Connect with us

Cloud

Genetec Simplifies the Move to Hybrid Cloud with New Streamvault Edge

Published

on

Genetec has announced that it will unveil Streamvault Edge at ISC West (Genetec booth #13062).  The Edge is an innovative new line of connected appliances that enables the easy transition to a hybrid-cloud infrastructure and marks the beginning of a new edge platform strategy for Genetec.

Ideally suited for multi-site operations such as banking, retail, or businesses with remote or unmanned sites, Streamvault Edge enables organizations to modernize their security infrastructure while leveraging existing legacy sensor infrastructure. The Edge enables the gradual migration of security systems to a hybrid architecture without disrupting operations.  The appliance is also a low-maintenance, easy-to-install edge device that makes the commissioning, deployment, and management of connected remote sites simple and straightforward without the need for specialized IT expertise.

At its initial launch, Streamvault Edge will focus on delivering a hybrid cloud architecture for enterprise-grade video surveillance, with more security and IoT devices to be supported in the coming months. “This is just the beginning of a new edge platform strategy, and a more efficient way of delivering our solutions to customers,” said Christian Morin, Vice President Product Engineering and Chief Security Officer at Genetec, Inc. “We are starting with video, but Streamvault Edge will soon evolve to power a broader range of capabilities from access control to advanced operations technologies.”

A connected Linux-based appliance, Streamvault Edge has little to no impact on IT resources and can be easily installed and configured by non-specialized technicians. It offers the simplicity of the cloud for easy connectivity, configuration/deployment, scalability, maintenance, and updates, regardless of where sensor data is archived.

For systems integrators, Streamvault Edge offers an ideal solution to help modernize existing installations and extend the useful life of legacy equipment while future-proofing new infrastructure. Streamvault Edge will be available worldwide from the Genetec network of authorized partners.

Cloud

Critical Vulnerability Found in Google Cloud Functions

Published

on

Tenable has disclosed that its Tenable Cloud Research Team has discovered a vulnerability in Google Cloud Platform (GCP), involving its Cloud Function serverless compute service and its Cloud Build CI/CD pipeline service. GCP has remediated ConfusedFunction for future Cloud Build accounts, however existing Cloud Build instances remain at risk with immediate evasive action required.

Cloud Functions in GCP are event-triggered, serverless functions. They automatically scale and execute code responding to specific events like HTTP requests or data changes. A multi-step backend process is triggered when a GCP user creates or updates a Cloud Function. This process, among other things, attaches a default Cloud Build service account to the Cloud Build instance that is created as part of the function’s deployment. This default Cloud Build service account gives the user excessive permissions. This process happens in the background and isn’t something ordinary users would be aware of.

An attacker who gains access to create or update a Cloud Function can take advantage of the function’s deployment process to escalate privileges to the default Cloud Build service account and other GCP services including Cloud Storage, and Artifact Registry or Container Registry. By exploiting the deployment flow and the flawed trust between services an attacker could run code as the default Cloud Build service account.

“The ConfusedFunction vulnerability highlights the problematic scenarios that may arise due to software complexity and inter-service communication in a cloud provider’s services,” explains Liv Matan, senior research engineer, Tenable. “To support backward compatibility, GCP has not changed the privileges from Cloud Build service accounts created before the fix was implemented. This means that the vulnerability is still affecting existing instances and we highly recommend customers take immediate action.”

GCP confirmed it had remediated ConfusedFunction, to some extent, for Cloud Build accounts created after February 14, 2024. While the fix has reduced the severity of the problem for future deployments, it hasn’t eliminated it. For every cloud function using the legacy Cloud Build service account, the advice is to replace it with a least-privilege service account.

Continue Reading

Cloud

Veeam Bolsters Data Resilience for 21M Microsoft 365 Users

Published

on

Veeam Software has announced the next generation of Veeam Data Cloud for Microsoft 365 with the new capabilities offered by Microsoft 365 Backup Storage. Veeam Data Cloud, built on Microsoft Azure, provides backup-as-a-service (BaaS) for Microsoft 365, enabling data resilience and leveraging powerful data protection and security technology within a simple, seamless user experience.

As a launch partner for Microsoft 365 Backup Storage, Veeam is leveraging the latest Microsoft technology with Veeam Data Cloud for Microsoft 365 to deliver lightning-fast backup and recovery capabilities for large Microsoft 365 environments, ensuring organizations protect critical data against cyber-attacks and data loss scenarios, further enabling complete data resiliency. This solution further strengthens Veeam’s position in protecting Microsoft 365 users, with over 21 million users already under Veeam’s protection.

