VMware completes $2.7 billion Pivotal acquisition

VMware is closing the year with a significant new component in its arsenal. Today it announced it has closed the $2.7 billion Pivotal acquisition it originally announced in August.

The acquisition gives VMware another component in its march to transform from a pure virtual machine company into a cloud native vendor that can manage infrastructure wherever it lives. It fits alongside other recent deals like buying Heptio and Bitnami, two other deals that closed this year.

They hope this all fits neatly into VMware Tanzu, which is designed to bring Kubernetes containers and VMware virtual machines together in a single management platform.

“VMware Tanzu is built upon our recognized infrastructure products and further expanded with the technologies that Pivotal, Heptio, Bitnami and many other VMware teams bring to this new portfolio of products and services,” Ray O’Farrell, executive vice president and general manager of the Modern Application Platforms Business Unit at VMware, wrote in a blog post announcing the deal had closed.

Craig McLuckie, who came over in the Heptio deal and is now VP of R&D at VMware, told TechCrunch in November at KubeCon that while the deal hadn’t closed at that point, he saw a future where Pivotal could help at a professional services level, as well.

“In the future when Pivotal is a part of this story, they won’t be just delivering technology, but also deep expertise to support application transformation initiatives,” he said.

Up until the closing, the company had been publicly traded on the New York Stock Exchange, but as of today, Pivotal becomes a wholly owned subsidiary of VMware. It’s important to note that this transaction didn’t happen in a vacuum, where two random companies came together.

In fact, VMware and Pivotal were part of the consortium of companies that Dell purchased when it acquired EMC in 2015 for $67 billion. While both were part of EMC and then Dell, each one operated separately and independently. At the time of the sale to Dell, Pivotal was considered a key piece, one that could stand strongly on its own.

Pivotal and VMware had another strong connection. Pivotal was originally created by a combination of EMC, VMware and GE (which owned a 10% stake for a time) to give these large organizations a separate company to undertake transformation initiatives.

It raised a hefty $1.7 billion before going public in 2018. A big chunk of that came in one heady day in 2016 when it announced $650 million in funding led by Ford’s $180 million investment.

The future looked bright at that point, but life as a public company was rough, and after a catastrophic June earnings report, things began to fall apart. The stock dropped 42% in one day. As I wrote in an analysis of the deal:

The stock price plunged from a high of $21.44 on May 30th to a low of $8.30 on August 14th. The company’s market cap plunged in that same time period falling from $5.828 billion on May 30th to $2.257 billion on August 14th. That’s when VMware admitted it was thinking about buying the struggling company.

VMware came to the rescue and offered $15.00 a share, a substantial premium above that August low point. As of today, it’s part of VMware.

Seed investors favor enterprise over consumer for first time this decade

Hello and welcome back to our regular morning look at private companies, public markets and the gray space in between.

It’s the second to last day of 2019, meaning we’re very nearly out of time this year; our space for repretrospection is quickly coming to a close. Before we do run out of hours, however, I wanted to peek at some data that former Kleiner Perkins investor and Packagd founder Eric Feng recently compiled.

Feng dug into the changing ratio between enterprise-focused Seed deals and consumer-oriented Seed investments over the past decade or so, including 2019. The consumer-enterprise split, a loose divide that cleaves the startup world into two somewhat-neat buckets, has flipped. Feng’s data details a change in the majority, with startups selling to other companies raising more Seed deals than upstarts trying to build a customer base amongst folks like ourselves in 2019.

The change matters. As we continue to explore new unicorn creation (quick) and the pace of unicorn exits (comparatively slow), it’s also worth keeping an eye on the other end of the startup lifecycle. After all, what happens with Seed deals today will turn into changes to the unicorn market in years to come.

Let’s peek at a key chart from Feng, talk about Seed deal volume more generally, and close by positing a few reasons (only one of which is Snap’s IPO) as to why the market has changed as much as it has for the earliest stage of startup investing.

Changes

Feng’s piece, which you can read here, tracks the investment patterns of startup accelerator Y Combinator against its market. We care more about total deal volume, but I can’t recommend the dataset enough if you have the time.

