Security will prove key differentiator for 5G: Palo Alto Networks

guest column marker

0
By Sean Duca, VP and regional CIOr, Asia Pacific and Japan, Palo Alto Networks

Consumers and businesses are set to benefit enormously from the exponential network improvements promised by 5G.

More than just an incremental upgrade, 5G will create opportunities for the most exciting science fiction inventions to become science facts. It will lead to a level of connectedness and interconnectedness that hasn’t been seen before as data is shared between devices and applications at speeds even faster than the human brain.

However, consumers and businesses won’t be the only parties benefiting from these improvements. Cybercriminals will be able to take advantage of 5G to mount even more sophisticated attacks, gain better economies of scale, and target more attack vectors. Therefore, it’s essential for any person or business considering moving to 5G be aware of security upfront, according to Palo Alto Networks.

With 5G applications, a cyberattack can go beyond locking up data or compromising business operations. For example, cybercriminals could cause car accidents as autonomous vehicles become ubiquitous, or loss of life by hacking surgical robots or connected lifesaving devices; and these are just two of literally millions of examples of society’s potential reliance on 5G-enabled devices and applications.

Security will absolutely be the key differentiator for 5G; without security baked in as part of the fabric, 5G applications will be risky. It’s also imperative to take stock of where security is at today because threats aren’t waiting for 5G.

Palo Alto Networks recommends a three-pronged approach to improve security in preparation for 5G:

1. Government: address systemic issues present in today’s mobile networks

There are currently security issues in mobile networks that create risks for all users. Therefore, the government needs to step up to do more to regulate telecommunications providers to ensure they’re doing everything they can to keep the network secure.

If there are challenges that remain unaddressed in today’s networks, they are only going to get worse when 5G arrives. To successfully deliver on the promise of 5G, security is absolutely fundamental and must underpin everything. Government-mandated security can help.

2. Telecommunication providers: provide value-added security services to customers

Currently, telcos provide data and carriage with no responsibility for security. This means they’re missing an obvious opportunity to differentiate their offering with a value-added security service.

When passengers go to the airport, they know every single bag will be inspected before it gets on the plane. The same should be true of network traffic. Telcos should be inspecting all of the traffic that passes through their networks and blocking traffic where appropriate. This should be a point of differentiation for telcos moving to offer 5G services.

3. Customers: demand secure offerings to enable innovative applications

When businesses are looking to provide next-generation services like autonomous cars or robotic surgery, they need to demand that their telco provides a secure network for these applications. Customer demand is a powerful way to compel providers to improve security.

Telcos can dedicate a piece of their network to specific customers who demand it, such as those who want to provide a service like autonomous cars, and ensure strong security across that slice of the network. With the potential for innovation that 5G offers, now is the time for telcos to prove that they can play a key role in providing the essential underpinning security required for these applications to work.

Security will be a fundamental enabler for 5G, with 90 per cent of mobile service providers identifying security as a key differentiator according to an Ericsson survey. (1)

Therefore, before embracing 5G, organisations should look to service providers to provide a resilient network with robust security mechanisms in place. They should take a preventative approach, and establish application-layer visibility and consistent security across all 5G applications and devices.

On a macro level, it’s critical for government and industry to work together to identify ways to build security into 5G networks from the outset, and continue to identify and drive progress towards best practices.

 

References:
(1) “Exploring IoT Strategies,” Ericsson, April 2018, https://www.ericsson.com/en/internet-of-things/trending/exploring-iot-strategies

SaaS renewals specialist Renewtrak readies for growth with launch of new Palo Alto HQ

Software-as-a-Service renewal firm Renewtrak has flagged the upcoming opening of its new global headquarters in Palo Alto, to underpin strong early demand for its offerings which are aimed squarely at the tech industry.

33654-RENEW-Nick McMenemyWe’re about to go on a recruitment drive to support the growth of the company, and are excited to start reaching out to top developer and commercial talent in Silicon Valley,” said company founder and CEO Nick McMenemy, during a media session on the sidelines of NetEvents’ Global IT Summit in San Jose. “Our HQ will also support our burgeoning US customer base.”