“One of the benefits of our multi-year strategic partnership with Microsoft is rapidly bringing new advances to our joint customers and partners. This new release combines the benefits of Veeam’s industry-leading technology – in both data protection and ransomware recovery – with the latest Microsoft 365 data resilience capabilities introduced by Microsoft, and extends them to even more customers using Microsoft 365. In addition, we’re making great progress in our joint innovation bringing the power and insights of Microsoft Copilot to the Veeam product family,” said John Jester, Chief Revenue Officer (CRO) at Veeam.

Microsoft’s new backup technology is seamlessly embedded inside Veeam’s backup service for Microsoft 365, combining the new high-speed backup and recovery capabilities with Veeam’s established and unmatched restore and eDiscovery options tailored to meet any potential data loss and compliance scenario. This powerful fusion, where speed and scale meet control and flexibility, empowers organizations with the best of both worlds. “The collaboration with Veeam is an advancement in assisting our shared clients with quick recovery after cyber incidents. We look forward to deepening our collaboration to improve data protection for users,” said Zach Rosenfield, Director of PM for Collaborative Apps and Platforms at Microsoft.

Veeam Data Cloud for Microsoft 365 with Microsoft 365 Backup Storage delivers:

  1. Speed and Scale: This latest offering from Veeam and Microsoft is designed to manage large volumes of data seamlessly, with the ability to protect and restore 100+ TBs of data or 10,000+ objects. With this advanced solution, what used to take weeks or months is now accomplished within hours.
  2. Disaster Recovery: This new solution offers bulk restores at scale, ensuring increased resilience to ransomware or malware attacks and minimizing downtime. Veeam Data Cloud for Microsoft 365 with Microsoft 365 Backup Storage empowers organizations to bounce back quickly from any data loss scenario. Organizations no longer have to choose between paying a ransom or enduring weeks or months of data restoration.
  3. Future Readiness: As part of a new 5-year strategic partnership, Veeam is developing future solutions with Microsoft integrating Microsoft Copilot and Azure AI services to enhance data protection for Microsoft 365 and Azure. These solutions will simplify operations, automate administrative tasks, and allow organizations to allocate resources to business-critical initiatives, ensuring they stay ahead in a rapidly changing digital landscape.

“As adoption of Microsoft 365 increases, the volume and criticality of their associated data sets is also growing,” said Krista Macomber, Research Director at The Futurum Group. “Without the proper data protection solution, this can lead to highly time-consuming, cumbersome backup processes – ultimately resulting in delayed, missed, or incomplete backups. Equally an issue, it can also lead to slow and incomplete recovery processes. This cannot be afforded, especially given the need for resiliency against the onslaught of cyber-attacks. Veeam is directly addressing these challenges with the most recent update to its Microsoft 365 backup capabilities.”

Continue Reading

5G

GSMA NESAS & MCKB: Leading the Way in Mobile Network Security International Standards for Regulators and Operators in the Region

Published

on

As our interconnected digital world becomes essential, new technologies like 5G, cloud computing, big data, and AI create exciting possibilities. However, vulnerabilities increase alongside these advancements. Over 100 countries now have data protection laws, highlighting the growing focus on cybersecurity.

As the deployment of 5G technology and its next generation, 5G-Advanced (5G-A), which was already announced this year by global vendors like Huawei, mobile networks are increasingly becoming the backbone of our digital life, and robust cybersecurity standards and good practices are paramount for telecom authorities and operators.
Pioneering 5G deployment, Saudi Arabia and the GCC are now upgrading to 5G-Advanced for even greater value.

The telecom industry, constantly adapting, integrates cloud and AI with these networks, driving new digital business models. Telecom’s role in national security necessitates robust cybersecurity. Regulators, operators, and industry stakeholders in the region must collaborate to identify best practices and implement measures to safeguard networks, systems, and data from cyber threats. This cross-sector effort requires close cooperation with service providers, equipment manufacturers, and government agencies to mitigate risks, develop best practices, and raise cybersecurity awareness.

At the recently concluded MWC Shanghai 2024 organized by GSMA, the ‘Middle East and Central Asia ICT Policy and Governance Forum’ round table, themed “Driving Policy and Innovation to Shape Our Digital Future”, mobile network security took centre stage. The forum brought together a wide range of stakeholders, including senior officials from GSMA, regulatory authorities, operators, Huawei, and the China Academy of Information and Communications Technology, to discuss industry policies, successful practices, and valuable insights on network security and key industry trends.

The round table discussed the importance of spectrum, optical, and datacom policy planning and explored how carriers, enterprises, oversight agencies, and regulators can enhance mobile security capabilities and guide risk management strategies. The discussions also sought to promote the adoption of GSMA’s Network Equipment Security Assurance Scheme (NESAS) and Mobile Cybersecurity Knowledge Base (MCKB). Attendees also reviewed industry policies and best practices, with examples from China’s successful use cases.

