Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Jon Seals

Government Agencies Benefit From Enhanced Security and Efficiency While Transitioning to the Cloud

WASHINGTON, DC – Carahsoft Technology Corp., the trusted government IT solutions provider today announced a go-to-market relationship with Virtustream, the enterprise-class cloud software and services provider and EMC Federation Company. Carahsoft will serve as federal distributor and master aggregator for Virtustream's products, providing proactive sales and marketing support and making Virtustream's cloud solutions and services available to the public sector via its General Services Administration (GSA) schedule and contracts with the NASA Solutions for Enterprise-Wide Procurement (SEWPV) and US Army ITES SW.

"Our strategic relationship with Carahsoft further reinforces Virtustream's commitment to the public sector market," said Joe Moye, senior vice president for public sector at Virtustream. "As public sector organizations accelerate their digital transformation initiatives, Carahsoft offers us a powerful new channel to make it simpler for federal, state and local governments to procure and benefit from Virtustream's FedRAMP-certified cloud services and risk management framework software."

As government agencies continue to transition to the cloud, they are embracing more advanced capabilities, including improved system and service virtualization, the ability to migrate data and services between shared clouds, the expansion of infrastructure-based services and the emergence of the hybrid cloud as the platform of choice. Virtustream's enterprise-class cloud solutions and xStream® cloud management software easily manage the heavy demands of complex, multi-tenant IT environments, while complying with the highest security and compliance standards.

Virtustream meets mandatory requirements such as SSAE16, ISAE3402, PCI-DSS 2.0, FISMA, IS0 27001-2005, ISO 9001-2008, HIPAA/HITECH and other leading cloud certifications and compliance frameworks including FedRAMP P-ATO via the Joint Authorization Board (JAB). Virtustream also offers an on-premises solution for federal, state and local governments that leverages the stringent security aspects of the FedRAMP offering.

Further, Virtustream's enterprise-class cloud software uses a consumption-based pricing model which helps government agencies prevent waste and lower costs, while still providing them with the guaranteed high quality performance they expect from their applications. This is enabled by Virtustream µVM® technology, a precise planning and billing unit that enables users to pay only for the compute, memory, network and storage resources that they actually consume versus an allocation billing model.

"We are excited to expand our cloud computing portfolio with Virtustream's FedRAMP certified Cloud Services," said Craig P. Abod, president, Carahsoft Technology. "Security is always top of mind for our government customers and resellers, and Virtustream's cloud solutions meet and exceed all federal security and compliance requirements."

Virtustream's enterprise-class cloud solutions are available immediately via Carahsoft's GSA Schedule No. GS-35F-0119Y and SEWP contract NNG15SC03B and NNG15SC27B. To learn more about how Virtustream's cloud solutions can help government agencies become more proactive against enterprise risks, view this on-demand webcast Continuous Risk and Compliance Monitoring or contact the Virtustream team at Carahsoft at 703-871-8626.

About Carahsoft
Carahsoft Technology Corp. is the trusted Government IT solutions provider. As a top-ranked GSA Schedule Contract holder, Carahsoft serves as the master government aggregator for many of its best-of-breed technology vendors, supporting an extensive ecosystem of manufacturers, value-added resellers, system integrators, and consulting partners committed to helping government agencies select and implement the best solution at the best possible value.

The company's dedicated Solutions Divisions proactively market, sell and deliver VMware, Symantec, EMC, Adobe, F5 Networks, Open Source, HPE Software, SAP, and Innovative and Intelligence products and services, among others. Carahsoft is consistently recognized by its partners as a top revenue producer, and is listed annually among the industry's fastest growing firms by CRN, Inc., Washington Technology, The Washington Post, Washington Business Journal, and SmartCEO. Visit us at www.carahsoft.com.

Virtustream, uVM and xStream are trademarks or registered trademarks of Virtustream, Inc. in the United States and/or other jurisdictions. All other trademarks are the property of their respective owners.

New Relationship Offers a Pre-Packaged, Correlated Threat Data Feed for Risk Intelligence Customers

SUNNYVALE, Calif. – RiskVision, the enterprise risk intelligence company formerly known as Agiliance, today announced it will be utilizing the Exploit Database, a non-profit project maintained by Offensive Security. As part of the RiskVision offering, exploit information is correlated with RiskVision-configurable business context and vulnerability attributes to prioritize exploitable threats in vulnerability risk scoring. This helps security and business risk owners reduce network operations activity while dramatically improving risk posture in their organizations.

The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. The Exploit Database's aim is to serve the most comprehensive collection of exploits gathered through direct submissions and mailing lists, as well as other public sources, and then present them in a freely-available, easy-to-navigate database. The database is a repository for exploits and proof-of-concepts, rather than advisories, making it a valuable resource for those who need actionable data right away.

At Offensive Security, we place high value and importance in our time and resource investment in Exploit Database to provide the most comprehensive collection of publicly accessible exploits available in the industry. When companies like RiskVision integrate EDB information, they can be confident they have the most accurate dataset of modern exploits possible in their product. We are happy to work with RiskVision as they continue to innovate in this space. - Joe Steinbach, CEO, Offensive Security

RiskVision's closed-loop vulnerability management delivers innovation in every step of the cyber vulnerability work flow. In addition to integrating with threat exploit services such as Offensive Security, RiskVision utilizes products and services from vendors in the threat intelligence, vulnerability scanning, endpoint security, SIEM and DLP, IT service management and configuration management spaces.

