Posts in Security
SHIFTing the Narrative: Cyber Resilience Takes Centre Stage at Commvault SHIFT London

Stepping into the BAFTA HQ for the Commvault SHIFT event felt like entering a nexus where the legacy of storytelling meets the cutting edge of technology. With walls echoing cinematic greatness and rooms sponsored by the Dolby family and Steven Spielberg, the stage was perfectly set for a narrative of transformation and forward-thinking strategy in cyber resilience.

As we've observed Commvault's transition from a data protection platform to a holistic cyber resilience solution, this event painted a vivid picture of that strategic evolution.

The Hybrid IT Landscape and the Commvault Cloud

Today's IT landscape is nothing short of hybrid – offering staggering business advantages but at the same time, bringing forth data fragmentation and complex management challenges. The day was filled with conversations around the ensuing chaos and the pivotal role of a cyber resilience platform like Commvault Cloud.

NIST Framework in Focus

A significant part of the presentation revolved around the NIST framework, which is fundamentally a blueprint for improving cybersecurity and resilience. The framework lays out five key functions – Identify, Protect, Detect, Respond, and Recover – that help organisations develop a robust cybersecurity posture. The message was clear: whilst Indentify, Detect and Protect often takes the limelight, respond and recovery is just as crucial. The focus on thorough testing and robust recovery plans is not just recommended; it's essential.

Innovative Recovery with Cleanroom Technology

A standout feature that piqued interest was Commvault's cleanroom recovery functionality. In the event of a breach, the ability to swiftly and safely recover is paramount, and Commvault's solution facilitates this by enabling businesses to recover quickly into Azure. This isn't just about speed; it's about providing a controlled environment for both testing and actual recovery scenarios, automating the setup of the landing zone in the process.

Meet Arlie: The AI Virtual Assistant

Another highlight for me was the introduction of Arlie, Commvault’s AI virtual assistant. Arlie takes user interaction to a new level, providing insights and support embedded right into the AI. It's not just about delegating tasks; it's about empowering admins with the knowledge to carry out these tasks themselves – a truly educational approach that resonates with our belief in not just delivering solutions but also delivering knowledge.

Conversations with the Commvault Team

The day culminated with an influencer and analyst session, offering us a golden opportunity to engage with Commvault's key team members. It was more than just a chance to see the technology – it was a window into the minds shaping the technology, understanding the 'whys' and 'hows', and witnessing the solutions in action.

Wrapping Up an Enlightening Day

As the event wrapped up, it was clear that Commvault is not just participating in the cyber resilience conversation; they're actively sculpting it. With the community buzzing, the Cleanroom Technology on the horizon, and the prospect of getting hands-on with Arlie, it’s safe to say we're not just excited – we're looking at the future of cyber resilience with eyes wide open.




Exploring Commvault’s Cyber Resilience Revolution: Quick Take Video

We're diving into Commvault’s latest shift with my new video on Commvault's announcements from their Shift event. It's about their new platform, Commvault Cloud, powered by Metallic AI, and it's set to redefine what we expect from cybersecurity and data protection.

For a deeper look at my complete analysis and the implications of Commvault’s innovative direction, check out my full blog post at Tech Doodles. We discuss the looming $30 billion ransomware threat, Commvault's smart use of AI with Arlie, and how this platform is not just about recovery, but a proactive stance against cyber threats.

Get the full story - Commvault's Vision for Cyber Resilience: Introducing Commvault Cloud — Tech Doodles

Commvault's Vision for Cyber Resilience: Introducing Commvault Cloud

In an era where digital threats are accelerating, Commvault's recent Shift event laid down the modern-day standard: the introduction of Commvault Cloud, powered by Metallic AI, signals a profound transformation from a data backup company to a cyber resilience authority.

Commvault Cloud emerges as a beacon of adaptability and scalability in cyber resilience. At the heart of this platform is a design that decouples the control and data planes, ensuring data security across many environments and storage platforms. The platform’s architecture embraces a distributed, hybrid world with fragmented workloads, apps, and data.

The crux of the Shift event was not just the unveiling of a platform but the introduction of Metallic AI, a suite of advanced AI capabilities. This sophisticated set of tools is geared towards providing the highest level of cyber resilience, combining the latest in machine learning with risk scanning and threat detection. The capabilities of Metallic AI extend to early identification of security threats and minimisation of their impact, leading to faster recovery times, intelligent quarantining, and the fastest path to a clean recovery.

You cannot overlook the statistics presented during the event: ransomware is anticipated to cost companies an astounding $30 billion by the end of 2023. Moreover, a staggering 99% of ransomware attacks target security and recovery tools. This backdrop makes Commvault’s advancements not only timely but essential.