Concerning the universe of Seed deals, here’s Feng’s key chart:

Chart via Eric Feng / Medium

As you can see, the chart shows that in the pre-2008 era, Seed deals were amply skewed towards consumer-focused Seed investments. A new normal was found after the 2008 crisis, with just a smidge under 75% of Seed deals focused on selling to the masses for nearly a decade.

In 2016, however, a new trend emerged: a gradual decline in consumer Seed deals and a shift towards enterprise investments.

This became more pronounced in 2017, sharper in 2018, and by 2019 fewer than half of Seed deals focused on consumers. Now, more than half are targeting other companies as their future customer base. (Y Combinator, as Feng notes, got there first, making a majority of investments into enterprise startups since 2010, with just a few outlying classes.)

This flip comes as Seed deals sit at the 5,000-per-quarter mark. As Crunchbase News published as Q3 2019 ended, global Seed volume is strong:

So, we’re seeing a healthy number of deals as the consumer-enterprise ratio changes. This means that the change to more enterprise deals as a portion of all Seed investments isn’t predicated on their number holding steady while Seed deals dried up. Instead, enterprise deals are taking a rising share while volume appears healthy.

Now we get to the fun stuff; why is this happening?

Blame SaaS

As with many trends long in the making, there is no single reason why Seed investors have changed up their investing patterns. Instead, there are likely a myriad that added up to the eventual change. I’m going to ping a number of Seed investors this week to get some more input for us to chew on, but there are some obvious candidates that we can discuss today.

In no particular order, here are a few:

  • Snap’s IPO: Snap went public in early 2017 at $17 per share. Its equity quickly spiked to into the high 20s. By July of that same year, Snap slipped under its IPO price. Its high-growth, high-spend model was under attack by both high costs and slim gross margins. Snap then went into a multi-year purgatory before returning to form — somewhat — in 2019. It’s not great for a category’s investment pace if one of its most prominent companies stumble very publicly, especially for Seed investors who make the riskiest bets in venture.

Daily Crunch: VMware completes Pivotal acquisition

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

1. VMware completes $2.7 billion Pivotal acquisition

VMware is closing the year with a significant new weapon in its arsenal. (I restrained myself from using a “pivotal” pun here. You’re welcome.)

The acquisition — first announced in August — helps the company in its transformation from a pure virtual machine supplier into a cloud native vendor that can manage infrastructure wherever it lives. It fits alongside the acquisitions of Heptio and Bitnami, two other deals that closed this year.

2. Spotify to ‘pause’ running political ads, citing lack of proper review

The company told us that starting early next year, it will stop selling political ads: “At this point in time, we do not yet have the necessary level of robustness in our processes, systems and tools to responsibly validate and review this content.”

3. ‘The Mandalorian’ returns for Season 2 on Disney+ in fall 2020

The last episode of the first season of “The Mandalorian” went live on Disney+ on Friday, and showrunner Jon Favreau wasted very little time confirming when we can expect season two of the smash hit to land: next fall.

4. 2019 Africa Roundup: Jumia IPOs, China goes digital, Nigeria becomes fintech capital

The last 12 months served as a grande finale to 10 years that saw triple-digit increases in startup formation and VC on the continent. Here’s an overview of the 2019 market events that capped off a decade in African tech.

5. Maxar is selling space robotics company MDA for around $765 million

Maxar’s goal in selling the business is to help alleviate some of its considerable debt. The purchasing entity is a consortium of companies led by private investment firm Northern Private Capital, which will acquire the entirety of MDA’s Canadian operations — responsible for the development of the Canadarm and Canadarm2 robotic manipulators used on the Space Shuttle and the International Space Station, respectively.

6. Cloud gaming is the future of game monetization, not gameplay

Lucas Matney argues that as is so often the case with the next big thing in tech, cloud streaming is much more likely to become the next big feature of a more traditional platform, rather than the entire platform itself. (Extra Crunch membership required.)

7. This week’s TechCrunch podcasts

Equity took the week off, but we kept Original Content going with a review of Netflix’s new fantasy show “The Witcher.”