"It's nearly impossible to prioritize the number of threats to an organization if you don't have the most up-to-date exploit and vulnerability information in business context to see true risks," said Keith Higgins, chief marketing officer at RiskVision. "By leveraging Offensive Security's Exploit Database, one of the most complete exploit databases available today, we're giving our customers a fighting chance to secure their assets and the ability to accurately and effectively identify and remediate risks that matter."

RiskVision's approach to vulnerability management improves operational efficiency by performing automated risk scoring based on threat and business context, as well as filtering for relevant incidents based on event monitoring data. Uniquely, with RiskVision, Security Operations analysts can prioritize remediation, Organizational Unit risk experts can participate in decision-making with compliance oversight and IT Operations can be assured their workloads do not require additional staff.

Attending Black Hat USA 2016?
Attendees are invited to visit booth #1460 to meet the RiskVision team for variety of company and product updates, including the partnership with Offensive Security and the integration with The Exploit Database. To schedule a meeting at the show, click here.

Additional Resources:
For more information on RiskVision partnerships, click here.
To schedule a demo, click here.
Follow us on LinkedIn here: https://www.linkedin.com/company/riskvision
Follow us on Twitter here: @RiskVisionInc

About RiskVision
RiskVision develops comprehensive risk intelligence solutions for the enterprise. The highly decorated RiskVision platform is the industry's first risk intelligence solution designed for today's real-time, big-data, threat-centric world. RiskVision's architecture and design delivers the industry's best usability, scale, automation and time-to-deployment advantages -- at a fraction of the cost of traditional solutions. CIOs and CROs of the world's leading organizations and government agencies rely on RiskVision; customers include AXA Group, Cisco, Deutsche Bank, E*TRADE, Exelon, First Data, Fiserv, HCL, Novartis, Roche, Safeway, Sheetz, Southern Co., Time Warner, United Health Group, U.S. Departments of Defense, Health & Human Services, Justice, and Veterans Affairs, and dozens of other clients worldwide.


FIPS 140-2 Certification Allows Public Sector to Harness Efficiency and Cost-Savings of Hyperconverged Secondary Storage

SANTA CLARA, Calif. – Cohesity, the pioneer of hyperconverged secondary storage, today announced that its encryption solution has been certified to meet federal data protection standards. This certification from the National Institute of Standards and Technology (NIST) allows for government agencies that handle sensitive information to realize the benefits of hyperconverged secondary storage, and demonstrates Cohesity's commitment to serving organizations in the public sector.

Tweet This: .@Cohesity Encryption Certified to Meet Federal Standards for Protecting Sensitive Data: http://ctt.ec/d_0r8+

To achieve Federal Information Processing Standards (FIPS) 140-2 certification, government-approved lab tests of the encryption module were run not in isolation but as part of the storage platform and on the same hardware that Cohesity deploys at customer sites. This offers more complete security assurance than other vendors that run tests on their cryptographic library but not their fully mated solution. It is analogous to validating that a lock actually secures a house, rather than just showing that the lock works.

Validation that Cohesity's solution meets FIPS 140-2 requirements enables the company to bid on government projects within federal civilian agencies, the Department of Defense, and the Intelligence Community. U.S. law mandates that federal agencies and federal systems integrators (FSIs), such as General Dynamics and CSRA, protect sensitive information in computer and telecommunication systems (including voice systems) using cryptographic-based security systems that are certified to meet FIPS 140-2.

Cohesity's encryption module is fully software-implemented, which gives customers the flexibility to use the latest and greatest hardware available. In addition, Cohesity offers customers access to FedRAMP certified cloud storage through its integration with AWS GovCloud.

"We have made tremendous progress in the year following the public launch of Cohesity's radically efficient secondary storage platform, and we are proud to offer this cutting-edge technology to some of the most highly regulated IT environments in the U.S. government sector," said Mohit Aron, founder and CEO of Cohesity. "We look forward to adding new installations across a wide range of government agencies by working with our partners that serve the public sector."

"With FIPS 140-2 certification and AWS GovCloud support, we can bring Cohesity's next generation, web-scale, hyperconverged solution for consolidating secondary storage to our federal customers," said Brent Van Scyoc, vice president of federal sales for Alliance Technology Group. "Federal customers backup and content storage needs are exploding. Cohesity's technology will allow them to simplify secondary data storage and substantially drive down their costs."

About Cohesity
Cohesity delivers the industry's first hyperconverged secondary storage system for consolidating backup, test/dev, file services, and analytic datasets, onto an infinitely scalable, intelligent data platform. With Cohesity, IT organizations achieve far greater operational efficiency and agility in managing their data assets on-premise and in the cloud. Cohesity counts Credit Acceptance, Cvent, GS1, and Tribune Media among its growing base of enterprise customers. For more information, visit www.cohesity.com.