Commvault Cloud addresses these concerns head-on with features like Cleanroom Recovery and Cloudburst Recovery. Cleanroom Recovery combines Commvault Cloud’s robust platform architecture with application verification automation and the cloud capabilities of Microsoft Azure to deliver a clean, ransomware-free environment. Meanwhile, Cloudburst Recovery offers rapid restoration using massively parallel recovery techniques, leveraging the cloud's scale and cost efficiencies.

The event also showcased the power of unified management through Commvault Cloud. This global management capability allows for active control and visibility, which is essential for managing SaaS, edge, and on-prem environments. It streamlines compliance and simplifies the complex task of securing live and backed-up sensitive data. With the current climate of sophisticated cyber threats, such as AI-driven ransomware, the platform’s AI-driven threat prediction and anomaly detection position Commvault as a proactive defender.

But the technological prowess of Commvault Cloud goes beyond automated defences. Enter Arlie – the AI-driven resilience co-pilot. Arlie interprets technical complexities into comprehensible advice. Arlie provides context-aware walk-throughs, not only informing but also educating users, ensuring that every level of the organisation can contribute to cyber defence. Arlie aims to turn every Commvault user into a power user.

The Shift event didn't just articulate a product; it was an industry-wide call to recognise the evolution of cyber threats and the need for a resilient response. The message was clear: organisations need to be ready all the time, while bad actors only need to be ready once. This poignant observation underscores the critical need for a platform like Commvault Cloud, which offers quick recovery times and enhanced security, all within an intelligent and simplified management framework.

Commvault's Shift event was not just about a product launch but about setting a new standard for cyber resilience. Integrating Commvault Cloud with Metallic AI underlines a steadfast commitment to evolving cybersecurity measures. It’s a forward-thinking approach that recognises the dynamic nature of threats and the importance of agile recovery and robust defence mechanisms.

I look forward to being able to look further at the Commvault Cloud and particularly the capabilities of Arlie in the future. Check out more information about Commvault Cloud at the link below.

Commvault Connections 2022 - Roadmap Session - CVConnections22

The roadmap session was the third session I created a doodle for at Commvault Connections 2022. Be sure to check out the other blog posts and doodles at the links below.

  1. Commvault Connections Keynote

  2. Customer Panel

  3. Roadmap

The roadmap session built upon the fundamental principles of the Commvault strategy with further insight into the direction and products that are coming. It is clear that Commvault takes a high level of pride in its ability to connect with its users, their community and listen to what is needed. One of the statistics that was shared was the fact that four hundred product enhancements in the last year have come from direct customer feedback.

Key to the Commvault strategy are the following three principles

  1. End-to-end data visibility

  2. Broadest Workload Protection

  3. Faster Business Response

You can see further detail regarding the announcements and planned focus areas in the doodle below.

Commvault Connections 2022 - Keynote Presentation - #CVConnections22

Commvault Connections was a great opportunity not only to hear an update from Commvault on their strategy but also to get insight into wider technology trends and real-life insights from customers. Across the conference, I created doodles for three of the sessions. You can find the links to the other sessions below.

  1. Commvault Connections Keynote

  2. Customer Panel

  3. Roadmap

Keynote Thoughts

The keynote was led by Commvault’s fantastic CEO, Sanjay Mirchandani. Sanjay is a great keynote speaker, always giving great clarity and getting through the fluff to the points that matter.

There was a theme across the conference about innovating with confidence. The keynote set about explaining what this means and the backstory behind how we got to where we are today.

Ultimately IT professionals are now responsible for delivering the dreams of the organisation and its leaders. But delivering the dreams isn’t enough on its own it needs to be done in a managed and secure way.

To deliver these dreams, IT and business professionals have turned to SaaS applications and multiple cloud resources to achieve what is needed. Whilst these disparate resources have allowed for an increase in innovation and a reduction in time to value, it has led to massive complexity around security and data protection.

Mirchandani explained that your data has a higher value to not only you but also attackers, which has led to an increased need to protect and secure.

He explained that IT professionals need the right tools to gain control of these disparate workloads, offering the confidence to the business that they can innovate with confidence whilst IT ensures that everything is professionally managed, protected, and secure. These tools are exactly what Commvault sets to deliver.

Several technologies were discussed to help with this overall goal. This included Metallic Threatwise, an early warning system that proactively baits, deceives, and surfaces bad actors. Threatwise makes it harder for hackers to find your organisation’s valuable data, reducing their dwell time to help ensure you aren’t compromised. This was a completely different approach from those I have heard of before, especially for it to be included as part of a data management platform. I look forward to digging more into this in the future.

