Ordway lands $10M Series A to bridge gap between sales and finance

Ordway, a Washington, DC startup, is building a platform to deal with all of the stuff that happens after you make sale. It starts with the order and goes all the way to revenue as a one-time payment or recurring subscription. Today the company announced a $10 million Series A.

CRV led the round with participation from Clocktower Ventures and existing investors Lerer Hippeau and Revolution Rise of the Rest fund. The company has now raised a total of $12.5 million, according to Crunchbase data.

Sameer Gulati, founder and CEO at Ordway, says the company wanted to build a flexible tool to sit between the CRM and financial systems of a company. “So in that sense, we do everything for post-sales from billing automation, payment collection, revenue recognition, analytics, all the way to cash. We have a streamlined workflow for managing order to revenue,” Gulati told TechCrunch.

It sounds a lot like the Quote-to-Cash space where companies like Apttus (acquired by Thoma Bravo in 2018) or SteelBrick (acquired by Salesforce in 2015) tried to stake a claim, but Gulati says while his company’s solution handles the quote-to-cash workflow, it can do much more than that.

“We absolutely can handle the workflow from quote to billing to payments to revenue, for sure. But the reason Ordway has a niche is because we are a lot more configurable and a lot more flexible to accommodate any workflow out there,” he said.

He says his company’s solution connects to the CRM system on one side and the financial systems on the other. They are compatible with all the major CRM tools including Salesforce and Dynamics 365. And they support a range of financial tools like NetSuite or QuickBooks.

“In fact, we can work with any back-end small system to a large scale ERP system, but our value add is automating the movement of data into the ERP. So we are the operational framework between sales and traditional ERP. We will handle everything in between,” he said.

As for the funding, Gulati has the kind of plans you would expect with a Series A investment. “The core goal is definitely to accelerate all aspects of our business from sales and marketing to product and engineering, and most importantly, customer success. Basically, in a sense we are doubling down on making sure our customers are successful in solving their core sales to finance business challenges,” he said.

The company launched in 2018 and has 25 employees today. Gulati says his company’s goal is to grow 4x in the next 12 months and grow employees at a similar rate.

Google Cloud acquires mainframe migration service Cornerstone

Google today announced that it has acquired Cornerstone, a Dutch company that specializes in helping enterprises migrate their legacy workloads from mainframes to public clouds. Cornerstone, which provides very hands-on migration assistance, will form the basis of Google Cloud’s mainframe-to-GCP solutions.

This move is very much in line with Google Cloud’s overall enterprise strategy, which focuses on helping existing enterprises move their legacy workloads into the cloud (and start new projects as cloud-native solutions from the get-go).

“This is one more example of how Google Cloud is helping enterprise customers modernize their infrastructure and applications as they transition to the cloud,” said John Jester, VP of Customer Experience at Google Cloud. “We’ve been making great strides to better serve enterprise customers, including introducing Premium Support, better aligning our Customer Success organization, simplifying our commercial contracting process to make it easier to do business with Google Cloud, and expanding our partner relationships.”

A lot of businesses still rely on their mainframes to power mission-critical workloads. Moving them to the cloud is often a very complex undertaking, which is where Cornerstone and similar vendors come in. It doesn’t help that a lot of these mainframe applications were written in Cobol, PL/1 or assembly. Cornerstone’s technology can automatically break down these processes into cloud-native services that are then managed within a containerized environment. It can also migrate databases as needed.

It’s worth noting that Google Cloud also recently introduced support for IBM Power Systems in its cloud. This, too, was a move to help enterprises move their legacy systems into the cloud. With Cornerstone, Google Cloud adds yet another layer on top of this by providing even more hands-on migration assistance for users who want to slowly modernize their overall stack without having to re-architect all of their legacy applications.

 

Microsoft Dynamics 365 update is focused on harnessing data

Microsoft announced a major update to its Dynamics 365 product line today, which correlates to the growing amount of data in the enterprise and how to collect and understand that data to produce better customer experiences.