New HPE Security Services Offering Helps Organizations Prevent External Breaches and Insider Threats Targeting Privileged Accounts, as Well as Maintain Compliance

PALO ALTO, Calif. – Hewlett Packard Enterprise (HPE) (NYSE: HPE) today announced the HPE Privileged Account Management (PAM) Service offering, an extension to its HPE Managed Security Services (MSS) portfolio. In partnership with privileged account security software leader CyberArk (NASDAQ: CYBR), this offering is designed to help customers more effectively mitigate the heightened risk associated with privileged accounts, enforce more consistent application of security policies, and reduce manual efforts and administrative costs.

External attackers and malicious insiders are increasingly using the broader network permissions of privileged accounts to execute complex breaches and access sensitive information. In fact, 80 percent of all targeted attacks exploited privileged accounts during the attack process.1 These attacks are often able to take full control of an organization's IT infrastructure, disable its security controls, steal confidential information, commit financial fraud, and disrupt operations.

HPE PAM Service leverages the ten global HPE Security Operations Centers (SOCs), offshore resources, and the CyberArk Privileged Account Security Solution to help organizations address some of the biggest security challenges including: advanced targeted attacks, insider threats, malware targeted at privileged accounts, regulation and failed audits, and the outsourcing of sensitive information, assets and infrastructure. The CyberArk Privileged Account Security Solution provides a comprehensive solution for operating systems, databases, applications, hypervisors, network devices, and security appliances. It can be deployed on-premise, in the hybrid cloud and OT/SCADA environments.

"Threats targeting privileged accounts are increasing in frequency, complexity and scope, making it critical for organizations to gain control and visibility of this key user group's activity," said Art Wong, senior vice president and general manager, HPE Security Services, Hewlett Packard Enterprise. "The full-service HPE Privileged Account Management offering backed by CyberArk technology provides organizations with the means to effectively mitigate their risks of both external and internal attacks on privileged accounts, as well as maintain compliance."

HPE PAM Service is integrated with the HPE Identity and Access Management (IAM) Service to address the growing challenges of IAM, thus improving efficiency and saving costs. In addition, as part of the C3 Alliance, HPE and CyberArk also offer proven and tested bi-directional integrations between the HPE ArcSight SIEM platform and the CyberArk Privileged Account Security and Privileged Threat Analytics™ solutions. The integration provides joint customers with detailed privileged account activity intelligence and actionable alerts on anomalous behavior in HPE ArcSight where it can be correlated with other indicators to quickly identify and disrupt the most critical in-progress attacks.

"Privileged accounts provide tremendous access to sensitive information and infrastructure that can take down an entire organization if compromised by attackers," said Adam Bosnian, executive vice president, global business development and head of the C3 Alliance, CyberArk (@CyberArk). "This partnership combines CyberArk's proven, innovative Privileged Account Security Solution with HPE's comprehensive global Managed Security Services portfolio to proactively manage privileged user and account risk and combat this growing challenge."

Benefits & Impact
The newly introduced HPE PAM Service offering features numerous enterprise security benefits, including:

  • Protection against cyber attacks - Lock down privileged accounts and secure sessions to prevent malware infection at the endpoint, lateral movement, and attack escalation to stop attack progression.
  • Visibility - Control of administrative access to a wide range of systems and infrastructures, from accounts on operating systems, databases, middleware and applications, to network devices and SaaS applications.
  • Compliance Support - Fully auditable system that supports stringent needs of highly regulated industry sectors, such as providing auditors with detailed privileged access reports. By 2017, analysts predict that more stringent regulations around control of privileged access will lead to a rise of 40% in fines and penalties imposed by regulatory bodies on organizations with deficient PAM controls that have been breached.2
  • Consistency & Accountability - Seamlessly enforcing consistent password policies across the enterprise. Anonymous use of credentials is eliminated across the enterprise and auditable controls tie people to their actions.
  • Efficiency - Password policies enforcement and secured, centralized, and automated password management for administrative, service, and application accounts.

The HPE PAM Service is currently available to customers as part of the HPE Managed Security Services (MSS) portfolio, which delivers an extensive security service management process and in-depth consulting expertise to define, implement and manage a resilient security program.

About HPE Security
HPE Security helps organizations protect their business-critical digital assets by building security into the fabric of the enterprise, detecting and responding to advanced threats, and safeguarding continuity and compliance to effectively mitigate risk. With an integrated suite of market-leading products, services, threat intelligence and security research, HPE Security empowers organizations to balance protection with innovation to keep pace with today's idea economy. Find out more about HPE Security at https://www.hpe.com/us/en/solutions/protect-digital.html.

To learn more about HPE Enterprise Security products and services on Twitter, please follow @HPE_Security and join HPE Enterprise Security on LinkedIn.

About Hewlett Packard Enterprise
Hewlett Packard Enterprise is an industry leading technology company that enables customers to go further, faster. With the industry's most comprehensive portfolio, spanning the cloud to the data center to workplace applications, our technology and services help customers around the world make IT more efficient, more productive and more secure.

Forward-Looking Statements
This document contains forward-looking statements within the meaning of the safe harbor provisions of the Private Securities Litigation Reform Act of 1995. Such statements involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of Hewlett Packard Enterprise could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including any statements of the plans, strategies and objectives of Hewlett Packard Enterprise for future operations; other statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include the possibility that expected benefits may not materialize as expected and other risks that are described in Hewlett Packard Enterprise's filings with the Securities and Exchange Commission, including but not limited to the risks described in Hewlett Packard Enterprise's Registration Statement on Form 10 dated July 1, 2015, as amended August 10, 2015, September 4, 2015, September 15, 2015, September 28, 2015 and October 7, 2015. Hewlett Packard Enterprise assumes no obligation and does not intend to update these forward-looking statements.

