VP of Security Test and Advisory at NSS Labs, which focused on how new tools can help both enterprise and governmental organisations respond to cyber-attacks.

A second debate moved the game on further. Opened by analyst Duncan Brown, Associate VP at IDC, this panel discussed the current threat landscape – such as ransomware, spearphishing and credential theft – why those threats are so difficult to defeat, and what cutting-edge technologies exist to combat them.

NetFoundry founder and president Galeal Zino then gave a short presentation on his company’s vision for application-driven networking, an overlay that provides security as part of a fourth industrial revolution.

Hybrid cloud has been the acknowledged goal for enterprises for some time, so the next panel looked at how the efficiencies of the hybrid datacentre can be leveraged for the enterprise of today and tomorrow.

Following an update from analyst Joel Stradling, research director at GlobalData, on the future of software-defined WANs, in which he discussed the pros and cons of SD-WANs in the enterprise, the penultimate panel returned to the topic of security. Alan Zeichick took to the stage once more to lead the panel discussion on tools, techniques and technologies to protect the network endpoint. Discussions emerged around the importance of the basic protections afforded by tools such as anti-virus compared to some of the more esoteric technologies such as AI.

The final plenary panel was all that stood between the audience and lunch. It was led by Ovum analyst Rik Turner and dissected the practical applications of artificial intelligence to cyber-security cloud and the Internet of Things.

The main event ended there, but was followed after lunch by intensive round-table discussions between the press and vendors, and between some of the vendors and potential channel partners. The event was rounded off with a boat trip up the Thames.


maxresdefault

By Alan Zeichick

Ping! chimes the email software. There are 15 new messages. One is from your boss, calling you by name, and telling him to give you feedback ASAP on a new budget for your department. There’s an attachment. You click on it. Hmm, the file appears to be corrupted. That’s weird. An email from the CEO suggests you read a newspaper article. You click the link, the browser seems to go somewhere else, and then redirects to the newspaper. You think nothing of it. However, you’ve been spearphished. Your computer is now infected by malware. And you have no idea that it even happened.

That’s the reality today: Innocent and unsuspecting people are being fooled by malicious emails. Some of them are obvious spammy-sorts of messages that nearly people would delete — but a few folks will click the link or open the attachment anyway. That’s phishing. More dangerous are spearphishing message targeting individuals in your organization, customized to make the email look legitimate. It’s crafted from a real executive’s name and forged return address, with details that match your company, your family, your job, your personal interests. There’s the hook… there’s the worm… got you! And another computer is infected with malware, or another user was tricked into providing account names, passwords, bank account information or worse.

Phishing and spearphishing are huge problems, and are the delivery method of choice for identity theft and corporate espionage. If the user falls for the malicious message, the user’s computer is potentially compromised – and can be encrypted and held for ransom (ransomware), turned into a member of a botnet, or used to gain a foothold on a corporate network to steal intellectual property.

Yet we’ve had email for decades. Why is phishing still a problem?

It’s a Matter of Trust
“Phishing is a problem because people trust email, and they should trust email,” said Ed Amoroso, CEO of TAG Cyber, a global security consultancy. “We love email. Email is an important part of our communications in business.”
Roark Pollock, Senior Vice President of endpoint security company Ziften Technologies, agreed, “Phishing’s still a problem because we’re a problem. Humans are the weak part, the weak piece in the chain of security in a lot of instances. And so it comes down to education. There’s new people in the environment every day that haven’t been trained on security. They don’t understand what to look for. And even if you know what to look for, phishing attacks have become very sophisticated. They’re very tricky. Even some of the security experts fall for them every once in a while. Even if you know what you’re looking for. I mean, humans aren’t perfect. We’re bound to make mistakes and fall for those types of tricks.”

That’s particularly true with spearphishing, because it’s easy to learn all about the intended victim, explained John Weinschenk, General Manager of Enterprise Network and Application Security at test company Spirent Communications. “People are gather information on social media, so when they’re sending these spearphishing attacks at you, it’s very targeted. And it might come from someone you believe you know, but it’s really not from them because they fake the headers. Your perception is that it’s from someone that’s trusted. We’re seeing more and more attacks take place like that.”

Corporate information is another source for hackers using spearphishing, added Kowsik Guruswamy, Chief Technology Officer at Menlo Security. “Spearphishing is really about knowing some information that I am privileged to know, based on my role in an organization. So when I get an email that’s coming from, let’s say, my CEO or my CFO, and it’s got certain words or certain terms that only I’m familiar with, I tend to believe in that a lot more than some generic email that’s coming to me. So that’s why it’s very, very sophisticated and very targeted to specific individuals. Hence the term spearphishing, because it’s very pointed.”

Imagine the Worst Case Scenario
You’ve clicked the spearphishing email. Or your CFO has, and her laptop contains business plans, contracts and draft financial statements. Maybe your top IT administrator clicked the email, and he has full security privileges across the whole enterprise network and data center. Now what? Usually, it’s bad. Worst case, it’s very bad.
How bad? “Worst case, typically ransomware turns up, because it’s so immediate in terms of the effect,” said Frank Wiener, Vice President of Wedge Networks, a security company. “The worst case is anything from disrupting the business to really impacting their reputation, where people stop doing business with them. The more likely scenario is, somebody comes under attack, and they have a specific localized event that causes a disruption.”
Spirent’s Weinschenk thought about malware: “The worst that could happen is there’s executable code that could take place. The system could be compromised in the future, so everything that’s done on that system is a vector for someone to get information like credit cards, or passwords, or usernames. It could even tie into your internal systems. So if the system gets compromised as they start logging onto your internal systems securely, those systems could be compromised because it will come through those channels.”

Mike Spanbauer, Vice President of Security at consultancy NSS Labs, said, “It really depends on exactly how good the protection on the machine is at that point, because it comes down to whether you have a control in place that can intercept what the ultimate phishing link or the package on the other end is going to try to do.”
“If it is effective at bypassing whatever controls you have,” he continued, “it’s going to be a — not necessarily a game over scenario — but you’re now in the hands of the attacker. And depending on if they’re going to take immediate action, or, ultimately, longer-term action they can compromise local assets, files, data. Worst case scenario, well, you don’t want to find out the next day that your accounts have been emptied.”

Or your data stolen, said Scott Scheferman, Director of Consulting at Cylance, an endpoint security company, especially if the company uses a Windows domain network that relies upon Active Directory to manage network assets. “Worst that can happen is an immediate pivot to compromise Active Directory. Attackers can do a lot of things at that point. They can exfiltrate data, they can grab the credentials and run, and come back later through other things like VPN connections and remote connections, and not use any malware. It’s a short path to getting the keys to the entire kingdom.”

“Well, it’s probably the worst thing you can imagine, because anything can happen, warned Stefan Lager, Vice President of Service at SecureLink Group, a leading European managed security services provider (MSSP). “You can get infected with some malware that can steal all your reports before they are posted. It can steal investor property. They can encrypt all your critical data without having no ability to restore them. Anything can basically happen. [Phishing] is the most common way for an attacker to get in today.”

Can You Fight Phishing at the Email Server?
Phishing and spearphishing are most often delivered by email. It seems the email server, such as Microsoft Exchange Server or Google’s Gmail, would be the obvious place to detect and block those malicious message. It’s not so easy, said Roy Abutbul, Co-Founder and CEO of Javelin Networks, a security startup. “Even if you will secure the email gateway server, at the end of the day [hackers] will always find a way to trick you. There is not any technology that can literally say that it can prevent all malicious emails from come to your inbox.”

That’s especially true if the email itself doesn’t contain an attachment that contains malware, since network security and endpoint products can scan for that type of malware. But an email that will trick you into going to a website and entering credentials? Not easy to block.

“The reason why stopping emails at the email server, at the gateway, is not effective, is because a lot of times, those gateways, they don’t have the full visibility and they’re still largely signature-based in their methodology,” said Cylance’s Scheferman. “There are some newer ones that are using isolation and other things to try to overcome the problem with signatures, but at the end of the day, malware’s going to end up on the end point.”

SecureLink’s Lager agreed. “If you do a well written phishing email, it’s very hard to distinguish that from a normal, valid email. So that’s why it’s so important that you have methods to limit the impact when somebody clicks on the link, and also have the ability to detect and mitigate the follow-up effects from that.”

Indeed, said Menlo Security’s Guruswamy, if you look at the last 20 years of security, phishing or otherwise, everything boils down to some technology figuring out whether the link is good or bad, or the attachment is good or bad, or the website is good or bad. If somebody deems it’s good, we get to interact with the website or attachment? If it’s bad, we block it. The problem is, 20 years later we don’t have technology that can conclusively prove that something is good or bad. That’s why it can’t be stopped or detected on the email server, because sometimes when the links come in, they seem okay.”

Proactive Response: Training Is Not Enough
Certainly end users need to be training, retrained, and retrained again, not to click on suspicious links or open untrusted documents. However, it’s clear that they can and will be fooled by a sufficiently realistic attack, said Javelin Networks’ Abutbul. The company offers technology that can mitigate the impact of a compromised endpoint on a Windows domain network by protecting Active Directory.