Founded in 2014, the firm’s proposition centres on unlocking the unexploited value in the renewal process. Put simply, Renewtrak is billed as a white label service provider offering a suite of intelligent customer management services designed to maximize revenues and margins from existing client customers.

“Our mission is to rewire a process that is traditionally manual, lacks scale and leaves money on the table,” McMenemy said.  “Using our pioneering technology and integrated performance-based commercial model, we’re certain we’ve hit the sweet spot. We take renewals data and let the software start to make predictions based on some of the behaviors and trends that emerge in the renewals process.”

McMenemy explained how Renewtrak’s automated service, while relying on machine learning, for now at least did not involve AI to any great extent. “We are taking the numbers and making predictions about if this data point acts in a certain way, then we predict this outcome. This process is automated; it is like being able to programme and make learnings about how a traffic light system might work, reacting to peaks in traffic, it is simply about the numbers. This to my mind is machine learning, not true AI.”

“Our service is able to do this at scale, no matter the value of the renewal,” said McMenemy. “However with Renewtrak we are also dealing with behaviours and the messiness of actual business. We are able to automate processes that really don’t need to be done by call centers.”

“Through data gathering and automation, the machine can start to learn,” he said. “Our service can easily spot when renewals are coming up. The machine sees no difference or creates no weight leaning towards the higher value renewals.”

According to Renewtrak, its service saves clients an annual revenue of 45.4% and can increase average client profit by 62.9%. The company currently has four offices around the globe, with its ISO 27001 certified service supporting 32 currencies and 24 languages.

McMenemy also noted some early customer wins, including signing Ingram Micro and said trials were underway with several other key Silicon Valley tech players which the firm will be announcing over the next 2-3 months. “We look forward to working with many more here in the US from our new global HQ,” he added. “We are growing fast and have a clear ambition to be the tech industry’s global go-to provider for renewals.”

Richard van der Draay was in San Jose as a guest of NetEvents

Enterprises need to keep edge networks safe: Versa Networks CEO

guest column marker

 

kelly-ahuja-1
By Kelly Ahuja, President & CEO at Versa Networks

Network security is not only a top boardroom priority, but ensuring the protection of corporate data moving from the edge network out to the cloud and back is not an easy task, given today’s complex hybrid-cloud architectures.

Network security matters more than ever, especially given that it is now a major C-level concern for every large and mid-market enterprise. Senior executives have seen too many examples of what can go wrong when defences are breached to be in any doubt about what’s at stake.

A serious security breach has the power to damage a brand or erode shareholder value, reversing in a day a good image that may have taken years to build. It doesn’t end there. In many sectors, regulators have the power to levy major penalties on those who have suffered breaches, particularly if customer data has been compromised. New directives like GDPR are raising the bar further.

With enterprises investing heavily to transform themselves digitally, the threat has in many respects intensified and diversified. Enterprises pursuing a hybrid cloud or multi-cloud strategy, or relying on a software-as-a-service model to give remote workers access to critical applications, perhaps via a mobile device, will be potentially exposing themselves to new threat vectors that must be built into an already long list of security considerations for WAN edge optimization.

A digital enterprise may well have numerous points of vulnerability, and those who would seek to exploit these vulnerabilities are more highly motivated, organised and technically savvy than ever.

Threats can come in the form of DDoS attacks, malware, viruses or industrial espionage. They can affect the functioning of a network or website, or be aimed at the theft of intellectual property or customer data. The question for anyone responsible for network security is not whether such an attack will ever happen, but when. Total prevention may not be possible, so the focus must instead switch to limiting damage where it occurs.

As enterprises look for ways to accelerate their digital transformation journeys and to achieve greater business agility, they must match that by transforming their wide-area network to be more software-driven. By transforming their networking strategy with the right SD-WAN solution, they are not only gaining manageability and control, they are taking a big step toward better network security as well.

The keys to the kingdom

Putting security first means taking a multi-layered approach that is scalable and safe while also being simple to deploy, as well as straightforward to manage via an SD-WAN fabric. Truly secure networks are all about a multi-tiered architecture where multiple checks, authentications and authorizations are required to gain access to the internal network.

