Networking

BlackRock, the major asset management firm, is deploying a Verizon Business On Site 5G private network at its new global headquarters in New York City, the companies said Tuesday during Mobile World Congress. The deal — the first commercial implementation of Verizon’s On Site 5G offering — showcases how private 5G networks can be used in lieu of wi-fi at facilities that require secure, fast networks. Verizon launched On Site 5G in June to bring private 5G networks to enterprise and public sector facilities. The service brings Verizon’s 5G Ultra Wideband capabilities to indoor and outdoor locations, regardless of whether they’re within a public 5G Ultra Wideband coverage area.The private networks are non-standalone, meaning they combine 5G Ultra Wideband small cells with the LTE packet core and radios of On Site LTE. With a non-standalone network, customers can leverage both 5G Ultra Wideband and 4G LTE capabilities.At BlackRock’s new Hudson Yards facility, the network will be used on the trading floor, the client-facing conference center, meeting rooms and other areas that will benefit from high speed and low latency.Verizon has been busy aggressively expanding its 5G Ultra Wideband network, which uses high-band, ultra-wide millimeter wave spectrum to deliver high-speed 5G. That’s different from Verizon’s “5G Nationwide” network, which leverages 5G and 4G. (Read more about the different “flavors” of 5G here).After spending an eye-popping $52 billion last year for C-band spectrum spanning the US, Verizon has used it to bring 5G Ultra Wideband mobility service to parts of more than 1,700 cities around the US so far.Verizon’s larger 5G strategy melds 5G with edge computing, and it involves creating an ecosystem with tech giants like AWS and Microsoft Azure. More

Bulltt Group, which is the global licensee for Cat Phones and Motorola in the rugged device space, has been busy during 2021, launching an H+ version of the Cat S42 smartphone whose external components are laced with an antimicrobial silver ion additive, and two phones for T-Mobile in the US – the Cat S62 and Cat S22 Flip. The company also launched its first rugged Motorola phone, the Motorola Defy. SEE: Best cheap 5G phone 2022: No need to pay flagship prices for quality devicesAt Mobile World Congress (MWC), Bullitt Group is addressing a growing category – mobile internet hotspots – with a rugged 5G device called the Cat Q10. There’s a good number of mobile hotspots available, but few are 5G compatible, and fewer are durable and weatherproof, the company points out. The canonical use case is an outdoor space such as a building site, a farm, or a pop-up business, where the need is for fast and secure internet connectivity to a good number of devices via a battery-powered device that’s quick and easy to set up and carry around. The Cat Q10 Rugged 5G Mobile Internet Hotspot.
Image: Bullitt Group
The Cat Q10 is a 283g device measuring 81mm by 128mm by 26mm that’s dust and water resistant to IP68 level, and MIL-STD-810H certified for ruggedness. It packs a swappable 5300mAh battery that’s claimed to deliver 10 hours usage, 1,000 hours standby and can act as a power bank to recharge smartphones if necessary. Powered by a MediaTek T750 chipset supporting 5G (SA and NSA, but no mmWave as yet), 4G LTE and Wi-Fi 6 (802.11ax), the Cat Q10 can support up to 32 connected users simultaneously. It accepts a single Nano SIM, supports WPA 3 security and is set up via a mobile (Android or iOS) app. The Cat Q10 will launch at the end of Q2 2022. No pricing details were available at the time of writing. Bullitt Group also announced a range of services designed to prolong the lifecycle of their rugged devices, enhancing the company’s sustainable credentials. ‘Business Edition’ on selected Cat phones provides an extra year’s warranty, while ‘Rugged Care’ and ‘Rugged Care+’ service contracts cover the replacement of parts such as batteries and device repairs. Finally, Bullitt Group announced its own MVNO for the UK market – Bullitt Connect. Built in partnership with Transatel and utilising the EE mobile network, Bullitt Connect will offer voice, text and data services to consumers and industry verticals, focusing particularly on sectors such as logistics and the gig economy. More

