Greylock’s Asheem Chandna on ‘shifting left’ in cybersecurity and the future of enterprise startups

/0 Comments/in /by

Last week was a busy week, what with an election in Myanmar and all (well, and the United States, I guess). So perhaps you were glued to your TV or smartphone, and missed out on our conversation with Asheem Chandna, a long-time partner at Greylock who has invested in enterprise and cybersecurity startups for nearly two decades now, backing such notable companies as Palo Alto Networks, AppDynamics and Sumo Logic. We have more Extra Crunch Live shows coming up.

Enterprise software is changing faster this year than it has in a decade. Coronavirus, remote work, collaboration and new cybersecurity threats have combined to force companies to rethink their IT strategies, and that means more opportunities — and challenges — for enterprise founders than ever before. In some cases, we are seeing an acceleration of existing trends, and in others, we are seeing all new trends come to the forefront.

All that is to say that there was so much on the docket to talk about last week. Chandna and I discussed what’s happening in early-stage enterprise startups, whether vertical SaaS is the future of enterprise investing, data and no-code platforms, and then this rise of “shift left” security.

The following interview has been edited and condensed from our original Extra Crunch Live conversation.

What’s happening today in the early-stage startup world?

Chandna has been a long-time backer of startups at their earliest stages, with some of his investments being literally birthed in Greylock’s offices. So I was curious how he saw the landscape today given all that prior experience.

TechCrunch: What sort of companies are exciting for you today? Are there particular markets you’re particularly attuned to?

Asheem Chandna: One is digital transformation. Every company is trying to figure out how to become more digital, and this has been accelerated by COVID-19. Second is information technology today and its journey to the cloud. I would say we might be about 10% or 15% of the way there. Some of the trends are clear, but the journey is actually still relatively early, and so there’s just a ton of opportunity ahead.

The third one is leveraging data for better predictability along with analytics. Every CEO is looking to make better decisions. And you know, most leaders make decisions based on gut instinct and a combination of data. If the data can tell a story, if the data can help you better predict, there’s a lot of potential here.

I view these as three macro trends, and then if one was to add to that, I would say cybersecurity has never been more important than it is today. I’ve been around cyber for over two decades, and just the prominence and importance and priority has never been more important than today. So that’s kind of another key area.

I want to dive into your first category, digital transformation. This is a phrase that I feel like I’ve heard for a decade now, with “Data is the new oil” and all these sorts of buzzwords and marketing phrases. Where are we in that process? Are we at the beginning? Are we at the end? What’s next from a startup perspective?

Due to COVID-19 and because of the way people are working today, digital’s become the primary medium. I would still say we’re early, and you can literally look sector by sector to see how much more work there is to do here.

Take enterprise sales itself, which is early in what I consider digitalization. It’s even more important today than it was a year ago. I’m using video to basically communicate, and then the next piece would basically be trialing of software. Can I allow even complex software to be self trials and can I measure the customer journey through that trial? Then there’s the contracting of the software, and we go to the sale process, can all that be done digitally?

So even when you take something as very mundane as enterprise sales, it’s being transformed. Winning teams, winning software entrepreneurs, they understand this well, and they’d be wise to examine every step of this process, and instrument it and digitize it.

Vertical versus horizontal plays in enterprise

Fishtown Analytics raises $29.5M Series B for its data engineering platform

/0 Comments/in /by

Fishtown Analytics, the Philadelphia-based company behind the dbt open-source data engineering tool, today announced that it has raised a $29.5 million Series B round led by Sequoia Captial, with participation from previous investors Andreessen Horowitz and Amplify Partners.

The company is building a platform that allows data analysts to more easily create and disseminate organizational knowledge. Its focus is on data modeling, with its dbt tool allowing anybody who knows SQL to build data transformation workflows. Dbt also features support for automatically testing data quality and documenting changes, but maybe most importantly, it uses standard software engineering techniques to help engineers collaborate on code and integrate changes continuously.

