Sophos said it is fixing a vulnerability in its Cyberoam firewall appliances, which a security researcher says can allow an attacker to gain access to a company’s internal network without needing a password.

The vulnerability allows an attacker to remotely gain “root” permissions on a vulnerable device, giving them the highest level of access, by sending malicious commands across the internet. The attack takes advantage of the web-based operating system that sits on top of the Cyberoam firewall.

Once a vulnerable device is accessed, an attacker can jump onto a company’s network, according to the researcher who shared their findings exclusively with TechCrunch.

Cyberoam devices are typically used in large enterprises, sitting on the edge of a network and acting as a gateway to allow employees in while keeping hackers out. These devices filter out bad traffic, and prevent denial-of-service attacks and other network-based attacks. They also include virtual private networking (VPN), allowing remote employees to log on to their company’s network when they are not in the office.

It’s a similar vulnerability to recently disclosed flaws in corporate VPN providers, notably Palo Alto Networks, Pulse Secure and Fortinet, which allowed attackers to gain access to a corporate network without needing a user’s password. Many large tech companies, including Twitter and Uber, were affected by the vulnerable technology, prompting Homeland Security to issue an advisory to warn of the risks.

Sophos, which bought Cyberoam in 2014, issued a short advisory this week, noting that the company rolled out fixes on September 30.

The researcher, who asked to remain anonymous, said an attacker would only need an IP address of a vulnerable device. Getting vulnerable devices was easy, they said, by using search engines like Shodan, which lists around 96,000 devices accessible to the internet. Other search engines put the figure far higher.

A Sophos spokesperson disputed the number of devices affected, but would not provide a clearer figure.

“Sophos issued an automatic hotfix to all supported versions in September, and we know that 99% of devices have already been automatically patched,” said the spokesperson. “There are a small amount of devices that have not as of yet been patched because the customer has turned off auto-update and/or are not internet-facing devices.”

Customers still affected can update their devices manually, the spokesperson said. Sophos said the fix will be included in the next update of its CyberoamOS operating system, but the spokesperson did not say when that software would be released.

The researcher said they expect to release the proof-of-concept code in the coming months.

SAP’s CEO Bill McDermott today announced that he wouldn’t seek to renew his contract for the next year and would step down immediately after nine years at the helm of the German enterprise giant.

Shortly after the announcement, I talked to McDermott, as well as SAP’s new co-CEOs Jennifer Morgan and Christian Klein. During the call, McDermott stressed that his decision to step down was very much a personal one, and that while he’s not ready to retire just yet, he simply believes that now is the right time for him to pass on the reins of the company.

To say that today’s news came as a surprise is a bit of an understatement, but it seems like it’s something McDermott has been thinking about for a while. But after talking to McDermott, Morgan and Klein, I can’t help but think that the actual decision came rather recently.

I last spoke to McDermott about a month ago, during a fireside chat at our TechCrunch Sessions: Enterprise event. At the time, I didn’t come away with the impression that this was a CEO on his way out (though McDermott reminded me that if he had already made his decision a month ago, he probably wouldn’t have given it away).

“I’m not afraid to make decisions. That’s one of the things I’m known for,” he told me when I asked him about how the process unfolded. “This one, I did a lot of deep soul searching. I really did think about it very heavily — and I know that it’s the right time and that’s why I’m so happy. When you can make decisions from a position of strength, you’re always happy.”

He also noted that he has been with SAP for 17 years, with almost 10 years as CEO, and that he recently spent some time talking to fellow high-level CEOs.

“The consensus was 10 years is about the right amount of time for a CEO because you’ve accomplished a lot of things if you did the job well, but you certainly didn’t stay too long. And if you did really well, you had a fantastic success plan,” he said.

In “the recent past,” McDermott met with SAP chairman and co-founder Hasso Plattner to explain to him that he wouldn’t renew his contract. According to McDermott, both of them agreed that the company is currently at “maximum strength” and that this would be the best time to put the succession plan into action.

“With the continuity of Jennifer and Christian obviously already serving on the board and doing an unbelievable job, we said let’s control our destiny. I’m not going to renew, and these are the two best people for the job without question. Then they’ll get a chance to go to Capital Markets Day [in November]. Set that next phase of our growth story. Kick off the New Year — and do so with a clean slate and a clean run to the finish line.