Happy 10th Birthday, KrebsOnSecurity.com

Today marks the 10th anniversary of KrebsOnSecurity.com! Over the past decade, the site has featured more than 1,800 stories focusing mainly on cybercrime, computer security and user privacy concerns. And what a decade it has been.

Stories here have exposed countless scams, data breaches, cybercrooks and corporate stumbles. In the ten years since its inception, the site has attracted more than 37,000 newsletter subscribers, and nearly 100 million pageviews generated by roughly 40 million unique visitors.

Some of those 40 million visitors left more than 100,000 comments. The community that has sprung up around KrebsOnSecurity has been truly humbling and a joy to watch, and I’m eternally grateful for all your contributions.

One housekeeping note: A good chunk of the loyal readers here are understandably security- and privacy-conscious, and many block advertisements by default — including the ads displayed here.

Just a reminder that KrebsOnSecurity does not run third-party ads and has no plans to change that; all of the creatives you see on this site are hosted in-house, are purely image-based, and are vetted first by Yours Truly. Love them or hate ’em, these ads help keep the content at KrebsOnSecurity free to any and all readers. If you’re currently blocking ads here, please consider making an exception for this site.

Last but certainly not least, thank you for your readership. I couldn’t have done this without your encouragement, wisdom, tips and support. Here’s wishing you all a happy, healthy and wealthy 2020, and for another decade of stories to come.

The Good, the Bad and the Ugly in Cybersecurity – Week 52

Image of The Good, The Bad & The Ugly in CyberSecurity

The Good

This week, three of the individuals found to be behind the GozNym family of malware were sentenced following their capture earlier this year. Krasimir Nikolov, Alexander Konovolov and Marat Kazandjian were each sentenced this past week for their roles in long-running campaigns which were all reliant on the GozNym banking trojan and supporting infrastructure. Nikolov (arrested in 2016) received credit for time served, and will now be transferred to Bulgaria. Alexander Konovolov, thought to be one of the leaders of the group, was sentenced to seven years in prison, with Kazandjian receiving a sentence of 5 years.

Starting in 2012, GozNym grew into a highly prolific and successful malware toolset. The threat came to incorporate core banking trojan features (Gozi) along with additional offshoots able to function as ransomware and a backdoor (Nymaim). The trojans were primarily spread via email spam campaigns and were used heavily to steal banking credentials and redirect funds from numerous victims.

On the slightly lighter side of things…it seems Ryuk is giving WSL (Windows Subsystem for Linux) a bit of a break in recent variants. After analyzing recent samples, researcher Vitali Kremez noted that there are hard-coded exclusions for specific folder names and structures that are inherent to most *nix installations. At first, this was a tad perplexing as there is no “known” *nix variant of Ryuk ransomware, nor is it common for the entire Linux file structure to be shared amongst infectible Windows clients. That being said, further review suggests that the exclusions are meant to accommodate WSL and associated folders. At the end of the day, ransomware authors need their victims’ machines to work to close the circle and facilitate payment. It is believed this is the motivation behind the feature.

image of Ryuk tweet

The Bad

Things have certainly not slowed down for the ‘Maze Crew’. The actors behind Maze (covered here recently) have continued to deliver on their threat of releasing data from non-compliant victims. Over the last week, additional data from Busch’s and the City of Pensacola was released. While this represents but a small sliver of what the attackers have claimed to exfiltrate from these targeted environments, it serves as an ongoing reminder of how serious the issue of ransomware and related extortion is. As we have stated previously, prevention is critical, the only way to truly be safe from these multi-pronged campaigns is to prevent them in the first place. Targeted environments that were able to restore their encrypted data while circumventing the attackers demands are still at risk due to the data-release component being used here.

