Organizations can strengthen their network defense with a number of intelligent security innovations.

San Jose, California, June 22, 2022 / Las Vegas, Nevada, June 22, 2022

Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced newly advanced AI/ML innovations powered by the largest security cloud in the world for unparalleled user protection and digital experience monitoring. The new capabilities further enhance Zscaler’s Zero Trust Exchange™ security platform to enable organizations to implement a Security Service Edge (SSE) that protects against the most advanced cyberattacks, while delivering an exceptional digital experience to users, and simplifying adoption of a zero trust architecture.

Organizations are facing a 314 percent increase in cyberattacks on encrypted internet traffic and an 80 percent increase in ransomware with nearly a 120 percent increase in double extortion attacks. Phishing is also on the rise with industries like financial services, government and retail seeing annual increases in attacks of over 100 percent in 2021. To combat advancing threats, organizations need to adapt their defenses to real-time changes in risk. However, lean-running IT and security teams are experiencing security alert fatigue with increasing exposure to real-time threats and often don’t have the resources or skills to effectively investigate and respond to the mounting volume of threats. Zscaler is addressing these challenges by providing one-click root cause analysis to instantly identify the issues behind poor digital experience, freeing up IT and security teams from troubleshooting to focus on preventing attacks. AI-powered security helps IT professionals by automating threat detection to deliver better and faster protection.

Zscaler operates the largest in-line security cloud, which inspects over 240 billion data transactions daily and blocks 150 million daily attacks across the globe to dramatically expedite investigation, response and resolution times, and pinpoint potential malware to stop breaches and data loss. Zscaler is uniquely equipped to train its AI/ML models for superior accuracy in automating threat responses and making policy recommendations to security teams. From faster threat detection to freeing up resources, Zscaler’s Zero Trust platform enables IT and security teams to reduce the constant fire drill of manually chasing alerts and trying to identify new threats.

“Cybercriminals are using AI, automation, and advanced techniques to train machines to hack or socially engineer victims faster than ever before,” said Amit Sinha, President, Zscaler. “To help our customers combat these escalating techniques, we’ve dramatically advanced AI and machine learning in our cloud to take advantage of our massive data pool, giving our customers granular real-time risk visibility and a solution to combat attackers that no other security vendor can provide.”

Utilizing Zscaler’s AI-powered Zero Trust platform, organizations can now strengthen their network defense with the following intelligent security innovations:

*   **AI-powered phishing prevention:** Detect and stop credential theft and browser exploitation from phishing pages with real-time analytics on threat intelligence from 300 trillion daily signals, expert ThreatLabz research, and dynamic browser isolation.
*   **AI-powered segmentation:** Simplify user-to-app segmentation to minimize the attack surface and stop lateral movement with AI-based policy recommendations trained by millions of cross-customer signals across private app telemetry, user context, behavior, and location.
*   **Autonomous risk-based policy engine:** Dynamically adapt security and access policies in real-time across the Zscaler™ Zero Trust Exchange to maintain network integrity against rapidly-evolving cyber threats. The new capabilities also allow security teams to customize policies based on risk scoring for users, devices, apps, and content.
*   **AI-powered root cause analysis:** Accelerate mean time to resolution putting impacted end users back to work in a matter of seconds by identifying root causes of poor user experiences 180 times faster, freeing IT from time-consuming troubleshooting and analysis.

“Delivering seamless digital experiences, from employee devices to the applications they need, goes hand in hand with securing our sensitive business applications and data, no matter where it resides,” said Darren Beattie, Modern Workplace and Security Operations Manager at Auckland New Zealand-headquartered Tower Limited. “Zscaler’s integrated cloud platform helped us effortlessly adopt a zero trust architecture, reduce risk, accelerate our digital transformation, and achieve business goals.”

“With Zscaler’s AI-powered Zero Trust platform based on a SSE framework, we are able to augment and expand the reach of our IT and security team to stop the growing frequency of advanced cyberattacks,” said Stephen Bailey, Vice President of Information Technology at Cache Creek Casino Resort. “The threat landscape is constantly evolving, and these new AI capabilities will effectively enable us to see real-time changes in risk, automate our response process, and stay ahead of the attackers.”

For more details about Zscaler’s AI-powered Security Service Edge (SSE) platform, please see here.

About Zscaler

Zscaler (NASDAQ: ZS) accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SSE-based Zero Trust Exchange is the world’s largest in-line cloud security platform.

Zscaler Adds New AI/ML Capabilities for the Zscaler Zero Trust Exchange

Using WebAuthn, physical keys, and biometrics, organizations can adopt more advanced passwordless MFA and true passwordless systems. (Part 2 of 2)

_The first article of this two-part series examined ways to improve multifactor authentication (MFA) and boost adoption. This story takes a look at how organizations can adopt more advanced passwordless MFA and true passwordless systems._

Getting to passwordless won't be easy, but the concept is finally gaining momentum. Although several vendors have offered passwordless MFA and true passwordless technology for a few years — mostly relegated to enterprise use — a more comprehensive framework is now taking shape. Apple, Google, and Microsoft have jointly agreed to adopt passwordless in earnest.