If this all sounds a bit familiar, it’s probably because you saw that Fishtown Analytics also announced a $12.9 million Series A round in April. It’s not often we see both a Series A and B round within half a year, but that goes to show how the market for Fishtown’s service is expanding as companies continue to grapple with how to best make use of their data — and how much investors want to be part of that. 

Image Credits: Fishtown

“This was a very productive thing for us,” Fishtown Analytics co-founder and CEO Tristan Handy told me when I asked him why he raised again so quickly. “It’s standard best practice to do quarterly catch-ups with investors and eventually you’ll be ready to fundraise. And Matt Miller from Sequoia showed up to one of these quarterly catch-ups and he shared the 40-page memo that he had written to the Sequoia partnership — and he came with the term sheet.”

Initially, Handy declined. “We’re very bullheaded people, I think, as many founders are. It took some real reflection and thinking about, ‘is this what we want to be doing right now?’”

In the end, though, the team decided to go ahead with this round — mostly because this round allowed the team to think long-term and provided stability and certainty.

One thing Handy has always been very clear about is that he did not found Fishtown to purely build the largest possible company but to solve its users’ problems, even as the market looked at companies like Databricks and Snowflake — and their financial success — as potential analogs. “My worry was that the financial markets were driving things that weren’t necessarily going to be good for our users,” Handy said.

Fishtown Analytics raises $12.9M Series A for its open-source analytics engineering tool

Ransomware Group Turns to Facebook Ads

/0 Comments/in /by

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up.

On the evening of Monday, Nov. 9, an ad campaign apparently taken out by the Ragnar Locker Team began appearing on Facebook. The ad was designed to turn the screws to the Italian beverage vendor Campari Group, which acknowledged on Nov. 3 that its computer systems had been sidelined by a malware attack.

On Nov. 6, Campari issued a follow-up statement saying “at this stage, we cannot completely exclude that some personal and business data has been taken.”

“This is ridiculous and looks like a big fat lie,” reads the Facebook ad campaign from the Ragnar crime group. “We can confirm that confidential data was stolen and we talking about huge volume of data.”

The ad went on to say Ragnar Locker Team had offloaded two terabytes of information and would give the Italian firm until 6 p.m. EST today (Nov. 10) to negotiate an extortion payment in exchange for a promise not to publish the stolen files.

The Facebook ad blitz was paid for by Hodson Event Entertainment, an account tied to Chris Hodson, a deejay based in Chicago. Contacted by KrebsOnSecurity, Hodson said his Facebook account indeed was hacked, and that the attackers had budgeted $500 for the entire campaign.

“I thought I had two-step verification turned on for all my accounts, but now it looks like the only one I didn’t have it set for was Facebook,” Hodson said.

Hodson said a review of his account shows the unauthorized campaign reached approximately 7,150 Facebook users, and generated 770 clicks, with a cost-per-result of 21 cents. Of course, it didn’t cost the ransomware group anything. Hodson said Facebook billed him $35 for the first part of the campaign, but apparently detected the ads as fraudulent sometime this morning before his account could be billed another $159 for the campaign.

The results of the unauthorized Facebook ad campaign. Image: Chris Hodson.

It’s not clear whether this was an isolated incident, or whether the fraudsters also ran ads using other hacked Facebook accounts. A spokesperson for Facebook said the company is still investigating the incident. A request for comment sent via email to Campari’s media relations team was returned as undeliverable.

But it seems likely we will continue to see more of this and other mainstream advertising efforts by ransomware groups going forward, even if victims really have no expectation that paying an extortion demand will result in criminals actually deleting or not otherwise using stolen data.

Fabian Wosar, chief technology officer at computer security firm Emsisoft, said some ransomware groups have become especially aggressive of late in pressuring their victims to pay up.

“They have also started to call victims,” Wosar said. “They’re outsourcing to Indian call centers, who call victims asking when they are going to pay or have their data leaked.”

Patch Tuesday, November 2020 Edition

/0 Comments/in /by

Adobe and Microsoft each issued a bevy of updates today to plug critical security holes in their software. Microsoft’s release includes fixes for 112 separate flaws, including one zero-day vulnerability that is already being exploited to attack Windows users. Microsoft also is taking flak for changing its security advisories and limiting the amount of information disclosed about each bug.