Researchers at Positive Technologies recently disclosed details around a critical security bypass vulnerability affecting multiple Citrix products and technologies. The flaw allows for any unauthenticated attacker to remotely access internal network resources by way of the affected Citrix components. Once inside a network, attackers can continue to move laterally or attack and establish a presence on nodes deeper in the target network. According to Positive Technologies, this issue stands to affect 80,000+ companies, spread across the world. The flaw has been assigned CVE-2019-19781, and Citrix has released a fix, coupled with notice to consider application of the fix a high/critical priority.

image of Citrix CVE-2019-19781 vulnerability
Source

The Ugly

Advanced Persistent Threat group APT20 (aka Violin Panda) has been shifting focus onto themselves as a result of recent campaigns in which they successfully defeat 2FA. Choosing to target mainly MSPs (managed service providers) and government entities, the group has been locating vulnerable implementations of the Java application server platform JBoss. Once they have a foothold on the exposed web servers, they proceed to install web shells and further infiltrate the victim’s network. Part of this process included gaining access to RSA SecurID software tokens, allowing the attackers to successfully proceed though 2FA challenges. This method was used also to authenticate to 2FA-protected VPN accounts.

image of operation wocao
It is reported that the attackers were able to make small modifications to the software token mechanisms so as to allow them to generate valid tokens without validation of the specific systems. These tactics were said to be a small component of the broader Operation Wocao.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Revenue train kept rolling all year long for Salesforce

Salesforce turned 20 this year, and the most successful pure enterprise SaaS company ever showed no signs of slowing down. Consider that the company finished the year on an $18 billion run rate, rushing toward its 2022 revenue goal of $20 billion. Oh, and it also spent a tidy $15.7 billion to buy Tableau this year in the most high-profile and expensive acquisition it’s ever made.

Co-founder, chairman and CEO Marc Benioff published a book called Trailblazer about running a socially responsible company, and made the rounds promoting it. In fact, he even stopped by TechCrunch Disrupt in San Francisco in September, telling the audience that capitalism as we know it is dead. Still, the company announced it was building two more towers in Sydney and Dublin.

It also promoted Bret Taylor just last week, who could be in line as heir apparent to Benioff and co-CEO Keith Block whenever they decide to retire. The company closed the year with a bang with a $4.5 billion quarter. Salesforce, for the most part, has somehow been able to balance Benioff’s vision of responsible capitalism while building a company makes money in bunches, one that continues to grow and flourish, and that’s showing no signs of slowing down anytime soon.

All aboard the gravy train

The company just keeps churning out good quarters. Here’s what this year looked like:

Ransomware at IT Services Provider Synoptek

Synoptek, a California business that provides cloud hosting and IT management services to more than a thousand customers nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources. The company has reportedly paid a ransom demand in a bid to restore operations as quickly as possible.

Irvine, Calif.-based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries, including state and local governments, financial services, healthcare, manufacturing, media, retail and software. The company has nearly a thousand employees and brought in more than $100 million in revenue in the past year, according to their Web site.

A now-deleted Tweet from Synoptek on Dec. 20 warned against the dangers of phishing-based cyberattacks, less than three days prior to their (apparently phishing-based) Sodinokibi ransomware infestation.

News of the incident first surfaced on Reddit, which lit up on Christmas Eve with posts from people working at companies affected by the outage. The only official statement about any kind of incident came late Friday evening from the company’s Twitter page, which said that on Dec. 23 it experienced a “credential compromise which has been contained,” and that Synoptek “took immediate action and have been working diligently with customers to remediate the situation.”

Synoptek has not yet responded to multiple requests for comment. But two sources who work at the company have now confirmed their employer was hit by Sodinokibi, a potent ransomware strain also known as “rEvil” that encrypts data and demands a cryptocurrency payment in return for a digital key that unlocks access to infected systems. Those sources also say the company paid their extortionists an unverified sum in exchange for decryption keys.

Sources also confirm that both the State of California and the U.S. Department of Homeland Security have been reaching out to state and local entities potentially affected by the attack. One Synoptek customer briefed on the attack who asked to remain anonymous said that once inside Synoptek’s systems, the intruders used a remote management tool to install the ransomware on client systems.

Much like other ransomware gangs operating today, the crooks behind Sodiniokibi seem to focus on targeting IT providers. And it’s not hard to see why: With each passing day of an attack, customers affected by it vent their anger and frustration on social media, which places increased pressure on the provider to simply pay up.

A Sodinokibi attack earlier this month on Colorado-based IT services firm Complete Technology Solutions resulted in ransomware being installed on computers at more than 100 dentistry practices that relied on the company. In August, Wisconsin-based IT provider PerCSoft was hit by Sodinokibi, causing outages for more than 400 clients.