1 CyberArk Threat Report, "Privileged Account Exploits Shift the Front Lines of Cyber Security," November 2014.

2 Gartner "Market Guide for Privileged Access Management," May 2015.

Hedvig Distributed Storage Platform Lowers DGC Operating Costs, Enables Data Center Consolidation and Powers Future Offerings

SANTA CLARA, Calif. – Hedvig, the company modernizing storage and accelerating enterprise adoption of private and hybrid clouds, today announced that DGC, a leading Swedish network operator, has selected the Hedvig Distributed Storage Platform to help lower costs and modernize its business. DGC's outsourcing and managed services division will use Hedvig as a foundation for sustainable, differentiated cloud services that can tailor storage, performance and disaster recovery services to individual customers. Hedvig is part of DGC's investment in both technology and new data center facilities to consolidate its outsourcing and managed services and establish new product offerings.

Operating in a competitive managed services market, DGC reexamined their current storage infrastructure as it sought to cut costs, consolidate data centers and develop new revenue streams. The company selected Hedvig because unlike other solutions, Hedvig met the requirements of providing storage software completely decoupled from underlying hardware while still enabling a complete set of advanced data services. It also equips DGC with a flexible platform that delivers new infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) products to its customers.

"In the past six years DGC has expanded through multiple strategic acquisitions resulting in a number of inherited infrastructure platforms," said Magnus Blom, business area manager of outsourcing and managed services at DGC. "We wanted to lower overhead costs and consolidate into a modern infrastructure where hardware and software are decoupled. We looked for a software-defined solution and the Hedvig Distributed Storage Platform met our expectations. With Hedvig, we get real-time multi-site replication, flexible scalability, high performance and a single platform that supports all needed storage protocols. The market is shifting fast and we are also looking forward to develop tomorrow's offerings together with Hedvig."

Suggested Tweet: .@Hedviginc selected by @DGCone to provide #modernstorage foundation for #cloud and managed services: http://hed.vg/HedvigDGC

The Hedvig Distributed Storage Platform combines the power of distributed systems, the simplicity of cloud and a complete set of enterprise capabilities to deliver a modern, high-performance storage system. Hedvig enables DGC to provide customized, tiered services for each of its customers in which different performance, availability and efficiency features can be bundled based on customer needs and price points. Additionally, Hedvig enables IaaS, PaaS and CaaS architectures and easily allows DGC to add new workloads without the need to purchase and operate disparate storage platforms.

After examining several competing solutions, DGC selected Hedvig because of four key platform features:

  • Real-time replication. The Hedvig Distributed Storage Platform's built-in real-time replication enables customer data to be protected across all of DGC's data centers, providing maximum availability of customer data even if one or more data centers go down.
  • Scalability. As DGC brings aboard new cloud customers, it requires a solution that can grow incrementally. Hedvig's hyperscale architecture allows DGC to scale storage independent of compute, providing both elasticity and flexibility.
  • High performance. Hedvig maintains performance by providing a two-tier architecture that scales intelligently based on the type of performance DGC customers need.
  • Full storage protocol support in a single platform. DGC uses block and file storage and plans to provide object storage in the future, which mandates a platform that unifies all three. With Hedvig, DGC avoids additional storage platforms that would increase complexity, risk and operating costs.

"We're excited to be the trusted advisor and storage platform for companies such as DGC that are building truly modern infrastructure environments," said Avinash Lakshman, CEO and founder of Hedvig. "DGC's choice of Hedvig is a testament to the breadth and flexibility of the Hedvig Distributed Storage Platform to power scalable, differentiated services for cloud providers."

To learn more about how Hedvig provides storage for private and public cloud infrastructure visit the Hedvig website here: http://hed.vg/HedvigDGC.

About DGC
DGC is a service provider that develops and sells data communications, IT operations and telephony services in a nationwide network to Nordic customers. DGC was founded in 1991 and DGC's shares are listed on Nasdaq Stockholm. For more information about DGC, visit www.dgc.se.

About Hedvig
Hedvig reduces enterprise storage costs by 60 percent while accelerating migration to cloud. The Hedvig Distributed Storage Platform combines block, file, and object storage for bare metal, hypervisor and container environments. The only software-defined solution built on a true distributed system, Hedvig is built to keep pace with scale-out applications and the velocity of change in today's business climate. The Hedvig platform gets better and smarter as the system scales, transforming commodity hardware into the most advanced storage solution available today. Customers such as DGC, LKAB, Mazzetti and Van Dijk use the Hedvig platform to transform their storage from a box where data resides to a fundamental business enabler. For more information about Hedvig, visit www.hedviginc.com.