Some 17 of the 112 issues fixed in today’s patch batch involve “critical” problems in Windows, or those that can be exploited by malware or malcontents to seize complete, remote control over a vulnerable Windows computer without any help from users.

Most of the rest were assigned the rating “important,” which in Redmond parlance refers to a vulnerability whose exploitation could “compromise the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources.”

A chief concern among all these updates this month is CVE-2020-17087, which is an “important” bug in the Windows kernel that is already seeing active exploitation. CVE-2020-17087 is not listed as critical because it’s what’s known as a privilege escalation flaw that would allow an attacker who has already compromised a less powerful user account on a system to gain administrative control. In essence, it would have to be chained with another exploit.

Unfortunately, this is exactly what Google researchers described witnessing recently. On Oct. 20, Google released an update for its Chrome browser which fixed a bug (CVE-2020-15999) that was seen being used in conjunction with CVE-2020-17087 to compromise Windows users.

If you take a look at the advisory Microsoft released today for CVE-2020-17087 (or any others from today’s batch), you might notice they look a bit more sparse. That’s because Microsoft has opted to restructure those advisories around the Common Vulnerability Scoring System (CVSS) format to more closely align the format of the advisories with that of other major software vendors.

But in so doing, Microsoft has also removed some useful information, such as the description explaining in broad terms the scope of the vulnerability, how it can be exploited, and what the result of the exploitation might be. Microsoft explained its reasoning behind this shift in a blog post.

Not everyone is happy with the new format. Bob Huber, chief security officer at Tenable, praised Microsoft for adopting an industry standard, but said the company should consider that folks who review Patch Tuesday releases aren’t security practitioners but rather IT counterparts responsible for actually applying the updates who often aren’t able (and shouldn’t have to) decipher raw CVSS data.

“With this new format, end users are completely blind to how a particular CVE impacts them,” Huber said. “What’s more, this makes it nearly impossible to determine the urgency of a given patch. It’s difficult to understand the benefits to end-users. However, it’s not too difficult to see how this new format benefits bad actors. They’ll reverse engineer the patches and, by Microsoft not being explicit about vulnerability details, the advantage goes to attackers, not defenders. Without the proper context for these CVEs, it becomes increasingly difficult for defenders to prioritize their remediation efforts.”

Dustin Childs with Trend Micro‘s Zero Day Initiative also puzzled over the lack of details included in Microsoft advisories tied to two other flaws fixed today — including one in Microsoft Exchange Server (CVE-2020-16875) and CVE-2020-17051, which is a scary-looking weakness in the Windows Network File System (NFS).

The Exchange problem, Childs said, was reported by the winner of the Pwn2Own Miami bug finding contest.

“With no details provided by Microsoft, we can only assume this is the bypass of CVE-2020-16875 he had previously mentioned,” Childs said. “It is very likely he will publish the details of these bugs soon. Microsoft rates this as important, but I would treat it as critical, especially since people seem to find it hard to patch Exchange at all.”

Likewise, with CVE-2020-17051, there was a noticeable lack of detail for bug that earned a CVSS score of 9.8 (10 is the most dangerous).

“With no description to work from, we need to rely on the CVSS to provide clues about the real risk from the bug,” Childs said. “Considering this is listed as no user interaction with low attack complexity, and considering NFS is a network service, you should treat this as wormable until we learn otherwise.”

Separately, Adobe today released updates to plug at least 14 security holes in Adobe Acrobat and Reader. Details about those fixes are available here. There are no security updates for Adobe’s Flash Player, which Adobe has said will be retired at the end of the year. Microsoft, which has bundled versions of Flash with its Web browsers, says it plans to ship an update in December that will remove Flash from Windows PCs, and last month it made the removal tool available for download.

Windows 10 users should be aware that the operating system will download updates and install them on its own schedule, closing out active programs and rebooting the system. If you wish to ensure Windows has been set to pause updating so you can back up your files and/or system, see this guide.

But please do back up your system before applying any of these updates. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

As always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.