With Russia’s invasion of Ukraine, Ukraine’s internet was sent staggering. Georgia Tech’s Internet Outage Detection and Analysis (IODA) project, which monitors the internet, reported serious outages in Ukraine starting late on February 23.In response to this and other internet attacks, Ukraine’s Vice Prime Minister and Minister of Digital Transformation Mykhailo Fedorov requested help from SpaceX and Tesla billionaire Elon Musk. Musk responded on Twitter, where he wrote, “Starlink service is now active in Ukraine. More terminals en route.”Starlink, SpaceX’s low-earth orbit (LEO) high-speed, low-latency internet service, is considered far more reliable than conventional broadband.One person on Twitter summed it up nicely: “The people of Ukraine now have access to the fastest, most robust satellite internet system ever created. This makes it impossible for Russia to disable the Ukrainian internet access fully without cyber attacking foreign data centers.” Even before the declaration of war, Russia has been targeting Ukraine with cyber attacks. On 15 January 2022, Russia injected malware and employed a DDoS attack on Ukrainian websites, while in 2016, a Russian cyber attack turned off the power supply of Ukraine’s capital city, Kyiv. More recently, Russia has been trying to disrupt Ukraine’s internet. According to the internet monitoring group NetBlocks, GigaTrans — Ukraine’s main internet service provider — has seen its traffic disrupted since February 24. NetBlocks also reported internet outages in major Ukrainian cities such as Kyiv, Kharkiv, and Mariupol.The Computer Emergency Response Team (CERT) of Ukraine also reported that Russia’s internet attacks have expanded beyond Ukraine. CERT Ukraine said the NC1151 group, a hacker organization associated with Belarus’s Ministry of Defense, a Russian ally, has also been attacking Polish and non-government Belarusian and Russian sites.Still, despite all of Russia’s efforts, Cloudflare Radar shows that for now Ukraine’s internet traffic, while suffering a significant drop, is still hanging in there. With the help of Starlink, Ukraine’s internet should still continue to hold its own. Updated at 11:21am AEST, 28 February 2022: fixed grammatical errors and added further information about Starlink activation.

