Networking

Technology giant Hewlett Packard Enterprise on Thursday announced a “multi-year strategic collaboration” with Ayar Labs, the seven-year-old photonic chip startup whose circuits are designed to move data between chips much faster than typical metal interconnects.

California-based Ayar, which has amassed $65 million in venture capital funding, is also receiving funding from Hewlett’s venture capital unit, Hewlett Packard Pathfinder. The two declined to disclose how much.Hewlett said that because of the rapidly increasing amounts of data in high-performance computing (HPC) and in artificial intelligence computing, traditional “electrical-based networking offerings will eventually reach bandwidth limits.”Therefore, the duo “plan to develop capabilities that leverage optical I/O, which is a silicon photonics-based technology that uses light instead of electricity to transmit data, to integrate with HPE Slingshot,” Hewlett’s networking product dedicated to interconnecting HPC systems. Slingshot is being developed for computers such as “exascale” machines designed for the US Department of Energy.Ayar Labs claims its silicon photonic technology can deliver 1,000 times the bandwidth of electrical I/O circuity while consuming 1/10th the power.A recent Ayar Labs research report on a terabit-per-second optical interconnect.
Ayar Labs 2021
Ayar Labs has amassed nearly two dozen patents on photonic chip technology and has another four dozen patent applications.Recent research published by the company describes transmitting 1-terabit-per-second data feeds over wavelength-division multiplexing (WDM) fiber-optic network systems, at 128 gigabits per second on each of 16 ports. 

Networking More

Intel on Wednesday announced that it’s updating its OpenVINO AI developer toolkit, enabling developers to use it to bring a wider range of intelligent applications to the edge. Launched in 2018 with a focus on computer vision, OpenVINO now supports a broader range of deep learning models, which means adding support for audio and natural language processing use cases. 

Innovation

“With inference taking over as a critical workload at the edge, there’s a much greater diversity of applications” under development, Adam Burns, Intel VP and GM of Internet of Things Group, said to ZDNet. Since its launch, hundreds of thousands of developers have used OpenVINO to deploy AI workloads at the edge, according to Intel. A typical use case would be defect detection in a factory. Now, with broader model support, a manufacturer could use it to build a defect spotting system, plus a system to listen to a machine’s motor for signs of failure. Besides the expanded model support, the new version of OpenVINO offers more device portability choices besides the expanded model support with an updated and simplified API. OpenVINO 2022.1 also includes a new automatic optimization process. The new capability auto-discovers the compute and accelerators on a given system and then dynamically load balances and increases AI parallelization based on memory and compute capacity. “Developers create applications on different systems,” Burns said. “We want developers to be able to develop right on their laptop and deploy to any system.” Intel customers already using OpenVINO include automakers like BMW and Audi; John Deere, which uses it for welding inspection; and companies making medical imaging equipment like Samsung, Siemens, Philips and GE. The software is easily deployed into Intel-based solutions — which is a compelling selling point, given that most inference workloads already run on Intel hardware. “We expect a lot more data to be stored and processed at the edge,”  Sachin Katti, CTO of Intel’s Network and Edge Group, said to ZDNet. “One of the killer apps at the edge is going to be inference-driven intelligence and automation.”Ahead of this year’s Mobile World Congress, Intel on Thursday also announced a new system-on-chip (SoC) designed for the software-defined network and edge. The new Xeon D processors (the D-2700 and D-1700) are built for demanding use cases, such as security appliances, enterprise routers and switches, cloud storage, wireless networks, AI inferencing and edge servers — use cases where compute processing needs to happen close to where the data is generated. The chips deliver integrated AI and crypto acceleration, built-in Ethernet, support for time-coordinated computing and time-sensitive networking. More than 70 companies are working with Intel on designs that utilize the Xeon D processors, including Cisco, Juniper Networks and Rakuten Symphony.Intel also said Thursday that its next-gen Xeon Scalable platform, Sapphire Rapids, includes unique 5G-specific signal processing instruction enhancements to support RAN-specific signal processing. This will make it easier for Intel customers to deploy vRAN (virtual Radio Access Networks) in demanding environments.

Artificial Intelligence More

Researchers at Palo Alto Network’s Unit 42 said they discovered a tool — named SockDetour — that serves as a backup backdoor in case the primary one is removed. They believe it’s possible that is has “been in the wild since at least July 2019.”The researchers said it stood out and is hard to detect because it operations filelessly and socketlessly on compromised Windows servers.