“Very rarely do CEOs get the joy of handing over a company at maximum strength. And today is a great day for SAP. It’s a great day for me personally and Hasso Plattner, the chairman and [co-]founder of SAP. And also — and most importantly — a great day for Jennifer Morgan and Christian Klein.”

Don’t expect McDermott to just fade into the background, though, now that he is leaving SAP. If you’ve ever met or seen McDermott speak, you know that he’s unlikely to simply retire. “I’m busy. I’m passionate and I’m just getting warmed up,” he said.

As for the new leadership, Morgan and Klein noted that they hadn’t had a lot of time to think about the strategy going forward. Both previously held executive positions in the company and served on SAP’s board together for the last few years. For now, it seems, they are planning to continue on a similar path as McDermott.

“We’re excited about creating a renewed focus on the engineering DNA of SAP, combining the amazing strength and heritage of SAP — and many of the folks who have built the products that so many customers around the world run today — with a new DNA that’s come in from many of the cloud acquisitions that we’ve made,” Morgan said, noting that both she and Klein spent a lot of time over the last few months bringing their teams together in new ways. “So I think for us, that tapestry of talent and that real sense of urgency and support of our customers and innovation is top of mind for us.”

Klein also stressed that he believes SAP’s current strategy is the right one. “We had unbelievable deals again in Q3 where we actually combined our latest innovations — where we combined Qualtrics with SuccessFactors with S/4 [Hana] to drive unbelievable business value for our customers. This is the way to go. The business case is there. I see a huge shift now towards S/4, and the core and business case is there, supporting new business models, driving automation, steering the company in real time. All of these assets are now coming together with our great cloud assets, so for me, the strategy works.”

Having co-CEOs can be a recipe for conflict, but McDermott’s time as CEO also started out as co-CEO, so the company does have some experience there. Morgan and Klein noted that they worked together on the SAP board before and know each other quite well.

What’s next for the new CEOs? “There has to be a huge focus on Q4,” Klein said. “And then, of course, we will continue like we did in the past. I’ve known Jen now for quite a while — there was a lot of trust there in the past and I’m really now excited to really move forward together with her and driving huge business outcomes for our customers. And let’s not forget our employees. Our employee morale is at an all-time high. And we know how important that is to our employees. We definitely want that to continue.”

It’s hard to imagine SAP with McDermott, but we’ve clearly not seen the last of him yet. I wouldn’t be surprised if we saw him pop up as the CEO of another company soon.

Below is my interview with McDermott from TechCrunch Sessions: Enterprise.

Satellite imagery holds a wealth of information that could be useful for industries, science and humanitarian causes, but one big and persistent challenge with it has been a lack of effective ways to tap that disparate data for specific ends.

That’s created a demand for better analytics, and now, one of the startups that has been building solutions to do just that is announcing a round of funding as it gears up for expansion. Descartes Labs, a geospatial imagery analytics startup out of Santa Fe, New Mexico, is today announcing that it has closed a $20 million round of funding, money that CEO and founder Mark Johnson described to me as a bridge round ahead of the startup closing and announcing a larger growth round.

The funding is being led by Union Grove Venture Partners, with Ajax Strategies, Crosslink Capital, and March Capital Partners (which led its previous round) also participating. It brings the total raised by Descartes Labs to $60 million, and while Johnson said the startup would not be disclosing its valuation, PitchBook notes that it is $220 million ($200 million pre-money in this round).

As a point of comparison, another startup in the area of geospatial analytics, Orbital Insight, is reportedly now raising money at a $430 million valuation (that data is from January of this year, and we’ve contacted the company to see if it ever closed).

Santa Fe — a city popular with retirees that counts tourism as its biggest industry — is an unlikely place to find a tech startup. Descartes Labs’ presence there is a result of that fact that it is a spinoff from the Los Alamos National Laboratory near the city.

Johnson — who had lived in San Francisco before coming to Santa Fe to help create Descartes Labs (his previous experience building Zite for media, he said, led the Los Alamos scientists to first conceive of the Descartes Labs IP as the basis of a kind of search engine) — admitted that he never thought the company would stay headquartered there beyond a short initial phase of growth of six months.