For example, Apple will be introducing Passkeys, which completely replace passwords used to log into websites, in a few months. The framework, based on the FIDO Alliance standard, uses biometrics such as Face ID to generate a unique, encrypted digital key that resides only on the device and within an encrypted keychain used for other Apple devices, including the iPhone, iPad, Mac, and Apple TV. This makes it impervious to phishing and other forms of data extraction.

In 2020, Microsoft turned to biometrics for authentication in Windows 10 and Windows 365 — and the company is also expanding passwordless to websites. In addition, all three companies are adding the ability to transfer this identity data across authenticated devices and systems. In the past, changing phones or other devices typically meant reinstalling credentials — a time-consuming and irritating task.

In addition to building biometrics and other security mechanisms into their operating systems, the Big Three are introducing software development kits (SDKs) that companies can use to build passwordless websites. As a result, it will soon be possible for consumers to begin ditching passwords for compliant sites and services. Like Apple's Passkey, a mobile phone or other registered device authenticates the person and then sends the request to the server without sending the biometric data.

"Where the big vendors lead, everyone else follows," says Don Tait, a senior analyst for Omdia.

At the heart of this transformation is the FIDO Alliance. "It is a classic example of the impact of consumerization on technology," adds Rik Turner, a senior analyst at Omdia. "As people begin to use tools in their private lives, they begin to seep into the workplace."

**A Matter of Identity**

Security experts say that the first step in building a better authentication framework is to stop using outdated methods like secret words and one-time codes to verify users. Even push apps are vulnerable to exploits. For example, crooks who gain access to a company's network or an MFA system can generate fake authentication requests that someone might authorize in a moment of distraction or inattentiveness.

Even highly secure YubiKeys and other U2F tokens aren't exempt from vulnerabilities and workarounds. For example, if a user forgets the key or can't use it for some reason, the typical workaround is to revert to a text code or less secure form of MFA as the backup. At that point, even an ultra-secure digital token can't provide protection.

A deeper and broader use of biometrics and user verification methods, including presence-based authentication and behavioral or activity-based models, is key. This includes the use of the FIDO protocol WebAuthn, which delivers an API that supports strong, public-key cryptography registration and authentication. It can be combined with a continuous authentication method that reverifies the identity of the session through a persistent token.

Several companies, including Beyond Identity, Veriff, 1Kosmos, and Jumio, have adopted this type of approach. They rely on FIDO standards that tie into biometrics, along with a highly secure identity proofing method. Typically, they ask users to provide a document such as a driver's license or a passport, which is securely stored in an app on the device. A selfie or face scan ensures that everything matches and authenticates the user.

For example, Veriff, which works in 190 countries, in 35 languages, and with 8,000 IDs, runs an online blockchain-based identity verification within a few seconds. It uses an AI-supported decision engine that incorporates real-time feedback through a document check, biometric scan, face comparison, background video, and device and network analytics. Financial institutions, healthcare providers, and others that use the technology can also reduce fake accounts and fraud.

"This creates a barrier that is much more difficult for an intelligent and determined bad actor to bypass," says Kalev Rundu, senior product manager at Veriff. "People today are much more willing to use biometrics for authentication, but they are only ready to do it if they receive real value in return and they can maintain control over how and where their data is used."

**Forward Thinking**

The move to passwordless MFA and true passwordless remains a slow march. For now, advanced authentication is more viable within the enterprise, where it's a closed and controlled environment. Michael Engle, co-founder and CSO at passwordless MFA solutions vendor 1kosmos, estimates that 80% of passwords can be eliminated almost immediately with the right strategy and tools.

For now, Omdia analysts Tait and Turner recommend migrating to passwordless MFA without delay. Not only does the framework deliver a better and safer customer experience, but it can also drive revenue growth, they argue. In addition, it's wise to phase in true passwordless systems and build on them through the FIDO Alliance, as well through Apple Passkeys and the equivalent passwordless systems at Google and Microsoft.

Along the way, it's also essential to educate customers and employees about passwordless authentication and ensure that people understand that their biometric data is being used as their gateway to apps and the Internet. The combination of better UX, incentives, and more streamlined processes can, over the long term, boost security, improve trust, and trim security costs.

Says Jasson Casey, CTO for Beyond Identity: "In the end, the objective isn't to eliminate passwords, though that's a noble cause. It's to create better security and a safer computing environment for everyone."

Evolving Beyond the Password: Vanquishing the Password

The cybersecurity community is buzzing with concerns of multichannel phishing attacks, particularly on smishing and business text compromise, as hackers turn to mobile to launch attacks.

As security conferences return to in-person venues, the cybersecurity community is buzzing with concerns over multichannel phishing attacks, with mobile phishing the biggest concern as hackers turn to mobile to launch smishing and business text compromise attacks.

By moving completely to the cloud, apps and browsers are all we need to communicate with work, family, and friends. While most of us are aware of the cybersecurity guardrails, we are not infallible. We can be lured into providing personal information and credentials or installing malicious apps that can undermine even the most sophisticated cybersecurity defenses. Our reliance on mobile devices with little or no protection from malicious attacks leaves personal and company data at risk.