ZDNet Recommends

“One of the command and control (C2) infrastructures that the threat actor used for malware distribution for the TiltedTemple campaign hosted SockDetour along with other miscellaneous tools such as a memory dumping tool and several webshells. We are tracking SockDetour as one campaign within TiltedTemple, but cannot yet say definitively whether the activities stem from a single or multiple threat actors,” the researchers explained. “Based on Unit 42’s telemetry data and the analysis of the collected samples, we believe the threat actor behind SockDetour has been focused on targeting US-based defense contractors using the tools. Unit 42 has evidence of at least four defense contractors being targeted by this campaign, with a compromise of at least one contractor.”SockDetour allows attackers to remain stealthily on compromised Windows servers by loading filelessly in legitimate service processes and using legitimate processes’ network sockets to establish its own encrypted C2 channel.The researchers did not find any additional SockDetour samples on public repositories, and the plugin DLL remains unknown. They added that it is being delivered through SockDetour’s encrypted channel and communicating via hijacked sockets.Unit 42 noted that the type of NAS server found hosting SockDetour is typically used by small businesses. The company tied the backdoor to a larger APT campaign they named TiltedTemple. They first identified TiltedTemple while investigating its use of the Zoho ManageEngine ADSelfService Plus vulnerability CVE-2021-40539 and ServiceDesk Plus vulnerability CVE-2021-44077. “Our initial publications on TiltedTemple focused on attacks that occurred through compromised ManageEngine ADSelfService Plus servers and through ManageEngine ServiceDesk Plus,” the researchers said. “The TiltedTemple campaign has compromised organizations across the technology, energy, healthcare, education, finance, and defense industries and conducted reconnaissance activities against these industries and others, including infrastructure associated with five US states. We found SockDetour hosted on infrastructure associated with TiltedTemple, though we have not yet determined whether this is the work of a single threat actor or several.” More

The SIEM, or security information and event management console, has been a staple for security teams for more than a decade. It’s the single pane of glass that shows events, alerts, logs, and other information that can be used to find a breach. Despite its near ubiquity, I’ve long been a SIEM critic and believe the tool is long past its prime. This is certainly not the consensus; I’ve been criticized in the past for taking this stance. Legacy SIEMs are outdated 

ZDNet Recommends

The best security key

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

The proof point I offer is the fact that whenever a breach occurs, the SIEM vendor claims to have seen it, yet the breach happened anyway. That was the case with many big-name businesses that suffered a newsworthy cyberattack. Target, Sony, and many others all echoed the same. The SIEM saw it, but the security team missed it. If SIEMs are so powerful, why does this continue to happen? The answer is that SIEMs can no longer keep up with the massive volumes of data that come into them and need to be correlated, sorted, and viewed in a way that helps security operations prioritize events. This can help separate an actual breach from a false positive. Many security pros have told me their SIEM shows so much info now that they ignore much of it. In a sense, too much information is as useful as no information.Palo Alto introduces an AI-powered operations tool This week, Palo Alto Networks introduced its Cortex XSIAM (eXtended Security Intelligence and Automation Management), which can be viewed as a modernized SIEM with an infusion of artificial intelligence. The concept of the XSIAM is that it uses AI to separate the threats from the noise in the immense amounts of telemetry data generated by infrastructure today. If done correctly, this would accelerate threat identification, which in turn, speeds up threat response. The infusion of AI into security is something that has been badly needed for some time. There are still some people opposed to it, and the thought of taking the analytic process out of people’s hands and trusting machines, in reality, can be scary. The truth is the bad guys are using AI. Using people to fight threat actors armed with machine learning is akin to bringing a knife to a gunfight. It’s time to fight fire with fire, and that means accepting that AI needs to be a key part of cybersecurity moving forward. 