To put added pressure on victims to negotiate payment, the purveyors of Sodinokibi recently stated that they plan to publish data stolen from companies infected with their malware who elect to rebuild their operations instead of paying the ransom.

In addition, the group behind the Maze Ransomware malware strain recently began following through on a similar threat, erecting a site on the public Internet that lists victims by name and includes samples of sensitive documents stolen from victims who have opted not to pay. When the site was first set up on Dec. 14, it listed just eight victims; as of today, there are more than two dozen companies named.

7 Scams of Holiday Season Cyber Criminals

It’s that time of the year again when we’re all doing the two things that cyber criminals love most: spending money and giving generously. Those who seek ill-gotten gains from others have come up with plenty of ways to dupe, manipulate and steal during the holiday season. In this post, we cover seven scams to keep an eye out for.

image of 7 scams cyber criminals

1. Juice Jacking

The holiday season inevitably involves a lot of us traveling to and from distant friends and relatives, and that can mean visiting unfamiliar public places while in transit as well as seeking out the last drop of battery power from our mobile devices. Los Angeles County District Attorney has warned that criminals are taking advantage of this by loading malware into public USB power charging stations located in places like airports and hotels.

“Juice Jacking”, aka the USB Charger Scam, can take several forms. Fraudsters may install malware onto your device through an infected USB port or cable left hanging in a public charge point, or they may try to give away malicious USB cables as “free gifts” that are loaded with credential-stealing malware. The intent is to export personal data and passwords so that the cybercriminals can drain your bank accounts or commit identity theft.

To stay safe, never use a cable that’s been left in a charging station and don’t accept cables given away as promotional gifts.

Ideally, carry your own cables and a “power bank” charging pack. When charging on the move, find an AC outlet and plug your own charger directly into it.

2. Poisoned Public Wifi

We all love to stay connected while on the move, and retailers, coffee shops and bars know that a free, public wifi hotspot is good for business. Unfortunately, it’s easy for attackers to impersonate these or snoop other users on the same Wifi network.

Snooping means that other users of the network can see your unencrypted traffic – what websites you visit and any clear text data you send through the public hotspot, including what you type into web forms on unencrypted sites. Impersonation occurs when a threat actor sets up a malicious hotspot or rogue access point with an SSID the same as or very similar to the one that you intend to connect to.

In order to stay safe, avoid connecting to public Wifi networks where possible and disable any network discovery settings that allow your device to automatically join public hotspots. Where you do need access, ask staff to confirm the correct Wifi network name (SSID), ensure you’re only browsing sites that begin with https or display the green padlock icon.

Importantly, even if using https, avoid connecting to personal banking or other highly-sensitive, password-protected sites while on public Wifi. Save that kind of work for when you’re connected to a known, trusted network.

3. Holiday Charity Scams

The festive season draws out the best in many of us, but the worst in some, too. There are a number of known scams that target people’s generosity during the holiday season. Some fraudsters spoof the phone numbers of legitimate charities, making it appear on your caller ID that the incoming call is from a charitable organization – and use robocalls and texts to target unwitting consumers. Others go so far as to set up fake charities or pretend to be agents of legitimate organizations.

To stay safe, refuse solicitations from callers either online, on your phone or at your door claiming to represent a charity. If you wish to donate to an organization, approach them directly and check their credentials by visiting their official website.

Never give out personal information to an unsolicited caller, as they may use this to commit identity theft.

4. Seasonal Phishing Scams

The holiday season makes an ideal time for phishing scams as many of us are in a rush and desperate to buy gifts at bargain prices. Meanwhile, genuine online stores are bombarding our inboxes with holiday discounts and special offers. Prime conditions for spammers to hook victims with phishing links to malicious websites that may be clones of the real thing but are really intended to drop malware or phish login and password credentials.