This is, in fact, the goal of all vendors in this space, including Salesforce and Adobe, which are also looking to help improve the customer experience. James Philips, who was promoted to president of Microsoft Business Applications just this week, says that Microsoft has also been keenly focused on harnessing the growing amount of data and helping make use of that inside the applications he is in charge of.

“To be frank, every single thing that we’re doing at Microsoft, not just in business applications but across the entire Microsoft Cloud, is on the back of that vision that data is coming out of everything, and that those organizations that can collect that data, harmonize it and reason over it will be in a position to be proactive versus reactive,” Philips told TechCrunch.

New customer engagement tooling

For starters, the company is adding functionality to its customer data platform (CDP), a concept all major vendors (and a growing group of startups) have embraced. It pulls together into one place all of the customer data from various systems, making it easier to understand how the customer interacts with you, with the goal of providing better experiences based on this knowledge. Microsoft’s CDP is called Customer Insights.

The company is adding some new connectors to help complete that picture of the customer. “We’re adding new first and third-party data connections to Customer Insights that allow our customers to understand, for example audience memberships, brand affinities, demographic, psychographic and other characteristics of customers that are stored and then harnessed from Dynamics 365 Customer Insights,” Philips said.

All of this might make you wonder how they can collect this level of data and maintain GDPR/CCPA kind of compliance. Philips says that the company has been working on this for some time. “We did work at the company level to build a system that allows us and our customers to search for and then delete information about customers in each product group within Microsoft, including my organization,” he explained.

The company has also added new sales forecasting tools and Dynamics 365 Sales Engagement Center. The first allows companies to tap into all this data to better predict the customers who sales is engaged with that are most likely to turn into sales. The second gives inside sales teams tools like next best action. These are not revolutionary by any means in the CRM space, but do provide new capabilities for Microsoft customers.

New operations-level tooling

The operations side is related to what happens after the sale, when the company begins to collect money and report revenue. To that end, the company is introducing a new product called Dynamic 365 Finance Insights, which you can think of as Customer Insights, except for money.

“This product is designed to help our customers predict and accelerate their cash flow. It’s designed specifically to identify opportunities where to focus your energy, where you may have the best opportunity to either close accounts payables or receivables or the opportunity to understand where you may have cash shortfalls,” Philips said.

Finally the company is introducing Dynamics 365 Project Operations, which provides a way for project-based business like construction, consulting and law to track the needs of the business.

“Those organizations, who are trying to operate in a project-based way now have with Dynamics 365 Project Operations, what we believe is the most widely used project management capability in Microsoft Project being joined now with all of the back-end capabilities for selling, accounting and planning that Dynamic 365 offers, all built on the same Common Data Platform, so that you can marry your front-end operations and operational planning with your back-end resource planning, workforce planning and operational processes,” he explained.

All of these tools are designed to take advantage of the growing amount of data coming into organizations, and provide ways to run businesses in a more automated and intelligent fashion that removes some of the manual steps involved in running a company.

To be clear, Microsoft is not alone in offering this kind of intelligent functionality. It is part of a growing movement to bring intelligence to all aspects of enterprise software, regardless of vendor.

SentinelOne raises $200M at a $1.1B valuation to expand its AI-based endpoint security platform

As cybercrime continues to evolve and expand, a startup that is building a business focused on endpoint security has raised a big round of funding. SentinelOne — which provides a machine learning-based solution for monitoring and securing laptops, phones, containerised applications and the many other devices and services connected to a network — has picked up $200 million, a Series E round of funding that it says catapults its valuation to $1.1 billion.

The funding is notable not just for its size but for its velocity: it comes just eight months after SentinelOne announced a Series D of $120 million, which at the time valued the company around $500 million. In other words, the company has more than doubled its valuation in less than a year — a sign of the cybersecurity times.

This latest round is being led by Insight Partners, with Tiger Global Management, Qualcomm Ventures LLC, Vista Public Strategies of Vista Equity Partners, Third Point Ventures and other undisclosed previous investors all participating.