One of the major differences between a traditional SIEM and Cortex XSIAM is that the latter collects granular telemetry information, not just logs and alerts. This is where AI can add value as it can drive natively autonomous response actions, such as cross-correlation of alerts and data, detection of sophisticated emerging threats, and automated remediation based on threat intelligence and attack surface data. Security platforms are the way forward The release of Cortex XSIAM is a direct result of the security platform that Palo Alto Networks has built. Historically, security pros have used best-of-breed point products to secure specific points in the environment. This is why, according to ZK Research, the average enterprise has 32 security vendors, with some reporting more than 100. One of the three-letter U.S. government agencies told me it has more than 200. CISOs are now starting to understand that this strategy does not work. One CISO stated that best of breed everywhere does not lead to best-in-class threat protection. In fact, it creates suboptimal protection because it becomes impossible to manage security policies across the various vendors. I do not believe we can ever have one vendor to handle everything, but businesses do need to pick a single open-platform vendor that has a strong foundation in networking, cloud, and endpoint, and then augment that with technologies that interoperate with that platform. This has been the vision on which Palo Alto has been working. The first proof point for validating the value of the platform was the release of Palo Alto’s XDR solution. In 2018, I authored this post, proclaiming XDR to be the evolution of EDR. My thesis at the time was that looking at endpoint data in isolation wasn’t enough; XDR rolls up data from across the infrastructure to see things EDR can’t. The release of Cortex XSIAM follows the same thought process. SIEMs use limited data, and manual analytics and are no longer a viable way of finding threats. This model has not worked, is not working, and won’t ever work. Security teams need an operations tool that uses AI-based analytics, which pulls granular data from across the platform to combat today’s highly advanced threat actors. More

Users of Asustor Network Attached Storage (NAS) devices are being warned of potential Deadbolt ransomware infections after dozens of people took to Reddit and other message boards to complain of attacks. Asustor Marketing Manager Jack Lu told ZDNet that the company is “going to release a recovery firmware for support engineers today for users whose NAS is hacked so they can use their NAS again.” 

ZDNet Recommends

The best network-attached storage devices

If cloud-based servers don’t meet all of your storage needs, consider a NAS solution. We selected a handful of devices that passed our reliability torture tests and offer superior usability and feature sets.

Read More

“However, encrypted files can not be recovered unless users have backups,” Lu added. Asustor released a warning on Wednesday that the Deadbolt ransomware was being used in attacks affecting Asustor devices. It announced that the myasustor.com DDNS service will be disabled while the issue is investigated.The company recommends users change default ports, including the default NAS web access ports of 8000 and 8001 as well as remote web access ports of 80 and 443. Users should also Disable EZ Connect, make immediate backups, and turn off Terminal/SSH and SFTP services.Asustor also provided a more detailed guide for users in need of more help. If you have already been hit by Deadbolt ransomware, you should unplug the Ethernet network cable and shut down your NAS by pressing and holding the power button for three seconds.Users are urged to fill out this form and make sure not to initialize their NAS because it will erase their data.The New Zealand CERT released its own lengthy warnings about Deadbolt this week, writing that vulnerabilities in QNAP and Asustor NAS devices are being actively exploited to deploy ransomware. The US Cybersecurity and Infrastructure Security Agency declined to comment.QNAP released its own Deadbolt guidance last month and took several controversial measures to limit the spread of the ransomware. CERT NZ said users should follow the guidance provided by both companies about how to protect their devices. But it noted that both are “being actively targeted by attackers intending to deploy ransomware.”It said QNAP NAS devices that are internet exposed and running QTS and QuTS operating systems, or add-ons with the following versions, are affected:QTS 5.0.0.1891 build 20211221 and laterQTS 4.5.4.1892 build 20211223 and laterQuTS hero h5.0.0.1892 build 20211222 and laterQuTS hero h4.5.4.1892 build 20211223 and laterQuTScloud c5.0.0.1919 build 20220119 and laterAffected Asustor devices that are internet exposed and running ADM operating systems include the AS5104T, AS5304T, AS6404T, AS7004T, AS5202T, AS6302T, and AS1104T models. 

Users have reported seeing the same ransom messages that were deployed last month when QNAP devices were hit. The Deadbolt ransomware group demanded 0.03 bitcoins (BTC) in exchange for the decryption key. In another note to Asustor, the ransomware group offers to provide the company with information about the alleged zero-day vulnerability they used to attack in exchange for 7.5 BTC. The group is also offering a master decryption key for 50 BTC, worth $1.9 million. For QNAP, the group demanded a payment of 5 BTC in exchange for details about the alleged zero-day and 50 BTC for a universal decryption master key.As users wait for the firmware to be released, some are warning users to make a backup of the locked files. QNAP’s firmware removed the ransom note that is needed to get and use the decryption key. Both the decryption tools from Deadbolt and security company Emsisoft require the original ransom note. It is unclear how many Asustor users are affected by the ransomware. Censys reported last month that of the 130,000 QNAP NAS devices that were potential targets, 4,988 “exhibited the telltale signs of this specific piece of ransomware.”Censys later told ZDNet that the number of exposed and infected devices was around 3,927.  More