However, it turned out that the trends around more distributed workforces (and cloud computing to enable that), engineers looking for employment alternatives to living in pricey San Francisco, plus the heated competition for talent you get in the Valley all came together in a perfect storm that helped Descartes Labs establish and thrive on its home turf.

Descartes Labs — named after the seminal philosopher/mathematician Rene Descartes — describes itself as a “data refinery”. By this, it means it injests a lot of imagery and unstructured data related to the earth that is picked up primarily by satellites but also other sensors (Johnson notes that its sources include data from publicly available satellites; data from NASA and the European space agency, and data from the companies themselves); applies AI-based techniques including computer vision analysis and machine learning to make sense of the sometimes-grainy imagery; and distills and orders it to create insights into what is going on down below, and how that is likely to evolve.

This includes not just what is happening on the surface of the earth, but also in the air above it: Descartes Labs has worked on projects to detect levels of methane gas in oil fields, the spread of wildfires, and how crops might grow in a particular area, and the impact of weather patterns on it all.

It has produced work for a range of clients that have included governments (the methane detection, pictured above, was commissioned as part of New Mexico’s effort to reduce greenhouse gas emissions), energy giants and industrial agribusiness, and traders.

“The idea is to help them take advantage of all the new data going online,” Johnson said, noting that this can help, for example, bankers forecast how much a commodity will trade for, or the effect of a change in soil composition on a crop.

The fact that Descartes Labs’ work has connected it with the energy industry gives an interesting twist to the use of the phrase “data refinery”. But in case you were wondering, Johnson said that the company goes through a process of vetting potential customers to determine if the data Descartes Labs provides to them is for a positive end, or not.

“We have a deep belief that we can help them become more efficient,” he said. “Those looking at earth data are doing so because they care about the planet and are working to try to become more sustainable.”

Johnson also said (in answer to my question about it) that so far, there haven’t been any instances where the startup has been prohibited to work with any customers or countries, but you could imagine how — in this day of data being ‘the new oil’ and the fulcrum of power — that could potentially be an issue. (Related to this: Orbital Insight counts In-Q-Tel, the CIA’s venture arm, as one of its backers.)

Looking ahead, the company is building what it describes as a “digital twin” of the earth, the idea being that in doing so it can better model the imagery that it injests and link up data from different regions more seamlessly (since, after all, a climatic event in one part of the world inevitably impacts another). Notably, “digital twinning” is a common concept that we see applied in other AI-based enterprises to better predict activity: this is the approach that, for example, Forward Networks takes when building models of an enterprise’s network to determine how apps will behave and identify the reasons behind an outage.

In addition to the funding round, Descartes Labs named Phil Fraher its new CFO, and is announcing Veery Maxwell, Director for Energy Innovation and Patrick Cairns, who co-founded UGVP, as new board observers.

Suse, the newly independent open-source company behind the eponymous Linux distribution and an increasingly large set of managed enterprise services, today announced a bit of a new strategy as it looks to stay on top of the changing trends in the enterprise developer space. Over the course of the last few years, Suse put a strong emphasis on the OpenStack platform, an open-source project that essentially allows big enterprises to build something in their own data centers akin to the core services of a public cloud like AWS or Azure. With this new strategy, Suse is transitioning away from OpenStack . It’s ceasing both production of new versions of its OpenStack Cloud and sales of its existing OpenStack product.

“As Suse embarks on the next stage of our growth and evolution as the world’s largest independent open source company, we will grow the business by aligning our strategy to meet the current and future needs of our enterprise customers as they move to increasingly dynamic hybrid and multi-cloud application landscapes and DevOps processes,” the company said in a statement. “We are ideally positioned to execute on this strategy and help our customers embrace the full spectrum of computing environments, from edge to core to cloud.”

What Suse will focus on going forward are its Cloud Application Platform (which is based on the open-source Cloud Foundry platform) and Kubernetes-based container platform.

Chances are, Suse wouldn’t shut down its OpenStack services if it saw growing sales in this segment. But while the hype around OpenStack died down in recent years, it’s still among the world’s most active open-source projects and runs the production environments of some of the world’s largest companies, including some very large telcos. It took a while for the project to position itself in a space where all of the mindshare went to containers — and especially Kubernetes — for the last few years. At the same time, though, containers are also opening up new opportunities for OpenStack, as you still need some way to manage those containers and the rest of your infrastructure.