Tomer Weingarten, CEO and co-founder of the company, said in an interview that while this round gives SentinelOne the flexibility to remain in “startup” mode (privately funded) for some time — especially since it came so quickly on the heels of the previous large round — an IPO “would be the next logical step” for the company. “But we’re not in any rush,” he added. “We have one to two years of growth left as a private company.”

While cybercrime is proving to be a very expensive business (or very lucrative, I guess, depending on which side of the equation you sit on), it has also meant that the market for cybersecurity has significantly expanded.

Endpoint security, the area where SentinelOne concentrates its efforts, last year was estimated to be around an $8 billion market, and analysts project that it could be worth as much as $18.4 billion by 2024.

Driving it is the single biggest trend that has changed the world of work in the last decade. Everyone — whether a road warrior or a desk-based administrator or strategist, a contractor or full-time employee, a front-line sales assistant or back-end engineer or executive — is now connected to the company network, often with more than one device. And that’s before you consider the various other “endpoints” that might be connected to a network, including machines, containers and more. The result is a spaghetti of a problem. One survey from LogMeIn, disconcertingly, even found that some 30% of IT managers couldn’t identify just how many endpoints they managed.

“The proliferation of devices and the expanding network are the biggest issues today,” said Weingarten. “The landscape is expanding and it is getting very hard to monitor not just what your network looks like but what your attackers are looking for.”

This is where an AI-based solution like SentinelOne’s comes into play. The company has roots in the Israeli cyberintelligence community but is based out of Mountain View, and its platform is built around the idea of working automatically not just to detect endpoints and their vulnerabilities, but to apply behavioral models, and various modes of protection, detection and response in one go — in a product that it calls its Singularity Platform that works across the entire edge of the network.

“We are seeing more automated and real-time attacks that themselves are using more machine learning,” Weingarten said. “That translates to the fact that you need defence that moves in real time as with as much automation as possible.”

SentinelOne is by no means the only company working in the space of endpoint protection. Others in the space include Microsoft, CrowdStrike, Kaspersky, McAfee, Symantec and many others.

But nonetheless, its product has seen strong uptake to date. It currently has some 3,500 customers, including three of the biggest companies in the world, and “hundreds” from the global 2,000 enterprises, with what it says has been 113% year-on-year new bookings growth, revenue growth of 104% year-on-year and 150% growth year-on-year in transactions over $2 million. It has 500 employees today and plans to hire up to 700 by the end of this year.

One of the key differentiators is the focus on using AI, and using it at scale to help mitigate an increasingly complex threat landscape, to take endpoint security to the next level.

“Competition in the endpoint market has cleared with a select few exhibiting the necessary vision and technology to flourish in an increasingly volatile threat landscape,” said Teddie Wardi, managing director of Insight Partners, in a statement. “As evidenced by our ongoing financial commitment to SentinelOne along with the resources of Insight Onsite, our business strategy and ScaleUp division, we are confident that SentinelOne has an enormous opportunity to be a market leader in the cybersecurity space.”

Weingarten said that SentinelOne “gets approached every year” to be acquired, although he didn’t name any names. Nevertheless, that also points to the bigger consolidation trend that will be interesting to watch as the company grows. SentinelOne has never made an acquisition to date, but it’s hard to ignore that, as the company to expand its products and features, that it might tap into the wider market to bring in other kinds of technology into its stack.

“There are definitely a lot of security companies out there,” Weingarten noted. “Those that serve a very specific market are the targets for consolidation.”

Google Cloud opens its Seoul region

Google Cloud today announced that its new Seoul region, its first in Korea, is now open for business. The region, which it first talked about last April, will feature three availability zones and support for virtually all of Google Cloud’s standard service, ranging from Compute Engine to BigQuery, Bigtable and Cloud Spanner.

With this, Google Cloud now has a presence in 16 countries and offers 21 regions with a total of 64 zones. The Seoul region (with the memorable name of asia-northeast3) will complement Google’s other regions in the area, including two in Japan, as well as regions in Hong Kong and Taiwan, but the obvious focus here is on serving Korean companies with low-latency access to its cloud services.