Adobe acquires marketing workflow startup Workfront for $1.5B

/0 Comments/in /by

Adobe just announced that it is acquiring marketing workflow management startup Workfront for $1.5 billion. Bloomberg first reported the sale earlier today.

Workfront was founded back in 2001, making it a bit long in the tooth for a private company that has raised $375 million, according to Crunchbase. (It’s worth noting that $280 million of that was secondary money raised last year.)

The acquisition gives Adobe more online marketing tooling to fit into its Experience Cloud. This one helps companies manage complex projects inside the marketing department (or elsewhere in the company, for that matter).

Suresh Vittal, VP of platform and product for Adobe Experience Cloud, said that the two companies often work together and encounter one another’s sales teams. As the pandemic has played out, it began to make more sense to bring in-house this kind of tooling that works well in a distributed environment, and over the last several months the deal came together.

“The new normal distributed marketing team, distributed experience delivery teams, people having to work remotely — we started to see new use cases emerge around the idea of work management, around the idea of content velocity, around the idea of providing compliance and governance capabilities so no asset escapes the organization, and it goes through this process of passing through creative and the marketing teams and getting out there and really representing your brand in the right way,” Vittal explained.

Workfront CEO Alex Shootman sees the deal as a way to accelerate the roadmap while working with a much larger company. “We are barely scratching the surface of marketing and we could grow tremendously, just by having that great kind of integrated relationship,” he said.

Holger Mueller, an analyst at Constellation Research, says the acquisition will help Adobe customers manage the complexities of marketing project management. “Scheduling and managing work had gotten orders of magnitude more complex for enterprises, and Adobe is accounting for that with the acquisition of Workfront, providing better tool support for the new future of work,” Mueller told TechCrunch.

Workfront’s 960 employees will become part of Adobe and become part of the Adobe Experience Cloud. Shootman will continue to run it and report to Anil Chakravarthy, executive vice president and general manager of the digital experience business at Adobe.

Workfront’s customers include Home Depot, T-Mobile and Deloitte, and the two companies share 1,000 common customers among Workfront’s 3,000 total customer base. In fact, it has APIs that connect to Adobe Creative Cloud and Experience Cloud, two parts of the company’s product family that marketers frequently access.

As Adobe battles Salesforce, SAP and Oracle in the marketing automation space, it’s been using its checkbook to acquire additional fire power in recent years. This acquisition comes after Adobe spent $1.6 billion for Magento and $4.75 billion for Marketo in 2018. That’s almost $8 billion for three companies in less than two years, even as it builds out parts of its Adobe Experience Cloud in-house. Combined, it shows just how serious the company is about making headway in this valuable area.

Adobe to acquire Magento for $1.68B

Customer experience has always been an essential element of online and in-person transactions, making sure the customer feels good about the interactions it has with a brand. It not only keeps them coming back, but it encourages them to act as ambassadors on behalf of a company, something that has incredible value.

Conversely, a bad experience can lead to the opposite impact, causing a prospective or even loyal customer to abandon a brand and speak badly about it to friends online and in person. Adobe hopes that by bringing another marketing tool into the fold, it can help its customers increase the likelihood of a positive online customer experience. This one should allow marketing personnel working at a company to move marketing projects through a workflow from idea to delivery.

The deal is expected to close in the first quarter of Adobe’s fiscal year. Per usual, it will be subject to typical regulatory scrutiny.

Adobe gets its company, snaring Marketo for $4.75 billion

Qualcomm Ventures invests in four 5G startups

/0 Comments/in /by

Qualcomm Ventures, Qualcomm’s investment arm, today announced four new strategic investments in 5G-related startups. These companies are private mobile network specialist Celona, mobile network automation platform Cellwize, the edge computing platform Azion and Pensando, another edge computing platform that combines its software stack with custom hardware.

The overall goal here is obviously to help jumpstart 5G use cases in the enterprise and — by extension — for consumers by investing in a wide range of companies that can build the necessary infrastructure to enable these.