Mr. Jawad Abassi, Head of MENA at GSMA, who moderated the roundtable discussion, said, “The GSMA regularly explores a range of security considerations including secure by design, 5G deployment models and security activities. Good security practices and policies by industry suppliers are essential. The mobile ecosystem should empower advancing positive policy and spectrum outcomes, driving digital innovation to reduce inequalities in our world and tackling today’s biggest societal challenges.”

GSMA NESAS is a rigorous security framework covering some of the most vital aspects of national critical infrastructure. Providing a universal industry standard, it highlights the ability of network equipment vendors to meet and maintain security levels—from product development to lifecycle management processes. Specifically, it covers equipment that supports functions defined by 3GPP and is deployed by mobile network operators on their networks.

NESAS is a trusted and proven standard for tracking records across the world. Vendors’ equipment is tested and audited against a security baseline defined by industry experts through GSMA and 3GPP. It reflects the security needs of the entire ecosystem – including regulators, mobile network operators, hyperscalers, and equipment vendors. The standard continually evolves to meet the needs of the whole industry, based on 3GPP + GSMA standards – avoiding security requirements fragmenting regionally. The GSMA works with internationally recognized partners to audit and test equipment, with selection criteria agreed upon by the GSMA NESAS Oversight Board.

Audits and evaluations allow experts to give in-depth feedback and analysis – helping vendors improve their processes and products while enhancing security across the wider industry. The list of accredited vendors provides near real-time visibility of security status, allowing procurement teams to make informed decisions and comparisons. Huawei’s 5G wireless and core network equipment (5G RAN gNodeB, 5G Core UDG, UDM, UNC, UPCF) and LTE eNodeB were the first to pass the GSMA’s Network Equipment Security Assurance Scheme (NESAS). With one transparent and independent global scheme reflecting the security needs of the entire ecosystem, regulators in the region can take advantage of clear guidance and support for national security mitigations.

GSMA has created the Mobile Cyber Security Knowledge Base (MCKB), which offers the combined knowledge of the 5G ecosystem to increase trust in 5G networks and make the interconnected world as secure as possible. The Knowledge Base is regularly enhanced and extended to respond to the evolving cybersecurity threat landscape.
The 5G Cybersecurity Knowledge Base is an industry effort that composes a comprehensive threat landscape designed to help key stakeholders such as MNOs, equipment vendors, regulators, application developers, and service providers understand the security threats posed by 5G networks in a systematic and objective fashion.

It provides essential insights for the stakeholders’ risk management strategy as well as guidance covering best practices and risk mitigation measures. The Knowledge Base will help enhance 5G security competencies and capabilities and strengthen the work of carriers, enterprises, oversight agencies, and regulators. At an operational level, the Knowledge Base offers clear instructions for taking step-by-step actions to build security assurance while considering the entire risk spectrum of 5G end-to-end networks.

Jeff Wang, President of the Public Affairs and Communications Department at Huawei, said, “To fully reap digital dividends, we need to pay more attention to enhancing connectivity, embracing digital application, and empowering digital talent.” The forum discussions provided recommendations for various countries in the region based on their specific needs and achievements in these areas and the need to specifically improve their optical fibre networks to ensure homes and offices have the speed and stability for these advancements.

The forum spotlighted the robust national network development strategies aligned with visions and key industries crucial for the growing demand for advanced services that necessitate network upgrades, vital for ambitious projects, as is the case of Saudi Arabia’s 10Gbs Society. Supportive policies from governments will incentivize carriers and enterprises to invest in infrastructure optimization.

Lin Yanqing, Principal Consultant, Industry Policy Public & Government Affairs, Huawei Technologies and Aloysious Cheang, Chief Security Officer, Huawei Middle East and Central Asia, joined the round table discussions and reiterated that Huawei has taken a proactive approach to telecom cybersecurity standardization. Cheang said, “Cybersecurity is a team sport, and together with GSMA, we can leverage their good work, such as NESAS and MCKB, that will lay the foundation to secure broadband, 5G, 5G-A, and beyond.”

The company works with the GSMA, the ITU, the 3GPP, and others, as well as through partnerships with security organizations and companies, to ensure the security of its customers and promote the healthy development of the mobile ecosystem, the executives explained. Huawei has passed NESAS/SCAS 2.0 evaluations for its 5G base station and NESAS audits for its RAN and core network, demonstrating the company’s commitment to cybersecurity. Saudi Arabia’s Vision 2030 fuels a digital revolution, prioritizing network investment. As the digital backbone, robust networks are essential for faster internet, advanced services, and a secure, sustainable digital economy.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.