“First, acknowledge that this is one of the biggest problems out there,” Abutbul continued. “I will assume that one of my employees will get hacked, will get a phishing email eventually, and he will click on those phishing emails and malicious emails. I need to focus on what I do next. What is my next step as a CISO? I need to protect the internal network in a way that, even if they do get email, even if they do get phishing email, I will be able to stop them in their next step.”

Wedge Networks’ Wiener is also dismissive of training. His company scans network traffic for malware and for phishing emails. “Everyone wants to try to change user behavior, and we all need to do that, but the best thing you can do is prevent the threats from entering the enterprise and infecting the computer. That’s where, Wedge is focused. It’s that network layer of security where we can stop the threats dead in the track, before they come in and expose the enterprise.”

“Cylance offers one primary solution when it comes to phishing: The ability to stop malware from running pre-execution,” said Cylance’s Scheferman. “We do not let any malicious file even run. So there’s nothing that happens afterwards, all these things we’ve been talking about, can happen.”

Spirent’s Weinschenk is more focused on process than on products within his security testing firm. “We have a hacking group, so we use phishing all the time to actually hack people. So we’re someone that uses phishing to actually show CISOs what the risk is to their enterprise. The best thing you can do is, we just have to keep talking about this and keep educating our employees. So, I really recommend that IT groups actually create phishing emails internally for themselves that aren’t hostile, but basically prove it out, and every quarter they should send these phishing emails out to their employees, and see how many people actually click on those emails. That’s the educational process.”

Many Options, Including Isolation
If you have questions about choosing security solutions, engage NSS Labs, said Spanbauer. “Well, it’s a complicated problem to solve for, and at NSS Labs of course, we guide enterprises to make intelligent choices. You’ve got secure email mechanics, whether cloud-based or appliance-based, that are often administered by the email team. You’ve, of course, local protection mechanics on the client itself on the end point. I’d encourage folks to take a look at the resources we have on our website or just to reach out, and we can talk you through it. There will be multiple options. It’s not going to be a single product. There is no silver bullet in security.”

Have a multi-layered approach, advised SecureLink’s Lager. “So, multiple things. So, one in terms of technology is providing good email security that will take away as much as possible of the threats. The next is to make sure, on the technology side, that you’ve got good end point protection. That’s going to be the second lever of defense. The third layer of defense is going to be educating end users, so they don’t click on everything. And then the fourth would be now, when all these three first failed, make sure that you have good security practices in place that can limit the damage if somebody actually clicked on that specific link.”

Isolation is a very, very simple concept that Javelin Networks uses: Essentially, open everything, from websites to attachments, in a secure, cloud-based environment which it can’t do any harm – and if it asks for user input, like credentials, warn the user if it seems suspicious, explained Guruswamy. “If you look at what about the web page that’s risky, it’s the active code and content. So instead of playing this game about whether it’s good or bad, we can take all of the active stuff, and move it up in the cloud somewhere.”

“So none of the code, none of the content ever came to me, to my browser, or to my end point, he continued. “That’s what makes isolation very special, because for the first time we can actually claim the promise of perfect security, because we’re not trying to play this game of good versus bad.”

TAG Cyber’s Amoroso agreed. “When people think about isolation, they try to find analogies that make sense. One of my favorites is, when you’re detonating a bomb, you don’t do it in a crowded area. You take it to a place, an isolated place, where it can be detonated and not cause problems. Ditto malware. So the idea that you can build a virtual isolated environment around computing makes good sense, because if there’s malware it hits that isolation boundary. You can do that on a container, on an end point, or you can push it off into the cloud. Either way, it’s an extremely effective way to make sure that malware doesn’t detonate and cause damage to real assets.”

Phishing: A Persistent but Solvable Problem
Phishing isn’t going anywhere, and every day new types of spearphishing are fooling individuals, business executives, even government officials. There is no easy cure, and no surefire way to guarantee that users won’t see malicious email. Fortunately, technology leaders do offer proven advice and solutions for what to do if the end users – like your CFO – does click that link or open that attachment. And they will.

Watch Zeichick’s full report here


stopping-cybercriminals-protecting-microsoft-active-directory-640x360

By Alan Zeichick

The endpoint is vulnerable. That’s where many enterprise cyber breaches begin: An employee clicks on a phishing link and installs malware, such a ransomware, or is tricked into providing login credentials. A browser can open a webpage which installs malware. An infected USB flash drive is another source of attacks. Servers can be subverted with SQL Injection or other attacks; even cloud-based servers are not immune from being probed and subverted by hackers. As the number of endpoints proliferate — think Internet of Things — the odds of an endpoint being compromised and then used to gain access to the enterprise network and its assets only increases.
Which are the most vulnerable endpoints? Which need extra protection?

All of them, especially devices running some flavor of Windows, according to Mike Spanbauer, Vice President of Security at testing firm NSS Labs. “All of them. So the reality is that Windows is where most targets attack, where the majority of malware and exploits ultimately target. So protecting your Windows environment, your Windows users, both inside your businesses as well as when they’re remote is the core feature, the core component.”
Roy Abutbul, Co-Founder and CEO of security firm Javelin Networks, agreed. “The main endpoints that need the extra protection are those endpoints that are connected to the [Windows] domain environment, as literally they are the gateway for attackers to get the most sensitive information about the entire organization.”

“From one compromised machine,” he continued, “attackers can get 100 per cent visibility of the entire corporate, just from one single endpoint. Therefore, a machine that’s connected to the domain must get extra protection.”

Vulnerable IoT and Cloud
Scott Scheferman, Director of consulting at endpoint security company Cylance, is concerned about non-PC devices, as well as traditional computers. That might include the Internet of Things, or unprotected routers, switches, or even air-conditioning controllers. “In any organization, every endpoint is really important, now more than ever with the internet of Things. There are a lot of devices on the network that are open holes for an attacker to gain a foothold. The problem is, once a foothold is gained, it’s very easy to move laterally and also elevate your privileges to carry out further attacks into the network.”

At the other end of the spectrum is cloud computing, especially enterprise-controlled virtual servers, containers, and other resources configured as Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS). Anything connected to the corporate network is an attack vector, explained Roark Pollock, Vice President at security firm Ziften.

“We take a very holistic view of endpoint,” Pollock said. “We’ll talk about it as client to cloud, but I think of it as old-school client to server paradigm. And so we want to be on both ends of that wire and so we deploy on your traditional user client devices, so laptops, desktops, even virtualized desktops. Then we also install in the data center, whether it’s physical servers, virtualized machines, virtual machines in that data center, even containers, and we can even deploy on those virtual machines, those virtual endpoints, even in an enterprise cloud application.”

Microsoft, too, takes a broad view of endpoint security: “I think every endpoint can be a target of an attack. So usually companies start first with high privilege boxes, like administrator consoles onboard to service, but everybody can be a victim,” said Heike Ritter, a Product Manager for Security and Networking at Microsoft.
The cloud is definitely a core concern, said Cylance’s Scheferman. “Endpoints in the cloud are extremely important. Everybody’s moved to the cloud, so a lot of your critical assets even live in the cloud and your critical data, your personal identifiable information (PII) personal health information (PHI), whatever it might be. You have to protect your endpoints from all factors in the cloud.”

Context Is Everything
Many endpoint security products monitor endpoints and can raise alarms if a breach is detected. Some tools focus on what’s happening in this instant; others place incidents in a historical context, so that administrators and security response teams can see only what’s going on, but where the problem began.

“Context truly is everything,” said Scheferman. “We’re starting to finally believe that in 2017. An event by itself means nothing, but an event coupled with other events gives you that context. When we’re doing compromise assessments, we often look to build out what the context of the compromise was, in order to derive things like root cause analysis, where the attacker’s gone. What they’ve been able to accomplish or not is also important, is knowing what they haven’t been able to do. But you can’t do that unless you have full context.”

NSS Labs’ Spanbauer agreed. “Ultimately you cannot act upon data and make it actionable unless you understand the context. Whether it’s the delivery mechanic, what was going on, what was attempted, or what the user was doing at that specific moment in time. Without context, you can’t act intelligently and solve the root problem.”

Context is “actually very important, so if you think as numbers, statistics, they say it takes 200 days to discover a breach. You want to go back in time,” said Microsoft’s Ritter. “So sometimes you only learn today that this is an attack, that this is a certain pattern of an attack. So you now have new IOAs [Indicators of Attack], IOCs [Indicators of Compromise] reported by Windows Defender ATP. We will apply them like this new pattern back to up to six months of historical data, where now our customer can actually go back and investigate an attack that happened a little bit before.”

Ziften’s Pollock used a medical analogy for context providing a baseline: “Well for us, you have to both real time and contextual data, historical data. You don’t go to the doctor today and find out you have cancer. You don’t want to get in that situation and never have been to the doctor for a check-up in the last four years. You want to go to the doctor and have a check-up every year. The same thing from a security standpoint; it’s about establishing a trend and being able to see what’s happening over time.”