These scams may take the form of special offers, gifts and coupons, or claims that you’ve been invoiced for something you didn’t order and that you need to click a link to “report a problem”. Some bad actors embed malware in images as well as attached documents, while one notorious malware platform has been spotted conducting a seasonal phishing campaign by inviting targets to accept an invitation to the staff Christmas party.

image of emotet xmas email

Of course, all these are just prompts to get the user to either download a malicious file, click a fraudulent link or enter credentials on a fake website.

To stay safe, use trusted security software to block malware. Disable the loading of remote content in your email client preferences, and inspect link addresses before clicking on them. Look out for simple tricks where the scammer users what looks like a real address, say google.com and replaces one or more letters with a homograph or punctuation, like go0gle.com or goo.gle.com. Such tricks may seem obvious on inspection, but are easily overlooked when only glanced at. When you do land on a website, pay attention to what’s in the address bar.

It helps to ensure your browser preferences show full website addresses and that your Safe Browsing prefs in ‘Privacy & Security’ are turned on.

A Gif showing how to make your Chrome browser private by typically going to Advanced or Privacy and clicking on Safe Browsing or Phishing and Malware Protection.

5. Fake Updates

Keen to share and join in the fun, we’re all prone to clicking on a video shared across social media, text message or email, particularly during the festive season. But beware of those that pop up a message telling you that you need to update or download some kind of media player – fake Flash players are a favorite of adware and malware scammers – in order to view it.

These are almost always the first sign of a scam in which the fraudsters aim is to infect your device either with a PUP/adware installer or a more serious Emotet, Trickbot or other trojan platform.

image of fake media player

To stay safe from these kinds of threats, always dismiss any such pop-up alerts. Launch your usual media player from the Dock or Taskbar and check if it really needs an update.

Note that if your media player won’t play the media file of a type it should, assume the offending file is malicious and send it to the Trash. Again, a good security solution can protect you from this kind of threat.

6. Fake Coupon & Discount Apps

Fraudsters don’t only restrict themselves to setting up fake websites; they’ll even build entire fake applications and distribute those through unofficial app repositories in the aim of getting users to download malware. These apps typically offer users multiple discounts or coupons promising great deals on many popular products.

In general, you’re safer sticking to apps distributed from reputable app stores, but it’s worth bearing in mind that these have also become increasingly targeted by malicious actors. Apple’s iOS App Store has had a few high-profile cases of data exfiltrating malware and spyware, and problems with Google’s Play Store are a common news item.

To stay safe, only download and install applications that you have a genuine need for, and always check out the details of the developer.

Most ‘free apps’, particularly those offering shopping discounts are going to be at best plaguing you with in-app advertisements in order to generate their income. At worst, they may be delivering malware or stealing you data.

7. Fraudulent Ads

Encountered all year round but descending like a plague between November and January, scam ads can be found not only on sketchy websites but also circulated through social media like Facebook, Twitter, and other sharing platforms. With billions of users, these platforms make attractive targets for ads containing malicious links.

In some cases, these fake ads may show multiple items, with several listed at normal prices but one item at some incredibly low price. They may even contain text such as “Due to a pricing error, this item is now on sale at half it’s RRP, but it won’t be for long!” The aim is to make people click immediately to take advantage of what they think is a mistake. Of course, it’s all a scam and the link takes the user to a fake sale site with credit card skimmers embedded in the code.

Ads run by scammers can be difficult to spot, since they use many of the same marketing tricks as legitimate ads. And although there is a breed of such ads that use poor quality, blurred images, others simply steal glossy, highly-produced photos from real products. If you are tempted into clicking on an ad placed through social media, check all the details carefully. Does the website offer comprehensive information about product details, shipping costs, returns and customer support? Is the language on the website error-free?

Use a whois lookup to see how long the website has been around (scam sites are usually less than a few months old). And ultimately, is the deal “too good to be true?” The best defence against fraudulent ads is buyer caution.

Conclusion

The holiday season is a time for giving and reflection, and not a little relaxation. Unfortunately, there’s plenty of scammers and fraudsters out there intent on selfishly exploiting this time of year for their own ends and ruining the festivities for others. We hope that the tips above will help you to avoid becoming a victim and wish everyone a safe and happy festive season.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Public investors loved SaaS stocks in 2019, and startups should be thankful

Hello and welcome back to our regular morning look at private companies, public markets and the gray space in between.