Also discussed was Commvault’s breadth of portfolio, offering protection across not only a wide range of solutions but also across on-premises and cloud technology with a unified management solution in their Command Center product.

It was clear that Commvault’s approach focuses on simplicity and flexibility across its portfolio.

You can see my doodle from the keynote below, covering the key elements that stood out to me.



Juniper Connected Security - Building a threat-aware network

Trying to ensure your network is secure often seems like an impossible battle. Many security and network operation teams often face a losing battle of an ever-growing list of software, aiming to ease administration and secure the network. The truth is, more often than not, this software ends up creating further information silos and adding to the barrage of information for the already bewildered specialists to try to understand.

I was recently given the opportunity to attend an exec briefing with some of the security team at Juniper Networks to understand how their approach differs.  

As always I have summerised my findings in the Tech Doodle below.  

Before I delve a little deeper into Juniper Security Director Cloud, let me share with you my top 3 thoughts: 

  1.  Juniper Security Director Cloud is a subscription-based service avoiding additional hardware requirements 

  2. Juniper Security Director Cloud works well with Juniper and third-party solutions 

  3. Juniper Security Director Cloud has intelligent policy management and can make reactive changes based upon threat analysis  

Juniper Security Director Cloud is an as-a-Service subscription-based solution meaning there is no need for additional hardware or complex initial configuration. As mentioned above I was particularly impressed with how it offers customers support for a number of third-party technologies as well as the wealth of solutions within Juniper’s portfolio.

Core to Juniper Security Director Cloud is the belief that the network itself should become threat-aware.  

Utilising in-built intelligence, Juniper Security Director Cloud is able to protect every connection from client to workload from on-premises to the cloud.  

Juniper Security Director Cloud utilises a unified policy set irrespective of the device, but importantly the automation capabilities allow for deduplication, rule precedence and error avoidance within the policies. Critically, Juniper Security Director cloud is not only able to help you monitor your estate, but also make reactive changes based upon threat analysis.

Many organisations are looking for solutions that are able to simplify and centralise security operations. Not only should they help reduce the burden of multiple siloed solutions, but should also look to use intelligence and automation to help proactively protect the network. This is exactly what Juniper Security Director Cloud sets out to achieve. For organisations that are looking to implement SASE (Secure Access Secure Edge) principles, the fact that Juniper Security Director Cloud supports third- party solutions will allow for Juniper Secure Edge solutions to be implemented alongside existing solutions whilst transitioning.

Juniper is also ever innovating in this space and recently announced the addition of CASB (Cloud Access Security Broker) and DLP (Data Loss Prevention) into their Secure Edge offering.

It was good to learn more about Juniper’s approach to security and SASE. For me I am really looking forward to seeing this technology in action. A single unified approach to policy and intelligent threat analysis coupled with reactive changes is a very powerful mix. I hope to be able to share some demonstrations of this technology with the Tech Doodles readers soon.

You can learn more about Juniper Connected Security at Black Hat 2022 on booth #2240.

Disclaimer: Tech Doodles through Tech Crossing Limited has been paid by Juniper to create content following the Juniper Networks Analyst, Influencer and Media Global Summit 2021. Whilst Tech Crossing Limited and the authors of this blog post have been paid to create the content, there has been no influence or editorial control by Juniper Networks.

Flowmon Anomaly Detection System - Network Detection and Response

Today, the increase in cyber-security attacks and their related risk is top of mind for many IT professionals. As such, full consideration needs to be made regarding the appropriate protections that should be in place to mitigate this risk best.

Flowmon positions its Anomaly Detection System (ADS) module at the core of these efforts, ensuring that threats can be detected and responded to as early and quickly as possible.

When speaking to Flowmon, they highlighted the Security Visibility Triad, a framework used by Gartner and others to help examine the three key areas that should be in place to ensure you have true security visibility. The Security Visibility Triad talks about the importance of 1. SIEM and UEBA, 2. Network Detection and Response, and 3. Endpoint Detection and Response. Flowmon focuses its efforts on the Network Detection and Response area of this triad.

Security Visitibility Triad

Flowmon ADS is a module for the Flowmon product set that is most commonly utilised for network visibility and troubleshooting. Because of this, the ADS module fully leverages the network architecture of Flowmon to collect its data from the network. Furthermore, it utilises network flows, enhanced with layer 7 application data provided by its probes for a unique view of what is going on within the network. You can read more about Flowmon in my previous blog.