Multichannel phishing attacks are on the rise, and more breaches are successful because hackers are delivering very targeted attacks on massive scales — powered by automation technology, taking advantage of human psychology, and exploiting our use of apps, browsers, and multiple communications channels.

Humans are the most strategic cybersecurity entry points into an organization because criminals can use psychology to fool us into overriding or undermining even the most sophisticated cybersecurity protection setups. And today's sophisticated attacks are essentially invisible to the human eye. Gone are the poorly spelled phishing emails of yesterday. Today's human hacking can fool even the most security-aware professional to follow a malicious URL or log in to an illegitimate site and expose data and a network. For the attacker, it's much more straightforward and a lower cost to attack a human than a network or a well-defended machine.

'Furthermore, our world — and the way we use technology — has been dramatically altered. This has further increased the danger of human hacking attacks. Post-pandemic, a large percentage of the workforce will continue to have some hybrid remote/office working arrangements — meaning that we're mixing our personal and professional worlds online more than ever. That opens us to more threats, especially when human hacking attacks are coming from legitimate infrastructure. We've turned to interacting through apps and working on browsers. Using collaboration channels like Zoom and Slack and doing nearly everything through our smartphones has opened more attack vectors.

Gone are the days when phishing emails were easily spotted due to low-quality logos, poor grammar, or just the totally unbelievable nature of the email. Now, attackers are well-equipped and very strategic about their attacks, and the believable SMS text or social media invite from a cybercriminal is far more dangerous.

Then, the sheer number of these channel users multiplies the risk equation for enterprises. Add to this the fact that attacks have evolved to the point where a single attack will use multiple channels to convince the users that they are legitimate. There is also the major issue of underestimating the risk of the human factor — today's attacks are simply impossible to detect with human-only views, assessments, and forensics.

**What to Watch For**

Now, especially as the browser is becoming the operating system of the enterprise, the number of channels for attack has increased. Browser extensions and plug-ins are available through very respected big brands, including Android and Apple, but they are not always safe. Also, browser search results can become embedded with attacks, attracting the attention of the user with something that they care about and are more likely to click on. And of course, common Microsoft 365 apps and enterprise productivity apps such as LinkedIn, Dropbox, and WhatsApp are open to phishing abuse.

Since human hacking is a unique problem, we need to focus on people in order to resolve it. Training people to recognize threats is important, but the attacks are too hard to spot by users for training employees to be cautious to be enough security. Asking people to forward suspicious requests to IT is a help but not a cure. There are simply too many convincing attacks coming in on all channels for IT to keep up with those that are forwarded.

There are better ways. One, recognize that cybercriminals are pointing attacks at the people inside organizations and then defend them — on every single digital channel. Two, take advantage of AI and machine learning to identify threats and then use that protection on endpoints in an organization's network — from employee smartphones to Zoom accounts.

In a world where we're trying to stay one step ahead of the hackers, it's time to adequately recognize the magnitude of the multichannel challenge on the horizon — and a new approach that bolsters the people who are under attack.  
**  
About the Author**

    

Patrick Harr is CEO of SlashNext, the authority in multichannel phishing and human hacking protection across email, Web, and mobile.

The Risk of Multichannel Phishing Is on the Horizon

We as industry leaders should be building on what individual platforms like GitHub are doing in two critical ways: demanding third parties improve security and creating more interoperable architectures.

GitHub recently made security news by announcing plans to implement default multifactor authentication (MFA) across its repositories. The company deserves credit for recognizing its gravitational pull within the software ecosystem and acting accordingly, but it shouldn't be alone. We as industry leaders should be building on what individual platforms like GitHub are doing in two critical ways: demanding our own ecosystems of providers raise the bar of their security practices, and creating more interoperable architectures and blueprints to make better security postures more accessible for organizations that rely on our critical platforms.

**Our Interconnected Tech Stack**

Enterprises today rely on a whole ecosystem to run their tech stacks. They rely on cloud services for their infrastructure, including Azure, AWS, and Google Cloud. They rely on companies like Okta for their identity solutions, and they rely on a whole host of technologies to help them build or sell products faster, including collaboration and CRM apps as well as repositories like GitHub.

They also rely on a broad set of third-party providers to deliver services such as customer support, or to manage some aspects of their infrastructure. We know the long chain of software cooks in the kitchen has created access nightmares and breaches. The Cybersecurity and Infrastructure Security Agency, along with other international government security organizations recently released guidance for managed service providers, and third-party risk is something we at Okta know better than most. In January of this year, we experienced the compromise of a provider that ultimately resulted in a threat actor briefly gaining access to an Okta support tool via a thin client. While the threat actor never directly accessed the Okta service through an Okta account, Okta's own security posture was threatened as a result of our interconnected ecosystem.

**The Path Forward**

The first step toward resolution is technology leaders looking internally to recognize and take stock of our own service supply chain and the third-party providers we rely on. In Okta's case, we took a hard look at how Okta provides access to our providers and the security expectations we have for third-party providers that have access to customer data. While security practitioners understand the need to implement systems of least privilege that limit lateral movement, it's critical to ask whether those same principles are being applied by the third-party providers you rely on. Movement within their environments can become movement in yours.