“As South Korea’s largest gaming company, we’re partnering with Google Cloud for game development, infrastructure management, and to infuse our operations with business intelligence,” said Chang-Whan Sul, the CTO of Netmarble. “Google Cloud’s region in Seoul reinforces its commitment to the region and we welcome the opportunities this initiative offers our business.”

Over the course of this year, Google Cloud also plans to open more zones and regions in Salt Lake City, Las Vegas and Jakarta, Indonesia.

ChartHop grabs $5M seed led by a16z to automate the org chart

ChartHop, a startup that aims to modernize and automate the organizational chart, announced a $5 million seed investment today led by Andreessen Horowitz.

A big crowd of other investors also participated including Abstract Ventures, the a16z Cultural Leadership Fund, CoFound, Cowboy Ventures, Flybridge Capital, Shrug Capital, Work Life Ventures and a number of unnamed individual investors, as well.

Founder, CEO and CTO, Ian White says that at previous jobs including as CTO and co-founder at Sailthru, he found himself frustrated by the available tools for organizational planning, something that he says every company needs to get a grip on.

White did what any good entrepreneur would do. He left his previous job and spent the last couple of years building the kind of software he felt was missing in the market. “ChartHop is the first org management platform. It’s really a new type of HR software that brings all the different people data together in one place, so that companies can plan, analyze and visualize their organizations in a completely new way,” White told TechCrunch.

While he acknowledges that among his early customers, the Head of HR is a core user, White doesn’t see this as purely an HR issue. “It’s a problem for any executive, leader or manager in any organization that’s growing and trying to plan what the organization is going to look like more strategically,” he explained.

Lead investor at a16z David Ulevitch, also sees this kind of planning as essential to any organization. “How you structure and grow your organization has a tremendous amount of influence on how your company operates. This sounds so obvious, and yet most organizations don’t act thoughtfully when it comes to organizational planning and design,” Ulevitch wrote in a blog post announcing the investment.

The way it works is that out of the box it connects to 15 or 20 standard types of company systems like BambooHR, Carta, ADP and Workday, and based on this information it can build an organizational chart. The company can then slice and dice the data by department, open recs, gender, salary, geography and so forth. There is also a detailed reporting component that gives companies insight into the current makeup and future state of the organization.

The visual org chart itself is set up so that you can scrub through time to see how your company has changed. He says that while it is designed to hide sensitive information like salaries, he does see it as a way of helping employees across the organization understand where they fit and how they relate to other people they might not even know because the size of the company makes that impossible.

ChartHop org chart organized by gender. Screenshot: ChartHop

White says that he has dozens of customers already, who are paying ChartHop by the employee on a subscription basis. While his target market is companies with more than 100 employees, at some point he may offer a version for early-stage startups who could benefit from this type of planning, and could then have a complete history of the organization over the life of the company.

Today, the company has 9 employees, and he only began hiring in the fall when this seed money came through. He expects to double that number in the next year.

Worried Whether Your Mac Can Get A Virus? Let’s Talk Facts

It’s not the first time we’ve discussed this topic and it almost certainly won’t be the last, but this week’s report by one AV vendor that cyber threats on Mac endpoints have surpassed those on Windows devices, followed by accusations from a prominent Apple evangelist that the vendor was peddling in exaggeration and fear-mongering, have brought the topic into sharp relief once again. Do Macs get viruses? And if so, how do Macs get viruses? Is a Mac safer than a Windows PC? There’s a lot of confusion, misinformation and frankly (sadly) ignorance among so-called ‘Mac gurus’ who should know better. In this post, we’ll spare the fake news and simply lay out the facts. Here’s what we know (and can prove) about macOS malware from publicly verifiable data.

image of whether macs get viruses

Do Macs Get More Malware Than Windows PCs?