Connect with Hedvig:

Read our blog: http://hedviginc.com/blog
Follow us on Twitter: https://twitter.com/hedviginc
Like us on Facebook: https://www.facebook.com/hedviginc
Learn more: http://www.hedviginc.com/press-kit

Metaswitch Technologies and Expertise Help Bring Advanced Voice Services to Market Quickly and Scale Seamlessly

LONDON – Network software provider Metaswitch Networks® today announced that Serveurcom, an Internet service provider (ISP) based in Le Mans, France, has deployed Metaswitch's Business Communications solution to deliver hosted voice and rich unified communications (UC) and collaboration services to its growing customer base. Serveurcom, initially focused on small-to-medium-sized businesses in France, is planning to expand its offerings across Europe, selling both directly and through third parties to whom it white-labels its services.

"After 10 years of reselling business voice services, we decided to deploy our own infrastructure in order to provide a superior customer experience. The first thing we were looking for was a robust and reliable solution that would evolve with advances in technology," said Damien Watine, CEO of Serveurcom. "While others were offering just pieces of the package, Metaswitch offered the complete solution, from infrastructure to applications, along with the expertise we needed to take it to market quickly and successfully."

Serveurcom chose Metaswitch's Accession Communicator to deliver full-featured UC, collaboration and video conferencing on mobile and desktop; the MetaView Management Suite, for its suite of analytics, network visibility and unrivalled continuous diagnostic capabilities; and the Perimeta Session Border Controllers (SBC). The MetaSphere Multiservice Telephony Application Server (MTAS) is the heart of the platform; deployed geographically redundantly across two sites, it equips Serveurcom to meet the most demanding of business service continuity requirements.

"With superior customer support and a desire to extend the latest technological advancements to their growing customer base, Serveurcom holds the same core values as ours," said Vincent Gaudron, regional sales director at Metaswitch. "With such business synergies, we are pleased to have been selected as a critical part of Serveurcom's plan to expand its footprint across Europe."

Steve Gleave, SVP of marketing at Metaswitch, interviewed Damien Watine at Metaswitch Forum 2016. Watch the video.

About Metaswitch Networks
Metaswitch is powering the transition of communication networks into a cloud-based, software-centric, all-IP future. As the world's leading network software provider, we design, develop, deliver and support commercial and open-source software solutions for network operators and large enterprises. We are focused on delivering high-performance software that runs on commercial, off-the-shelf hardware, as appliances or in the cloud. Our IP Multimedia Communications Software has been adopted by more than 1,000 customers worldwide, while our Software-Defined Networking portfolio is adding intelligence to white box platforms, cost-effectively virtualizing network routing and hyperscaling the data center. For more information, please visit: http://www.metaswitch.com.

Copyright © 2016 Metaswitch Networks. "Metaswitch" and "Metaswitch Networks" are registered trademarks. Brands and products referenced herein are the trademarks or registered trademarks of their respective holders.

Mirantis Unlocked Validation Brings Predictive Flash to the Cloud

SAN JOSE, Calif. – Nimble Storage (NYSE: NMBL), the leader in predictive flash storage, today announced an expansion of its commitment to the cloud by achieving the Mirantis Unlocked validation for its Nimble Cinder Driver, providing easy-to-deploy, scalable and highly available storage options for customers using OpenStack infrastructure with the Nimble Predictive Flash platform.

Integration of the Nimble Cinder Driver with Mirantis OpenStack allows customers to deploy OpenStack clouds with fast and reliable access to data. The combination of Mirantis OpenStack and the Nimble Predictive Flash platform delivers the foundation for enterprise customers to radically simplify cloud infrastructure deployments while meeting the demands of a dynamic and expanding user base. The Nimble Predictive Flash platform combines the power of InfoSight Predictive Analytics with a Unified Flash Fabric consolidation architecture to deliver flash performance and unparalleled availability by predicting and preventing issues.

"We are proud to be validated by Mirantis, a forerunner in the OpenStack community that enables customers to transition seamlessly to a dynamic storage infrastructure," said Dan Leary, vice president of corporate development, solutions and alliances, Nimble Storage. "Nimble's validation with Mirantis OpenStack showcases our dedication to cloud builders and Software-as-a-Service (SaaS) providers, and ensures that customers' deployment of Nimble on OpenStack infrastructure is simple and frictionless."

Cloud, SaaS providers and enterprises deploying Nimble and Mirantis can create production-grade OpenStack clouds with robust, high-performance Nimble storage systems, simplifying cloud deployments through standardized software packages. In addition to absolute performance, benefits for customers include simplified development and testing to production rollout, non-stop availability to exceed cloud service level agreements and agility to enable their SaaS models with ease.

"Storage management has become more complex as enterprises embrace the cloud, and customers require that their storage solutions not only have high performance, availability and ease-of-use, but also offer tools to support their cloud transition," said Kamesh Pemmaraju, vice president of Product Marketing, Mirantis. "Validating the Nimble Predictive Flash platform on Mirantis OpenStack ensures that customers can take advantage of flash-optimized architecture and predictive analytics with OpenStack, easing their shift to next-generation cloud platforms."

For more information on Nimble's Predictive Flash Platform and certifications, please visit www.nimblestorage.com.