Ukraine Crisis More

Fresh from unveiling a portfolio of products at CES, including TVs, tablets, smartphones, AR glasses and a laptop, and launching its first two (US exclusive) 30 Series phones, TCL is back at Mobile World Congress (MWC) with yet more new products. This time, there are details on a quintet of 30 Series phones, including one 5G model, along with three new tablets and three CPE routers. Here’s a tour of TCL’s MWC announcements.30 Series smartphones
Image: TCL
TCL ‘pre-announced’ its 30 Series phones at CES, and has recently launched the $300 30 V 5G and $200 30 XE 5G in the US, via Verizon and T-Mobile respectively. There are five new phones, all costing less than €300 and launching first in Europe; four of them are 4G handsets and the top-end phone is a 5G device. The phones are: TCL 30 5G, TCL 30+, TCL 30, TCL 30 SE and TCL 30 E. Key selling points across the range include the screens, which all feature TCL’s NXTVISION display optimisation technology and 20:9 aspect ratios. The 30 5G, 30+ and 30 have a 6.7-inch AMOLED panel with FHD+ (1080 x 2400, 395ppi) resolution and a 60Hz refresh rate. The 30 SE and 30 E both have a 6.52-inch ‘mini-notch’ panel with HD+ (720 x 1600, 269ppi) resolution. All 30 Series models bar the low-end TCL 30 E have a triple rear camera system comprising a 50MP main camera, a 2MP depth camera and a 2MP macro camera. The 30 E omits the macro capability. The front cameras are more varied: 13MP ultra-wide on the 30 5G and 30+, 8MP on the 30 and 30 SE, and 5MP on the entry-level 30 E. AI assistance makes it easy for non-expert users to get good results in different shooting conditions, TCL says – these are not premium cameras aimed at pro photographers. The 6.7-inch devices (30 5G, 30+, 30) all weigh 184g and are 7.74mm thick, with claimed screen-to-body ratios of 91.7%. The 6.52-inch models (30 SE, 30 E) are heavier (190g) and thicker (8.9mm) with lower screen-to-body ratios (89.1%). Although TCL describes the phones as ‘durable’, there’s no IP rating for dust and water resistance. The 30 Series phones all benefit from large batteries (5010mAh on the 30 5G, 30+ and 30, 5000mAh on the 30 SE and 30 E), delivering ‘better than day-long battery life’, according to TCL. Fast charging at 18W is supported on the three higher-end phones, 15W on the 30 SE and 10W on the 30 E. AI smart charging optimises the charging cycle to minimise battery deterioration. The 30 Series phones will ship with Android 12, and TCL plans to support two OS upgrades, although the details may change for carrier variants. However, TCL confirmed that the 30+ and 30 models are certified by the Android Enterprise Recommended program and will get at least two years of security patches and at least one OS upgrade. TCL’s 30 Series phones are all powered by MediaTek chipsets: Dimensity 700 (30 5G), Helio G37 (30+, 30) and Helio G25 (30 SE, 30 E). TCL 30 Series: pricing and availabilityModelPriceRegionDateTCL 30 5G€249 (64GB), €269 (128GB)Europe (select regions later)April 2022TCL 30+€199Europe (select regions later)nowTCL 30€179Europe (select regions later)nowTCL 30 SE€149 (64GB), €169 (128GB)Europe (select regions later)nowTCL 30 E€139Europe (select regions later)April 2022TabletsTCL is expanding its education-focused Android tablet portfolio with three new products: the TCL NXTPAPER MAX 10, TCL TAB 10 HD 4G and TCL TAB 10s 5G.
Image: TCL
The 10.36-inch NXTPAPER MAX 10 features TCL’s ‘paper-like’ NXTPAPER LCD display technology, which focuses on eye protection via a combination of multi-layer blue light reduction and anti-glare glass. The result, TCL says, is a ‘more comfortable, natural reading and writing experience’. There are two models – Wi-Fi only and Wi-Fi plus 4G LTE. 
Image: TCL
The 10.1-inch TCL Tab 10 HD 4G is an entertainment-focused device with an HD (1280 x 800) IPS screen, 8.7mm bezels resulting in an 82% screen to body ratio, and a 5500mAh battery that will ‘comfortably’ deliver all-day battery life, TCL says. As well as 4G LTE, the device offers Wi-Fi 5 (802.11ac) connectivity. A version with an FHD (1920 x 1200) screen will be available in Asia in mid-Q2 this year. 
Image: TCL
TCL claims that the 10.1-inch TAB 10s 5G is among the first affordable tablets with 5G connectivity. The NXTVISION screen has FHD (1920 x 1200) resolution, and the device is powered by an octa-core MediaTek chipset with 4GB of RAM and 64GB of internal storage, expandable via MicroSD card. Power is supplied by an 8000mAh battery, replenished by a 9V/2A charger. TCL also teased another 5G tablet – the 2-in-1 TCL TAB PRO 12 5G with ‘a large display and a ultra-fast 5G connectivity’, but offered no further details. TCL tablet pricing and availabilityModelPriceRegionDateTCL NXTPAPER MAX 10  from €269  Asia  mid-Q2 2022TCL TAB 10 HD 4G  €179  Europe  nowTCL TAB 10 FHD 4G  €199  Asia  late March 2022  TCL TAB 10s 5G  €349  n/smid-Q2 2022  RoutersTCL tops off its MWC portfolio with three CPE (Customer Premises Equipment) routers, the LINKHUB 5G CPE HH515 (first announced at CES), the LINKZONE LTE CAT6 Mobile Wi-Fi MW63, and the LINKHUB LTE CAT6 Home Station HH63.
Image: TCL
Capable of delivering a peak data rate of up to 4.7Gbps via sub-6GHz 5G, the LINKHUB 5G CPE HH515 can support up to 256 connections over dual band Wi-Fi 6 (802.11ax). With support for standalone (SA) as well as non-standalone (NSA) 5G networks, the HH515 router can support a variety of use cases (cloud-based gaming, live streaming, online education, home working) in areas where fixed-line internet access is poor. The LINKHUB 5G CPE HH515 will be available in Europe in Q1 2022, but TCL has not provided pricing.
Image: TCL
The LINKZONE LTE CAT6 Mobile Wi-Fi MW63 is a ‘MiFi’-style 4G device offering up to 300Mbps download speed and up to 32 Wi-Fi 5 (802.11ac) connections in a portable form factor powered by a 2150mAh battery offering up to 8 hours of working time and 300 hours on standby, TCL says.
Image: TCL
LINKHUB LTE CAT6 Home Station HH63 comes in a new ‘Tile’ design and also offers up to 300Mbps download and up to 32 Wi-Fi 5 connections. Both of TCL’s 4G routers, which are eSIM compatible, will launch in Europe in Q2 2022.Finally, TCL teased a 5G mobile router, the LINKZONE 5G Mobile Wi-Fi MW513, which will support mmWave as well as sub-6GHz 5G frequency bands and will launch ‘later in the year’. More

Technology giant Hewlett Packard Enterprise on Thursday announced a “multi-year strategic collaboration” with Ayar Labs, the seven-year-old photonic chip startup whose circuits are designed to move data between chips much faster than typical metal interconnects.