According to a report by Malwarebytes, the average number of threats they detected per endpoint was nearly double on Macs compared to Windows, at 11.0 and 5.8 respectively during 2019. That also represented a huge jump from the 4.8 detections per endpoint that they found on Macs in the year previous to that.

image of mac detections versus windows detections
Source

The data led to a flurry of headlines, not least because it was a surprise to many people who’ve long fantasized that Macs have some magical aura that makes them impervious to the same kind of criminal attacks that plague Microsoft Windows machines. One commentator went so far as to accuse the researchers of stoking fears to drum up business for themselves and concluded that, despite unquestionably accepting the data, “the statement that Macs don’t get viruses is still overwhelmingly true”.

Central to the argument that “Macs don’t get viruses” is equivocation over what we’re really talking about. “Virus” is a legacy term, and technically there are very few genuine viruses on any platform at all these days, not even Windows. What we’re really talking about is macOS malware and its supposedly less-dangerous cousins adware and coinminers. For businesses and personal users alike, these different threats are all of a piece: they steal data, hog resources, interfere with productivity and – at worst – lead to more serious network intrusions. Our recent posts on Adload, Shlayer and Lazarus APT go into some of the technical details.

Once you stop arguing about what counts as what kind of threat and accept that in all cases, you’re dealing with unwanted, deceptive and possibly dangerous code running on your machine, then what the data shows is that when you look at these categories together, Macs are heavily-targeted, particularly by adware and coinminers, and more Mac users than ever are being infected. Malware campaigns by APTs and other threat actors are also regular occurrences.

As one Twitter user pointed out, “I own a small computer consulting company that focuses on Apple products in the residential market. About 75% of my customers have/had malware on their computers and did not know it”.

image of tweet stating macs get malware

If we look at a public malware repository like VirusTotal and query how many threats have been uploaded that are tagged as ‘macho’ (the native macOS binary, though macOS runs other kinds of executables which are also used in malware) and have more than 4 independent vendors detecting them, then today we’ll get a list of around 5,800 samples. That’s 5,800 individual pieces of malicious software that have been written specifically for macOS in its native binary format over the last 90 days. If malware isn’t a problem on macOS, one might wonder why all these malware authors are wasting their time writing so much of it!

image of malware targeting macOS on virus total

That number is but a small sample. It doesn’t include malware that we’re aware of that doesn’t register on VirusTotal, such as this launcher script for OSX.DarthMiner, a threat that appeared in late 2018. This script was uploaded to VT 8 months ago and is still barely detected by the static engines there, to give but one example:

image of undetected malware samples on macos

How Do Macs Get Infected?

So, how do Macs get infected, then, given that the data categorically disproves the myth that Macs don’t get malware?

Macs, of course, are just Unix-based general purpose computers. Apple do not possess some secret sauce that makes them impervious to malware and that Microsoft and other OS vendors have failed to invent. In fact, Apple’s built-in security tools rely on outdated-technology similar to legacy AV products – file hashes, hardcoded path searches and Yara rules – as well as a few proprietary Apple technologies like Gatekeeper, Notarization and code signing, which we’ll say a little bit more about below.

Importantly, all the Mac’s detection and malware removal capabilities are historical – meaning, they are updated to detect threats that have been seen to infect Mac users in the past. There is no predictive or heuristic threat detection built-in to macOS and indeed, the observation by one commentator that Apple have stepped up their game (something we’ve noted also) in terms of adding more detection rules is only a result of the fact that Apple are responding to the increased number of threats that they are actually seeing infecting Apple Mac computers. Those who follow Apple security issues will recall the lament during much of 2018 that XProtect hardly saw a single update, despite lots of new threats appearing during that year. In contrast, we’ve seen three updates to XProtect since the start of 2020. The takeaway there, if it isn’t obvious, is that Apple’s behavior mirrors what we’re seeing at SentinelOne and what Malwarebytes report pointed out: more threats than ever before are targeting macOS users.

And yet, despite all the evidence, we still find Mac gurus who believe and spread the myth that Macs don’t get malware and users don’t need additional security protections. Aside from a lack of awareness about the threats that are actually out there, it seems there are two related misconceptions that inform this kind of thinking:

    1. Apple’s built-in tools are sufficient to protect users
    2. Anyone who does get infected have themselves to blame for making ‘bad decisions’.