Yet don’t neglect the importance of real-time intelligence in helping reduce risk, warned John Wienschenk, General Manager of Enterprise Network and Application Security at Spirent Communications, arguing that you can never totally eliminate that risk. “You get the data that you have and at a snapshot in time, you prioritize those vulnerabilities that you have, whether it’s on your mobile devices, your endpoint security, your infrastructure. And then you knock those down one at time. But realize that you’ll never take your security risk to zero. That’ll put you out of business.”

Online, Offline: All Endpoints Need Protection
In an old-fashioned enterprise environment, nearly all endpoints were connected directly to the internal network, and unless they were powered off (like an employee’s desktop computer over the weekend), they could be monitors 24/7. What about in today’s world, where endpoints are mobile, connected via cellular data or coffee-shop WiFi, or simply offline — but active? Those endpoints are even more vulnerable when traveling. They must be protected, and monitored by the CISO team so that breaches can be detected and responded to quickly. The same is true for virtual machines that can be spun up and then deactivated at any time. How are they protected?

Speaking to virtual machines, Ziften’s Pollock said, “Our agent is part of the image of that virtual machine. So any time a virtual machine or a container spins up, we’re already instantly part of that virtual device, so that virtual machine in the infrastructure. Immediately when it spins up, we start providing data feeds off of that image or that virtual machine. So we give you instant visibility for those virtual devices. Whether they spin up, if they stay up for a long time, if they get lost in your infrastructure, we’re still monitoring and we know that those devices are there.”

NSS Labs’ Spanbauer added, “This is where advanced endpoint capabilities come into play. They self-monitor and certainly associate with the cloud for telemetry and other insights. But at the end of the day, you need to have a local autonomy, an intelligent mechanic on the endpoint itself to handle offline, or immediate reconnection capabilities. Meaning that if [the endpoint is] offline, comes back online, it won’t have a chance to download new capabilities and come up-to-date. It has to be able to protect itself at the moment of being back online.”

Finding Patient Zero
A breach is detected. An endpoint is found to be infected, and is isolated. Yet that endpoint may not the source of the original breach – it may simply be where hacker activity crossed over an alarm threshold. To stop the breach, and prevent it from reoccurring, it’s vital to find the root cause of the vulnerability, also known as Patient Zero. That user, device or application can be tricky to identify.

“For us, it starts even before you get to Patient Zero,” said Ziften’s Pollock. “It’s about good security hygiene and being able to prevent as many of those treats as possible by maintaining your hygiene. But then once you identify a threat in that environment, it’s about being able to immediately provide context so that the security operations teams know immediately what they’re looking at, what device, what the user is.”

Kowsik Guruswamy, CTO of security firm Menlo Security, said that the data is there to identify breaches, even if technologies like his company’s isolation platform stop any harm from being done, or any data from being exfiltrated. “The best analogy I would tell you is I tell customers that we’re giving them a bulletproof vest. So there are no bullets that are going to touch them at all. However, many customers still want to know where the bullets are coming from and what types of bullets are hitting at them. So while we’re isolating and making the problem go away, we still use threat intelligence and other techniques, from a purely reporting and forensics perspective, to tell the users what type of bullets came at them.”

“That’s the challenge. So whether it’s antivirus or it’s malware or anything else, there’s always one person that gets hit with the attack first,” said Spirent’s Weinschenk. “Then once it gets hit, then you create the inoculations and everyone gets to know whether they’re susceptible or not. So the best thing that you can do is once you realize that could have that issue, then you need to take proactive action, either blocking those vulnerabilities or fixing the code base” if it was a software defect that caused the vulnerability.

Microsoft’s Rittrer added, “There will be an alert, of course, either in the SIEM [security incident event manager] or they go to our portal. So after they got an alert, they go and investigate in our portal. We raise alerts based on behavioral events that we collected from the box and our tool gives them all the investigation capabilities. We show the process tree, the time, the user, the machine, where did the file go, where it came from. So it gives you the entire visibility into what happened on the endpoint with the behavioral context.

SecureLink is the biggest security-specific reseller and managed security services provider (MSSP) in Europe. Stefan Lager, SecureLink’s Vice President of Services, added that “The important thing that many customers lack today and the statistics show that you can be infected for many months before detecting it, is because they don’t have the visibility today. We need to have visibility almost going on at the endpoint, in the network and on the different logs that we collect. If you don’t have that, it’s very hard to track down exactly what happened and what was the root cause.”

Solid Ideas for Endpoint Protection
Many companies offer solutions for endpoint protection, whether that endpoint is physical or virtual, mobile or in a data center or in the cloud. Each company has a different vision. For example, Javelin Networks focuses on protecting Active Directory, an essential component of a Windows domain network. Active Directory can be used by hackers to learn about network resources, and target future attacks.

“Acknowledging the fact that the first thing that the attackers will do after they get a foothold on a machine that is connected to the [Windows] domain, they will try to learn about the environment using Active Directory attacks to steal domain credentials,” said Javelin Networks’ Abutbul. “Our solution understands that methodology and mask that entire information and control the attacker perception at the endpoint itself.”

He continued, “At the end of the day, the attackers will never be able to get to the real information that Active Directory contains. So the moment they will act upon a machine that is not a real machine and was the masked [unclear] we projected to the endpoint, that’s game over for them. And we will be able to catch them right at the endpoint itself, right at the point of breach, before they move further into the organization.”

Ziften takes a much more holistic view of the endpoint, said Pollock. “Whether it’s a user device connected to the network, a user device offline connected in a coffee shop or working from home, we can provide intelligence on those devices. We even continue to monitor devices that are offline completely. We cache that information and then we upload it when they get back online. We also work in the data center, we also work in cloud environment. We actually give you the ability to look back over a period of time and understand trends, understand behaviors, whether it’s application and device behaviors or user behavior, over a period of time.”

Fast response for zero-day vulnerabilities, that’s the trick, said Cylance’s Scheferman. “Cylance responds to many incidents per year. In fact we found the OPM breach [U.S. Office of Personal Management], which a lot of people have read about recently. We were able to stop that malware. The reason we were able to do that is because of our predictive technology, combined with a lot of automation expertise.”

In fact, he added, “Our predictive technology allows us to identify malware that may have been complied a year prior. And we’re blocking it a year before there’s any identification of that malware in the industry whatsoever. In the context of instant response, it allows us to use our technology to immediately identify and contain a threat. That’s why we call our practice incident containment instead of incident response.”

Protect the Endpoints. Or Else.
Every endpoint represents a potential enterprise vulnerability. Mobile phone, notebook computer, datacenter server, virtual container in the cloud, the IoT, and even industrial equipment. It’s not a question of “if” endpoints will be attacked, but “when.” The challenge for enterprises is to be able to prevent, detect and respond to those breaches. The technologies and service providers above have answers. It’s time more organizations talked to them.

Watch Zeichick’s full reports here.


Las Vegas, January 2017 — “Alexa, secure the enterprise against ransomware.” Artificial intelligence is making tremendous headway, as seen at this year’s huge Consumer Electronics Show (CES). We’re seeing advances that leverage AI in everything from speech recognition to the Internet of Things (IoT) to robotics to home entertainment.

Not sure what type of music to play? Don’t worry, the AI engine in your cloud-based music service knows your taste better than you do. Want to read a book whilst driving to the office? Self-driving cars are here today in limited applications, and we’ll see a lot more of them in 2017. Want to make brushing your teeth more fun, all while promoting good dental health? The Ara is the “1st toothbrush with Artificial Intelligence,” claims Kolibree, a French company that introduced the product at CES 2017.

Gadgets dominate CES, and while crowds are lining up to see the AI-powered televisions, cookers and robots, the real power of AI is hidden, behind the scenes, and not part of the consumer context. Unknown to happy shoppers exploring AI-based barbecues, artificial intelligence is keeping our networks safe, detecting ransomware, helping improve the efficiency of advertising and marketing, streamlining business efficiencies, diagnosing telecommunication faults in undersea cables, detecting fraud in banking and stock-marketing transactions, and even helping doctors track the spread of infectious diseases.

Medical applications capture the popular imagination because they’re so fast and effective. IBM’s Watson AI supercomputer, for example, can read 200 million pages of text in three seconds – and understand what it reads. An oncology application running on Watson analyzes a patient’s medical records, and then combines attributes from the patient’s file with clinical expertise, external research, and data. Based on that information, Watson for Oncology identifies potential treatment plans for a patient. This means doctors can consider the treatment options provided by Watson when making decisions for individual patients. Watson even offers supporting evidence in the form of administration information, as well as warnings and toxicities for each drug.

Moving beyond medicine, AI is proving essential for protecting computer networks – and their users against intrusion. The traditional non-AI-based anti-virus and anti-malware products can’t protect against advanced threats, and that’s where companies like Cylance come in. They can use neural networks and other machine-learning techniques to study millions of malicious files, from executables to documents to PDFs to images. Using pattern recognition, Cylance have developed a revolutionary machine learning platform that can identify suspicious files that might be seen on websites or as email attachments, even if it’s never seen that particular type of malware before. Nothing but AI can get the job done, not in an era when over a million new pieces of malware, ranging from phishing to ransomware, appear every single day.