California-based Ayar, which has amassed $65 million in venture capital funding, is also receiving funding from Hewlett’s venture capital unit, Hewlett Packard Pathfinder. The two declined to disclose how much.Hewlett said that because of the rapidly increasing amounts of data in high-performance computing (HPC) and in artificial intelligence computing, traditional “electrical-based networking offerings will eventually reach bandwidth limits.”Therefore, the duo “plan to develop capabilities that leverage optical I/O, which is a silicon photonics-based technology that uses light instead of electricity to transmit data, to integrate with HPE Slingshot,” Hewlett’s networking product dedicated to interconnecting HPC systems. Slingshot is being developed for computers such as “exascale” machines designed for the US Department of Energy.Ayar Labs claims its silicon photonic technology can deliver 1,000 times the bandwidth of electrical I/O circuity while consuming 1/10th the power.A recent Ayar Labs research report on a terabit-per-second optical interconnect.
Ayar Labs 2021
Ayar Labs has amassed nearly two dozen patents on photonic chip technology and has another four dozen patent applications.Recent research published by the company describes transmitting 1-terabit-per-second data feeds over wavelength-division multiplexing (WDM) fiber-optic network systems, at 128 gigabits per second on each of 16 ports. 

Networking More

Intel on Wednesday announced that it’s updating its OpenVINO AI developer toolkit, enabling developers to use it to bring a wider range of intelligent applications to the edge. Launched in 2018 with a focus on computer vision, OpenVINO now supports a broader range of deep learning models, which means adding support for audio and natural language processing use cases. 

Innovation

“With inference taking over as a critical workload at the edge, there’s a much greater diversity of applications” under development, Adam Burns, Intel VP and GM of Internet of Things Group, said to ZDNet. Since its launch, hundreds of thousands of developers have used OpenVINO to deploy AI workloads at the edge, according to Intel. A typical use case would be defect detection in a factory. Now, with broader model support, a manufacturer could use it to build a defect spotting system, plus a system to listen to a machine’s motor for signs of failure. Besides the expanded model support, the new version of OpenVINO offers more device portability choices besides the expanded model support with an updated and simplified API. OpenVINO 2022.1 also includes a new automatic optimization process. The new capability auto-discovers the compute and accelerators on a given system and then dynamically load balances and increases AI parallelization based on memory and compute capacity. “Developers create applications on different systems,” Burns said. “We want developers to be able to develop right on their laptop and deploy to any system.” Intel customers already using OpenVINO include automakers like BMW and Audi; John Deere, which uses it for welding inspection; and companies making medical imaging equipment like Samsung, Siemens, Philips and GE. The software is easily deployed into Intel-based solutions — which is a compelling selling point, given that most inference workloads already run on Intel hardware. “We expect a lot more data to be stored and processed at the edge,”  Sachin Katti, CTO of Intel’s Network and Edge Group, said to ZDNet. “One of the killer apps at the edge is going to be inference-driven intelligence and automation.”Ahead of this year’s Mobile World Congress, Intel on Thursday also announced a new system-on-chip (SoC) designed for the software-defined network and edge. The new Xeon D processors (the D-2700 and D-1700) are built for demanding use cases, such as security appliances, enterprise routers and switches, cloud storage, wireless networks, AI inferencing and edge servers — use cases where compute processing needs to happen close to where the data is generated. The chips deliver integrated AI and crypto acceleration, built-in Ethernet, support for time-coordinated computing and time-sensitive networking. More than 70 companies are working with Intel on designs that utilize the Xeon D processors, including Cisco, Juniper Networks and Rakuten Symphony.Intel also said Thursday that its next-gen Xeon Scalable platform, Sapphire Rapids, includes unique 5G-specific signal processing instruction enhancements to support RAN-specific signal processing. This will make it easier for Intel customers to deploy vRAN (virtual Radio Access Networks) in demanding environments.

Artificial Intelligence More

Researchers at Palo Alto Network’s Unit 42 said they discovered a tool — named SockDetour — that serves as a backup backdoor in case the primary one is removed. They believe it’s possible that is has “been in the wild since at least July 2019.”The researchers said it stood out and is hard to detect because it operations filelessly and socketlessly on compromised Windows servers.