A major caution, however, is that not all SD-WAN solutions handle edge security in the same way. On the surface, all seem to offer cost reduction and application awareness, relying on a mechanism of building secure tunnels between sites.

But different SD-WAN solutions take a variety of approaches to important areas, such as key exchange and where the keys are stored. Keys determine who has access to what are crucial to WAN security. Certain SD-WAN models are more exposed and hackable than others, with the handling of keys often effectively allowing criminals to exploit vulnerabilities, especially where the system is directly exposed to the Internet.

Given that cipher keys are so important in encrypting messages, it’s all the more critical that network managers have a way to make them secure and complex enough such that any compromised endpoint cannot reveal the key to hackers. One technique that helps is to have a longer key, of at least 128 bits and preferably 256 bits.

An even more secure solution is to only be able to exchange part of a key and have an algorithm that can validate the partial key using elements that are secret to each device. In this manner, no device has all pieces to reassemble the key. The capture of keys from one device does not therefore provide any usable means for unauthorized access to the enterprise network. Keys do not need to be stored and can be computed with each packet that needs to be encrypted or decrypted.

The networks of yesterday were data centre centric; however, with SaaS and multi-cloud
requirements, site-to-site connectivity from the edge and to the cloud are required.

Branches need not connect back to the corporate data centre to access apps and clouds, in addition to packet inspection and security posture, which resulted in a lousy user experience because of backhauling all traffic to the data center.

What the contemporary enterprise needs is direct Internet access but without security limited branch by branch with different requirements. SD-WAN however allows for all security policies to run at all branches at the same time in the same context as more deterministic network performance.

In some cases it only takes just a portion of security to be CPE and integrated cloud-based security for scaling up and scaling down to workload demands. Cloud security as a service will do that natively, and then you don’t have to worry about sizing compute bespoke for every branch.

Multiple connections to your SD-WAN including private and hybrid connections allow branches to gain direct Internet access (DIA). Managed SD-WAN and cloud security as a service can manage both on-premise and cloud based policies, uniformly.

For extending WAN edge to the cloud, SD-WAN solves the bottleneck from private cloud to public cloud, and when the bigger threat is that once the branch is on the web, the IP of the branch is exposed, and users worry about DDoS attacks and unknown vulnerabilities, it’s security paramount to protect the public window at the edge; there’s no need to throw in line an expensive hardware-oriented at every branch.

Hardware-based platforms do not scale in or out when you have to change a policy or service. SD-WAN is more elastic, paying for only what you need at the time it’s needed, as opposed to over provisioning hardware capacity that my never be used.

An SD-WAN solution that is fit for purpose will also enable visibility and manageability, offering a seamless way to look at security, whether at branch or head office level. Cloud-security-as-a-service will enable this, whether the connection is in the form of the Internet or a private link of some sort.

That and many other capabilities must be embedded within an SD-WAN fabric. Protecting data has always been important – and challenging. Every enterprise has at least some private information, along with a duty to protect that data whether it is intellectual property, financial information, customer subscription information, payment history, or other information that a regulator says must be given maximum protection.

The right SD-WAN solution will give this protection.

Versa Networks President and CEO Kelly Ahuja has more than 20 years of experience in networking and telecoms. He currently serves on the board of directors for two startups in Silicon Valley. Kelly spent 18 years at Cisco deeply involved with the design and deployment of telco networks. He was most recently SVP of Service Provider Business, Products and Solutions at Cisco where he was responsible for developing and managing the service provider segment strategy and portfolio. Kelly held several other senior executive roles at Cisco, including SVP and GM of the Mobility Business Group, Chief Architect for the Service Provider business, and SVP and GM of the Service Provider Routing Technology Group.

Richard van der Draay was in San Jose as a guest of NetEvents

Apstra, Darktrace, Everactive, Guardicore, NetFoundry, and Odo Security win big at NetEvents Innovation Awards

Apstra, Darktrace, Everactive, Guardicore, NetFoundry, and Odo Security were some of the companies taking out top honours at the NetEvents Innovation Awards 2019 – Cloud/Datacenter, IoT & CyberSecurity

The awards – presented at the annual NetEvents Global IT Summit in San Jose – recognised 2019’s key innovative start-ups and significant established players operating in Internet of Things (IoT), Cloud/Datacenter and Cybersecurity with all funds raised from the award entry fees shared between three charities: Prostate Cancer Research, STEM and UNICEF.