The second area is looking outward toward the customers and partners who rely on our platforms. In the case of GitHub, the attack surface is massive and the user base is broad. In an age where everyone acknowledges the need to implement MFA, its adoption levels are still quite low. Look no further than Microsoft Azure Active Directory, where more than three-quarters (78%) of organizations currently don't employ MFA for their user accounts according to Microsoft's "Cyber Signals Report."

For something like identity and access management, it's easy to see just how broad the identity and access management attack surface can be. According to Verizon's "Data Breach Investigations Report," 89% of Web app attacks are caused by credential abuse. While standards help a lot in access management, they are not foolproof. Leading identity solutions have largely eliminated the need for individual configurations to apps and services through prebuilt, self-service integrations that rely on standards and protocols like SAML and OpenID Connect.

But that ability to ensure secure interoperability can and should go further.

Organizations rely on multiple solutions that co-exist, feeding logs, risk signals, and other valuable insights into one another. We often think of this for security tools, but it should also apply to any platform or service where there is data and sensitive information. This is where we can and should improve in order to raise all security boats. Our efforts as an industry to operate with an eye toward open, prebuilt integrations and clear architectures will ensure that tentpole technologies — whether they're in networking, identity management, endpoint detection and response, or security information and event management — work effectively together. This goes beyond preventing misconfigurations: It's about creating better security outcomes.

Our technology world is flatter today than it has ever been before, whether it's our collective reliance on third-party providers, our interconnected software supply chain, or the interoperability of our tooling. In that environment, it's critical for industry leaders to not only maintain a high degree of compliance across their own ecosystems of third-party providers but to develop technologies and policies that raise the bar for their users and customers. Part of that is through steps like the one GitHub is taking: implementing default policies that rely on stronger factors. But in an interconnected world, we must move beyond individual actions to create open and interoperable technologies that enable users to easily configure and integrate their foundational technologies in secure ways.

GitHub's MFA Plans Should Spur Rest of Industry to Raise the Bar

With almost every business experiencing growth in human and machine identities, firms have made securing those identities a priority.

Rapidly growing employee identities, third-party partners, and machine nodes have companies scrambling to secure credential information, software secrets, and cloud identities, according to researchers.

In a survey of IT and identity professionals released Wednesday from Dimensional Research, almost every organization — 98% — experiences rapid growth in the number of identities that have to be managed, with that growth driven by expanding cloud usage, more third-party partners, and machine identities. Furthermore, businesses are also seeing an increase in breaches because of this, with 84% of firms suffering an identity-related breach in the past 12 months, compared with 79% in a previous study covering two years.  

The rising incidence of breaches is unsurprising, says Julie Smith, executive director of the Identity Defined Security Alliance (IDSA), which sponsored the survey,

"The number and complexity of identities organizations are having to manage and secure is increasing," she says. "Whenever there is an increase in identities, there is a corresponding heightened risk of identity-related breaches due to them not being properly managed and secured, and with the attack surfaces also growing exponentially, these breaches can occur on multiple fronts."

For the most part, organizations focus on employee identities, which 70% consider to be the most likely to be breached and 58% believe to have the greatest impact, according to the 2022 "Trends in Securing Digital Identities" report based on the survey. Yet third-party partners and business customers are significant sources of risk as well, with 35% and 25% of respondents considering those to be a major source of breaches, respectively.

    

Source: IDSA

The IDSA recommends that companies focus on identity-related security outcomes that reduce the risk and impact of data breaches. Almost every respondent (96%) believes that implementing security controls focused on identities, such as multifactor authentication (MFA), could have prevented or minimized a breach.

"Centered on enabling effective identity governance, access, and behavioral detection, the security outcomes add a layer of protection around IT environments," the report states. "It is here that multifactor authentication as a mitigation strategy jumped to the top of the list in preventing breaches."

**MFA Reduces Identity-Related Breaches**

The top three countermeasures identified by respondents as potentially blunting the impact of breaches included MFA, more timely review of privileged access, and continuous discovery and monitoring of privileged access rights, according to the survey. Those three security controls also are likely to get the most investment in the coming year, says IDSA's Smith.

"We wouldn’t necessarily expect the countermeasures and planning to match up 100% as that would indicate organizations are chasing their tails and focusing only on the last breach when forward-thinking strategy and vision about the next potential breach is needed," she says.

Machine identities — such as system credentials, software secretes, and Internet of Things (IoT) passwords — are the main factors driving increased identities at 43% of organizations, according to the report. Despite that, only 18% of companies consider machine identities to be a significant source of breaches.

"Both human and machine identities are vulnerable without the proper mitigation and security tactics in place," Smith says. "Given that machine identities have the potential to expand much quicker than human identities, if a machine identity isn’t properly secured, managing the network of machine identities can quickly pose a major risk."