Nimble Storage Resources

About Nimble Storage
Nimble Storage (NYSE: NMBL) is the leader in predictive flash storage solutions. Nimble offers a Predictive Flash platform that combines flash performance with predictive analytics to predict and prevent barriers to data velocity caused by complex IT infrastructure. Nimble customers experience absolute performance, non-stop availability and cloud-like agility that accelerate critical business processes. More than 8,100 enterprises, governments, and service providers have deployed the Nimble Predictive Flash Platform across more than 50 countries. For more information visit www.nimblestorage.com and follow us on Twitter: @nimblestorage.

Nimble Storage, the Nimble Storage logo, CASL, InfoSight, SmartStack, Timeless Storage, Data Velocity Delivered, Unified Flash Fabric and NimbleConnect are trademarks or registered trademarks of Nimble Storage, Inc. Other trade names or words used in this document are the properties of their respective owners.

Fortinet vSecurity Virtual Network Function to Enable Global Enterprises to Deploy Adaptive, Intelligent Virtualized Network Security

SUNNYVALE, Calif. – Fortinet® (NASDAQ: FTNT), the global leader in high-performance cybersecurity solutions, today announced that it has been selected as a vSecurity technology partner as part of Verizon Enterprise Solutions' new Virtual Network Services.

  • The Fortinet Security Fabric will provide enterprise customers of Verizon Virtual Network Services with open, adaptive virtual security and actionable threat intelligence, turning network protection into a driver of business insight and agility.
  • A broad range of security features within the FortiGate virtual network function (VNF), including enterprise firewalls, FortiManager single pane of glass management, integrated threat intelligence from FortiGuard Labs, data loss prevention, IP security, and intrusion detection system will enable enterprises to deploy advanced software-defined networking (SDN) security functions to protect all points in their network.

Shawn Hakl, vice president of networking and innovation, Verizon
"As enterprise networks transition to virtualized models and the cyber attack surface gets increasingly complex, having integrated security that can seamlessly scale and adapt along with business requirements is paramount. The integration of Fortinet as one of our initial vSecurity technology partners will provide our customers with an industry-leading option to quickly deploy virtual security that can allow them to realize the business potential of an agile network."

Digitization of Business Requires Adaptive, Secure Networks at Scale
The increasing complexity of the network from IoT to cloud-based, mission-critical applications, coupled with the growing sophistication of cyber threats makes network security across the distributed enterprise a top business priority. The challenge is that traditional enterprise IT infrastructure struggles to keep pace with the growth of digital business dependence, requiring an on-demand, software-defined approach to network services and security.

As part of Verizon's Virtual Network Services, Fortinet will provide plug-and-play vSecurity VNFs so businesses can deploy security network functions in software. With a broad range of advanced virtual network security features offered, including Fortinet FortiGate enterprise firewalls, advanced threat intelligence, global policy controls, and internal segmentation to protect mission-critical data from breaches, Fortinet vSecurity will deliver all the performance of traditional network security in virtualized solutions.

Fortinet's expansion of its longstanding relationship with Verizon demonstrates the companies' shared commitment to drive business agility through network security solutions that seamlessly adapt and scale, simplify operations and help improve total cost of ownership.

Verizon's new services can be delivered across public, private and wireless networks from Verizon or other service providers, or a combination of multiple providers across multiple networks. For more information, visit here.

Supporting Quote
"From distributed business locations to more and more cloud-based mission critical applications, the cyber attack surface and the sophistication of threats on enterprise networks are at an all time high. As such, it is critical that businesses have the ability to spin up security resources and global policies as needed so they can free up resources to focus on business objectives. Building on our longstanding relationship with Verizon, Fortinet will deliver the on-demand security needed today for distributed enterprises to take their business to the next level, while helping control costs and drive business agility through virtualized offerings."
- Matt Pley, vice president, Carrier and Service Provider, Fortinet

Additional Resources

About Fortinet
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network -- today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. More than 270,000 customers worldwide trust Fortinet to protect their businesses. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.

Copyright © 2016 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiCloud, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiCarrier, FortiScan, FortiAP, FortiDB, FortiVoice and FortiWeb. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, binding specification or other binding commitment by Fortinet, and performance and other specification information herein may be unique to certain environments. This news release contains forward-looking statements that involve uncertainties and assumptions. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.


As some software vendors benefit and others fail to keep up, a market shake up is possible


MAIDENHEAD, UK – The enterprise software marketplace is undergoing a massive transformation as the pricing and licensing models dictating how software is bought and sold evolve. Fueled in part by shifts in customer demand and in part by rapidly changing technology, some software application vendors are poised to reap windfall profits from the new software pricing and licensing models emerging, while others risk being left behind. This is the conclusion of a new report published by Software Monetization expert, Flexera Software. Among the report’s findings:

  • Perpetual Decline: Only 43 percent of software vendors say perpetual software licenses contribute to half or more of their revenues. Historically, the perpetual license was the dominant licensing model used by most software vendors.
  • Shifting Foundations: 70 percent of software vendors will change their pricing and licensing models within the next two years. The reasons? To generate more revenues, be more competitive and improve customer relations.
  • No Installation Required: 36 percent of software vendors say that less than half of their applications are delivered as traditional installed software.
  • Change Ready: Within the next two years software vendors plan on changing their licensing policies to accommodate new technologies like:
    • Cloud (49 Percent)
    • SaaS (46 percent)
    • Virtualisation (47 percent)
    • Mobile Platforms (55 percent)
  • Bliss or Ignorance? 73 percent of vendors boast their pricing and licensing policies are effective. Yet despite this confidence, 51 percent of those surveyed admitted they don’t track customer usage, 45 percent don’t audit customer usage, 55 percent don’t have technology in place to track customer usage of their products, and 42 percent say their customers have challenges determining which software products they’re entitled to use.