Neither of those beliefs are helpful, and propagating them only serves to do what malware authors most want: keep Mac users unprotected and believing in a false sense of security.

tweet from mac-interactive

Let’s look at those two claims individually and see how they cash out.

Why Apple’s Tools Won’t Stop All Malware

Are Apple’s built-in tools sufficient to protect users? As we’ve already noted, Apple’s security tools rely on historical data – an attack needs to have happened to someone, some Mac, somewhere, before Apple will add a detection rule for it. But even when Apple add detection rules for a particular piece of malware, that still doesn’t mean they will catch every instance of it.

The reasons are technical and we’ve gone into them elsewhere, but a short summary here should suffice. First, Apple’s blocking technology, Gatekeeper, is easily overridden by users (yup, those same users making those same ‘bad decisions’). Regardless of the “why”, and particularly in an enterprise context where social engineering is well understood, all that matters is that they do, and that that they do in sufficient numbers to make it a worthwhile enterprise for bad actors.

Second, Apple’s detection technology, XProtect, relies on very simple, lightly-obfuscated, string and data pattern matching YARA rules. Threat actors can see how Apple detect their malware within minutes of Apple updating these rules, and in most cases it’s a simple thing for these actors to refactor existing code to avoid Apple’s rules. In all versions of macOS except the new Catalina, XProtect will also fail to scan code that does not have a quarantine bit.

Third, notarization – Apple’s new demand that all 3rd party apps need to be vetted by Apple for malware before they can run on macOS – doesn’t apply in certain situations. Neither Gatekeeper nor Notarization apply if the app is installed without a quarantine bit, even on Catalina. This can happen by design (if the application is installed through MDM software like Jamf), and also by user override or by an unsandboxed process removing the quarantine bit. Astoundingly, removal of this essential attribute doesn’t require admin privileges, so even standard users (and processes running as standard users) can accomplish a bypass of the built-in Apple security tools. Finally, notarization doesn’t come into play even under the latest “strict policy” if the malware payload is downloaded via Curl or similar networking transfer tool by a first stage installer. Such first stage installers are typically either signed with valid Apple developer signatures (until Apple discover them and revoke them) or socially engineer the user to launch them as described above.

In short, the built-in tools are there to block and detect some of the most commonly known families of malware; they are not built to stop anything even mildly advanced or targeted at a particular business. Gatekeeper, XProtect and Notarization are also not going to find or block novel malware, nor are they much use against actively developed malware that iterates regularly.

Are Users to Blame for Risky Behaviour?

There’s a lot of macOS malware that preys on people who insist on risky behavior, it’s true. Torrents, cracked software and websites of dubious legality are all favorite hunting grounds for malware authors on macOS, just as they are on Windows. Whether such users “deserve what they get” is a matter of one’s personal opinion, but what is undoubtedly true is that the methods used by such malware are viable – and reliable – infection vectors that could equally be used against anyone.

tweet from howard oakley

Some would argue that users should stick to Apple App Store products to stay safe, but that both concedes the point that Macs are vulnerable to malware if used ‘out of the box’, and it limits users’ ability to exploit the full power of their Mac devices.

On top of that, Apple’s App Store has had its own problems with malware, adware and spyware, so there’s no guarantee that what you download from there will be safe; the only guarantee is that if something is discovered to be harmful after-the-fact, Apple have the power to remove it pretty rapidly.

<span style="font-weight: 400;"What's more, the "stick to the App Store" dictum ignores the reality that if you need a computer (as opposed to say a phone or a tablet), particularly in a business environment, you're going to want to use it for tasks that simply don't fall in line with the kind of feature-lite offerings found in the macOS App Store.

So, blame the users if you want (and if they are employees, you probably should!), but the blame game isn’t going to keep you safe. If there’s one thing we know about malware authors it’s that they are just like any other software developer: they will code what they need to get the job done and nothing more, nothing less. If you’re looking for an answer to the question: why don’t we see more sophisticated malware on macOS like on Windows?’, you’ll find it in the fact that most macOS users don’t run security software and are not security conscious. Why build something complicated when something as simple as this will do?

image right click to bypass macOS security

Conclusion

Sometimes people take an ideological position based on faith, interest or just coherence with other things that they hold to be true or wish to be true, and no amount of data is going to convince them otherwise. But for those with the eyes to see, there’s no question that threat actors have placed increasing attention on macOS, not least because the belief that Macs are “more secure” plays into the hands of malware authors by encouraging complacency about the need for protection.