“We invest globally in the wireless mobile ecosystem, with a goal of expanding our base of customers and partners — and one of the areas we’re particularly excited about is the area of 5G,” Quinn Li, a Senior VP at Qualcomm and the global head of Qualcomm Ventures, told me. “Within 5G, there are three buckets of areas we look to invest in: one is in use cases, second is in network transformation, third is applying 5G technology in enterprises.”

So far, Qualcomm Ventures has invested over $170 million in the 5G ecosystem, including this new batch. The firm did not disclose how much it invested in these four new startups, though.

Overall, this new set of companies touches upon the core areas Qualcomm Ventures is looking at, Li explained. Celona, for example, aims to make it as easy for enterprises to deploy private cellular infrastructure as it is to deploy Wi-Fi today.

“They built this platform with a cloud-based controller that leverages the available spectrum — CBRS — to be able to take the cellular technology, whether it’s LTE or 5G, into enterprises,” Li explained. “And then these enterprise use cases could be in manufacturing settings could be in schools, could be to be in hospitals, or it could be on campus for universities.”

Cellwize, meanwhile, helps automate wireless networks to make them more flexible and manageable, in part by using machine learning to tune the network based on the data it collects. One of the main investment theses for this fund, Li told me, is that wireless technology will become increasingly software-defined and Cellwize fits right into this trend. The potential customer here isn’t necessarily an individual enterprise, though, but wireless and mobile operators.

Edge computing, where Azion and Pensando play, is obviously also a hot category right now and when where 5G has some obvious advantages, so it’s maybe no surprise that Qualcomm Ventures is putting a bit of a focus on these today with its investments in Azion and Pensando.

“As we move forward, [you will] see a lot of the compute moving from the cloud into the edge of the network, which allows for processing happening at the edge of the network, which allows for low latency applications to run much faster and much more efficiently,” Li said.

In total, Qualcomm Ventures has deployed $1.5 billion and made 360 investments since its launch in 2000. Some of the more successful companies the firm has invested in include unicorns like Zoom, Cloudflare, Xiaomi, Cruise Automation and Fitbit.

Explo snags $2.3M seed to help build customer-facing BI dashboards

/0 Comments/in /by

Explo, a member of the Y Combinator Winter 2020 class, which is helping customers build customer-facing business intelligence dashboards, announced a $2.3 million seed round today. Investors included Amplo VC, Soma Capital and Y Combinator along with several individual investors.

The company originally was looking at a way to simplify getting data ready for models or other applications, but as the founders spoke to customers, they saw a big need for a simple way to build dashboards backed by that data and quickly pivoted.

Company CEO and co-founder Gary Lin says the company was able to leverage the core infrastructure, data engineering and production that it had built while at Y Combinator, but the new service they have created is much different from the original idea.

“In terms of the UI and the output, we had to build out the ability for our end users to create dashboards, for them to embed the dashboards and for them to customize the styles on these dashboards, so that it looks and feels as though it was part of their own product,” Lin explained.

Fresh out of Y Combinator, Leena AI scores $2M seed round

While the founders had been working on the original idea since last year, they didn’t actually make the pivot until September. They made the change because they were hearing this was really what customers needed more than the tool they had been building while at Y Combinator. In fact, Chen says that their YC mentors and investors have been highly supportive of the switch.

The company is just getting started with the four original co-founders — Lin, COO Andrew Chen, CTO Rohan Varma and product designer Carly Stanisic — but the plan is to use this money to beef up the engineering team with three to five new hires.

With a diverse founding team, the company wants to continue looking at diversity as it builds the company. “One of the biggest reasons that we think diversity is important is that it allows us to have a bigger perspective and a grander perspective on things. And honestly, it’s in environments where I have personally […] been involved where we’ve actually been able to create the best ideas was by having a larger perspective. And so we definitely are going to be as inclusive as possible and are definitely thinking about that as we hire,” Lin said.

As the company has grown up during the pandemic, the founding core is used to working remotely and the goal moving forward is to be a distributed company. “We will be a remote distributed company so we’re hiring people no matter where they are, which actually makes it a lot easier from a hiring perspective because we’re able to reach a much more diverse and large pool of applicants,” Lin said.