“Enterprises are rapidly redefining how they want to license and pay for business software. Moreover, technology is shifting so rapidly it is rendering old pricing and licensing models obsolete,” said R “Ray" Wang, Principal Analyst & Founder at Constellation Research. “Smart software producers are being proactive, viewing this dramatic shift as an opportunity to offer more flexible monetisation models, capture market share and new revenue streams. Software vendors that fail to act risk being left behind.”


“The report illustrates the fluidity of the software market place and the rapidly changing customer preferences dictating how software is bought and sold,” said Steve Schmidt, Vice President of Corporate Development at Flexera Software. “To thrive in this environment software vendors must adopt an agile Software Monetisation strategy and implement automation that flexibly supports multiple software pricing and licensing models. As the data suggests, many vendors are not yet ‘change-ready,’ and therefore are at risk.”



Access the report: Software Licensing 2016: Seismic Shifts – Shaky Foundations Report

Learn more about Flexera Software’s:

Related Flexera Software Webinars

Related Flexera Software White Papers


About this Report

The 2016 Key Trends in Software Pricing and Licensing survey was conducted by Flexera Software. This annual research project looks at software licensing, pricing and enforcement trends and best practices. The survey reaches out to executives at software application producers (software vendors and intelligent device manufacturers) and enterprises who use and manage software and devices. Now in its tenth year, the survey is made available to the industry at large each year.


About Flexera Software

Flexera Software helps application producers and enterprises increase application usage and the value they derive from their software. Our software licensing, compliance and installation solutions are essential to ensure continuous licensing compliance, optimized software investments and to future-proof businesses against the risks and costs of constantly changing technology. Over 80,000 customers turn to Flexera Software as a trusted and neutral source for the knowledge and expertise we have gained as the marketplace leader in licensing, installation and compliance for over 20 years and for the automation and intelligence designed into our products. For more information, please go to: www.flexerasoftware.com.

Closing Attackers' "Window of Opportunity" Is Top Priority for Organizations; Cisco Leads Industry in Reducing Time to Detection With New 13-Hour Low

SAN JOSE, Calif. – The Cisco® (NASDAQ: CSCO) 2016 Midyear Cybersecurity Report (MCR) finds that organizations are unprepared for future strains of more sophisticated ransomware. Fragile infrastructure, poor network hygiene, and slow detection rates are providing ample time and air cover for adversaries to operate. According to the report's findings, the struggle to constrain the operational space of attackers is the biggest challenge facing businesses and threatens the underlying foundation required for digital transformation. Other key findings in the MCR include adversaries expanding their focus to server-side attacks, evolving attack methods and increasing use of encryption to mask activity.

So far in 2016, ransomware has become the most profitable malware type in history. Cisco expects to see this trend continue with even more destructive ransomware that can spread by itself and hold entire networks, and therefore companies, hostage. New modular strains of ransomware will be able to quickly switch tactics to maximize efficiency. For example, future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions. These new ransomware strains will spread faster and self-replicate within organizations before coordinating ransom activities.

Visibility across the network and endpoints remains a primary challenge. On average, organizations take up to 200 days to identify new threats. Cisco's median time to detection (TTD) continues to outpace the industry, hitting a new low of approximately 13 hours to detect previously unknown compromises for the six months ending in April 2016. This result is down from 17.5 hours for the period ending in October 2015. Faster time to detection of threats is critical to constrain attackers' operational space and minimize damage from intrusions. This figure is based on opt-in security telemetry gathered from Cisco security products deployed worldwide.

As attackers innovate, many defenders continue to struggle with maintaining the security of their devices and systems. Unsupported and unpatched systems create additional opportunities for attackers to easily gain access, remain undetected, and maximize damage and profits. The Cisco 2016 Midyear Cybersecurity Report shows that this challenge persists on a global scale. While organizations in critical industries such as healthcare have experienced a significant uptick in attacks over the past several months, the report's findings indicate that all vertical markets and global regions are being targeted. Clubs and organizations, charities and non-governmental organization (NGOs), and electronics businesses have all experienced an increase in attacks in the first half of 2016. On the world stage, geopolitical concerns include regulatory complexity and contradictory cybersecurity policies by country. The need to control or access data may limit and conflict with international commerce in a sophisticated threat landscape.

Attackers Operating Unconstrained
For attackers, more time to operate undetected results in more profits. In the first half of 2016, Cisco reports, attacker profits have skyrocketed due to the following:

Expanding Focus: Attackers are broadening their focus from client-side to server-side exploits, avoiding detection and maximizing potential damage and profits.

  • Adobe Flash vulnerabilities continue to be one of the top targets for malvertising and exploit kits. In the popular Nuclear exploit kit, Flash accounted for 80 percent of successful exploit attempts.
  • Cisco also saw a new trend in ransomware attacks exploiting server vulnerabilities -- specifically within JBoss servers -- of which, 10 percent of Internet-connected JBoss servers worldwide were found to be compromised. Many of the JBoss vulnerabilities used to compromise these systems were identified five years ago, meaning that basic patching and vendor updates could have easily prevented such attacks.