As we have seen, the built-in security technologies are not keeping Mac users malware free – Apple’s own increased efforts are evidence of this, as is the other data we’ve mentioned above. Meanwhile, cyber criminals are making a nice living out of running coinminers, adware, scamware, backdoors and, yes, malware on unsuspecting users’ macOS devices. And as a final thought for those who don’t have visibility into what’s happening on their Macs: exactly how do you know there isn’t any malware running on any of your Macs, right now? What tools are you using that give you that confidence?


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Thomas Kurian on his first year as Google Cloud CEO

“Yes.”

That was Google Cloud CEO Thomas Kurian’s simple answer when I asked if he thought he’d achieved what he set out to do in his first year.

A year ago, he took the helm of Google’s cloud operations — which includes G Suite — and set about giving the organization a sharpened focus by expanding on a strategy his predecessor Diane Greene first set during her tenure.

It’s no secret that Kurian, with his background at Oracle, immediately put the entire Google Cloud operation on a course to focus on enterprise customers, with an emphasis on a number of key verticals.

So it’s no surprise, then, that the first highlight Kurian cited is that Google Cloud expanded its feature lineup with important capabilities that were previously missing. “When we look at what we’ve done this last year, first is maturing our products,” he said. “We’ve opened up many markets for our products because we’ve matured the core capabilities in the product. We’ve added things like compliance requirements. We’ve added support for many enterprise things like SAP and VMware and Oracle and a number of enterprise solutions.” Thanks to this, he stressed, analyst firms like Gartner and Forrester now rank Google Cloud “neck-and-neck with the other two players that everybody compares us to.”

If Google Cloud’s previous record made anything clear, though, it’s that technical know-how and great features aren’t enough. One of the first actions Kurian took was to expand the company’s sales team to resemble an organization that looked a bit more like that of a traditional enterprise company. “We were able to specialize our sales teams by industry — added talent into the sales organization and scaled up the sales force very, very significantly — and I think you’re starting to see those results. Not only did we increase the number of people, but our productivity improved as well as the sales organization, so all of that was good.”

He also cited Google’s partner business as a reason for its overall growth. Partner influence revenue increased by about 200% in 2019, and its partners brought in 13 times more new customers in 2019 when compared to the previous year.

Hackers Were Inside Citrix for Five Months

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords.

Citrix provides software used by hundreds of thousands of clients worldwide, including most of the Fortune 100 companies. It is perhaps best known for selling virtual private networking (VPN) software that lets users remotely access networks and computers over an encrypted connection.

In March 2019, the Federal Bureau of Investigation (FBI) alerted Citrix they had reason to believe cybercriminals had gained access to the company’s internal network. The FBI told Citrix the hackers likely got in using a technique called “password spraying,” a relatively crude but remarkably effective attack that attempts to access a large number of employee accounts (usernames/email addresses) using just a handful of common passwords.

In a statement released at the time, Citrix said it appeared hackers “may have accessed and downloaded business documents,” and that it was still working to identify what precisely was accessed or stolen.

But in a letter sent to affected individuals dated Feb. 10, 2020, Citrix disclosed additional details about the incident. According to the letter, the attackers “had intermittent access” to Citrix’s internal network between Oct. 13, 2018 and Mar. 8, 2019, and that there was no evidence that the cybercrooks still remain in the company’s systems.

Citrix said the information taken by the intruders may have included Social Security Numbers or other tax identification numbers, driver’s license numbers, passport numbers, financial account numbers, payment card numbers, and/or limited health claims information, such as health insurance participant identification number and/or claims information relating to date of service and provider name.