Menlo Security is another network-protection company that leverages artificial intelligence. The Menlo Security Isolation Platform uses AI to prevent Internet-based malware from ever reaching an endpoint, such as a desktop or mobile device, because email and websites are accessed inside the cloud – not on the client’s computer. Only safe, malware-free rendering information is sent to the user’s endpoint, eliminating the possibility of malware reaching the user’s device. An artificial intelligence engine constantly scans the Internet session to provide protection against spear-phishing and other email attacks.

What if a machine does become compromised? It’s unlikely, but it can happen – and the price of a single breech can be incredible, especially if a hacker can take full control of the compromised device and use it to attack other assets within the enterprise, such as servers, routers or executives’ computers. If a breach does occur, that’s when the AI technology of Javelin Networks leaps into action, detecting that the attack is in progress, alerting security teams, isolating the device from the network – while simultaneously tricking the attackers into believing they’ve succeeded in their attack, therefore keeping them “on the line” while real-time forensics gather information needed to identify the attacker and help shut them down for good.

There’s a lot more to enterprise-scale AI than medicine and computer security, of course. QSocialNow, an incredibly innovative company in Argentina, uses AI-based Big Data and Predictive Analytics to watch an organization’s social media account – and empower them to not only analyze trends, but respond in mere seconds in the case of an unexpected event, such as a rise in customer complaints, the emergence of a social protest, even a physical disaster like an earthquake or tornado. Yes, humans can watch Twitter, Facebook and other networks, but they can’t act as fast as AI – or spot subtle trends that only advanced machine learning can observe through mathematics.

Robots can be powerful helpers for humanity, and AI-based toothbrushes can help us and our kids keep our teeth healthy. While the jury may be out on the implications of self-driving cars on our city streets, there’s no doubt that AI is keeping us — and our businesses — safe and secure. Let’s celebrate the consumer devices unveiled at CES, and the artificial intelligence working behind the scenes, far from the Las Vegas Strip, for our own benefit.


San Jose, CA, USA. 26th September 2016: The winners of the IoT and Cloud Innovation Awards 2016 were announced at NetEvents Global Press & Analyst Summit at the Mountain Winery, Saratoga, USA. These prestigious awards celebrate the most innovative start-ups and established companies in the fast-growing Internet of Things (IoT) and Cloud markets. Read more

NetEvents Day 1: Artificial Intelligence, Business Intelligence and CyberSecurity Intelligence

Saratoga, Calif., Sept. 21, 2016 — Reporters from around the globe wore out the keyboards on their laptops taking notes at the NetEvents Global Press & Analyst Summit, held here in a beautiful mountaintop winery resort. With keynotes and panel debates focused on everything from artificial intelligence to cloud computing to the Internet of Things, the program was packed – and the information was flowing as freely as the morning coffee.

Kick-Off Keynote

Manek Dubash, the master of ceremonies for the NetEvents Summit, introduced the first discussion, which was on “Artificial Intelligence: Out of the Futurists’ Lab, Into the Real World.

The first part of the AI discussion was by Kathryn Hume, president of Fast Forward Labs, who framed AI as a series of stories. She explained that just as in Aesop’s Fables, the story depends on the teller. In this case, one can have a mental model for how AI algorithms work by thinking about fables, in other words, the problem that the AI is trying to solve – and then how it solves that problems.

Ms. Hume explained that in all markets, the earliest apps are rarely killer apps – and AI is no exception. However, while analysts and experts can’t predict killer apps, they can hone their ability to spot future game-changers and pivot to take advantage of them.

An example of this, Ms. Hume explained, is with natural language generation. At first, people thought that AI-based natural language would be used to, say, automatically generate news stories in a journalistic style, such as having software write a website news story based on sports data. While there certainly have been successes there, that turned out to be a niche market. Instead, natural language generation has proven to be good at helping summarize a lot of data for human consumption. Think about how a raft of numbers (such as raw sales data) can be turned into a spreadsheet or table, which adds some meaning. That data could be translated into a chart or graph or dashboard, which adds more meaning. But what if software could translate that into the textual “Sales increased in the last quarter”?  That’s AI in action.

Another example she used is of AI to analyze X-rays; today, image recognition processing can do in 104 seconds what would take a human radiologist a full month. Imagine the impact on health care when such technology becomes more widespread.

The moral of the story, she said: We are at the beginning of an AI revolution. We aren’t sure where it’s going, but there’s a massive opportunity if we focus on where the technology is succeeding in this early stage market.

Ms. Hume was followed by Stuart McClure, an inventor and founder of AI-based cybersecurity company Cylance. Mr. McClure explained that what AI is good at is categorizing things – in the case of Cylance, about whether something (such as an executable file) is good (i.e., safe) or bad (i.e., malicious).

How do you do that? Training with lots of data sets. He used the example of determining whether an adult is a male or female. There are some indicators, some features, you can train software. Hair length? Odds are that if the hair is long, it’s a woman, if short, then a man – but of course, there are exceptions. Facial hair? If there’s a beard, it’s likely to be a man, no facial hair, less likely to be male, but of course, there are exceptions (many men are clean-shaven). And so on. A human might use a few features to make decisions – but AI technologies might use hundreds, thousands or even millions of features to learn patterns. With that type of power, AI can learn to make some impressive decisions – categorizing more data much faster than humans, and potentially with greater accuracy.

Following Mr. McClure’s presentation, he and Ms. Hume were interviewed on stage by Paul Jackson, Principal Analyst, Digital Media, at Ovum.

First Debate

Continuing the theme of cybersecurity and AI, the first NetEvents debate panel was “Ransomware, Spear-Phishing and Worse — Defending Against the Unstoppable.” The panel was introduced and moderated by Andrew Braunberg, Managing Director, Research, at NSS Labs.

The panelists were Bryan Gale from Cylance; Greg Fitzgerald from Javelin Networks; Greg Maudsley from Menlo Security; Greg Enriquez from TrapX Security; and Frank Weiner from Wedge Networks.

The panel discussed that ransomware is a huge problem and is becoming bigger. Technologically, there’s nothing particular new about ransomware; like many other attacks, it requires that some type of executable code gets onto a client, whether from a bad email attachment, malicious website, or another source. What’s unusual about ransomware is that the attackers have found a way to easily monetize the attack: “We have encrypted your data, pay us money or you’ll never see your data again.”

Given the success of malware the attack is spreading, and now is even available as “ransomware as a service,” where anyone can launch an attack, even without highly technical skills. The answers, the panel agreed, consist of a multilayered defense. There is no one single approach, and an organization that wants to defend itself against ransomware attacks needs to look at everything on the market.

Second Debate

From the tech suite from the exec suite with the second debate panel, “From Rule-of-Thumb to Smart Data-Driven Businesses: The CEO/CIO Software Toolkit for Success.” Introduced and chaired by Dean Takahashi, a reporter with VentureBeat, the panel looked at the problem with information overload. From financial and inventory reports from the ERP system and a flood of roll-up spreadsheets, to documents and an unmanageable flow of messages, it’s too much. If information is the lifeblood of business, decision makers are drowning. It’s gone from helping make decisions and driving productivity, to harming efficiency and making it harder — not easier — to understand the business.

The panel consisted of Guillaume Amaud of Anaplan, Jim McNiel of NetScout, Rob Pickering of ServiceNow, and David Gurle of Symphony Communications.

The solution, the panel discussed that real-time decision support needs tools, like the cloud. It needs security for trust and compliance. It needs to go beyond dashboards to help employees know what they need to know when they need to know. Promising technologies include AI techniques such as machine learning, predictive forecasting and natural language. As the panel said, if you can frame your business problems, you can use those technologies efficiencies to help humans do their job better.

A key is size. The panel quoted the “law of big numbers” – you need a scale, a quantity of data to help use technology to make decisions. But if smaller companies have the data, they can go head-to-head against the biggest players.

Third Debate

Jean-Baptiste Su, technology columnist for Forbes, moderated “Unicorns, Baby Unicorns and Other Tech Leaders — Who Are They, Where Do They Go From Here?” His panel had Guillaume Amaud of Anaplan, Gregg Holzrichter of Big Switch Networks, Stuart McClure from Cylance, and David Gurle of Symphony.

In his introduction, Mr. Su explained that there are 175 unicorns – companies with over a billion dollars in valuation – most of which are in Silicon Valley. He noted, however, that the number of unicorns is shrinking – and this is a challenging time for companies to grow and succeed at that scale.

To get to size quickly, companies need hypergrowth, and the panelists insisted that if you want hypergrowth, you have to hyperspent. That means, of course, getting big fast, driving revenue. This might mean always flirting with profitability, but at this stage, the goal is to plough the money back in, rather than take money out.