The OpenStack Foundation, the umbrella organization that helps guide the project, remains upbeat.

“The market for OpenStack distributions is settling on a core group of highly supported, well-adopted players, just as has happened with Linux and other large-scale, open-source projects,” said OpenStack Foundation COO Mark Collier in a statement. “All companies adjust strategic priorities from time to time, and for those distro providers that continue to focus on providing open-source infrastructure products for containers, VMs and bare metal in private cloud, OpenStack is the market’s leading choice.”

He also notes that analyst firm 451 Research believes there is a combined Kubernetes and OpenStack market of about $11 billion, with $7.7 billion of that focused on OpenStack. “As the overall open-source cloud market continues its march toward eight figures in revenue and beyond — most of it concentrated in OpenStack products and services — it’s clear that the natural consolidation of distros is having no impact on adoption,” Collier argues.

For Suse, though, this marks the end of its OpenStack products. As of now, though, the company remains a top-level Platinum sponsor of the OpenStack Foundation and Suse’s Alan Clark remains on the Foundation’s board. Suse is involved in some of the other projects under the OpenStack brand, so the company will likely remain a sponsor, but it’s probably a fair guess that it won’t continue to do so at the highest level.

Security breaches and other activities that cause network surges and outages are all on the rise in the enterprise, and today, a startup called Forward Networks, which has built a clever way to help businesses monitor their network traffic to identify when things are going wrong, has raised a round of $35 million to continue expanding its business to meet that demand.

The money, a Series C, is being led by Goldman Sachs, which in this case is both a strategic and financial investor. David Erickson, the startup’s co-founder and CEO, said the investment bank started out as a customer, and Joshua Matheus, MD for technology at Goldman Sachs, was so pleased with the results that he recommended the bank also invest in the company. Others participating in this round include Andreessen Horowitz, Threshold Ventures (previously DFJ Venture) and A. Capital, the three investors that were behind Forward Networks’ previous round of $16 million in 2017.

Erickson, along with other co-founders Nikhil Handigol, Brandon Heller and Peyman Kazemian, were all Stanford PhDs, and the company’s technology is based around work they did there around mathematical modeling. Here, that concept is applied to a company’s network to create essentially a replica of a company’s network architecture, which is in turn used to simulate individual processes and apps running on the network to figure out how they interact and what would represent “normal” versus “abnormal” behavior, which in turn is applied in real time to monitor the network and predict what might happen on it. This is not a fixing platform per se, but in developer operations, there is a fundamental need and gap in the market for products that help engineers identify what is not working in order to know what to try to fix.

If you are familiar with Honeycomb.io — a DevOps platform for running apps to determine when and where bugs or conflicts might arise (which itself recently raised funding) — this seems to be taking a similar approach, but on a network scale.

Considered together, it seems that we’re starting to see a new wave of services and platforms designed to provide more granular and intelligent pictures of how apps and networks behave in our modern technology landscapes.

Erickson tells me that today, the vast majority of Forward Networks’ customers are using the product to monitor on-premises rather than cloud architectures.

“We launched a public cloud product for AWS towards the end of last year, which today is in use by customers, but the dominant use case for us is on-prem,” Erickson said, who said that while the media (ahem) loves to talk about cloud, in many cases large enterprises have actually been slower to migrate processes in cases where legacy services still work well, and they still harbour distrust of public cloud security and reliability. “We see growth towards the cloud but it’s baby steps.”

The company has been growing steadily; today its network monitoring covers some 75,000 devices. In that context, Goldman Sachs is a significant client, with some 15,000 devices in its network alone.

Looking ahead, Erickson said that the funding would be used in part for R&D and in part to continue its business development. There are a number of other solutions and services out there that have identified the opportunity of providing better network management as a route to identifying security threats and other risks, so that also presents an opportunity for M&A for Forward, although Erickson declined to comment further on that.

“We continue to see the value that Forward Networks’ platform brings to large enterprises running complex networks,” said Bill Krause, board partner at Andreessen Horowitz. “They have solved a critical business problem, which presents a real growth opportunity.”