According to NetEvents, this year’s installment saw the total charitable contributions raised to date come in at over U$137,000. Six company categories were awarded: three Hot Start-Up awards categories for innovative pre-IPO contestants in Cloud/Datacenter, IoT & Cybersecurity; and three Innovation Leader awards which covered the same categories, but for established organizations. “They were judged by an independent international panel of leading technology press and industry analysts.

HOT START-UPS

Each of the category winners was invited on-stage to present their business propositions before an audience of technology leaders, press and analysts representing over 35+ countries around the world. The Silicon Valley judging panel of VC’s included: Hiro Rio Maeda, Managing Director, DNX Ventures; Peter Kuper, Managing Director, ClearSky; & Neil Weintraut, Partner, Motus Ventures.  The winners:

Hot Start-Up – Cloud/DatacenterNetFoundry with its ‘Connectivity as Code’ developer platform was chosen to receive the award.

Hot Start-Up – IoTEveractive, pioneers in wireless and battery-less IoT was the award winner.

Hot Start Up ­– CybersecurityOdo Security took the Award with its ‘zero trust access solution’

Start-Up award presentation- Hiro Rio Maeda, MD, DNX Ventures, Neil Weintraut, Partner, Motus Ventures, Galeal Zino, CEO, NetFoundry, Peter Kuper, MD, ClearSky

In addition, Odo Security won the overall vote from the VC’s as top choice of the three Hot Start-Up category winners for investment.  “Given the legacy VPN doesn’t suit the today’s working environment, we have seen too many security incidents due to the poor access management to the third party developers,'” said Lead Judge Hiro Rio Maeda, Managing Director, DNX Ventures.

“The recent Doordash breach was a good example of that. Odo Security provides a simple and secured but yet detail management to remote workers and 3rd party developers to access privileged assets in which we judges saw the fit with modern enterprise heterogeneous infrastructure needs.”

INNOVATION LEADERS

Erin Dunne, Director of Research Services, Vertical Systems Group presenting award to Ethan Tashman, Darktrace

The winner of the Innovation Leader – IoT Award –  was Darktrace. Based in Cambridge, UK and San Francisco Darktrace specializes in cyber defence. The company was established in 2013 and has over 40 offices worldwide

Brad Casemore, Research VP, Datacenter Networks, IDC presenting award to Mansour Karam, CEO & Founder, Apstra

The Innovation Leader – Cloud/Data centre Award – went to Apstra, a Menlo Park based intent-based data center automation specialist.

The Innovation Leader – Cybersecurity Award –  went to Guardicore, a Tel Aviv headquartered cloud security firm.

 

Richard van der Draay was in San Jose as a guest of NetEvents

Mellanox eyes hyperscale Ethernet security opportunity with new cloud-focused network adapter

Sunnyvale-based computer networking specialist Mellanox Technologies has unveiled it’s focusing on dramatically rising demand for secure cloud Ethernet services by a broad sweep of customers including hyperscalers, as cloud, e-commerce, and social media enterprises are increasingly able to access to the data of hundreds of millions of users.

Speaking to media and analysts at the NetEvents Global IT Summit  in San Jose, Mellanox VP of Ethernet adapters and SmartNIC Yael Shenhav said the company had started shipping the ConnectX-6 Dx – which she billed as “the world’s most advanced secure 200Gb/s Cloud Ethernet network adapter.”

0 (19)“The best just got better,” she said, referring to recent comparison testing by Tolly Lab, in which ConnectX-6 Dx’s predecessor, the ConnectX-5 25G/bs NIC had outflanked rival Broadcom’s NetXtreme E adapter.

The report concluded that the earlier model delivered up to twice the throughput of the Broadcom adapter in a range of environments and under different workloads common to cloud and flash storage rollouts.

In addition, she said the testing showed that the Mellanox device can handle more connections, transmitting more data without packet loss and using fewer host CPU cycles per packet.