The panel advised always that you never say “no” to more money, even if you aren’t actively looking for funding – because you never know when you might need the money. And when you do need more money, it may not be available at that moment. So take it when you can get it.

Some investors want their companies to double-down on growth and get as big as possible as fast as possible. Others advise executives and founders not to burn up their nest egg. In all cases, founders need to seize opportunities, look for partners, and never let something good pass you by.

Why is Silicon Valley special? Sure, there are opportunities elsewhere, where there’s little competition from the likes of Google and the huge array of companies in Northern California. That said, there is still something unique here in the Valley – institutions, capital, human capital. Sure, there is competition for talent, but the nexus of capital and entrepreneurial spirit gives Silicon Valley and its companies a competitive advantage.

Fourth Debate

Let’s Redefine the Internet of Things: IoT Means Internet of Profits!” That’s the catchy name for the debate panel chaired by Tam Dell’Oro, Founder and President of the Dell’Oro Group. Her panel was Milind Pansare of Aerohive; Tom Ramar of H3 Dynamics; and Will Wise  of the IoT Institute.

Tradition service-provider and carrier businesses  are shrinking – which can mean declining revenue and declining spending. This panel talked about new opportunities for unlocking new markets and opportunities, such as package delivery, smart connected cars, and convenience businesses – all driven by the Internet of Things.

The challenge is organization dynamics: How quickly can service providers (and all companies, in fact) adapt to these new technologies? They need to understand how it will change their life and their customers’ lives. How it will create threats and opportunities. How it will redefine their business model. In some cases, there may be regulatory issues, like there are with cars and drones.

The IoT is all about devices talking to devices, often using Internet protocols. The IoT can allow startups to disrupt established giants with innovative business models, because the established company can’t threaten its established revenue streams – but a startup or new market entrant can do so.

IoT is also about connecting networks of networks. For example, a car has an internal network with many sensors and local intelligence tied together with its own LAN. In the IoT world, you can leverage that and powerful algorithms to create new capabilities – especially when you link it to other networks, such as the cloud. Then you can add in analytics, AI, and new services.

For service providers, there’s an opportunity to go beyond providing connectivity to leverage those IoT networks at scale to create new managed services.

you don’t know today what you’re going to need for network features and capacity a year from now – so design and architect that way. A challenge, of course, is to measure the ROI for these initiatives. The panel pointed out that there aren’t good academic models that can be applied to disruptive technologies like the IOT – so the best advice is to deploy and try and learn as you go.

Awards and More!

The remainder of the first day of the NetEvents summit included the Shark Tank presentations and awards for companies in the IoT and Cloud Innovation categories. More about that in a separate entry!


San Jose, CA, USA. 15th September 2016: Finalists have been announced for the four categories of the IoT and Cloud Innovation Awards 2016: Hot Start Up – IoT; Hot Start Up – Cloud; IoT Innovation Leader and Cloud Leader. These prestigious awards celebrate the most innovative start-ups and established companies in the fast-growing Internet of Things (IoT) and Cloud markets Read more

Keynote presentation by David Robinson, Chief Technology Officer, ST Telemedia Connect and Jonathan Seckler, Director, Product Marketing, Dell Networking
Partnering for Success with OpenStack and Open Networking: Dell and ST Telemedia Connect

The second day of the NetEvents AsiaPacific Press & Analyst Summit, Singapore 2016, opened with a short presentation from Jonathan Seckler. He said the future of networking is not being built in the labs but in customer datacentres. What’s a switch, he asked, pointing out that today it consists of a server architecture built on industry-standard components and software. That is what open networking is all about, he said, adding that Dell now specialises in open networking.

Our OS10, announced in Jan 2016, is open and flexible, he said. He added that the base layer of the operating system was delivered to the open source community with the aim of creating a great user experience. Talking then about Dell’s partner ST Telemedia Connect (STT), he said the company has innovated to deliver services., and was joined on stage by David Robinson, of STT.

Robinson said STT is a Singapore-based cloud provider with the motto: One world, one datacentre. He said that STT delivers deliver five nines globally using a very small team, and that it embraces open source and open standards.

He defined open as not being locked into a vendor’s R&D schedule. We can innovate on or own and run OpenStack and Red Hat, deployed on Dell hardware. The experience was seamless despite one hardware failure, he said. STT chose Dell based on the hardware specs, and got it all up and running within a day. Robinson said STT did consider buying components from the cheapest supplier but it wouldn’t have been economic for us to build our own systems. Price and support were key.

For the future, open standards & open source is the way forward, he said.

Debate Session IV—The Next Generation of Open Networking and Open Cloud Computing: Is It OpenStack Everywhere?
Introduced and Chaired by Dustin Kehoe, Head of AP Telecoms Practice, Current Analysis

Panellists: Gint Atkinson, Vice President – Head, Technology Asia, Colt Technology Services Co., Ltd.; Jonathan Seckler, Director, Product Marketing, Dell Networking; Derrick Loi, Senior Director, DC Solution and Services, Orange Cloud for Business, Asia Pacific; Steven Davis, Senior Vice President, Global Data Centre, ST Telemedia Connect; Jon Vestal, Vice President, Product Architecture, Telstra

Dustin Kehoe opened with research showing that the technology industry is moving to open – open hardware, software, source, APIs, and interfaces.

The future will be a platform play, he said, and be about building modular datacentres. Two problems face us: networks which are still slow, and offer static workloads with manual configuration, and cloud, especially hybrid, which requires multiple layers of management. Solutions are still vendor-specific, vendors still don’t work together and want to lock in the customer. Even if you build your own IP, it leads to fragmentation.

As for SDN, IT process automation is the main use case. SDN is mature today, and we are seeing deployments in all areas of the globe including APAC. Research finds that the top three expectations are that it will improve network reliability, accelerate application deployment, and lead to better integration. Customers want open source to avoid lock-in but find it difficult to locate the right open source skills.

Jon Vestal, Telstra, said his company uses open source OpenStack with SDN. Growing pains included asking network engineers who knew proprietary systems such as IOS and having to teach them them Python! It was a comedy of errors, probably the worst thing we ever did, he said, but it had to be done.

Jonathan Seckler, Dell, said switches are servers from a hardware architectural standpoint. The trend is toward open networks, although back in 1990s, enterprise applications ran on mainframes – you wouldn’t do that now because it’s proprietary – but that’s still how it is in the network. Open source takes cost out of the maintenance and hardware acquisition.

Gint Atkinson, Colt, question whether such hardware was carrier grade. Installing new stacks etc takes decades – back in the day we did build routers using open source software. In the end you had to build it to look like a mainframe but it wasn’t as fast as a focused proprietary system. There are no open solutions to give under 50ms routing failover. SDN can fit in if you’ve got a minute or two but rerouting protection isn’t fast enough on open source.

Steven Davis, ST Telemedia Connect, said cloud grade services (eg Facebook) are all run on SDN. Another key issue is price, Cisco etc are too expensive.

Derrick Loi, Orange, said the key enterprise concern is digital transformation. So we want to keep the intelligence and provide end2end services. Also the network needs to be application ready and intelligent enough to automate, based on workloads. It’s about how we orchestrate infrastructure within the datacentre. We have integrated over 80 ope source applications and customers can integrate their own applications. Effectively it’s IaaS, all automated. So we link SDDC with SDN.

Q: Where are we at?
Davis said after the cloud, hyper-convergence is coming via a single portal to control all your clouds. We’re starting to see that coming now.

Vestal said carriers didn’t at one point meet customer needs but now they are offering services and products that allow interconnection.

Seckler said the model is outside the network industry. Enterprises needs partners to package OSS open source software to make it easier to manage and deliver a service. It’s not a DIY process for most enterprises, not realistic to do a Google or Facebook – it’s not about going to white boxes and recompiling every day.

Davis said it took the open source software market seven years to catch up with what Oracle was doing – PostgreSQL did it.

Atkinson said what’s needed is a network that supports a wide range of services.

Conference Debate V—Empowering SMEs with cloud services: What, How and Who?
Introduced and Chaired by Camille Mendler, Practice Leader, SoHo & SME Services, Ovum

Panellists: Bernie Trudel, Data Center CTO, Cisco Systems, Asia Pacific and Chairman of the Asia Cloud Computing Association; Chong Powmin, Group Head Enterprise Products and Services, MyRepublic; Kevin Pang, Cloud Director, Solutions Development, StarHub Ltd

Mendler said there’s an injustice in the technology industry – we’re looking at it the wrong way up – digital transformation improvement via tech is not just for large enterprises – the real opportunity is in transforming small enterprises. This is an opportunity and understanding of that is starting to emerge.

SMEs don’t have IT departments to make it all work. We’re going to be talking about what they need. But how to reach them? SMEs realise they need to change how they do business. And the economic health of countries depend on the SME – so they’re important.

Who can they trust? There’s no front runner so it could be a local tech reseller or the telco. The service provider needs to be that trusted partner? They’re not buying on self-serve basis – they need help. There’s a very very long tail of self employed or very small companies. There’s also a hollow in the graph of middle sized companies.