They are in the process of thinking about how they can build a culture as they bring in distributed employees. “I think the way that we’ve started to see it is that working distributed is not a reduced experience, but just a different one and we are thinking about different things like how e organize new people when they on board, and maybe we can meet up as a team and have a retreat where we are located in the same place [when travel allows],” he said.

For now, they will remain remote as they take their first half dozen customers and begin to build the company with the new investment.

FeaturePeek moves beyond Y Combinator with $1.8M seed

JumpCloud raises $75M Series E as cloud directory service thrives during pandemic

/0 Comments/in /by

JumpCloud, the cloud directory service that debuted at TechCrunch Disrupt Battlefield in 2013, announced a $75 million Series E today. The round was led by BlackRock with participation from existing investor General Atlantic.

The company wasn’t willing to discuss the current valuation, but has now raised over $166 million, according to Crunchbase data.

Changes in the way that IT works have been evolving since the company launched. Back then, most companies used Microsoft Active Directory in a Windows-centric environment. Since then, things have gotten more heterogeneous with multiple operating systems, web applications, the cloud and mobile and that has required a different way of thinking about directory structures.

JumpCloud co-founder and CEO Rajat Bhargava says that the pandemic has only accelerated the need for his company’s kind of service as more companies move to the cloud. “Obviously now with COVID, all these changes made it much more difficult for IT to connect their users to all the resources that they needed, and to us that’s one of the most critical tasks that an IT organization has is making their team productive,” he said.

He said their idea was to build an “independent cloud directory platform that would connect people to really whatever it is they need and do that in a secure way while giving IT complete control over that access.”

The product which includes a free tier for 10 users on 10 systems for an unlimited amount of time, has 100,000 users. Of those, Bhargava says that about 3000 are paying.

The company has 300 employees with plans to add 200-250 in the next year with a goal of adding 500 in the next couple of years. As he does that, Bhargava, who is South Asian, sees diversity and inclusion as an important component of the hiring process. In fact, the company tries to make sure it always has diverse candidates in the hiring pool.

“Some of the things that we’ve tried to do is make sure that every role has some diversity candidates involved in the hiring process. That’s something that our recruiting team is working on and making sure that we’re having that conversation with every single hire,” he said. He acknowledges that it’s a work in progress, and a problem across the entire tech industry that he and his company continue to try and address.

Since the pandemic, the company, which is based in Colorado, has made the decision to be remote first and they will be hiring from across the country and across the world as they make these new hires, which could help contribute to a more diverse workforce over time.

With a $75 million investment, and having reached Series E, it’s fair to ask if the company is thinking ahead to an IPO, but Bhargava didn’t want to discuss that. “We just raised this $75 million round. There’s so much work to be done, so we’re just looking forward to that right now,” he said.

Slack snags corporate directory startup Rimeto to up its people search game

With $29M in funding, Isovalent launches its cloud-native networking and security platform

/0 Comments/in /by

Isovalent, a startup that aims to bring networking into the cloud-native era, today announced that it has raised a $29 million Series A round led by Andreesen Horowitz and Google. In addition, the company today officially launched its Cilium platform (which was in stealth until now) to help enterprises connect, observe and secure their applications.

The open-source Cilium project is already seeing growing adoption, with Google choosing it for its new GKE dataplane, for example. Other users include Adobe, Capital One, Datadog and GitLab. Isovalent is following what is now the standard model for commercializing open-source projects by launching an enterprise version.

Image Credits: Cilium

The founding team of CEO Dan Wendlandt and CTO Thomas Graf has deep experience in working on the Linux kernel and building networking products. Graf spent 15 years working on the Linux kernel and created the Cilium open-source project, while Wendlandt worked on Open vSwitch at Nicira (and then VMware).

Image Credits: Isovalent

“We saw that first wave of network intelligence be moved into software, but I think we both shared the view that the first wave was about replicating the traditional network devices in software,” Wendlandt told me. “You had IPs, you still had ports, you created virtual routers, and this and that. We both had that shared vision that the next step was to go beyond what the hardware did in software — and now, in software, you can do so much more. Thomas, with his deep insight in the Linux kernel, really saw this eBPF technology as something that was just obviously going to be groundbreaking technology, in terms of where we could take Linux networking and security.”