Meanwhile, the growing number of cloud workloads means that the credentials that allow software to talk use APIs and communicate with other software is an expanding surface of attack, Alex Simons, corporate vice president of program management for Microsoft's Identity division, said in March.

Companies that have executives focused on identity security are more likely to reduce the risk of breaches, according to the IDSA report. While only 30% of respondents consider training in securing passwords to be a very effective strategy, companies that have top-level business executives espousing support for password security are much more likely to be more careful with work-related credentials compared with companies that rely on security teams as the primary evangelist.

"If we’re talking about implementing and deploying meaningful security outcomes, we have to increase engagement beyond IT or security teams," IDSA's Smith says. "This simply demonstrates that when management embraces security as a part of messaging, the general trend implies that security becomes a strategic part of the company’s culture."

80% of Firms Suffered Identity-Related Breaches in Last 12 Months

New Cloud Security Alliance (CSA) and Google Cloud study shows many enterprises struggle to measure and manage risk in their cloud workloads.

Cloud adoption may be hopping, but many enterprises still wrestle with how to identify and manage their security risks with these services.

A new study conducted by the Cloud Security Alliance (CSA) and Google Cloud underscores that while the cloud ideally could help bolster security for organizations, many aren't adeptly handling their risk management in the cloud just yet. 

"Organizations are not taking advantage as aggressively of the capabilities to have a more secure environment" with cloud, says Jim Reavis, CEO of the CSA. "They're not being as proactive in monitoring and managing risk."

Interestingly, it appears many organizations may not know for sure the extent of their cloud adoption. Some 51% say that they now run 41% of their workloads in the public cloud, but it turns out most of them (85%) are not using cloud discovery tools to quantify that but, rather, estimating their use via manual methods. Those who use discovery tools including a cloud access security broker, or CASB (15%), to map their cloud workloads report 31% more cloud usage than those who performed manual assessments — a clue that most organizations relying on manual tracking don't have a complete inventory of what's running in their cloud services, according to the study.

"You can't manage the risk of things you don't know about. The basic things lead to either breaches or data exposure, exfiltration, or a ransomware attack if you are not keeping your cloud assets updated and there are gaps in your usage of cloud," Reavis notes. But the cloud offers a better way to manage assets, he says, than traditional IT networks.

“There are tools there," and automated ways to detect and secure cloud assets, he says.

The study confirms a significant rise in cloud adoption. The average number of software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS) services used by organizations was more than 147, up from 38 in 2020. Some 66% of organizations say they have 100 or fewer services; 32%, from 101 to 999; and 3%, 1,000 or more services.

The most commonly used infrastructure-as-a-service (IaaS) cloud platform is Azure (70%), followed closely by AWS (65%), and then Google Cloud at 24%, according to the study.

"Enterprises interviewed intend on increasing their workloads in the cloud over the next 12 months. With enterprises continuing to add production in the cloud and using more cloud services, managing cloud and digital assets will be critical in the management and measurement of risk in the cloud," according to the report.

The goal of the study was to gauge organizations' challenges of risk management in public cloud services, and Google and the CSA gathered survey data as well as interviews in 2021 with 600 IT and security professionals.

**Cloud Escape**

While the cloud is becoming more pervasive for IT operations, there has not been a correlation or increase in data breaches, Reavis notes.

To date, nearly all publicly disclosed breaches in the cloud have stemmed from misconfigurations, not cyberattacks, says Phil Venables, CISO at Google Cloud. "To prevent and address the risk of misconfigurations and compliance violations earlier in the development process, security leaders have started to embrace security as code to achieve the speed and agility of DevOps, reduce risk, and more securely create value in the cloud," Venables says.

For its part, Google offers a series of blueprints for its customers to help avoid misconfigurations and other cloud mistakes, such as its Risk and Compliance as Code (RCaC), Secure Foundations guide, and Cloud Architecture Center, for example.

"Blueprints help our customers rapidly configure cloud environments in a secure and compliant manner," notes Venables. "And ultimately, this level of secure hygiene helps prevent misconfigurations becoming a security risk or attacker entry point to cloud workloads."

According to the report, some 70% of organizations in the study say they don't have solid processes for mapping risk to their cloud assets. A tiny percentage — 4% — report that they have "highly effective" risk management in the cloud. Slightly more than 20% use cloud data-classification tools.

Meanwhile, the main security worries over applications in the cloud include loss of sensitive data (64%), improper configuration and security settings (51%), and unauthorized access (51%).

Risk Disconnect in the Cloud

Data Processing and Infrastructure Processing Units – DPU and IPU – are changing the way enterprises deploy and manage compute resources across their networks.

SAN FRANCISCO, June 21, 2022 /PRNewswire/ -- The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the new Open Programmable Infrastructure (OPI) Project. OPI will foster a community-driven, standards-based open ecosystem for next-generation architectures and frameworks based on DPU and IPU technologies. OPI is designed to facilitate the simplification of network, storage and security APIs within applications to enable more portable and performant applications in the cloud and datacenter across DevOps, SecOps and NetOps.