What sectors are they in? Retail, wholesale, manufacturing, professional & technical services, construction. The services they consume will be different and they require specialist knowledge from services providers.

Q: What services does an SME need to run its business digitally?
Kevin Pang, StarHub, said it depends on the business but the focus should be on manufacturing – though it depends on the local economy. The SP has a key role in terms of delivery of eg SaaS.

Chong Powmin, MyRepublic, said the government helps in this part of the world, eg Singapore. It has funds available to help the SME with cloud adoption. About 10k businesses have benefited – but it’s is a very small number out of 200k businesses in Singapore. Also, the tax department has a refund scheme for hardware eg network switches, and for services like document management. Take up is low – people are too busy worrying about their business! What they need is retail in a box – all the services they need including eg EPOS for $499 month. Entire business is then digitised – run by the service provider, who do it all, from fixing your printer etc.

Bernie Trudel, Cisco, said SMEs need to leapfrog from zero tech to get all their services from the cloud. But what about security?

Powmin said we have a programme that allows customers to sell our services as an agent to other businesses. Like the Avon lady model.

Pang said we go to very small resellers who have boots on the ground. At this level there’s a very small distinction between consumers and the business, it’s difficult to categorise them.

Trudel said it’s about what services they consume, they need security, wifi, broadband, analytics, face recognition… I like the idea of the bundle.

Debate Session VI—Making the Hookup: Pitching for the Best Way to Connect to the Cloud
Introduced and Chaired by Nikhil Batra, Research Manager – Telecom, IDC

Panellists: Matt Allcoat, Chief Architect, Asia Pacific, Middle East, Africa & Turkey, BT Global Services; Hisham Muhammad, Director, Global Solutions Architect, AP, Equinix; Chris Rezentes, Regional Manager, Partner & Product Strategy – Asia Pacific, Verizon

Nikhil Batra
talked about cloud adoption in APAC – emerging market spending on cloud is 25% of those of mature markets, growth prospects much higher for emerging. Using cloud for digital transformation. Maturity by country – Oz NZ Singapore most mature, Thai Phil, HK Malaysia Indonesia least mature. Most benefits to come to IT operations.

Q: starting point to cloud journey?
Matt Allcoat, BT, said there’s lots of organisations – about 26% – at the startup, immature point. Everyone wants to unify cloud and bring it together. LOB managers go out and buy unconnected cloud services. People use ID management and cryptography to unify cloud services.

Chris Rezentes, Verizon, said you need to understand what the customer wants, and what cloud services deliver to the customer. People are still concerned about security.

Hisham Muhammed, Equinix, said as a cloud exchange, we realised that we’re at the forefront of where cloud providers congregate – they put nodes in our facility. The challenges for cloud exchanges is the advice that we give and the advice given by software vendors. Early adopters already consume multiple cloud services. This adds complexity. So it’s sometimes best for cloud providers to collaborate.

Allcoat talked about shadow IT: some company CEOs goes to their C-level execs and tells them to go out there and make it work – don’t worry too much abut rules. The CIO can’t just say no, it’s insecure, so we have to enable that and make it work.

Rezentes said that customers want end2end SLAs. We find we have to understand how they use the cloud, the customer is expecting network providers to know it all because we deliver the network, not a cloud service but if there’s a problem, customer asks us even if we don’t provide that service. We do have SLAs for our own services of course.

Allcoat said customers are asking for more, eg we can provide contact centre in the cloud, newsfeeds, Salesforce etc. They want to combine those services that work for their business. Not off the shelf items, but bespoke services – not infrastructure.

Muhammed said that there’s a need for a combined service delivery.

Q: Cloud service delivery challenges via SDN?
Allcoat said SDN is easy in a walled garden, the challenge is to do it in a carrier-to-carrier environment – need to develop new standards and agree who to cross charge which gets complex.

Rezentes agreed, saying that that level of network provider orchestration starts with vendors. Our strategy would be to include NFV and SDN services, and we need vendors who can use that same software for SDN to communicate between SPs.

Q: SPs have been investing to develop new services?
Muhammed said that we need to understand that the late-to-game SP faces a pricing challenge. It means you need get in at the strategic level. So whatever state you’re in, the perceptions of stakeholders is to understand what the expectations are across the organisation.

Rezentes said people will be using multiple clouds and this needs to be incorporated with the network. It will save a lot of headaches if you use a network provider to make it work.

Allcoat said it’s easy to take the professional services hit as part of the deal. People often focus on the dealmaker and ignore the rest of the company. Instead, you need to meet the right stakeholders and understand who in the company is right to talk to.

Conference Debate VII—From Millions to Billions of End Points: Stress-Testing the Cloud and the Internet of Things
Introduced & Chaired by: Anshul Gupta, Research Director, Gartner

Panellists: Naveen Bhat, Vice President & General Manager, Sales Asia/Pacific, Ixia; Derrick Loi, Senior Director, DC Solution and Services, Orange Cloud for Business, Asia Pacific; Ashwin Jaiswal, Head – IT Business Consulting & Practice (Telecom, Media & Entertainment), Reliance Communications; Amit Sinha Roy, Vice President, Marketing & Strategy, Marketing Centre of Excellence, Tata Communications

Opening the debate, Anshul Gupta used the analogy of raindrops which aggregate into floods of water, and which cities need to plan for. It’s the same with the IoT. Most sensor data is small but it aggregates. There will be 21b things by 2020, and data will double in volume every two years, so there’ll be 22ZB by 2020. We’ve seen CSP network outages such as EE in the UK and Verizon in the US, often due to human agency rather than technical failure – such as servers ad systems being overwhelmed with combined people uploading pictures from a football game. This is why we need testing. Not just for data volumes, but compatibility, functionality, and connectivity as well as performance.

Amit Sinha Roy, Tata, said testing is essential to provide a good user experience. LoRa helps with testing aspects of eg range, frequency operating parameters. Then that data comes onto our network and those of others. But that’s not the whole story. With a smart fridge, the cheese maker, fridge maker and others need to have standards to work together – but there’s a problem if a sensor misbehaves and spews out unnecessary data and hits the network, so there needs also to be a means for dealing with this.

Naveen Bhat, Ixia, said you need to think about how granular your device testing is, and about how they communicate. We provide capability for manufacturers to test using a simulated set of traffic from thousands or millions of devices. The network provider needs to know that this will work. Latency becomes an issue especially for devices that are life-critical.

Ashwin Jaiswal, Reliance, said yes, latency is a big issue, as are the number of protocols involved. We need backwards compatibility with multiple protocols because they have to work in multiple scenarios with multiple vendors’ systems, platforms and devices. Also, in manufacturing scenario, devices are deeply embedded inside other machines, so how do they communicate? Testing won’t be easy, and must be done on case by case basis. It’s all evolution right now. And no test can cover all scenarios, so there will be failures and we will learn from that.

Derrick Loi, Orange, said his company has tailored solutions to suit different verticals and use cases. One recent development is for big data: one hotel chain wanted to make sense of their customer profiles and how to manage by adjusting their resources to support them.

So we made our cloud analytics ready. The data needed to be processed before being aggregated but many branches of this hotel chain were ill-equipped to handle this level of data, so they needed to have their infrastructure upgraded. They can now run the IoT apps to pre-process the data. We made the hotel branches resilient to failure even if the network went down. We set up instances of Hadoop on demand. We set up backups, made the infrastructure application ready – in other words made it easy for users to set up IoT instances. They just had to turn it on and off – ie turnkey operation for a hotel branch IT admin. They use a catalogue from they can choose which application they want to deploy, and all this got us over several barriers to adoption.

Jaiswal said, with respect to to latency, we’ve all experienced this, which is critical for eg health devices. He gave an example of a path that was cleared to get a heart transported quickly from Kolkata to Mumbai by shutting down roads. Is this what is required?

Q: Need to ensure whether vendors are ready for testing?
Bhat said the confidence among CIOs for testing is quite low. But when security breaches happen – most likely due to inadequate testing – the estimate of losses when info is stolen is unknown for a long time. So enterprises need to take active steps to secure their networks, if necessary by regulations that force revelations of breaches.

Debate Session VIII— From SDN/NFV to Fibre Cut Protection, the Hottest Trends for Global Telco Providers
Introduced and Chaired by Jeremiah Caron, Senior Vice President – Analysis, Current Analysis

Panellists: Matt Allcoat, Chief Architect, Asia Pacific, Middle East, Africa & Turkey, BT Global Services; Gint Atkinson, Vice President – Head, Technology Asia, Colt Technology Services Co., Ltd.; Andy Solterbeck, Regional Director – APAC, Cylance; Stephen Tsang, Head of Managed Services and Enterprise Architects, Telstra; Helen Wong, Director, Partner & Product Strategy Asia Pacific, Verizon; Frank Wiener, VP Marketing, Wedge Networks

Jerry Caron asked: What are the challenges for telcos? We worry about them! But they are making money – he gave plenty of example of very profitable telcos – but what challenges do they face? Operators do understand the importance of SDN/NFV but there’s not much urgency. They want to grow the top line not just reduce costs. The biggest challenge is a lack of corporate focus – can upfront costs of SDN be justified? Also analytics – can they monetise all the data they collect? There are not many interesting moneymaking cases yet – so it’s early days. But from the cloud user’s perspective, the telco is not a priority. With respect to mobility, telcos are not focused much on this in consumer space, they are focused more on B2B. And no-one focused yet on 5G standards. With the IoT there are lots of opportunities – but where do you start?