Singtel has unveiled plans to dish out at least SG$2 billion ($1.49 billion) to redevelop its global headquarters. Located along Singapore’s Orchard Road shopping strip, the new site is pitched as a smart building that will showcase sustainable workspace designs for the telco’s employees and future tenants. Called Comcentre, the building has sat on its current plot since 1979 and occupies an area of 19,252 square metres. The planned redevelopment is estimated to cost at least SG$2 billion ($1.49 billion), including land costs, Singtel said in a statement Wednesday. The Singapore telco said it would divest ownership of the building as part of its “capital recycling strategy” to a joint venture to be formed with an appointed estate developer. Singtel would hold a majority stake in the joint venture. 

It added that it was in the process of confirming the developer from a shortlist of two. The tender process would close next month, with a decision to be made in May, according to Singtel.  The telco said it would be the anchor tenant of the new development, taking up some 30% of the space. The rest would be leased out to tenants seeking offices in the area, providing additional recurring income for Singtel in the long term, it said. Slated for completion by end-2028, the redeveloped site is expected to span a gross floor area of more than 110,000 square metres comprising office buildings, and a retail component. It also will comprise Singtel’s  Orchard Exchange, which currently hosts telecommunications infrastructure. The telco said it had secured in-principal approval from Singapore Land Authority to extend its lease on all lots within Comcentre to 2089. 

The office buildings on the redeveloped site would feature “more open and digital” areas that facilitate a collaborative environment and provide tenants with “optimised hybrid workspaces”, Singtel said.  Singtel Group CEO Yuen Kuan Moon said: “We’re truly excited to be working with the authorities to rejuvenate the Orchard Road precinct to prepare for the post-pandemic world and reinvigorate our future workplaces… Maximising the unique development potential of Comcentre will significantly enhance its value in a vicinity where Grade A office developments are in short supply. We strive to optimise the capital we can unlock from existing assets to fund our growth initiatives, including 5G and the regional expansion of our data centre business.”The new Comcentre will cater to our evolving business needs and showcase the digital workplace of the future featuring 5G solutions… The redevelopment of our headquarters also supports our vision to build a greener and sustainable future, and will further facilitate our efforts to reach net zero for our own operations,” Yuen said. Preparation for the redevelopment would begin in 2024, when employees would move to temporary spaces at Singtel’s other premises across Singapore. The telco last year kickstarted a business transformation it dubbed a “strategic reset”. Two other local telcos StarHub and M1 also made similar moves and all three companies saw leadership changes in recent years. StarHub’s Nikhil Eapen took on the CEO role in December 2020, after a months-long search, while Yuen assumed his current role in January last year and M1 CEO Manjot Singh Mann took over the helm in December 2018.In a separate announcement Tuesday, Singtel launched a new orchestration platform for 5G edge computing and cloud services. Dubbed Paragon, the new offering was touted to allow enterprise customers to tap the telco’s 5G network on-demand and roll out mission-critical applications on its MEC (Multi-access Edge Compute) infrastructure. Customers also would be able to access applications offered by Singtel’s partners as well as deploy them in a hybrid environment, comprising Singtel’s edge and a public cloud platform. “Many enterprises are undergoing rapid digitalisation while exploring and developing tailored 5G solutions for deployment in their industries,” said Singtel’s enterprise group CEO Bill Chang. “We understand the challenges and complexities they face in managing the various networks, edge cloud applications, and services with the required cybersecurity, resiliency, and demanding service assurances required, cost-effectively. Paragon was conceived, developed, and delivered to help enterprises meet these needs through a single platform.”RELATED COVERAGE More

Generally speaking, if you want really fast internet, your best choice has been 1 Gigabit per second (Gbps). There have been a handful of places, such as Chattanooga, Tenn., with faster internet. But for the most part, you are out of luck. That’s no longer the case. Frontier, a national Internet Service Provider (ISP), is now bringing 2 Gbps broadband to all its fiber customers. While Frontier is best known for its rural DSL internet service, the company has been expanding its fiber network. Frontier’s 2 Gbps service will be available to approximately 4 million customers in 19 states as part of its launch. This 2 Gbps service is symmetrical; this means you’ll get 2 Gbps speeds both up and down. 