Founding members of OPI include Dell Technologies, F5, Intel, Keysight Technologies, Marvell, NVIDIA and Red Hat with a growing number of contributors representing a broad range of leading companies in their fields ranging from silicon and device manufactures, ISVs, test and measurement partners, OEMs to end users.

"When new technologies emerge, there is so much opportunity for both technical and business innovation but barriers often include a lack of open standards and a thriving community to support them," said Mike Dolan, senior vice president of Projects at the Linux Foundation. "DPUs and IPUs are great examples of some of the most promising technologies emerging today for cloud and datacenter, and OPI is poised to accelerate adoption and opportunity by supporting an ecosystem for DPU and IPU technologies."

DPUs and IPUs are increasingly being used to support high-speed network capabilities and packet processing for applications like 5G, AI/ML, Web3, crypto and more because of their flexibility in managing resources across networking, compute, security and storage domains. Instead of the servers being the infrastructure unit for cloud, edge or the data center, operators can now create pools of disaggregated networking, compute and storage resources supported by DPUs, IPUs, GPUs, and CPUs to meet their customers' application workloads and scaling requirements.

OPI will help establish and nurture an open and creative software ecosystem for DPU and IPU-based infrastructures. As more DPUs and IPUs are offered by various vendors, the OPI Project seeks to help define the architecture and frameworks for the DPU and IPU software stacks that can be applied to any vendor's hardware offerings. The OPI Project also aims to foster a rich open source application ecosystem, leveraging existing open source projects, such as DPDK, SPDK, OvS, P4, etc., as appropriate. The project intends to:

*   Define DPU and IPU,
*   Delineate vendor-agnostic frameworks and architectures for DPU- and IPU-based software stacks applicable to any hardware solutions,
*   Enable the creation of a rich open source application ecosystem,
*   Integrate with existing open source projects aligned to the same vision such as the Linux kernel, and,
*   Create new APIs for interaction with, and between, the elements of the DPU and IPU ecosystem, including hardware, hosted applications, host node, and the remote provisioning and orchestration of software

With several working groups already active, the initial technology contributions will come in the form of the Infrastructure Programmer Development Kit (IPDK) that is now an official sub-project of OPI governed by the Linux Foundation. IPDK is an open source framework of drivers and APIs for infrastructure offload and management that runs on a CPU, IPU, DPU or switch. In addition, NVIDIA DOCA, an open source software development framework for NVIDIA's BlueField DPU, will be contributed to OPI to help developers create applications that can be offloaded, accelerated, and isolated across DPUs, IPUs, and other hardware platforms.

For more information visit: https://opiproject.org; start contributing here: https://github.com/opiproject/opi.

**Founding Member Comments**

**_Geng Lin, EVP and Chief Technology Officer, F5  
_**"The emerging DPU market is a golden opportunity to reimagine how infrastructure services can be deployed and managed. With collective collaboration across many vendors representing both the silicon devices and the entire DPU software stack, an ecosystem is emerging that will provide a low friction customer experience and achieve portability of services across a DPU enabled infrastructure layer of next generation data centers, private clouds, and edge deployments."

**_Patricia Kummrow, CVP and GM, Ethernet Products Group, Intel  
_**Intel is committed to open software to advance collaborative and competitive ecosystems and is pleased to be a founding member of the Open Programmable Infrastructure project, as well as fully supportive of the Infrastructure Processor Development Kit (IPDK) as part of OPI. We look forward to advancing these tools, with the Linux Foundation, fulfilling the need for a programmable infrastructure across cloud, data center, communication and enterprise industries making it easier for developers to accelerate innovation and advance technological developments.

**_Ram Periakaruppan, VP and General Manager, Network Test and Security Solutions Group, Keysight Technologies  
_**"Programmable infrastructure built with DPUs/IPUs enables significant innovation for networking, security, storage and other areas in disaggregated cloud environments. As a founding member of the Open Programmable Infrastructure Project, we are committed to providing our test and validation expertise as we collaboratively develop and foster a standards-based open ecosystem that furthers infrastructure development, enabling cloud providers to maximize their investment."

**Cary Ussery, Vice President, Software and Support, Processors, Marvell  
**Data center operators across multiple industry segments are increasingly incorporating DPUs as an integral part of their infrastructure processing to offload complex workloads from general purpose to more robust compute platforms. Marvell strongly believes that software standardization in the ecosystem will significantly contribute to the success of workload acceleration solutions. As a founding member of the OPI Project, Marvell aims to address the need for standardization of software frameworks used in provisioning, lifecycle management, orchestration, virtualization and deployment of workloads.

**_Kevin Deierling, vice president of Networking at NVIDIA  
_**"The fundamental architecture of data centers is evolving to meet the demands of private and hyperscale clouds and AI, which require extreme performance enabled by DPUs such as the NVIDIA BlueField and open frameworks such as NVIDIA DOCA. These will support OPI to provide BlueField users with extreme acceleration, enabled by common, multi-vendor management and applications. NVIDIA is a founding member of the Linux Foundation's Open Programmable Infrastructure Project to continue pushing the boundaries of networking performance and accelerated data center infrastructure while championing open standards and ecosystems."