Andy Solterbeck, Cylance, asked: can telcos truly innovate? They need to develop new business models but no-one knows what the look like. They need to be nimble when they’ve always been about long term investments and sweating them.

Matt Allcoat, BT, said we work with top F1 teams. We their run LANs, data processing, and data transmission to the back end in UK. It’s all about doing it for the customer from the front end.

Helen Wong, Verizon, said it’s about connecting to the customer at the business level.

Caron noted that some telcos such as are BT moving into content delivery.

Gint Atkinson, Colt, said we used to focus on niche markets such as the financial sector with high frequency trading with high performance storage and compute etc. It was very capital intensive. It also led us from low latency services into ultra-high capacity services for cloud providers. But telcos have massive investments into resources, eg dark fibre, they need to squeeze every bit of money out of those assets.

As example is gaming companies who need servers with hundreds of thousands of users who need low latency globally. So this needs a set of services providers who work together using, for example, redundant ETREE services. The connectivity provider needs to reach all the way into the cloud, which means working with cloud providers and their APIs.

Stephen Tsang, Telstra, asked about the impact of SDN. Many of our customers are mining companies – some of whom have lost $10b of business. This feeds back to suppliers. So we’ve pulled items such as SDN/NFV forward very quickly. Wrapping it into a business driver is the challenge. Cost savings are around operations and mining companies are becoming tech companies too, just like finance companies. So they value us in a different way.

Frank Wiener, Wedge Networks, asked who is responsible for security – the network provider? Network security is the user responsibility, you can’t assume the service provider will deliver security. He noted that adding a security service can add stickiness and revenue.

Solterbeck said security should come from the carrier as they have visibility into all the data. They can make money out of this – it surprises me they aren’t doing more of this.

Helen Wong, Verizon, said we are moving into virtual functions service for private clouds. We have cut down the number of vendors for VMS servers to two. WAN optimisation is our second priority after security – then threat monitoring and load balancing.

Matt Allcoat, BT, said there’s a great opportunity to provide OTT services such as security. We’ve also entered TV and mobile in the UK. Need to collaborate with other providers to make networks that give more customers what they want.

Wiener said there’s a logical extension to go from data to security – then offer it to others who aren’t going through your network.

Tsang said we know more about our customers than most utilities.

Guest speaker presentation by Grant Halloran, Chief Marketing Officer, Anaplan
Unicorn Vs The Giants

Unicorns are software companies worth >$1bn. We compete against SAP, Oracle and Microsoft. We are a cloud-based software company providing enterprise-level planning and forecasting. We help customers predict events, simulate decisions in response, then act. We can connect all that on a single platform and make it happen instantaneously. It compresses decision-making from months to days. For example, we help HP, with thousands of products and people, using 15bn sets of numbers.

How to optimise? It now takes HP 3 days to optimise where it used to take months. We enable them to issue quotas and compensation packages to salespeople globally.

Anaplan has 610 people, and $240m VC from Silicon Valley, and see three-digit growth every year. We have 80,000 high-value users.

We took on Oracle, SAP & IBM. We needed an incredible product not just a minimally viable one. Most VCs want startups to start in the US – we didn’t: we went global from the start. The giants created frustrated customers who saw how we could help them speed up their processes in a fundamental way.

That’s because enterprise software sucks. The vendors don’t think about the user experience or self service. The fee structure sucks too, along with IT dependency. It’s just bad software.

Many of these products were built to allow eg professional services companies to make millions out of customisation. So we wanted to change that and do something historical.

Ours is a patented technical modelling technology with a billion cells in one model – it runs in memory and calculates millions of data points in seconds. If we’d started only in Silicon Valley it wouldn’t have happened.

Halloran talked about founder Michael Gould who designed the technology. The system has low dependency as it’s easy to use, providing self-service. It’s about process and organisational change not IT. We’ve also built a community, a cult-like following for the brand. Globally, conversations are the same wherever we go, and lots of customers are global, so that’s why we soled problems globally. We have a passion to change the way that business works – the money is a by-product!

Keynote Interview & Audience Q&A with Grant Halloran and Jean-Baptiste Su, Tech Columnist, Forbes
There are only 140 unicorns in the world. We create simple ways to understand data. We enable foresight using predictive analytics, to help companies react faster – can now enable them to proact by understanding the future. We connect that data into a decision model to allow action to be taken.

SMBs: We go through partners to medium-sized companies, and partner with NetSuite. We need to package things more so have an online store for eg budgeting package. Smaller companies don’t really need our technology.

With that the final plenary session of the even ended, and lunch was called for.


Keynote Presentation by Dr. Christian Busch, Associate Director, Innovation and Co-Creation Lab, London School of Economics
Connectivity and business model innovation in a rapidly changing world

The first day of the NetEvents Press and Analyst Summit in Singapore opened on Thursday 25 May 2016 with a keynote presentation from Dr Christian Busch. He started by talking about global trends and challenges, with the key issues being cloud computing, artificial intelligence (AI), connectedness, the networked economy, new markets, and new demographics.

The overall theme was how innovation can progress in an ethical manner, using new ways of thinking about organisations and the distribution of power within them.

He touched on technical developments, such as how the smart home, cloud, voice control, AI come together to deliver increased flexibility, simplicity, and collaboration. Talking about the enterprise, Busch said there was a trend towards a sharing economy for customers and companies. This means there is no need for ownership of things but instead, only a requirement for access to them.

In practice, this means collaborative consumption such as the sharing of items from CDs to cars, in ways that are already happening in smaller communities across the world in both developing and developed economies. The world is full of idle resources, he said, and we should be able to share more – such as idle manufacturing resources and building site cranes.

Busch then updated Maslow’s hierarchy of needs, which he described as self-centred and linear, in that people wait until until money has been made before deciding to do good works. Billgates was used as an example.

He said he sees another model emerging across the world – the enlightened circle of needs – which means not being too self-centred, and not waiting for time to elapse so as to undertake a behavioural shift to doing good while making money at the same time. It’s about action-driven purpose, in other words putting purpose before product, he said.

How to go about it? Busch said it was about building values within an organisation, a culture of learning not failure, championing others, not competing with them. From the point of view of governance, an organisation needs to work around new business models. As an example, he cited mobile operators who co-operate when it comes to sharing masts but compete at the retail level.

Busch said that we need to develop a culture of innovation where people talk about ideas not people or gossip, where effective networks can be built that combine the formal hierarchy with the way that decisions are taken in practice. An analogy is the way that companies accelerate the process of discovery of new compounds – it’s about curating serendipity by putting thinking people together – like chemistry.

After an interview with Jeremiah Caron, Senior Vice President – Analysis, Current Analysis, the conference moved to the first debate session of the event.

Debate Session I — Is the Cloud Ready for Enterprise Planning, Modeling and Analytics – and Are Enterprises Ready for the Cloud?
Introduced and Chaired by Jean-Baptiste Su, Tech Columnist, Forbes
Panellists: Mr. Aman Neil Dokania, MD, Accenture Cloud APAC; Grant Halloran, Chief Marketing Officer, Anaplan; Bernie Trudel, Data Center CTO, Cisco Systems, Asia Pacific and Chairman of Asia Cloud Computing Association; Dr. Christian Busch, Associate Director, Innovation and Co Creation Lab, London School of Economics; Thierry Lotrian, Director – Consulting, Deloitte Touche Tohmatsu

Jean-Baptiste Su opened the debate by talking about value creation, pointing out that the global enterprise cloud services market will grow 23% from now to 2020. He talked about changes, mergers and acquisitions, and growth in cloud service such as PaaS and IaaS. He asked the panel to define cloud computing, provoking a discussion which moved on to talk about the economics of cloud.

For Aman Neil Dokania, Accenture, cloud drives innovation, speed, and competitiveness. It is not about cheapness, but even so, the economics are still compelling because of the flexibility and lack of capital costs that cloud computing brings.

Grant Halloran, Anaplan, said cloud was a paradigm shift – citing the Chromebook he boight for his 12-year-old daughter. Investment is going into eg companies such as Anaplan because of economics – because Wall St values cloud and is prepared to invest in it.

The panel talked about cloud security. Thierry Lotrian, Deloitte, said that security must form part of the strategy for any company moving to the cloud, while Halloran pointed out that there are plenty of good security implementations in cloud, such as Salesforce.

Bernie Trudel, Cisco, said that the network plays a big part in cloud performance, as it about a connecting continuum from the edge to centre of the cloud. He said he saw the CEO becoming more of a technology person as understanding tech is an integral apart of the business, so they need to understand how technology can transform the business and mitigate risk.