ZDNet Recommends

“One of the command and control (C2) infrastructures that the threat actor used for malware distribution for the TiltedTemple campaign hosted SockDetour along with other miscellaneous tools such as a memory dumping tool and several webshells. We are tracking SockDetour as one campaign within TiltedTemple, but cannot yet say definitively whether the activities stem from a single or multiple threat actors,” the researchers explained. “Based on Unit 42’s telemetry data and the analysis of the collected samples, we believe the threat actor behind SockDetour has been focused on targeting US-based defense contractors using the tools. Unit 42 has evidence of at least four defense contractors being targeted by this campaign, with a compromise of at least one contractor.”SockDetour allows attackers to remain stealthily on compromised Windows servers by loading filelessly in legitimate service processes and using legitimate processes’ network sockets to establish its own encrypted C2 channel.The researchers did not find any additional SockDetour samples on public repositories, and the plugin DLL remains unknown. They added that it is being delivered through SockDetour’s encrypted channel and communicating via hijacked sockets.Unit 42 noted that the type of NAS server found hosting SockDetour is typically used by small businesses. The company tied the backdoor to a larger APT campaign they named TiltedTemple. They first identified TiltedTemple while investigating its use of the Zoho ManageEngine ADSelfService Plus vulnerability CVE-2021-40539 and ServiceDesk Plus vulnerability CVE-2021-44077. “Our initial publications on TiltedTemple focused on attacks that occurred through compromised ManageEngine ADSelfService Plus servers and through ManageEngine ServiceDesk Plus,” the researchers said. “The TiltedTemple campaign has compromised organizations across the technology, energy, healthcare, education, finance, and defense industries and conducted reconnaissance activities against these industries and others, including infrastructure associated with five US states. We found SockDetour hosted on infrastructure associated with TiltedTemple, though we have not yet determined whether this is the work of a single threat actor or several.” More

The SIEM, or security information and event management console, has been a staple for security teams for more than a decade. It’s the single pane of glass that shows events, alerts, logs, and other information that can be used to find a breach. Despite its near ubiquity, I’ve long been a SIEM critic and believe the tool is long past its prime. This is certainly not the consensus; I’ve been criticized in the past for taking this stance. Legacy SIEMs are outdated 

ZDNet Recommends

The best security key

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

The proof point I offer is the fact that whenever a breach occurs, the SIEM vendor claims to have seen it, yet the breach happened anyway. That was the case with many big-name businesses that suffered a newsworthy cyberattack. Target, Sony, and many others all echoed the same. The SIEM saw it, but the security team missed it. If SIEMs are so powerful, why does this continue to happen? The answer is that SIEMs can no longer keep up with the massive volumes of data that come into them and need to be correlated, sorted, and viewed in a way that helps security operations prioritize events. This can help separate an actual breach from a false positive. Many security pros have told me their SIEM shows so much info now that they ignore much of it. In a sense, too much information is as useful as no information.Palo Alto introduces an AI-powered operations tool This week, Palo Alto Networks introduced its Cortex XSIAM (eXtended Security Intelligence and Automation Management), which can be viewed as a modernized SIEM with an infusion of artificial intelligence. The concept of the XSIAM is that it uses AI to separate the threats from the noise in the immense amounts of telemetry data generated by infrastructure today. If done correctly, this would accelerate threat identification, which in turn, speeds up threat response. The infusion of AI into security is something that has been badly needed for some time. There are still some people opposed to it, and the thought of taking the analytic process out of people’s hands and trusting machines, in reality, can be scary. The truth is the bad guys are using AI. Using people to fight threat actors armed with machine learning is akin to bringing a knife to a gunfight. It’s time to fight fire with fire, and that means accepting that AI needs to be a key part of cybersecurity moving forward. 

One of the major differences between a traditional SIEM and Cortex XSIAM is that the latter collects granular telemetry information, not just logs and alerts. This is where AI can add value as it can drive natively autonomous response actions, such as cross-correlation of alerts and data, detection of sophisticated emerging threats, and automated remediation based on threat intelligence and attack surface data. Security platforms are the way forward The release of Cortex XSIAM is a direct result of the security platform that Palo Alto Networks has built. Historically, security pros have used best-of-breed point products to secure specific points in the environment. This is why, according to ZK Research, the average enterprise has 32 security vendors, with some reporting more than 100. One of the three-letter U.S. government agencies told me it has more than 200. CISOs are now starting to understand that this strategy does not work. One CISO stated that best of breed everywhere does not lead to best-in-class threat protection. In fact, it creates suboptimal protection because it becomes impossible to manage security policies across the various vendors. I do not believe we can ever have one vendor to handle everything, but businesses do need to pick a single open-platform vendor that has a strong foundation in networking, cloud, and endpoint, and then augment that with technologies that interoperate with that platform. This has been the vision on which Palo Alto has been working. The first proof point for validating the value of the platform was the release of Palo Alto’s XDR solution. In 2018, I authored this post, proclaiming XDR to be the evolution of EDR. My thesis at the time was that looking at endpoint data in isolation wasn’t enough; XDR rolls up data from across the infrastructure to see things EDR can’t. The release of Cortex XSIAM follows the same thought process. SIEMs use limited data, and manual analytics and are no longer a viable way of finding threats. This model has not worked, is not working, and won’t ever work. Security teams need an operations tool that uses AI-based analytics, which pulls granular data from across the platform to combat today’s highly advanced threat actors. More