Flowmon NDR

Flowmon ADS does not rely on legacy signature-based approaches to detect the anomalies within the captured flows. Instead, it uses machine learning for wide-ranging detection, including zero-day threats.

Typical anomalies detected and alerted upon by Flowmon include:-

  • Attacks

    • Port scanning, Dictionary attacks, DoS/DDoS, Telnet

  • Traffic Anomalies

    • DNS, DHCP, ICMP, Multicast

  • Internal Security

    • Viruses, Malware, Ransomware, Botnets

  • Unwanted Applications

    • P2P Networks, Instant Messaging, Anonymisation Servies

  • Device Behaviour

    • Change of device behaviour profile

  • Operational Problems

    • Delays, Excessive load, Unresponsive services, Broken updates

Whilst how Flowmon detects the anomalies and the breadth of what it is able to detect is truly impressive, the biggest stand-out area for me was how the product allows this information to be used.

With many security products, such as NDR and SIEM solutions, they can be very good at collecting data, but in reality, they simply overload an already overworked administrator with information they can’t use. This is where Flowmon ADS is different.

Flowmon ADS not only detects the threats from the noise using machine learning but also does true route cause analysis. This allows administrators to quickly understand the type of threat, the source, the affected resources and the recommended actions.

With many sources speaking about the amount of time a threat actor may be within your network prior to detection, it is important that IT teams have the right tools to understand exactly what is happening across their network. For me, this is where Flowmon comes in, giving true visibility to Security Operations (SecOps) teams and others in IT to ensure that any threats are quickly and easily neutralised.

For more information about Flowmon ADS and how it can help with Network Detection and Response please check out their website.

Below you can see my doodle covering the subject

Disclaimer: Tech Doodles through Tech Crossing Limited has been paid by Progress to create content covering the Flowmon product set. Whilst Tech Crossing Limited and the authors of this blog post have been paid to create the content, there has been no influence or editorial control by Progress.


vRetreat (Online) May 2020 - Snapt ADC
IMG_0718.jpeg

Today I joined the vRetreat with Snapt a Application, Delivery Control company that has a new take on ADC. Their solution is based on a cloud managed distributed model with nodes able to be deployed across multiple locations and on multiple platforms. Each node is stateless with configuration, management and monitoring about to be controlled from a single cloud managed control plane delivered as a service. The ADC’s offer a wealth of services including global load balancing, WAF, analytics and much more.

What really stood out for me was the ease of management and the fact it could be deployed across on premises virtual or constrained environments as well as cloud and cloud native solutions.

Check them out > https://www.snapt.net/

VMworld 2019 San Francisco - Day 1 General Session

VMworld is taking place in San Francisco, California this week, here are my thoughts from Mondays general session by VMware’s CEO Pat Gelsinger and COO Sanjay Poonen.

The initial general session of VMworld 2019 was used to further build upon the delivery of VMware’s vision of Any Cloud, Any Application, Any Device with Intrinsic Security. We saw big announcements and updates in terms of Any Cloud, Any Application, and Intrinsic Security but maybe short of details regarding the traditonal EUC business in the initial general session.

Further commentary to come shortly at DefineTomorrow.co.uk

VMworld Europe 2018 - Tuesday General Session

The first general session at VMworld 2018 covered every aspect of VMware’s execution of their vision, from the application to the device on any cloud and most importantly with intrinsic security.

My doodle live from the general session is below  

You can watch this general session back at the following link => 

https://www.vmworld.com/en/europe/learning/general-sessions.html

 

Ivanti Update with Simon Townsend

This morning I attending an update from Ivanti covering their product portfolio and strategy. Ivanti have a large portfolio of products based upon a number of acquisitions of companies such as Heat Software, AppSense, Lumension, LANDesk and many more. Ivanti other solutions are EUC / IT Operations, Secure Management and Operational Security. For me as ever an important aspect of the Ivanti portfolio is the ability to combat common security issues within organisations including, patching, user rights management, application whitelisting and more. Also following the RES Software accusation automation is an element of their portfolio that I am looking forward to understanding much better.

IMG_1340.JPG
Overview of the Bitdefender architecture at #DTH1
Bitdefender Architecture

We recently held out first Define Tomorrow Huddle at Bristol Aerospace in the shadow of the concorde. Liam Puleo of Bitdefender presented about the Bitdefender architecture and how it can help businesses protect their computers and servers from cyber attack. 

Watch the video and read the blog posts on Define Tomorrow here >> https://www.definetomorrow.co.uk/past-huddles/2018/4/24/rubrik-bitdefender-zerto-20th-may-2018