As Graf told me, when Docker, Kubernetes and containers, in general, become popular, what he saw was that networking companies at first were simply trying to reapply what they had already done for virtualization. “Let’s just treat containers as many as miniature VMs. That was incredibly wrong,” he said. “So we looked around, and we saw eBPF and said: this is just out there and it is perfect, how can we shape it forward?”

And while Isovalent’s focus is on cloud-native networking, the added benefit of how it uses the eBPF Linux kernel technology is that it also gains deep insights into how data flows between services and hence allows it to add advanced security features as well.

As the team noted, though, users definitely don’t need to understand or program eBPF, which is essentially the next generation of Linux kernel modules, themselves.

Image Credits: Isovalent

“I have spent my entire career in this space, and the North Star has always been to go beyond IPs + ports and build networking visibility and security at a layer that is aligned with how developers, operations and security think about their applications and data,” said Martin Casado, partner at Andreesen Horowitz (and the founder of Nicira). “Until just recently, the technology did not exist. All of that changed with Kubernetes and eBPF.  Dan and Thomas have put together the best team in the industry and given the traction around Cilium, they are well on their way to upending the world of networking yet again.”

As more companies adopt Kubernetes, they are now reaching a stage where they have the basics down but are now facing the next set of problems that come with this transition. Those, almost by default, include figuring out how to isolate workloads and get visibility into their networks — all areas where Isovalent/Cilium can help.

The team tells me its focus, now that the product is out of stealth, is about building out its go-to-market efforts and, of course, continue to build out its platform.

Three Key Challenges for Cloud Security in a World Changed by COVID-19

/0 Comments/in /by

Coronavirus 2019 (COVID-19) has had an effect on organizations’ cloud adoption plans. In its 2020 State of the Cloud Report, for instance, Flexera found that the pandemic had altered the strategies of a subset of survey respondents’ employers. More than half of that group said that their cloud usage would be higher than initially planned because of the growing demands posed by remote work. Other respondents said that their organizations might accelerate their migration plans given difficulties in accessing traditional data centers and delays in their supply chains.

That’s a worry, as most organizations that have migrated to the cloud are already struggling with security concerns. In Cybersecurity Insiders’ 2020 Cloud Security Report, 75 percent of respondents said that they were either “very concerned” or “extremely concerned” about public cloud security. Continuity Central reported that security in the cloud is even more challenging seeing how 68% of respondents said that their employers used two or more different public cloud providers. This means that security teams need to use multiple native tools to try to enforce security across their employers’ cloud infrastructure.

These results beg some important questions. For instance, why are organizations having such a difficult time securing their cloud environments? And what challenges stand in their way?

This blog post highlights three challenges that organizations commonly face when it comes to securing their cloud environments: misconfiguration, limited visibility and unprotected cloud runtime environments. After a brief discussion of each, we provide recommendations on how organizations can address these challenges and enhance their cloud security.

1. Cloud & Container Misconfiguration

A cloud misconfiguration is when an administrator inadvertently deploys settings for a cloud system that don’t align with the organization’s security policies. The risk here is that a misconfiguration could jeopardize the security of the organization’s cloud-based data depending on which asset or system is affected. Dark Reading explains that a malicious actor could leverage compromised credentials or a software vulnerability in their environment to ultimately spread to other areas of a victim’s environment:

… [T]hey leverage privileges within the compromised node to access other nodes remotely, probe for improperly secured apps and databases, or simply abuse weak network controls. They can then exfiltrate your data while remaining under the radar by copying data to an anonymous node on the Web or creating a storage gateway to access data from a remote location.

Misconfiguration can be difficult to spot. Even more significantly, threat actors use automation to probe organizations’ cloud defenses even as the majority of enterprises are stuck with manual methods of managing their cloud configurations.