Today, something short. Continuing our loose collection of looks back of the past year, it’s worth remembering two related facts. First, that this time last year SaaS stocks were getting beat up. And, second, that in the ensuing year they’ve risen mightily.

If you are in a hurry, the gist of our point is that the recovery in value of SaaS stocks probably made a number of 2019 IPOs possible. And, given that SaaS shares have recovered well as a group, that the 2020 IPO season should be active as all heck, provided that things don’t change.

Let’s not forget how slack the public markets were a year ago for a startup category vital to venture capital returns.

Last year

We’re depending on Bessemer’s cloud index today, renamed the “BVP Nasdaq Emerging Cloud Index” when it was rebuilt in October. The Cloud Index is a collection of SaaS and cloud companies that are trackable as a unit, helping provide good data on the value of modern software and tooling concerns.

If the index rises, it’s generally good news for startups as it implies that investors are bidding up the value of SaaS companies as they grow; if the index falls, it implies that revenue multiples are contracting amongst the public comps of SaaS startups.*

Ultimately, startups want public companies that look like them (comps) to have sky-high revenue multiples (price/sales multiples, basically). That helps startups argue for a better valuation during their next round; or it helps them defend their current valuation as they grow.

Given that it’s Christmas Eve, I’m going to present you with a somewhat ugly chart. Today I can do no better. Please excuse the annotation fidelity as well:

The Demise Of the Perimeter and the Rise Of the Security Platform

Network security today is clouded in more complexity than ever. Only a few years ago, a network security engineer moving from one organization to another could rely on being faced with a relatively similar challenge in their new post as they had faced in their previous one. Networks, no matter how multi-layered or how diverse the equipment, were still primarily a collection of trusted subnets shielded from the untrusted wider internet by firewalls and DMZ servers. These days, we hear talk of the post-perimeter world, cloud architecture, zero trust networking, microsegmentation and, of course, the ‘Internet of Things’, aka IoT. In this post, we explore these concepts and look at the challenges and solutions for organizations trying to cope with this seismic shift in enterprise networking. 

image demise of the perimeter

Why ‘Securing the Perimeter’ Is No Longer Enough

The demise of the perimeter has been a prominent theme in cybersecurity for the past several years, and for good reason. Traditionally, enterprise IT architecture was comprised of a data center, internal network, endpoints and an internet gateway. To secure this “traditional” architecture, organizations needed a firewall to police inbound traffic, a sandbox to inspect incoming files (usually by email), network security solutions for packet capture and network traffic analysis, and endpoint security solutions to protect the endpoints themselves.

This architecture has always faced inherent security challenges. From social engineering and phishing attacks that abuse the naive assumption that authenticated traffic can be trusted to vulnerabilities in firewall hardware and software, threat actors have always found ways to gain access to enterprise networks.

But the rapid adoption of mobile devices and then cloud technologies has seen the traditional enterprise architecture change, and with it the apparatus needed for security. Today, an enterprise is more likely to have a mixture of local networks, endpoints, mobile devices, cloud applications, and networked devices (whether legitimate or rogue). Employees need access to network assets from mobile devices, and on-premise data centers have widely been replaced in part or entirely by external Cloud providers, storing sensitive organizational data on rented servers whose physical location and security is opaque.

This new architecture increases the organization’s attack surface tenfold and makes the old ‘secure the perimeter‘ paradigm obsolete. 

How Do Organizations Cope With Network Security Today?

Organizations have coped with this seismic change mostly by trying to do more of the same, while integrating new methodologies and, to a lesser extent, new security solutions. The focus is on identity and access management solutions and network segregation as embodied in the zero trust, microsegmention and SDP methodologies. Let’s take a look at these.

Zero Trust

One of the most prominent approaches adopted by many organizations is that of “Zero Trust”, a term coined by research firm Forrester, and its main principle is “never trust, always verify”. It is especially suited to organizations that use cloud applications and infrastructure as it assumes that even entities within the perimeter cannot be trusted.

Zero trust is still very much a buzzword that is used for selling authentication mechanisms for cloud applications and by no means can obviate endpoint or network security solutions.