Shenhav also said that in addition to better performance, customers also considered open source and collaboration as key capabilities, along with the ability to achieve uncompromising flexibility with a “software-defined, hardware-accelerated architecture.”

Finally, Shenhav highlighted the firm’s involvement in the Open Compute Project, noting key OEM partnerships with Dell and HPE, as well as agreements with software partners such as Microsoft, IBM/Redhat and VMware.

Telecom Times was in San Jose as a guest of NetEvents

 

Rubrik eyes growing compliance and privacy opportunity, updates key data management suite

Palo Alto based data management specialist Rubrik has unveiled a new suite of capabilities, designed specifically to address key issues around data governance.

The firm’s new ‘Andes 5.1’ offering features two SaaS applications – Sonar and Appflows – for data classification, data protection and disaster recovery (DR) orchestration.

These, Rubrik said, will also enable Australian businesses to achieve compliance, data mobility, increased continuity, higher productivity along with increased predictably settings around cost savings through consolidation.

Rubrik ANZ Country Manager Luke McGoldrick, for his part, expects the new capabilities to see significant uptake by Australian businesses, especially in light of increasing industry-wide emphasis on data compliance and privacy as well as ever more pervasive headlines relating to data misuse.

“Highly-publicised horror stories on data theft have heightened concerns around governance for our customers,” McGoldrick said. “ANZ businesses are facing increasing data privacy restrictions and compliance around personal data, whether it’s the Australian Privacy Principles or the newly-passed Consumer Data Right Legislation.”

McGoldrick said Rubrik Polaris was developed to help ensure organisations can more easily detect the location of specific types of data, which in turn allows them to achieve data privacy compliance in a more cost-effective manner.

“By simplifying compliance with automation, we have already seen a customer achieve upwards of 90 per cent operational savings,” he added, noting that as ANZ-based companies continue their cloud rollouts across multiple environments, the importance of data governance and visibility will compound accordingly.

Key features of the Andes 5.1 release include:

  • Polaris Sonar SaaS application discovers, classifies, and reports on sensitive data to help companies comply with regulations such as PCI/DSS, SOX, HIPAA, and data privacy requirements such as GDPR and CCPA
  • Polaris AppFlows SaaS application provides complete DR orchestration, DR testing, and application migration from data centres to Amazon Web Services (AWS)
  • Rubrik’s Cloud Data Management service natively delivers industry’s first one-click Continuous Data Protection with VMware Ready certification

8×8 NAMES SENIOR ANZ CHANNEL, ALLIANCES LEAD

San Jose based voice, video, collaboration and contact centre specialist 8×8 has appointed Steve Shaw as Senior Manager Channel and Alliances for Australia and New Zealand.

Based in Sydney, Shaw will be responsible for continuing to build and manage a team of 8×8 channel partners within the region and assisting them to grow their unified communications and cloud contact centre business.

Shaw joins 8×8 with some 20 years’ experience in the IT industry and was previously Senior Sales Manager for ERP and Applications at Oracle where he was responsible for new business development in New South Wales.

Prior, he was Sales Director for Enterprise and Government ANZ at Avaya where he was responsible for partner accreditation and supporting the company’s focus among banking, insurance and airline companies.  He also worked as Enterprise Sales Manager at Optus where he managed a team of business development managers with a whole of business focus, including carriage, infrastructure and IT solutions.

Brendan Maree, Vice President Asia Pacific, 8×8, said, “Steve brings considerable industry experience and skills leadership in the channel which will help bolster our ongoing commitment to working with partners to help Australian and New Zealand businesses operate at the new speed of business with a cloud-based communications technology platform that is comprehensive, scalable, and easy-to-use.  We look forward to the positive impact he will have in enabling our channel partners to realise end user customer value in using one cloud technology platform for both employee and customer communications.”

Shaw added, “I am looking forward to using my knowledge and understanding of how to propel channel enablement to support and differentiate our channel partners, while adding significant value to our customers, and simultaneously maintaining partner profitability and rewarding performance.”

Shaw has also previously worked in sales positions at GTECH, Telstra and LexisNexis.