It is unclear how many people received this letter, but the communication suggests Citrix is contacting a broad range of individuals who work or worked for the company at some point, as well as those who applied for jobs or internships there and people who may have received health or other benefits from the company by virtue of having a family member employed by the company.

Citrix’s letter was prompted by laws in virtually all U.S. states that require companies to notify affected consumers of any incident that jeopardizes their personal and financial data. While the notification does not specify whether the attackers stole proprietary data about the company’s software and internal operations, the intruders certainly had ample opportunity to access at least some of that information as well.

Shortly after Citrix initially disclosed the intrusion in March 2019, a little-known security company Resecurity claimed it had evidence Iranian hackers were responsible, had been in Citrix’s network for years, and had offloaded terabytes of data. Resecurity also presented evidence that it notified Citrix of the breach as early as Dec. 28, 2018, a claim Citrix initially denied but later acknowledged.

Iranian hackers recently have been blamed for hacking VPN servers around the world in a bid to plant backdoors in large corporate networks. A report released this week (PDF) by security firm ClearSky details how Iran’s government-backed hacking units have been busy exploiting security holes in popular VPN products from Citrix and a number of other software firms.

ClearSky says the attackers have focused on attacking VPN tools because they provide a long-lasting foothold at the targeted organizations, and frequently open the door to breaching additional companies through supply-chain attacks. The company says such tactics have allowed the Iranian hackers to gain persistent access to the networks of companies across a broad range of sectors, including IT, security, telecommunications, oil and gas, aviation, and government.

Among the VPN flaws available to attackers is a recently-patched vulnerability (CVE-2019-19781) in Citrix VPN servers dubbed “Shitrix” by some in the security community. The derisive nickname may have been chosen because while Citrix initially warned customers about the vulnerability in mid-December 2019, it didn’t start releasing patches to plug the holes until late January 2020 — roughly two weeks after attackers started using publicly released exploit code to break into vulnerable organizations.

How would your organization hold up to a password spraying attack? As the Citrix hack shows, if you don’t know you should probably check, and then act on the results accordingly. It’s a fair bet the bad guys are going to find out even if you don’t.

Dell sells RSA to consortium led by Symphony Technology Group for over $2B

Dell Technologies announced today that it was selling legacy security firm RSA for $2.075 billion to a consortium of investors led by Symphony Technology Group. Other investors include Ontario Teachers’ Pension Plan Board and AlpInvest Partners.

RSA came to Dell when it bought EMC for $67 billion in 2015. EMC bought the company in 2006 for a similar price it was sold for today, $2.1 billion. The deal includes several pieces, including the RSA security conference held each year in San Francisco.

As for products, the consortium gets RSA Archer, RSA NetWitness Platform, RSA SecurID, RSA Fraud and Risk Intelligence — in addition to the conference. At the time of the EMC acquisition, in a letter to customers, Michael Dell actually called out RSA as one of the companies he looked forward to welcoming to the Dell family after the deal was completed:

I am excited to work with the EMC, VMware, Pivotal, VCE, Virtustream and RSA teams, and I am personally committed to the success of our new company, our partners and above all, to you, our customers.

Times change however, and perhaps Dell decided it was simply time to get some cash and jettison the veteran security company to go a bit more modern, as RSA’s approach no longer aligned with Dell’s company-wide security strategy.

“The strategies of RSA and Dell Technologies have evolved to address different business needs with different go-to-market models. The sale of RSA gives us greater flexibility to focus on integrated innovation across Dell Technologies, while allowing RSA to focus on its strategy of providing risk, security and fraud teams with the ability to holistically manage digital risk,” Dell Technology’s chief operating officer and vice chairman Jeff Clarke, wrote in a blog post announcing the deal.

Meanwhile, RSA president Rohit Ghai tried to put a happy spin on the outcome, framing it as the next step in the company’s long and storied history. “The one constant in every episode of our existence has been our focus on the success of our customers and our ability to endure through market disruption by innovating on behalf of our customers,” he wrote in a blog post on the RSA company website.

The deal is subject to the normal kinds of regulatory approval before it is finalized.