The panel session closed after a discussion around regulations.

Debate Session II — Protecting the Enterprise Means Protecting the Cloud and the Network – Where’s the Opportunity?
Introduced and Chaired by Nikhil Batra, Research Manager – Telecom, IDC
Panellists: Sunny Tan, Head of Security, SE Asia, BT Global Services; Ashok Vasan, Vice President, Digital Transformation – Asia Pacific & Japan, CA Technologies; Andy Solterbeck, Regional Director – APAC, Cylance; Brendan Leitch, Director of Marketing, Asia Pacific, Ixia; Peter Lunk, VP of Marketing, Menlo Security; Frank Wiener, VP Marketing, Wedge Networks

Batra presented market research around cloud security, opening with a dramatic analysis of the highly publicised hack of Ashley Madison, a website for those looking to have an affair. He said 37m accounts had been hacked, with 9.7GB of data including names, addresses, and credit cards.

With IoT, Batra said, hacks have much bigger repercussions. Examples included hacked cars, where a connected car means relinquishing control to technology, and drones which have fallen out of the sky. He saw security solutions shifting to a more proactive approach, with security representing 12-15% of cloud spending today.

Andy Solterbeck, Cylance, said the capabilities of cloud security service providers were orders of magnitude more sophisticated than those of enterprises. The problem is that the attack surface is the network endpoint – where 95% of all attacks start.

Ashok Vasan, CA, said that his company provides security and digital transformation in the cloud. Hybrid cloud is the future, he said, and its multiple entry points mean that identity management is critical. Application and services developers need to build security into their services, he said.

Brendan Leitch, Ixia, said security in the enterprise means managing end user devices and enterprises need high levels of granularity and visibility of cloud-based data. He pointed out that most large enterprises are not ready to put production apps such as Oracle databases and other transactional systems, along with SSL decrypt systems into the cloud.

Peter Lunk, Menlo Security, said some customers are still providing complete access to everything to some administrators, and the first thing is to close those accounts down.

Frank Wiener, Wedge Networks, said his company has virtualised security software to protect the cloud. Larger enterprises are definitely ready for the cloud, he said, but SMEs don’t have resources to do that. And the threat landscape and attack surfaces are changing as enterprise boundaries have dissolved. He agreed that endpoint security was essential but that but a security layer in cloud was just as necessary, which is where service providers can help.

Sunny Tan, BT Global Services, said customers expect security to be there, they also ask us to resolve security problems. He agreed that the attack surface is changing and that customers are now asking about the Internet of Things.

Wiener said the service provider is in ideal position to inspect packets flowing to/from a device so we work with them, allowing them to offer Security as a Service.

Solterbeck said the IoT challenge is that it is a low resource environment, in terms of power and items such as memory. To secure that environment means security must be embedded in endpoints to mitigate the spread of malware.

Vasan said the IoT isn’t fully understood yet. As an example he cited smart TVs, which have an operating system and connectivity, which means vulnerability extends right into the OS. He said the open API culture drives digital disruption but it also opens up devices and potentially the enterprise to the Internet. So those devices need to be securely governed and managed.

Leitch said he saw some verticals adopt IoT aggressively such as hospitals – they take on their own testing of endpoints and connectivity, similarly airports in Asia which invest heavily in sensors for baggage and aircraft. Car makers are very cautious, he said, and only interconnect audio first.

Wiener said there are a lot of implications to the IoT with very critical issues in areas such as infrastructure like dams and cars. People are looking at hijacking control, communications to a device – are they consistent with what’s expected for a particular device. The IoT is an area of evolution, is not mature, and constant change is to be expected.

For Cylance, Solterbeck said that current approaches are not working. Our Dust Storm report found Japan’s infrastructure was compromised so we need to shift the approach fundamentally, he said.

Vasan said that it is difficult to conceptualise what testing needs to be done, and the cost is huge – for example, if a commercial aircraft is one of the Things, so we need to simulate the environment. This goes too for water control devices, medical devices, cars etc., nd this in turn means we need realistic test scenarios.

Leitch said that all device makers do testing before shipping. But while they test devices and the architecture, that’s not enough. We say people need testing – how are they organised, do they respond to attacks, what plans so they have and how do they execute against that plans, etc. so people testing is that last level of testing, he said.

Bryan Gale, Vice President Product Marketing, Cylance is ‘In the Hot Seat’ with Manek Dubash, NetEvents’ Editorial Director, pumping the bellows
The next session saw Bryan Gale, Cylance, give a quick 15-minute demonstration of his company’s security technology, aimed at demonstrating that it is better at trapping malware than any of the top anti-virus vendors’ products.

He said a new approach is needed for solving the endpoint security problem. He said change is difficult due to commercial inertia but 390,000 new pieces of malware arrive every night, with 70-90% of all malware being unique to the organisation under attack. It uses polymorphism so hash lookups and signature detections will fail. Ransomware demands money and backup is the only working solution right now.

Manek Dubash joined him on stage and asked a range of questions about the technology and the company’s business model.

Conference Debate III—The IoT Will Disrupt Everything – Or Will It? You Be the Judge
Introduced and Chaired by Sandeep Bazaz , Industry Analyst, DataCenter and Cloud Computing, Frost & Sullivan

Panellists: Haytham Sawalhy, Head of IoT for APAC, Orange Cloud for Business, Asia Pacific; Ashwin Jaiswal, Head – IT Business Consulting & Practice (Telecom, Media & Entertainment), Reliance Communications; Amit Sinha Roy, Vice President, Marketing & Strategy, Tata Communications; Panitharn Payackapan, Department Director – Service Development & Process, UIH – United Information Highway Co., Ltd.

Sandeep Bazaz reported that there will be billions of Internet-connected devices – 10 per household by 2020 and growing. He predicted that logistics, transport & retail would be the biggest initial users of IoT.

Q: IoT challenges apart from security?
Amit Sinha Roy, Tata, said connectivity; power/battery; standards, ie prioritisation of data – does the smart TV or pacemaker get priority; legal – but what about insurance of driverless car?

Haytham Sawalhy, Orange, questioned what would be the business models, and who would finance the devices.

Q: Role of telco and monetising the IoT?
Ashwin Jaiswal, Reliance, said telcos will help the IoT grow, helped by government initiatives. He said that the way people use technology will change. It’s amazing, beautiful, promising, he said. There will be a variety of business models and usages. As for challenges, telcos will become more aggressive – they have cloud and lots of subscribers – and their role will grow.

Sawalhy said we see opportunities with IoT and big data. We push valuable data to enterprise customers so, for example, we identify tourists in France to understand where they go and what they do. We believe in co-innovation, he said.

Roy said the pay-per-use will be the typical business model – for example, in healthcare remote monitoring – on asubscription basis.

Jaiswal said people are moving to pre-pay billing across the world.

Q: What about risk?
Panitharn Payackapan, UH, said the IoT is like a new restaurant. You try it, and if you don’t get sick, you go back again. So if consumer experience of IoT is good they will return. And when my smart watch exports data to the cloud, and the insurance company finds out that I’m fit, it wil then reduce its premiums.

Q: Will IoT become part of AI systems?
Sawalhy said the IoT is not just about live data but also disconnected data, so AI plays a role there.

Q: Is the network ready to handle IoT?
Payackapan said: Yes, we’re ready. FTTx is everywhere.

Keynote Presentation by Duncan Clark, OBE, Entrepreneur; Author; Board Director, Bangkok Bank (China); former Visiting Scholar at Stanford University, and Founder & Chairman, BDA China
When the dragon awakes…
Duncan Clark recalled the fascinating story of Jack Ma, the founder of Alibaba and one of China’s biggest Internet companies, and about whom Clark has written a biography – signed copies were available after the presentation.

The company started in 1999 – Clark didn’t take up an option to buy shares which he said cost him $30 million. In China, Alibaba fronts 10m merchants. Clark talked through how China is moving from ‘made in China’ to ‘bought in China’. Alibaba owns Alipay (3-4x bigger than PayPal) in China and provides escrow services to give trust. Some 60% of postal packages in China are delivering Alibaba goods.

He talked about entrepreneurial cities in China. China makes everything – from toothbrushes to Apple hardware. Yes the state enterprises sell overseas as well as locally but private enterprise drives the economy.

He gave anecdotes of Jack Ma’s past – his were not rich parents, he set up several businesses which failed. Sold Internet space to hotels to market themselves on the Internet. “An unusual and entertaining fellow.”

Alibaba is now a $200b company. Yahoo owns a piece of Alibaba – the biggest and best investment it ever made? Clark talked about the great culture of Alibaba, a family company – that put the customer first, then employees, then shareholders.

What can Alibaba do – where’s the space for it? Expansion of Alibaba into areas where the state used to be.

Camille Mendler interview
We need to ask what rise of China means for the rest of the world. You need to go there to do business. There’s a new Silicon Valley emerging in NE Asia.

Jack Ma is now investing in the US to help western brands sell into China.