This threat isn’t theoretical, either. In its 2020 Cloud Misconfigurations Report, DivvyCloud found that 196 publicly reported data breaches caused primarily by cloud misconfigurations had occurred between 2018 and 2019. Those incidents exposed a combined total of more than 33 billion records and collectively cost victim organizations $5 trillion.

2. Limited Network Visibility

Visibility of a network implies that an organization knows what is going on in that network. That includes what hardware and software is connected to the network and what network events are transpiring. In the absence of network visibility, however, an organization is blind to potential digital threats such as attackers using a misconfiguration incident to infiltrate the network, installing malware and/or moving laterally to sensitive data.

Achieving comprehensive visibility in the cloud isn’t always easy, however. As noted by Help Net Security, administrators cannot access their environment’s net flows as easily as they could in a data center via a switch or firewall. That’s because they don’t have direct access to the cloud infrastructure provided by their CSP. Instead, they need to go through their CSP’s list of offerings. Those tools may or may not contain tools that provide valuable (or complete) insight into which devices are connecting to one another.

That’s not the only visibility difference between the cloud and traditional data centers. Help Net Security notes that compute resources are segmented by default. This means that administrators sometimes need more data points than just an IP address to keep track of their cloud-based entities. It also requires that administrators use roles and policies to enable particular connections to happen instead of relying on firewalls to disallow certain connection attempts.

3. Unprotected Cloud Runtime Environments

Besides misconfiguration and poor visibility, there’s the issue of the runtime environment. Left unprotected, cloud runtime environments grant malicious actors plenty of opportunities through which they can prey upon an organization. For instance, they can exploit vulnerabilities within the organization’s own code or within the software packages used by an application that is executed in the runtime environment to infiltrate the network.

The first issue with securing cloud runtime environments is that organizations sometimes either do not know what their responsibilities are in the cloud or have difficulty managing them. Organizations with assets in the public cloud hold shared responsibility for cloud security with the CSP. The former is responsible for security “in” the cloud, while the latter is charged with ensuring security “of” the cloud. Sometimes organizations do not understand what this shared responsibility model entails or else they struggle with executing those responsibilities, meaning they could fail to harden their cloud security and/or not implement measures available from the CSP.

There is also the problem with understanding what types of security tools work for the cloud. The tools, methods, and skills which secure on-prem IT often fall flat in the cloud, where visibility is challenged, the perimeter ethereal, and the speed of innovation far beyond manual methods. On top of this, the rush from on-prem to cloud has spawned a large number of point-specific solutions, often with overlapping functions, which have unnecessarily complicated the job of security cloud instances. In some case, organizations may think they can apply their legacy AV solutions to cover their cloud systems and data, but these solutions fail to address threats that commonly target cloud workloads.

How to Address These Threats

While the future is uncertain, the playbook for securing cloud workloads is relatively straightforward. In order to help address misconfiguration, organizations can follow Gartner’s Market Guide for Cloud Workload Protection Platforms and use secure configuration management to establish a baseline for assets connected to the network, monitor those assets for deviations from that baseline and return their assets to an approved baseline in the event a deviation occurs. Moreover, organizations require automated defense measures in order to protect their systems against automated attacks that could abuse a misconfiguration or other security vulnerability.

Automated Application Control for Cloud Workloads
Protect cloud-native workloads with advanced lockdown capabilities that guarantee the immutable state of containerized workloads.

Learn More

As for network visibility, it is essential to be aware of not only what is on your network but also which assets remain unprotected. This can be achieved through asset discovery tools such as SentinelOne’s Ranger technology, which can provide device discovery and rogue device isolation across the network by leveraging protected endpoints as sensors without adding resource overhead or requiring extra hardware.

Finally, organizations can safeguard the cloud runtime environment by proactively resolving digital threats in real time with runtime protection and EDR for containerized workloads. This can include tools like an Application Control Engine, which lock down a container and protect it against unauthorized installation and abuse of attacker tools, regardless of whether those are legitimage LOLBins or custom-built malware.

Learn how SentinelOne’s platform can help your organization address these and other security challenges in their ongoing efforts to embrace the cloud.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security