Microsegmentation

Microsegmentation emphasizes the creation of secure zones to allow organizations to ‘segment’ or isolate workloads so that they can be protected individually. This is utilized mostly in asset-rich environments such as data centers and cloud deployments. However, doing this in a large enterprise environment, with multiple networks, cloud platforms and firewalls is very complicated and presents a challenge to network engineers to deploy and configure in a secure manner.

Effective microsegmentation requires visibility, something many sprawling, disparate networks lack. Without knowing what devices are on the network, it can be difficult for network engineers to know what to segment.

Software-defined Perimeter (SDP)

Software-defined Perimeter (SDP) is a security framework developed by the Cloud Security Alliance (CSA) that controls access to resources based on identity. The aim of an SDP is to allow users to connect to applications, services and systems on the network in a secure way by hiding the underlying infrastructure, including such things as IP addresses, port number and DNS information. This “closed” or “dark cloud” model, in which a network device denies connections from all others applications and devices except the one “that needs to know”, means that attackers are prevented from deploying lateral movement techniques, running distributed denial of service attacks and exploiting other common network incursion TTPs. 

Like zero trust and microsegmentation, SDP is useful in certain scenarios; however, these technologies are lacking when it comes to integrating with SIEM, which is where most organizations desire to manage their security operations from.

And What About the Internet of Things (IoT)?

The problem of visibility is even more acute when it comes to IoT devices. Handling complexity is one thing, but handling things you don’t even know are there is even harder. The new security approaches like those mentioned above (SDP, Zero Trust, Microsegmentation), and even the traditional ones (Network, perimeter and endpoint solutions) are completely oblivious to other entities and threats that modern networks are exposed to, such as “Smart” or IoT devices. The fact that the network is now connected to some Linux server out there (aka “in the Cloud”) and is open or accessed by connected devices makes the perimeter truly irrelevant, along with traditional security solutions, too.

How Do You Handle Scale And Machine Speed?

In addition to all the challenges mentioned, we need to consider the fact that things are not merely getting more complex and difficult to inventory, but things are getting more numerous. There are more endpoints, servers, connected devices, cloud applications and users than ever before, and that all adds up to more entry points into the network.

On top of the sheer quantity of devices connecting to company assets, these elements operate, generate data and communicate at a much greater speed than in the past, giving IT and security personnel less time to react to threats and malfunctions.

As much as security people would like these trends to reverse, it’s impossible to turn this ship. Cloud, hybrid networks and connected devices are integral parts of the modern enterprise.

Augmenting Existing Solutions with a Security Platform

Enterprise will continue to use existing solutions such as firewalls, NTA and endpoint security. But trying to combine multiple, existing solutions in conjunction with new methodologies and products, all from an array of different vendors, is a sure way to increase complexity, reduce visibility and generate more work.

Integrating new products and workflow could be a real burden, and if you think that alert fatigue is bad today, wait and see how hard it will be to manage thousands of alerts on multiple systems, various consoles and diverse dashboards. 

The answer to this cloud of chaos is to reduce complexity, to unify these solutions onto a single platform that can – from a single console and single endpoint agent – enable autonomous, prevention, detection and response. A single platform that can hunt in the context of all enterprise assets, be they on-premise, in the cloud or just rogue devices, such as insecure BYODs attached to the network by employees and outside of IT control or external attackers spoofing legitimate devices into connecting to them. 

This platform should be automated, and future-proof – meaning it must be able to integrate with additional solutions and cloud platforms through a rich set of native APIs – and, of course, it must be able to counter novel threats through utilizing machine learning and behavioral detection. 

Such a platform should enable all required security functionalities – external device and firewall controls, alert handling, forensic investigation and proactive hunting, on all endpoints, IoT devices and cloud platforms, and it should not require extensive training or manpower to operate.

A single security platform that can solve the challenges of modern enterprise architecture and not only cater for today’s complexities and threats, but also easily “grow” along with the organic growth of the organization, is the only plausible investment in the future of your enterprise security. If you would like to try a free demo and experience how SentinelOne meets the challenges of today’s enterprise networks, contact us today.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security