Evolving Attack Methods: During the first half of 2016, adversaries continued to evolve their attack methods to capitalize on defenders' lack of visibility.

  • Windows Binary exploits rose to become the top web attack method over the last six months. This method provides a strong foothold into network infrastructures and makes these attacks harder to identify and remove.
  • During this same timeframe, social engineering via Facebook scams dropped to second from the top spot in 2015.

Covering Tracks: Contributing to defenders' visibility challenges, adversaries are increasing their use of encryption as a method of masking various components of their operations.

  • Cisco saw an increased use of cryptocurrency, Transport Layer Security and Tor, which enables anonymous communication across the web.
  • Significantly, HTTPS-encrypted malware used in malvertising campaigns increased by 300 percent from December 2015 through March 2016. Encrypted malware further enables adversaries to conceal their web activity and expand their time to operate.

Defenders Struggle to Reduce Vulnerabilities, Close Gaps
In the face of sophisticated attacks, limited resources and aging infrastructure, defenders are struggling to keep pace with their adversaries. Data suggests defenders are less likely to address adequate network hygiene, such as patching, the more critical the technology is to business operations. For example:

  • In the browser space, Google Chrome, which employs auto-updates, has 75 to 80 percent of users using the newest version of the browser, or one version behind.
  • When we shift from looking at browsers to software, Java sees slow migrations with one-third of the systems examined running Java SE 6, which is being phased out by Oracle (the current version is SE 10).
  • In Microsoft Office 2013, version 15x, 10 percent or less of the population of a major version are using the newest service pack version.

In addition, Cisco found that much of their infrastructure was unsupported or operating with known vulnerabilities. This problem is systemic across vendors and endpoints. Specifically, Cisco researchers examined 103,121 Cisco devices connected to the Internet and found that:

  • Each device on average was running 28 known vulnerabilities.
  • Devices were actively running known vulnerabilities for an average of 5.64 years.
  • More than 9 percent have known vulnerabilities older than 10 years.

In comparison, Cisco also looked across software infrastructure at a sample of over 3 million installations. The majority were Apache and OpenSSH with an average number of 16 known vulnerabilities, running for an average of 5.05 years.

Browser updates are the lightest-weight updates for endpoints, while enterprise applications and server-side infrastructure are harder to update and can cause business continuity problems. In essence, the more critical an application is to business operations, the less likely it is to be addressed frequently, creating gaps and opportunities for attackers.

Cisco Advises Simple Steps to Protect Business Environments
Cisco's Talos researchers have observed that organizations that take just a few simple yet significant steps can greatly enhance the security of their operations, including:

  • Improve network hygiene, by monitoring the network; deploying patches and upgrades on time; segmenting the network; implementing defenses at the edge, including email and web security, Next-Generation Firewalls and Next-Generation IPS.
  • Integrate defenses, by leveraging an architectural approach to security versus deploying niche products.
  • Measure time to detection, insist on fastest time available to uncover threats then mitigate against them immediately. Make metrics part of organizational security policy going forward.
  • Protect your users everywhere they are and wherever they work, not just the systems they interact with and when they are on the corporate network.
  • Back up critical data, and routinely test their effectiveness while confirming that back-ups are not susceptible to compromise.

Supporting Quote
"As organizations capitalize on new business models presented by digital transformation, security is the critical foundation. Attackers are going undetected and expanding their time to operate. To close the attackers' windows of opportunity, customers will require more visbility into their networks and must improve activities, like patching and retiring aging infrastructure lacking in advanced security capabilities.

"As attackers continue to monetize their strikes and create highly profitable business models, Cisco is working with our customers to help them match and exceed their attackers' level of sophistication, visbility and control."
-- Marty Roesch, Vice President and Chief Architect, Security Business Group, Cisco

About the Report
The Cisco 2016 Midyear Cybersecurity Report examines the latest threat intelligence gathered by Cisco Collective Security Intelligence. The report provides data-driven industry insights and cybersecurity trends from the first half of the year, along with actionable recommendations to improve security posture. It is based on data from a vast footprint, amounting to a daily ingest of over 40 billion points of telemetry. Cisco researchers translate intelligence into real-time protections for our products and service offerings that are immediately delivered globally to Cisco customers.

Supporting Resources
Cisco Video with David Goeckeler, Steve Martino: Cisco 2016 Midyear Cybersecurity Report
Cisco 2016 Midyear Cybersecurity Report
Cisco Blog: Time is of the Essence: Announcing the Cisco 2016 Midyear Cybersecurity Report
Cisco Infographic
Cisco 2016 Midyear Cybersecurity Report Graphics
Follow Cisco on Twitter @CiscoSecurity
Like Cisco Security on Facebook

About Cisco
Cisco (NASDAQ: CSCO) is the worldwide technology leader that has been making the Internet work since 1984. Our people, products, and partners help society securely connect and seize tomorrow's digital opportunity today. Discover more at newsroom.cisco.com and follow us on Twitter at @Cisco.

Cisco, the Cisco logo, Cisco Systems and Cisco IOS are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. This document is Cisco Public Information.