So, what kind of speed does that give you in real-world terms? Well, you can download Fortnite, which comes in at 10GBs, in about two minutes. Or you download a Blu-ray episode of Game of Thrones in 90 seconds. Or, in my case, I can download Linus’s Linux kernel in less time than it takes to read this sentence. Don’t think you need that kind of speed? Think again. Frontier claims that even an average home they service now has 17 connected devices, which has more than doubled over the last few years. With more and more people working from home, we need all the broadband we can get.Also: Here’s how 2022 will bring us faster internetFrontier’s not the only one that offers multi-Gbps speeds. AT&T, Google Fiber, Verizon Fios, Xfinity, and Ziply Fiber also offer this level of performance, but none of them offer it over their entire network like Frontier.”The last two years have fundamentally shifted how we use the internet and what customers expect from their connectivity partner,” said John Harrobin, Frontier’s EVP of Consumer. “Powered by thousands of miles of fiber, we are stepping up our game to bring unmatched 2-Gig speeds to our entire fiber footprint and change the way customers experience the internet at home.”

Also: The best 5G home internet: Your broadband optionsThis new 2 Gbps offer also comes with Frontier’s Total Home Wi-Fi Guarantee. This means the Frontier’s 2 Gbps router supports today’s fastest Wi-Fi standard: Wi-Fi 6e. With this technology, you’ll get an honest 1 Gbps wireless connection to your devices.  The service also includes unlimited data, a voice line, tech support, and free multi-device security. There’s also no activation fee or contract requirements. This service will cost $150 a month for 2 Gbps. Other speeds, 1 Gbps and 500 Megabit per second (Mbps), are available at lower prices.Also: 10-Gigabit internet: Coming to your home and office within the decadeSome of you may be thinking, “Frontier? Aren’t they that second-rate ISP?” Yes, there was a time not that long ago when Frontier was a troubled ISP. For years, Frontier had been known for over-promising and under-delivering on its internet services. This led to its Chapter 11 bankruptcy in April 2020. Frontier President and CEO Nick Jeffery came aboard Frontier after years as Vodafone UK CEO to turn around the company. Frontier came out of bankruptcy in May 2021 with Jeffrey leading the way and promising that it would double its fiber investment. This is the company delivering on that promise. For this speed and price, I’d give them another chance

Networking More

A new study published by Incisiv and funded by Verizon found that retailers are struggling to find ways to ease in-store network congestion and support booming mobile device use among both customers and employees.Incisiv’s 2022 Connected Retail Experience Study found that only 22% of grocery and general merchandise retailers are satisfied with the digital connectivity available to customers and employees in their brick and mortar locations. This number rose as high as 55% for specialty and department stores, but that still left almost half struggling with issues surrounding the availability and reliability of in-store connections. The survey discovered that the situation is likely to become even more pressing over the next 12-24 months, with 93% of retailers expecting increases in overall (customer and employee) mobile device usage within their stores by the beginning of 2025, while 83% specifically plan to grow their own use of networked in-store technology, like IoT (Internet of Things) devices. Retailers’ growing networking demands are expected to be driven, in large part, by in-store processes like inventory management. Respondents told Incisiv that the percentage of associated, automated tasks that rely on connected technology will triple by 2025, from 19%, currently, to 62% in less than three years. The multi-pronged increase in demand doesn’t bode well for in-store networks if the expansions aren’t made to capacity.Only 20% of grocery and general merchandise retail managers, and 32% of their specialty and department store counterparts, are currently satisfied with the existing connectivity and networking options for customers and sales associates during peak usage times. This means the vast majority of both retail categories are already feeling friction brought on by current network constraints, without future growth being taken into account. Also: After COVID-19, what happens to the grocery store industry?

Among all of the aforementioned factors, the Verizon-sponsored study found that an expected increase in demand driven by growing numbers of customer-owned devices was the number one driver of expected 5G adoption across surveyed retailers. This was followed by a similar expectation of growing connected device use by store staff for tasks such as real-time inventory tracking. 5G is also expected to play a major role in enabling Wi-fi deployments for additional in-store tasks that require associates to stay connected at all times. Whether 5G or terrestrial broadband serves as the ultimate source of connectivity, the survey makes it clear that the retail space’s need for increased network capacity may even exceed the ongoing global explosion being seen across most carrier networks.

ZDNet Recommends More