**_Erin Boyd, director of emerging technologies, Red Hat  
_**"As a founding member of the Open Programmable Infrastructure project, Red Hat is committed to helping promote, grow and collaborate on the emergent advantage that new hardware stacks can bring to the cloud-native community, and we believe that the formalization of OPI into the Linux Foundation is an important step toward achieving this in an open and transparent fashion. Establishing an open standards-based ecosystem will enable us to create fully programmable infrastructure, opening up new possibilities for better performance, consumption, and the ability to more easily manage unique hardware at scale."

**About the Linux Foundation**

Founded in 2000, the Linux Foundation and its projects are supported by more than 1,800 members and is the world's leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation's projects are critical to the world's infrastructure including Linux, Kubernetes, Node.js, Hyperledger, RISC-V, and more. The Linux Foundation's methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: _www.linuxfoundation.org/trademark-usage_. Linux is a registered trademark of Linus Torvalds. Red Hat is a registered trademark of Red Hat, Inc. or its subsidiaries in the U.S. and other countries.

_Marvell Disclaimer: This press release contains forward-looking statements within the meaning of the federal securities laws that involve risks and uncertainties. Forward-looking statements include, without limitation, any statement that may predict, forecast, indicate or imply future events or achievements. Actual events or results may differ materially from those contemplated in this press release. Forward-looking statements speak only as of the date they are made. Readers are cautioned not to put undue reliance on forward-looking statements, and no person assumes any obligation to update or revise any such forward-looking statements, whether as a result of new information, future events or otherwise._

Linux Foundation Announces Open Programmable Infrastructure Project to Drive Open Standards for New Class of Cloud Native Infrastructure

In the wake of devastating attacks, here are some of the best techniques and policies a company can implement to protect its data.

Artificial Intelligence and Security: What You Should Know

Joshua Bevitz, Partner, Newmeyer Dillion

Gabriella Stevens, Associate, Newmeyer Dillion

Prashant Sharma, Co-Founder & CTO, Secuvy Inc.

7 Ways to Avoid Worst-Case Cyber Scenarios

Most organizations still rely on virtual private networks for secure remote access.

Zero-trust initiatives may be on the security roadmap for most enterprises today, but remote-access architecture today is still highly dependent upon virtual private network (VPN) technology.

Newly published data shows that approximately 90% of organizations still utilize VPN in some capacity to secure remote access for their users. Meantime, across a broad population of IT and security practitioners, fewer than one in three say they have plans to — or have begun to — roll out zero-trust network access (ZTNA) to supplant VPN.

The results are from a survey conducted by Sapio Research on behalf of Banyan Security, which reached out to 1,025 IT respondents, focusing the bulk of the survey on the 410 who were aware of both VPN and ZTNA. The study shows that among that group, a full 97% reported that adopting a zero-trust model is a priority for them. Slightly over half of those aware of both VPN and ZTNA said they've begun to roll out zero-trust solutions.

ZTNA is a term Gartner started championing in 2019 to describe in broad strokes a range of products and services that create logical access boundaries around applications or sets of applications using a combination of identity- and context-based factors. The firm predicted at the time that by next year, 2023, approximately 60% of enterprises will start phasing out their VPNs in favor or ZTNA.

"VPNs are just a band aid on a fundamentally broken network security model. And ultimately this has to be replaced," Neil MacDonald, vice president and distinguished analyst for Gartner, said in a recent analysis of zero-trust strategies in 2022. "We need to invert the model. Instead of connecting and then worrying about authentication, we need to authenticate first, then connect. This is where you see many of the tenets of zero-trust networking coming in."

**The Problem With VPNs**

One of the biggest problems with VPN technology is the fact that it "allows for network-level access to an enterprise," explains Deloitte's Andrew Rafla, who leads the consultancy's zero-trust offering.

In contrast, ZTNA restricts remote users' access to only the specific applications and assets they need and nothing more, says Rafla. ZTNA is one important component of a broader zero-trust architecture, he says, which also should include a centralized and federated identity store, privileged access management controls, data protection, network segmentation, device security, and telemetry and analytics.

"General cyber hygiene fundamentals should not be overlooked as well; in order to realize the true benefits of the zero-trust model, an organization should have a solid grasp on its IT asset management, configuration and vulnerability management, and data classification," Rafla says.

Given these weighty requirements to truly grab the zero-trust brass ring, it should come as no surprise that many organizations can feel overwhelmed by it all. Over two-thirds of current VPN users report in this survey that implementing a ZTNA strategy is a large to very large undertaking.

The biggest constraint for VPN-dependent organizations that keep them from transitioning to ZTNA are cost/budget constraints, which was named by 62%. Approximately 13% of them say zero trust is confusing and they don’t even know where to start.

Interestingly, though, among those who have adopted ZTNA, the implementation timeframes may not be as scary as those clinging to VPN may think. The study shows that the mean time to deployment was about 11.5 months. This may be a good lesson in the fact that an organization can and should roll out zero-trust components in a phased manner, and that ZTNA for remote access may be an accessible first step in the journey.

VPNs Persist Despite Zero-Trust Fervor

ToddyCat's Samurai and Ninja tools are designed to give attackers persistent and deep access on compromised networks, security vendor says.

A threat group that may have been among the first to exploit the ProxyLogon zero-day vulnerability in Exchange Servers last year is using a pair of dangerous and previously unseen malware tools in a cyber espionage campaign targeting military and government organizations in Europe and Asia.

Researchers at Kaspersky who first detected the group's activities this week described the tools as malware designed to enable long-term persistence on an organization's public-facing Web servers and giving attackers the ability to move laterally and penetrate deeply into compromised networks.

The malware tools have features that allow their functionality to be extended at will, but Kaspersky has been unable so far to determine the full range of their capabilities, the vendor noted.

**Attacks Targeted ProxyLogon Exchange Server Flaw**

Kaspersky is tracking the previously unknown group as "ToddyCat." In a report this week, the security vendor said the adversary's victim targeting and certain operational overlaps with at least one known Chinese threat actor suggest that members of ToddyCat are Chinese-speaking as well.

"This group targets high-profile organizations, usually government, diplomatic, military organizations, and military contractors," says Giampaolo Dedola, security researcher at Kaspersky. It may be possible that the threat actor has compromised victims in the US as well. But currently Kaspersky has no information to suggest this is indeed the case, Dedola says.

Kaspersky's analysis showed that ToddyCat's campaign began in December 2020 with attacks targeting selected Exchange Servers belonging to three organizations in Vietnam and Taiwan. The attackers used an unknown exploit to breach the Exchange Servers and deploy the popular China Chopper Web shell on the systems. They then used the Web shell to initiate a multi-stage infection chain involving custom loaders that ended with one of the new malware tools — a backdoor called "Samurai" — being deployed on the compromised system.

**Sophisticated Malware**

Samurai is a passive backdoor designed to give the attackers persistent access on Internet-facing Web servers. The backdoor works on ports 80 and 443 and is designed primarily to execute arbitrary C# code on infected systems.

"Based on our investigation, we were able to detect some of the source codes uploaded by the attacker and we know that it was used to execute arbitrary commands, download files, forward TCP packets to internal hosts," Dedola says. As one example, he points to the attacker using Samurai to communicate with internal Active Directory servers. "The ability to run arbitrary C# code allows attackers to infinitely extend the malware's capabilities," he says.

Kaspersky's research showed the attackers also used Samurai to launch "Ninja," the other previously unseen malware tool that ToddyCat is using in its attacks. Ninja is Cobalt Strike-like malware for executing post-exploitation activities on already compromised systems.

"It allows the attackers to control the remote system, manipulate the file system, manipulate processes, inject arbitrary code in other processes, forward TCP packets, and load new modules in its memory," Dedola says.

Ninja agents can be configured to act like servers. So, the adversary can use the malware to designate specific machines as internal command and control servers (C2s), thereby limiting connections to external servers and reducing the chances of being detected. This feature, combined with the TCP command forwarding functionality, gives the attackers a way to manage even those systems that are not directly connected to the Internet, Dedola says.

Between Dec. 2020 and early Feb. 2021, ToddyCat remained tightly focused on a handful of organizations in Vietnam and Taiwan. But then, for a brief period between late February and early March, the threat actor quickly escalated its attacks by targeting the ProxyLogon vulnerability to compromise organizations in multiple countries. The group's victims included organizations in Russia, UK, Slovakia, India, Iran, and Malaysia, and belonged to industries and sectors that have traditionally been of interest to China-based groups, Kaspersky said.

**A Change in Tactics**

Almost all of ToddyCat's early attacks targeted Exchange Server flaws. But starting Sept. 2021, Kaspersky observed what it described as "waves of attacks" against desktop systems involving the use of malicious loaders sent via the Telegram messaging service. It's unclear how many organizations ToddyCat has compromised, but the number is likely less than 30, Dedola says.

What makes Samurai and Ninja dangerous is the anti-forensic and anti-analysis technique incorporated into the malware, according to Kaspersky. For example. Samurai is designed to share TCP port 80 and 443 with Microsoft Exchange and cannot be detected by monitoring the ports. The malware also uses a complex loading scheme to avoid detection and maintain persistence. It addition, it uses a technique called "control-code flattening" to avoid detection by static analysis tools, Dedola says.

"The Ninja Trojan is also another modular malware, with capabilities that can be easily extended by the attacker," he tells Dark Reading, adding that the malware runs only in memory and never appears on file systems, making it harder to detect. "It is usually executed with a loader, which decrypts the payload from a third file. The file with the encrypted payload is immediately deleted by the loader."

Christopher Prewitt, CTO at Inversion6, says Kaspersky's research shows that the malware authors have gone to great lengths to hide and obfuscate their methods. While the Samurai backdoor features some relatively common features, ToddyCat's bespoke Ninja post-exploit tool appears more interesting.

"It is loaded in memory, making it much more difficult to analyze and detect," Prewitt says. "The threat actor could continue to reuse this part of their toolkit, while only swapping out or updating the initial infection point and backdoor tooling."

Source

DARKReading